hillreporter.com Open in urlscan Pro
136.243.171.217 Public Scan

URL: https://facebook.com/HillReporter

URL: https://twitter.com/HillReporter

URL: https://www.youtube.com/watch?v=SgJMSPwiyog
Title: The Carlos Watson Show

URL: https://facebook.com/hillreporter
Title: Facebook

URL: https://twitter.com/hillreporter
Title: Twitter

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=hillreporter-hillreporter&utm_medium=referral&utm_content=thumbnails-a:Below%20Article%20Thumbnails:
Title: by Taboola

URL: https://partners.etoro.com/aw.aspx?A=45729&Task=Click&SubAffiliateID=SE_HF_Desk_Blogpost_Crypto_Bitcoin40K2021_16-03-2_Taboola_AFFID_45729&TargetURL=https://www.etoro.com/news-and-analysis/crypto/bitcoin-40k-2021/&utm_source=taboola&utm_medium=referral&tblci=GiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyCY_Ego2YTYrOqTsOShAQ#tblciGiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyCY_Ego2YTYrOqTsOShAQ
Title: eToro

URL: https://www.labtrk.com/3fa58efe-fd8c-44ae-a604-0518952ebe2b?CampaignID=8610978&Site=hillreporter-hillreporter&Thumbnail=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F4b33bbdbea98a7937e28316923a57e30.png&Title=Inflammationsbek%C3%A4mpande+vid+ledv%C3%A4rk.+L%C3%A4kare%3A+%E2%80%9DProva+detta+hemma%E2%80%9D&Site_id=1193695&ad=2982494946&click_id=GiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyCfyFAoudqSzZfE6e9y&utm_source=taboola&utm_medium=se_sc_desk&site_id=1193695&click_id=GiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyCfyFAoudqSzZfE6e9y#tblciGiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyCfyFAoudqSzZfE6e9y
Title: Jupiter Laboratories

URL: https://goo21.com/click.php?key=wv30svdltt90if1jydrv&clickid=GiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyDhz04okIC-1NiOkt_gAQ&cost={cost}&site=hillreporter-hillreporter&campaign=8795592&thumbnail=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F25f2dddb9414180d05d45d54f16bb2bb.png&title=Best%C3%A4ll+det+bl%C3%A5+pillret+nu+-+och+du+kommer+k%C3%A4nna+en+f%C3%B6r%C3%A4ndring+snart&campaign_name=Desktop_SE_A%2FB&campaign_item_id=2984056195&site_id=1193695&tblci=GiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyDhz04okIC-1NiOkt_gAQ#tblciGiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyDhz04okIC-1NiOkt_gAQ
Title: Apomeds

URL: https://partners.etoro.com/aw.aspx?A=45729&Task=Click&SubAffiliateID=SE_HF_Desk_Blogpost_Crypto_Bitcoin40K2021_16-03-2_Taboola_AFFID_45729&TargetURL=https://www.etoro.com/news-and-analysis/crypto/bitcoin-40k-2021/&utm_source=taboola&utm_medium=referral&tblci=GiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyCY_EgoxvX1itDD9tlo#tblciGiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyCY_EgoxvX1itDD9tlo
Title: eToro

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=hillreporter-hillreporter&utm_medium=referral&utm_content=blend-thumbs-feed-01-b:Explore%20More%20|%20Card%202:
Title: Sponsored

URL: https://www.labtrk.com/3fa58efe-fd8c-44ae-a604-0518952ebe2b?CampaignID=8610978&Site=hillreporter-hillreporter&Thumbnail=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F4b33bbdbea98a7937e28316923a57e30.png&Title=Inflammationsbek%C3%A4mpande+vid+ledv%C3%A4rk.+L%C3%A4kare%3A+%E2%80%9DProva+detta+hemma%E2%80%9D&Site_id=1193695&ad=2982494946&click_id=GiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyCfyFAou4bDzvzH0IEW&utm_source=taboola&utm_medium=se_sc_desk&site_id=1193695&click_id=GiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyCfyFAou4bDzvzH0IEW#tblciGiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyCfyFAou4bDzvzH0IEW
Title: Jupiter Laboratories

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=hillreporter-hillreporter&utm_medium=referral&utm_content=thumbs-feed-01-y:Explore%20More%20|%20Card%203:
Title: Sponsored

URL: https://goo21.com/click.php?key=wv30svdltt90if1jydrv&clickid=GiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyDhz04o8aHj5oes4uinAQ&cost={cost}&site=hillreporter-hillreporter&campaign=8795592&thumbnail=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F25f2dddb9414180d05d45d54f16bb2bb.png&title=Best%C3%A4ll+det+bl%C3%A5+pillret+nu+-+och+du+kommer+k%C3%A4nna+en+f%C3%B6r%C3%A4ndring+snart&campaign_name=Desktop_SE_A%2FB&campaign_item_id=2984056195&site_id=1193695&tblci=GiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyDhz04o8aHj5oes4uinAQ#tblciGiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyDhz04o8aHj5oes4uinAQ
Title: Apomeds

URL: https://www.labtrk.com/3fa58efe-fd8c-44ae-a604-0518952ebe2b?CampaignID=8610978&Site=hillreporter-hillreporter&Thumbnail=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F21f05bb6cd8fee556e330ea0ba403370.png&Title=L%C3%A4kare+avsl%C3%B6jar+naturligt+l%C3%A4kemedel+mot+ledv%C3%A4rk&Site_id=1193695&ad=2978429228&utm_source=taboola&utm_medium=se_sc_desk&site_id=1193695&click_id=GiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyCfyFAo5pWc0vqsypcn#tblciGiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyCfyFAo5pWc0vqsypcn
Title: Jupiter Laboratories

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=hillreporter-hillreporter&utm_medium=referral&utm_content=blend-thumbs-feed-01-y:Explore%20More%20|%20Card%204:
Title: Sponsored

URL: https://trade-adventure.com/campagne/ninv/trade_se_7/index.php?c=392&pi=taboola&p_s=hillreporter-hillreporter&c_id=5932210&ad_id=2934635505&si=desktop&utm_source=taboola&utm_medium=referral&tblci=GiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyD0pEko7c2I-8Xuhej0AQ#tblciGiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyD0pEko7c2I-8Xuhej0AQ
Title: Smarta Investerare

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=hillreporter-hillreporter&utm_medium=referral&utm_content=alternating-thumbs-feed-01-y:Explore%20More%20|%20Card%205:
Title: Sponsored

URL: https://partners.etoro.com/aw.aspx?A=45729&Task=Click&SubAffiliateID=SE_HF_Desk_Blogpost_Crypto_Bitcoin40K2021_16-03-2_Taboola_AFFID_45729&TargetURL=https://www.etoro.com/news-and-analysis/crypto/bitcoin-40k-2021/&utm_source=taboola&utm_medium=referral&tblci=GiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyCY_Ego1rmY4JrF9dXNAQ#tblciGiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyCY_Ego1rmY4JrF9dXNAQ
Title: eToro

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=hillreporter-hillreporter&utm_medium=referral&utm_content=next-up-a:Next%20Up:
Title: Sponsored

URL: https://www.labtrk.com/3fa58efe-fd8c-44ae-a604-0518952ebe2b?CampaignID=8610978&Site=hillreporter-hillreporter&Thumbnail=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F4b33bbdbea98a7937e28316923a57e30.png&Title=Inflammationsbek%C3%A4mpande+vid+ledv%C3%A4rk.+L%C3%A4kare%3A+%E2%80%9DProva+detta+hemma%E2%80%9D&Site_id=1193695&ad=2982494946&click_id=GiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyCfyFAont3XrM6i6rkT&utm_source=taboola&utm_medium=se_sc_desk&site_id=1193695&click_id=GiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyCfyFAont3XrM6i6rkT#tblciGiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyCfyFAont3XrM6i6rkT
Title: Jupiter Laboratories

URL: https://goo21.com/click.php?key=wv30svdltt90if1jydrv&clickid=GiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyDhz04o0NX2_o2s5_sc&cost={cost}&site=hillreporter-hillreporter&campaign=8795592&thumbnail=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F25f2dddb9414180d05d45d54f16bb2bb.png&title=Best%C3%A4ll+det+bl%C3%A5+pillret+nu+-+och+du+kommer+k%C3%A4nna+en+f%C3%B6r%C3%A4ndring+snart&campaign_name=Desktop_SE_A%2FB&campaign_item_id=2984056195&site_id=1193695&tblci=GiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyDhz04o0NX2_o2s5_sc#tblciGiC1C--6Y3ylLH0Nh0TQDp0gn1GWNJH3Fm2AHOuTTVljtyDhz04o0NX2_o2s5_sc
Title: Apomeds

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://info.silobreaker.com/e2t/tc/VX2vBD5-Yg9vW837tWm8gQfm5W24t7JB4q59SpN52hRhc2-Hw7V1-WJV7CgB0DW1Hyy-R3gpQ0wVwZcdr8plYMqW6QtYmq4Bk2VyW7MRzNc4WH8JWW7HNfTP4-K9xJW227XFj1qlG6FW31__FB4KwY4mW4TlW-W4ZxSNVN5S-zQH_phBcW3lbCJx4ygsx9W3Lnwkx8_FLpCVwSGjF70TSNVW7d4P-P202-2-W2Bk9PW5TFtd6W7hflxr3PxKvZW3z59yj4HnXCkW7cszk08ZnHKpW7mFgDG7CTTybW1bPWmy712BYTW4jlB1P5qQsC8W4jL1f22z87rqW61ZbqP32P7v4W8hK92l8PM6QSW8ZHNy-17NMLX35r11 Page URL
https://info.silobreaker.com/events/public/v1/track/tc/VX2vBD5-Yg9vW837tWm8gQfm5W24t7JB4q59SpN52hRhc2-Hw7V1-WJV7CgB0DW1Hyy-R3gpQ0wVwZcdr8plYMqW6QtYmq4Bk2VyW7MRzNc4WH8JWW7HNfTP4-K9xJW227XFj1qlG6FW31__FB4KwY4mW4TlW-W4ZxSNVN5S-zQH_phBcW3lbCJx4ygsx9W3Lnwkx8_FLpCVwSGjF70TSNVW7d4P-P202-2-W2Bk9PW5TFtd6W7hflxr3PxKvZW3z59yj4HnXCkW7cszk08ZnHKpW7mFgDG7CTTybW1bPWmy712BYTW4jlB1P5qQsC8W4jL1f22z87rqW61ZbqP32P7v4W8hK92l8PM6QSW8ZHNy-17NMLX35r11?_ud=8815e512-5ad0-4b8f-9977-e24fe67c3638&_ch=p&_pr2=p&_pl=0&_lg=en-US&_dr=b&_ts=p HTTP 307
https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 52

https://ups.analytics.yahoo.com/ups/58355/sync?redir=true&callback=window.proper_3f9c37db_91e80cb7_1 HTTP 302
https://ups.analytics.yahoo.com/ups/58355/sync?redir=true&callback=window.proper_3f9c37db_91e80cb7_1&verify=true HTTP 302
https://usync.proper.io/v1/usersync?bidder=verizon_media_s2s&uid=y-fX.UWo9E2uGI0kOmO9wnrPP5I5_4ojnW~A

Request Chain 59

https://sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&ns__t=1617794743124&ns_c=UTF-8&cv=3.5&c8=Pharma%20CEO%20Reveals%20Donald%20Trump%27s%20Sinister%20Vaccine%20Ideas%20%7C%20HillReporter.com&c7=https%3A%2F%2Fhillreporter.com%2Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334%3F_hsmi%3D96965274%26_hsenc%3Dp2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1617794743124&ns_c=UTF-8&cv=3.5&c8=Pharma%20CEO%20Reveals%20Donald%20Trump%27s%20Sinister%20Vaccine%20Ideas%20%7C%20HillReporter.com&c7=https%3A%2F%2Fhillreporter.com%2Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334%3F_hsmi%3D96965274%26_hsenc%3Dp2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg&c9=&cs_ak_ss=1

Request Chain 60

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 130

https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1--- HTTP 302
https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---&__user_check__=1&sync_id=fe0c4c10-9793-11eb-a2a4-1093d7b32306 HTTP 302
https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=fe0caf43-9793-11eb-a057-1ac061c71606&orig=video&us_privacy=1---

Request Chain 135

https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1--- HTTP 302
https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---&__user_check__=1&sync_id=fe0cafaa-9793-11eb-a057-1ac061c71606 HTTP 302
https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=fe0caf43-9793-11eb-a057-1ac061c71606&orig=video&us_privacy=1---

Request Chain 159

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint= HTTP 301
https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=

Request Chain 204

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKZkZcc_wOTb7mdGkknNr_g&google_cver=1

Request Chain 205

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YG2WuYpDZvV3gEw.eVctyAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKZkZcc_wOTb7mdGkknNr_g&google_cver=1&google_hm=2

Request Chain 206

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEHn_go1mVW6MI5xD1rEuQGM&google_cver=1

Request Chain 207

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDQ3MzA2MTY1MDM4MTIzMjk3Nw%3D%3D

Request Chain 208

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENtQuhu35mSsyiAdXmNI144&google_cver=1

Request Chain 209

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NjJkYTY3NGItODhkNC02MjViLTZmMjEtZjEyY2MwNWY5M2Nm

Request Chain 210

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEMlj0Rlc0TloGL7e-S3KADo&google_cver=1

Request Chain 211

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=YmU4MGU4N2YtYjMxMi00NDkzLWE5NTYtODNjZmUyZjQwOTg0

Request Chain 212

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENtQuhu35mSsyiAdXmNI144&google_cver=1

Request Chain 213

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NjJkYTY3NGItODhkNC02MjViLTZmMjEtZjEyY2MwNWY5M2Nm

Request Chain 214

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEMlj0Rlc0TloGL7e-S3KADo&google_cver=1

Request Chain 215

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=NDIyY2Q3ZjEtM2JjOC00OGI0LThhOWYtOTVkMGIxNzQ4OTNl

Request Chain 256

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEIPH3ycAPmjwwRexu80HgHE&google_cver=1&google_push=AQvitULckhJdZf7kSZUrbakYnd3aFrh9lGGcoic9V2iO3xX8szwfeFUFZsi9KpNZffvgJrsfzCdHNUu4P7WkrJm45C1YLuAzSyfR HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEIPH3ycAPmjwwRexu80HgHE&google_cver=1&google_push=AQvitULckhJdZf7kSZUrbakYnd3aFrh9lGGcoic9V2iO3xX8szwfeFUFZsi9KpNZffvgJrsfzCdHNUu4P7WkrJm45C1YLuAzSyfR HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=dldTdGNNRTExTHU2akQ1&google_gid=CAESEIPH3ycAPmjwwRexu80HgHE&google_cver=1&google_push=AQvitULckhJdZf7kSZUrbakYnd3aFrh9lGGcoic9V2iO3xX8szwfeFUFZsi9KpNZffvgJrsfzCdHNUu4P7WkrJm45C1YLuAzSyfR

Request Chain 257

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEESWJy5JWA9VIvxdqNG8A7Y&google_cver=1&google_push=AQvitUK6rpxMLGe64gWAAGKtpGqLMQbq0CjEqX8ii2ImE7wG90IpAVbZpiE-FAnN7YIusGYt1CLYHrirsUUMEybJZJTaw0nX6tPl HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEESWJy5JWA9VIvxdqNG8A7Y&google_push=AQvitUK6rpxMLGe64gWAAGKtpGqLMQbq0CjEqX8ii2ImE7wG90IpAVbZpiE-FAnN7YIusGYt1CLYHrirsUUMEybJZJTaw0nX6tPl

Request Chain 258

https://um.simpli.fi/gp_match?google_gid=CAESEDiaI6NAurHhoJnu9rbtadA&google_cver=1&google_push=AQvitUISt4bt1uam029DbnkamUtBziN_8MiFkQJ6DZzH4anP3GfPBx60kMsMD1CjTS5iIS8EFFquIy0L0f99vZ3C6NAiNvVBSHs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A40B2E471C6E4428861A27BEB8AF717B&google_push=AQvitUISt4bt1uam029DbnkamUtBziN_8MiFkQJ6DZzH4anP3GfPBx60kMsMD1CjTS5iIS8EFFquIy0L0f99vZ3C6NAiNvVBSHs

Request Chain 260

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESENfhA4ZPCG6Z9C8e9m1mxPQ&google_cver=1&google_push=AQvitUL9mS0tkVRhumjKvMYZmHwXJZTlYPQlgTLn_mP1ss19PwpqAKdkXXEMP9HJsPSkJuDOKOVX5Pry_Mz5ssVyeI4kTIFDnjvb HTTP 302
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESENfhA4ZPCG6Z9C8e9m1mxPQ&google_cver=1&google_push=AQvitUL9mS0tkVRhumjKvMYZmHwXJZTlYPQlgTLn_mP1ss19PwpqAKdkXXEMP9HJsPSkJuDOKOVX5Pry_Mz5ssVyeI4kTIFDnjvb&checkcookies=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=bOgyoQtUUeL5ItLc04z8ew&google_push=AQvitUL9mS0tkVRhumjKvMYZmHwXJZTlYPQlgTLn_mP1ss19PwpqAKdkXXEMP9HJsPSkJuDOKOVX5Pry_Mz5ssVyeI4kTIFDnjvb

Request Chain 261

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKaBqfQqA3YDekeMmF5hzlE&google_cver=1&google_push=AQvitUIvg612oG-rZBl7jL4hkH-VUdoj2buuDLEraSd8BnKeBgS8uv9Fwl0peS2_s4L1XA4XbcL2AYPtJ5xI32F-3KCmBPMvVaW8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YG2WuYpDZvV3gEw-eVctyAAAAUQAAAAB&google_push=AQvitUIvg612oG-rZBl7jL4hkH-VUdoj2buuDLEraSd8BnKeBgS8uv9Fwl0peS2_s4L1XA4XbcL2AYPtJ5xI32F-3KCmBPMvVaW8&google_cver=1&google_gid=CAESEKaBqfQqA3YDekeMmF5hzlE

Request Chain 262

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEFzUQd4ujzg840yoFL47xiw&google_cver=1&google_push=AQvitUKLLfa6YyR9bAI4zQL2W5VhLq4KkFiPGZaSQrshRx9z-4-noNZwREi6Gqz52tl69ARPIb_dc87x_19u92TlkV3pBFYfGak HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-3477bd72-549a-408d-aada-ae04e7e31136-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAQvitUKLLfa6YyR9bAI4zQL2W5VhLq4KkFiPGZaSQrshRx9z-4-noNZwREi6Gqz52tl69ARPIb_dc87x_19u92TlkV3pBFYfGak%26google_hm%3DAzR3vXJUmkCNqtquBOfjETY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUKLLfa6YyR9bAI4zQL2W5VhLq4KkFiPGZaSQrshRx9z-4-noNZwREi6Gqz52tl69ARPIb_dc87x_19u92TlkV3pBFYfGak&google_hm=AzR3vXJUmkCNqtquBOfjETY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUKLLfa6YyR9bAI4zQL2W5VhLq4KkFiPGZaSQrshRx9z-4-noNZwREi6Gqz52tl69ARPIb_dc87x_19u92TlkV3pBFYfGak&google_hm=AzR3vXJUmkCNqtquBOfjETY&google_tc=

Request Chain 267

https://rtb.mfadsrvr.com/sync?ssp=taboola HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=taboola HTTP 302
https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=5e66623d-9585-46a3-8a1b-0b252c81a944 HTTP 302
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=5e66623d-9585-46a3-8a1b-0b252c81a944&tbid=66af7ff4-269b-4b95-ac25-d4150f08d239-tuct7671c38&query=taboola_hm%3D5e66623d-9585-46a3-8a1b-0b252c81a944&isDirect=0

Request Chain 269

https://bh.contextweb.com/bh/rtset?pid=562107&ev=1&rurl=https%3A%2F%2Fsync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=%%VGUID%%&orig=trc HTTP 302
https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=mGTPhkecNmQU&ev=1&orig=trc&pid=562107

Request Chain 270

https://ib.adnxs.com/getuidnb?https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID&orig=trc HTTP 302
https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=4473061650381232977&orig=trc

Request Chain 271

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc HTTP 302
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESECISSt2aJZ9-I42t3xE13Xg&google_cver=1

Request Chain 273

https://sync.taboola.com/sg/google-network/1/rtb?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=66af7ff4-269b-4b95-ac25-d4150f08d239-tuct7671c38

Request Chain 274

https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=b2830265-d107-49a1-8546-b2471502f479

Request Chain 275

https://ce.lijit.com/merge?pid=42&3pid=45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37&us_privacy=&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=42&3pid=45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37&us_privacy=&gdpr=0&gdpr_consent=&dnr=1

Request Chain 279

https://dis.criteo.com/dis/usersync.aspx?r=29&p=282&cp=taboolaortb&cu=1&url=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fcriteortb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%40%40CRITEO_USERID%40%40 HTTP 302
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=2c0a3e64-140e-44fc-a2be-05e33e8bf965

Request Chain 280

https://id5-sync.com/s/464/9.gif?puid=45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37&gdpr=0&gdpr_consent=&callback=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fid5-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%7BID5UID%7D HTTP 302
https://id5-sync.com/c/464/464/7/1.gif?puid=45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37&gdpr=1&gdpr_consent= HTTP 302
https://ice.360yield.com/match?publisher_dsp_id=79&dsp_callback=1&external_user_id=ID5-ZHMOxLCw4xF_jrBxXXGri-0M07uU3QHpPdPJ1BGTVA&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F464%2F124%2F6%2F2.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D1%26gdpr_consent%3D&gdpr=1&gdpr_consent= HTTP 302
https://ice.360yield.com/ul_cb/match?publisher_dsp_id=79&dsp_callback=1&external_user_id=ID5-ZHMOxLCw4xF_jrBxXXGri-0M07uU3QHpPdPJ1BGTVA&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F464%2F124%2F6%2F2.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D1%26gdpr_consent%3D&gdpr=1&gdpr_consent= HTTP 302
https://id5-sync.com/cq/464/124/6/2.gif?puid=0c04acef-2078-4ef2-9156-3d671bb01675&gdpr=1&gdpr_consent=&gdpr=1&gdpr_consent=

Request Chain 281

https://s.c.appier.net/taboola HTTP 302
https://sync.taboola.com/sg/appierrtb-network/1/rtb-h?taboola_hm=RPlhHev8BheAqztFvZZtYA

Request Chain 284

https://x.bidswitch.net/sync?ssp=taboola&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=taboola&gdpr=0&gdpr_consent= HTTP 302
https://ads.betweendigital.com/match?bidder_id=43092&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dtaboola%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D HTTP 302
https://ads.betweendigital.com/match?bidder_id=43092&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dtaboola%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D&crf=1 HTTP 302
https://x.bidswitch.net/sync?dsp_id=429&user_id=3eb4cb8b-e885-5161-9927-5f39f94ac983&ssp=taboola&expires=30&user_group=1 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=429&user_id=3eb4cb8b-e885-5161-9927-5f39f94ac983&ssp=taboola&expires=30&user_group=1 HTTP 302
https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=2acd77d0-e066-4761-a422-e601a20c46d2

Request Chain 285

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 290

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEAREAKTwX3Gtc1ezvW9DjoA&google_cver=1&google_push=AQvitUK75_zEtlWo4xoDF4zmm8Qny6t1GgyCLMRQ0QNjEIHZ9sEwxQMJ6LWoL6rpyyJhdr96q2tTTiwBP_ZEJx6G2X8pIENx-i0M HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AQvitUK75_zEtlWo4xoDF4zmm8Qny6t1GgyCLMRQ0QNjEIHZ9sEwxQMJ6LWoL6rpyyJhdr96q2tTTiwBP_ZEJx6G2X8pIENx-i0M&google_gid=CAESEAREAKTwX3Gtc1ezvW9DjoA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NzI2MjIzODM5ODA0NTk1Nzc0MQ%3D%3D&google_push=AQvitUK75_zEtlWo4xoDF4zmm8Qny6t1GgyCLMRQ0QNjEIHZ9sEwxQMJ6LWoL6rpyyJhdr96q2tTTiwBP_ZEJx6G2X8pIENx-i0M

Request Chain 291

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEDLcTLngaPHy8c9-yMy3zDI&google_cver=1&google_push=AQvitUKCxvy3WyunnYbfK6WOxBtW8PSRCYebaapi_1q3EirWOM9lMniTlPOOBoPyHSLnTbQhPjUr6B72WoZv8fKW_B8_bSIFj-tTkw HTTP 302
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEDLcTLngaPHy8c9-yMy3zDI&google_cver=1&google_push=AQvitUKCxvy3WyunnYbfK6WOxBtW8PSRCYebaapi_1q3EirWOM9lMniTlPOOBoPyHSLnTbQhPjUr6B72WoZv8fKW_B8_bSIFj-tTkw&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEDLcTLngaPHy8c9-yMy3zDI&google_cver=1&google_push=AQvitUKCxvy3WyunnYbfK6WOxBtW8PSRCYebaapi_1q3EirWOM9lMniTlPOOBoPyHSLnTbQhPjUr6B72WoZv8fKW_B8_bSIFj-tTkw&apid=UPfeec7d04-9793-11eb-98c4-06101d0df3ac HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBmZWVjN2QwNC05NzkzLTExZWItOThjNC0wNjEwMWQwZGYzYWM%3D&google_push=AQvitUKCxvy3WyunnYbfK6WOxBtW8PSRCYebaapi_1q3EirWOM9lMniTlPOOBoPyHSLnTbQhPjUr6B72WoZv8fKW_B8_bSIFj-tTkw

Request Chain 295

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEGc027Uv7pEc2A7HuTfg6go&google_cver=1&google_push=AQvitUJK_RwqYl8OaSYnHZ3qYIngHcU2AZ1eyq6iwZI-FkfPdQlGqktKAggj9PyVRSUsNtEpW4QbrdUHm-1emwsoa19DYr2wdvg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AQvitUJK_RwqYl8OaSYnHZ3qYIngHcU2AZ1eyq6iwZI-FkfPdQlGqktKAggj9PyVRSUsNtEpW4QbrdUHm-1emwsoa19DYr2wdvg&google_hm=ucvNsn8yTSqOl-a7e4JMRA==

Request Chain 296

https://d5p.de17a.com/cookies/google?google_gid=CAESEJ6nnLWl_k3Sl3CQBNcHeDo&google_cver=1&google_push=AQvitULc-xjSrX0crlxhEnBWG2NOXKW5hGL_wA755a1UtDr8hfgogPFAV4OwI-phiF5Fi4yFlDCMBHFvOJCewiR-VPV42BNdIkmD HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEJ6nnLWl_k3Sl3CQBNcHeDo&google_cver=1&google_push=AQvitULc-xjSrX0crlxhEnBWG2NOXKW5hGL_wA755a1UtDr8hfgogPFAV4OwI-phiF5Fi4yFlDCMBHFvOJCewiR-VPV42BNdIkmD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AQvitULc-xjSrX0crlxhEnBWG2NOXKW5hGL_wA755a1UtDr8hfgogPFAV4OwI-phiF5Fi4yFlDCMBHFvOJCewiR-VPV42BNdIkmD

Request Chain 297

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESECNFhhnw9E7LcIvDR03nSuk&google_cver=1&google_push=AQvitUKaAmpL6KWo1SNZPRS6N3cnp7csQlfc7ifMNGS4v2aeExMYn32epyV1UW6uudKz7-BKkOV4qEi9O3_Djiej63KnDduDfXvR HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESECNFhhnw9E7LcIvDR03nSuk&google_cver=1&google_push=AQvitUKaAmpL6KWo1SNZPRS6N3cnp7csQlfc7ifMNGS4v2aeExMYn32epyV1UW6uudKz7-BKkOV4qEi9O3_Djiej63KnDduDfXvR HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzY2NjUwMDc2NjEwMDAyNzQ4&google_push=AQvitUKaAmpL6KWo1SNZPRS6N3cnp7csQlfc7ifMNGS4v2aeExMYn32epyV1UW6uudKz7-BKkOV4qEi9O3_Djiej63KnDduDfXvR

Request Chain 298

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEAREAKTwX3Gtc1ezvW9DjoA&google_cver=1&google_push=AQvitUI_FJSB1qBBRqfKc7RmZqIb01WAcPut0MNamg5jk5LQ-vuz9iG1QfA16I10Gs_cgB9EKljzCRnD4TtYP3UGc5h6D5KucJtO HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AQvitUI_FJSB1qBBRqfKc7RmZqIb01WAcPut0MNamg5jk5LQ-vuz9iG1QfA16I10Gs_cgB9EKljzCRnD4TtYP3UGc5h6D5KucJtO&google_gid=CAESEAREAKTwX3Gtc1ezvW9DjoA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NzI2MjIzODM5ODA0NTk1Nzc0MQ%3D%3D&google_push=AQvitUI_FJSB1qBBRqfKc7RmZqIb01WAcPut0MNamg5jk5LQ-vuz9iG1QfA16I10Gs_cgB9EKljzCRnD4TtYP3UGc5h6D5KucJtO

Request Chain 299

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEDLcTLngaPHy8c9-yMy3zDI&google_cver=1&google_push=AQvitULtiYiLWDKdg0NZyPkLfimiemPAiLmRB9f2CErARMDsmsioi8pK0lDLvmIsjzufBfi8rBKHP0zmLTUQfAvyCTD0UaEBLRqSTQ HTTP 302
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEDLcTLngaPHy8c9-yMy3zDI&google_cver=1&google_push=AQvitULtiYiLWDKdg0NZyPkLfimiemPAiLmRB9f2CErARMDsmsioi8pK0lDLvmIsjzufBfi8rBKHP0zmLTUQfAvyCTD0UaEBLRqSTQ&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEDLcTLngaPHy8c9-yMy3zDI&google_cver=1&google_push=AQvitULtiYiLWDKdg0NZyPkLfimiemPAiLmRB9f2CErARMDsmsioi8pK0lDLvmIsjzufBfi8rBKHP0zmLTUQfAvyCTD0UaEBLRqSTQ&apid=UPfeec7d04-9793-11eb-98c4-06101d0df3ac HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBmZWVjN2QwNC05NzkzLTExZWItOThjNC0wNjEwMWQwZGYzYWM%3D&google_push=AQvitULtiYiLWDKdg0NZyPkLfimiemPAiLmRB9f2CErARMDsmsioi8pK0lDLvmIsjzufBfi8rBKHP0zmLTUQfAvyCTD0UaEBLRqSTQ

Request Chain 302

https://ads.travelaudience.com/google_pixel?google_gid=CAESELUAwXt4fWbdJHwgDieuzvU&google_cver=1&google_push=AQvitUKmnYoBEaiLF2NP0iEAAIDAZX_bmnAIZqg8QJ6EfdShTe4Cj99FnmsqrRiibJU4-YadnN2U9aLoWAixiQX9vQgQY600FzI HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=VS2E_oaSTFWpIunBUzrgog2&google_push=AQvitUKmnYoBEaiLF2NP0iEAAIDAZX_bmnAIZqg8QJ6EfdShTe4Cj99FnmsqrRiibJU4-YadnN2U9aLoWAixiQX9vQgQY600FzI

Request Chain 304

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESECNFhhnw9E7LcIvDR03nSuk&google_cver=1&google_push=AQvitUKWnKjMRow2rQSaGR5X0Tf58qOMrIaADZg6KlL0RRM6xLwG-t6wMlLaDiGGE-CVKtdOLP1U_7-daQBPe4tTA68UlhFrOmoJ HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESECNFhhnw9E7LcIvDR03nSuk&google_cver=1&google_push=AQvitUKWnKjMRow2rQSaGR5X0Tf58qOMrIaADZg6KlL0RRM6xLwG-t6wMlLaDiGGE-CVKtdOLP1U_7-daQBPe4tTA68UlhFrOmoJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTM5NzQ3ODYzNDcyOTk3OTk3NA&google_push=AQvitUKWnKjMRow2rQSaGR5X0Tf58qOMrIaADZg6KlL0RRM6xLwG-t6wMlLaDiGGE-CVKtdOLP1U_7-daQBPe4tTA68UlhFrOmoJ

Request Chain 305

https://rtb.openx.net/sync/dds?google_gid=CAESEItTKZG1kUWN2sv0XGL2lng&google_cver=1&google_push=AQvitUIVK7O4O7yfZ-YCa6jSbW3nupOXY6QB07-30Y5DDYALi1PslYKTYENO7U4MIIARDSCQaYBsoPH-3Xaqfc-vJ64OffXL_zXj HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIVK7O4O7yfZ-YCa6jSbW3nupOXY6QB07-30Y5DDYALi1PslYKTYENO7U4MIIARDSCQaYBsoPH-3Xaqfc-vJ64OffXL_zXj&google_hm=keM-veglhdGcteci2aRnFQ==

Request Chain 306

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEFzUQd4ujzg840yoFL47xiw&google_cver=1&google_push=AQvitUJwzeMHlFgCL1XBMos_BxV_xHC57Z_F83ODjJwz1Gzvy804obSbZ3XOd0kCRzJEgRI82slP_ZE-TwiOmAvQK80e5k13phA HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-4f07bd75-2884-4bb8-9b56-5acc2f023ecf-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAQvitUJwzeMHlFgCL1XBMos_BxV_xHC57Z_F83ODjJwz1Gzvy804obSbZ3XOd0kCRzJEgRI82slP_ZE-TwiOmAvQK80e5k13phA%26google_hm%3DA08HvXUohEu4m1ZazC8CPs8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUJwzeMHlFgCL1XBMos_BxV_xHC57Z_F83ODjJwz1Gzvy804obSbZ3XOd0kCRzJEgRI82slP_ZE-TwiOmAvQK80e5k13phA&google_hm=A08HvXUohEu4m1ZazC8CPs8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUJwzeMHlFgCL1XBMos_BxV_xHC57Z_F83ODjJwz1Gzvy804obSbZ3XOd0kCRzJEgRI82slP_ZE-TwiOmAvQK80e5k13phA&google_hm=A08HvXUohEu4m1ZazC8CPs8&google_tc=

Request Chain 307

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEBQ9jJdhLRy7Th3VjtFy2-A&google_cver=1&google_push=AQvitUI6Ibz-HXBdCub1czfc9jr3QrLaOaPlsELuSLLZ3oVXvC-J6FccL3W8QVq-oAMxB3YROStjP7zR7lODYwG_SGqiaWLVFrbnfQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1NRkh0N0VSRTJ1R2M2QkxyNnIuVHN1ME5VbnpKWkQxNn5B&google_push=AQvitUI6Ibz-HXBdCub1czfc9jr3QrLaOaPlsELuSLLZ3oVXvC-J6FccL3W8QVq-oAMxB3YROStjP7zR7lODYwG_SGqiaWLVFrbnfQ

Request Chain 329

https://match.adsrvr.org/track/cmf/generic?ttd_pid=rjrqv8k&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=rjrqv8k&ttd_tpi=1 HTTP 302
https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=3adc4e78-78a0-4f7f-bb50-200e43e3be2f

Request Chain 332

https://secure.adnxs.com/async_usersync?cbfn=AN_async_load HTTP 307
https://secure.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DAN_async_load

Request Chain 334

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8570601444235523484

Request Chain 336

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=cqwo0qldTs-d8P9qi9Q_yg%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 338

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=72AC28D2-A95D-4ECF-9DF0-FF6A8BD43FCA&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=72AC28D2-A95D-4ECF-9DF0-FF6A8BD43FCA&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 339

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=72AC28D2-A95D-4ECF-9DF0-FF6A8BD43FCA&gdpr= HTTP 302
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=72AC28D2-A95D-4ECF-9DF0-FF6A8BD43FCA&gdpr=&fbounce=1 HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=72AC28D2-A95D-4ECF-9DF0-FF6A8BD43FCA&addseg=22

Request Chain 340

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NzJBQzI4RDItQTk1RC00RUNGLTlERjAtRkY2QThCRDQzRkNB&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 341

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEKMc-Esfu4uQMI2WbYl--VA&google_cver=1

Request Chain 343

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=766650076610002748

Request Chain 344

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:f54c606d-96bc-4400-8926-eaa59acd3267&gdpr=0&gdpr_consent=

Request Chain 345

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3adc4e78-78a0-4f7f-bb50-200e43e3be2f

Request Chain 346

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=9009414776003929772&gdpr=0&gdpr_consent=

Request Chain 348

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=72AC28D2-A95D-4ECF-9DF0-FF6A8BD43FCA&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-y4wNrc9E2uXfDPa0lrCmla9KUZr66Uw-~A&gdpr=0&gdpr_consent=

Request Chain 349

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://prod.perf-serving.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic HTTP 302
https://prod.perf-serving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic HTTP 302
https://x.bidswitch.net/sync?dsp_id=366&expires=14&user_id=014b1b07-e9e0-4017-a6a7-8569c9e12da8&ssp=pubmatic&user_group=1 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=2acd77d0-e066-4761-a422-e601a20c46d2&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 350

https://eu-u.openx.net/w/1.0/pd?plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=1 HTTP 302
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=1

Request Chain 354

https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=rTzNMCZq1Lu6jH5

Request Chain 355

https://x.bidswitch.net/sync?ssp=openx HTTP 302
https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dopenx HTTP 302
https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dopenx HTTP 302
https://x.bidswitch.net/sync?dsp_id=59&user_id=75374452-8b61-40da-85e6-eef51e7dd14a&ssp=openx HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072968&val=2acd77d0-e066-4761-a422-e601a20c46d2

Request Chain 356

https://match.prod.bidr.io/cookie-sync/ox HTTP 303
https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFEVHRFN0EyeTBBQUNxWFNoWmJwdw&bee_sync_partners=pm%2Csas%2Cpp%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Csas%2Cpp%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1

Request Chain 357

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=f54c606d-96bc-4400-8926-eaa59acd3267

Request Chain 358

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=kYvGd56NknCKj5Qiw47dJsKDwHaK3cghl4Pfw5Rl

Request Chain 359

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=766650076610002748

Request Chain 362

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECkqysP0S8S7aCKENrS9elE&google_cver=1

363 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 VX2vBD5-Yg9vW837tWm8gQfm5W24t7JB4q59SpN52hRhc2-Hw7V1-WJV7CgB0DW1Hyy-R3gpQ0wVwZcdr8plYMqW6QtYmq4Bk2VyW7MRzNc4WH8JWW7HNfTP4-K9xJW227XFj1qlG6FW31__FB4KwY4mW4TlW-W4ZxSNVN5S-zQH_phBcW3lbCJx4ygsx9W3Lnwkx... Show response
info.silobreaker.com/e2t/tc/ 9 KB
3 KB 278ms
204ms Document
text/html 199.60.103.254
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://info.silobreaker.com/e2t/tc/VX2vBD5-Yg9vW837tWm8gQfm5W24t7JB4q59SpN52hRhc2-Hw7V1-WJV7CgB0DW1Hyy-R3gpQ0wVwZcdr8plYMqW6QtYmq4Bk2VyW7MRzNc4WH8JWW7HNfTP4-K9xJW227XFj1qlG6FW31__FB4KwY4mW4TlW-W4ZxSNVN5S-zQH_phBcW3lbCJx4ygsx9W3Lnwkx8_FLpCVwSGjF70TSNVW7d4P-P202-2-W2Bk9PW5TFtd6W7hflxr3PxKvZW3z59yj4HnXCkW7cszk08ZnHKpW7mFgDG7CTTybW1bPWmy712BYTW4jlB1P5qQsC8W4jL1f22z87rqW61ZbqP32P7v4W8hK92l8PM6QSW8ZHNy-17NMLX35r11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b877196bc7382ae5b72b3fbf90805e1b689cb7b1be66d63ffe71daf74a1614a4

Request headers

:method: GET
:authority: info.silobreaker.com
:scheme: https
:path: /e2t/tc/VX2vBD5-Yg9vW837tWm8gQfm5W24t7JB4q59SpN52hRhc2-Hw7V1-WJV7CgB0DW1Hyy-R3gpQ0wVwZcdr8plYMqW6QtYmq4Bk2VyW7MRzNc4WH8JWW7HNfTP4-K9xJW227XFj1qlG6FW31__FB4KwY4mW4TlW-W4ZxSNVN5S-zQH_phBcW3lbCJx4ygsx9W3Lnwkx8_FLpCVwSGjF70TSNVW7d4P-P202-2-W2Bk9PW5TFtd6W7hflxr3PxKvZW3z59yj4HnXCkW7cszk08ZnHKpW7mFgDG7CTTybW1bPWmy712BYTW4jlB1P5qQsC8W4jL1f22z87rqW61ZbqP32P7v4W8hK92l8PM6QSW8ZHNy-17NMLX35r11
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:41 GMT
content-type: text/html;charset=utf-8
set-cookie: __cfduid=d4a4b7e56f90dd35457f46d2c94ba08a11617794741; expires=Fri, 07-May-21 11:25:41 GMT; path=/; domain=.info.silobreaker.com; HttpOnly; SameSite=Lax __cfruid=6c46ccba019f9af2dc7abb88f04048d632e11c79-1617794741; path=/; domain=.info.silobreaker.com; HttpOnly; Secure; SameSite=None
cf-ray: 63c2e58f2f3fcb00-ARN
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
cf-request-id: 094dadcd7a0000cb00c32b0000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy: no-referrer
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=4hlYDAbkHIO9j%2FdV3ZWbhnK22VCx1XJIBf7nAjk1b7p1Ha3ZfgLRG%2BdcqoCXSd3wseCiJbYm2nZmWF5DLFOgwz11%2BcXNBS%2Bmw9hFWYzElaDvGmlXEA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br

GET
H2

200

Primary Request pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334 Show response
hillreporter.com/
Redirect Chain

https://info.silobreaker.com/events/public/v1/track/tc/VX2vBD5-Yg9vW837tWm8gQfm5W24t7JB4q59SpN52hRhc2-Hw7V1-WJV7CgB0DW1Hyy-R3gpQ0wVwZcdr8plYMqW6QtYmq4Bk2VyW7MRzNc4WH8JWW7HNfTP4-K9xJW227XFj1qlG6FW31...
https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqs...

73 KB
20 KB

216ms
69ms

Document
text/html

136.243.171.217
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg

Requested by

Host: info.silobreaker.com
URL: https://info.silobreaker.com/e2t/tc/VX2vBD5-Yg9vW837tWm8gQfm5W24t7JB4q59SpN52hRhc2-Hw7V1-WJV7CgB0DW1Hyy-R3gpQ0wVwZcdr8plYMqW6QtYmq4Bk2VyW7MRzNc4WH8JWW7HNfTP4-K9xJW227XFj1qlG6FW31__FB4KwY4mW4TlW-W4ZxSNVN5S-zQH_phBcW3lbCJx4ygsx9W3Lnwkx8_FLpCVwSGjF70TSNVW7d4P-P202-2-W2Bk9PW5TFtd6W7hflxr3PxKvZW3z59yj4HnXCkW7cszk08ZnHKpW7mFgDG7CTTybW1bPWmy712BYTW4jlB1P5qQsC8W4jL1f22z87rqW61ZbqP32P7v4W8hK92l8PM6QSW8ZHNy-17NMLX35r11

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

136.243.171.217 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx /

Resource Hash

05e33befcadea8f8a210f3e7f97079f41ed917f40fe912c989b2419ce638a19a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: hillreporter.com
:scheme: https
:path: /pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://info.silobreaker.com/e2t/tc/VX2vBD5-Yg9vW837tWm8gQfm5W24t7JB4q59SpN52hRhc2-Hw7V1-WJV7CgB0DW1Hyy-R3gpQ0wVwZcdr8plYMqW6QtYmq4Bk2VyW7MRzNc4WH8JWW7HNfTP4-K9xJW227XFj1qlG6FW31__FB4KwY4mW4TlW-W4ZxSNVN5S-zQH_phBcW3lbCJx4ygsx9W3Lnwkx8_FLpCVwSGjF70TSNVW7d4P-P202-2-W2Bk9PW5TFtd6W7hflxr3PxKvZW3z59yj4HnXCkW7cszk08ZnHKpW7mFgDG7CTTybW1bPWmy712BYTW4jlB1P5qQsC8W4jL1f22z87rqW61ZbqP32P7v4W8hK92l8PM6QSW8ZHNy-17NMLX35r11

Response headers

server: nginx
date: Wed, 07 Apr 2021 11:25:42 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
link: <https://hillreporter.com/wp-json/>; rel="https://api.w.org/" <https://hillreporter.com/wp-json/wp/v2/posts/97334>; rel="alternate"; type="application/json" <https://hillreporter.com/?p=97334>; rel=shortlink
vary: Accept-Encoding, Cookie
last-modified: Wed, 07 Apr 2021 11:11:59 GMT
x-presslabs-stats: HIT; 0.149s; 23 queries; desktop; ttl 1800s; refresh in 977s
content-encoding: gzip
x-request-id: e6288dc048b29973c209e07ed6fffa03
strict-transport-security: max-age=31536000

Redirect headers

date: Wed, 07 Apr 2021 11:25:42 GMT
location: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
cf-ray: 63c2e5907a05cb00-ARN
link: <https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg>; rel="canonical"
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
cf-request-id: 094dadce4f0000cb00e0222000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy: no-referrer
x-robots-tag: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=hw1U7P4Pb3IpzT3TxV0w0FHzdVZtp2ZD1%2FgIzoo8UtHc87qTTiU42rfZAuskl0hDb8ybGx%2Fp86PM8ZEHCLKLr%2BsEvmo%2FZp4K%2FA5HZh4mnu9xjxAPOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 front.css
cdn.hillreporter.com/wp-content/plugins/mag-builder/css/ 791 B
514 B 225ms
67ms Stylesheet
text/css 88.99.251.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.hillreporter.com/wp-content/plugins/mag-builder/css/front.css?ver=2.4.23
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 88.99.251.232 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.232.251.99.88.clients.your-server.de
Software: nginx /
Resource Hash: 3cde7327c67a2bde4b077ce381cda87e1cdbc5b0e7eab38f7c4ab06078f97ed5

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:42 GMT
content-encoding: gzip
last-modified: Fri, 02 Apr 2021 06:19:01 GMT
server: nginx
etag: W/"6066b755-317"
x-presslabs-cache: HIT
vary: Accept-Encoding
content-type: text/css
cache-control: max-age = 315360000
x-cache-groups: assets
x-request-id: 008051cee61a414fd7cbcb4adf3f567c
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.min.css
c0.wp.com/c/5.7/wp-includes/css/dist/block-library/ 57 KB
8 KB 105ms
37ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

29778a6252b89c79ad8a313692c3f4b8ff5e300c463858732f28da488dd2cc05

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT arn 2
date: Wed, 07 Apr 2021 11:25:42 GMT
content-encoding: br
last-modified: Tue, 02 Mar 2021 00:46:20 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Thu, 07 Apr 2022 11:25:42 GMT

GET
H2 200 gdm-blocks.css
cdn.hillreporter.com/wp-content/plugins/google-drive-embedder/css/ 490 B
566 B 225ms
68ms Stylesheet
text/css 88.99.251.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.hillreporter.com/wp-content/plugins/google-drive-embedder/css/gdm-blocks.css?ver=5.7
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 88.99.251.232 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.232.251.99.88.clients.your-server.de
Software: nginx /
Resource Hash: fd5cb099e20880a844303f3fa924ec36445155c0e874418b092dde6a6b5dcfe9

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:42 GMT
content-encoding: gzip
last-modified: Fri, 02 Apr 2021 06:19:00 GMT
server: nginx
etag: W/"6066b754-1ea"
x-presslabs-cache: HIT
vary: Accept-Encoding
content-type: text/css
cache-control: max-age = 315360000
x-cache-groups: assets
x-request-id: 008051cee61a414fd7cbcb4adf3f567c
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
cdn.hillreporter.com/wp-content/themes/newsdesk_theme/ 70 KB
19 KB 226ms
68ms Stylesheet
text/css 88.99.251.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.hillreporter.com/wp-content/themes/newsdesk_theme/style.css?ver=1617344343
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 88.99.251.232 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.232.251.99.88.clients.your-server.de
Software: nginx /
Resource Hash: 9e517641e1c47d965766f6b39e1293ada96d8c04ee1ba730cae2c73344486f22

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:42 GMT
content-encoding: gzip
last-modified: Fri, 02 Apr 2021 06:19:03 GMT
server: nginx
etag: W/"6066b757-116f9"
x-presslabs-cache: HIT
vary: Accept-Encoding
content-type: text/css
cache-control: max-age = 315360000
x-cache-groups: assets
x-request-id: 008051cee61a414fd7cbcb4adf3f567c
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jetpack.css
c0.wp.com/p/jetpack/9.5/css/ 75 KB
13 KB 105ms
37ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/9.5/css/jetpack.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0b721ba64a02eb660eb62d1b6d7558ec8d86490c0e4444262b38ac5a54004e88

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT arn 2
date: Wed, 07 Apr 2021 11:25:42 GMT
content-encoding: br
last-modified: Tue, 23 Feb 2021 16:08:42 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Thu, 07 Apr 2022 11:25:42 GMT

GET
H2 200 jquery.min.js Show response
c0.wp.com/c/5.7/wp-includes/js/jquery/ 87 KB
30 KB 133ms
65ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7/wp-includes/js/jquery/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT arn 2
date: Wed, 07 Apr 2021 11:25:42 GMT
content-encoding: br
last-modified: Wed, 07 Oct 2020 16:33:25 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Thu, 07 Apr 2022 11:25:42 GMT

GET
H2 200 jquery-migrate.min.js Show response
c0.wp.com/c/5.7/wp-includes/js/jquery/ 11 KB
4 KB 133ms
65ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT arn 2
date: Wed, 07 Apr 2021 11:25:42 GMT
content-encoding: br
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Thu, 07 Apr 2022 11:25:42 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
38 KB 25ms
22ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-100615071-2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5f28161566935beac10393920f177768d19feb1ba544ae9e25b81febf30acb08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:42 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39181
x-xss-protection: 0
last-modified: Wed, 07 Apr 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 07 Apr 2021 11:25:42 GMT

GET
H2 200 logo3.png
cdn.hillreporter.com/wp-content/themes/newsdesk_theme/images/ 15 KB
16 KB 130ms
127ms Image
image/png 88.99.251.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hillreporter.com/wp-content/themes/newsdesk_theme/images/logo3.png
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 88.99.251.232 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.232.251.99.88.clients.your-server.de
Software: nginx /
Resource Hash: 53da7e4b2b784af81549ddfe3ebc3374f06ef290f620c5f2aa231530da07445b

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:42 GMT
content-encoding: gzip
last-modified: Fri, 02 Apr 2021 06:19:03 GMT
server: nginx
etag: W/"6066b757-3dff"
x-presslabs-cache: HIT
vary: Accept-Encoding
content-type: image/png
cache-control: max-age = 315360000
x-cache-groups: assets
x-request-id: 324340a39ce30237f7a96552bd1d2110
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-emoji-release.min.js Show response
cdn.hillreporter.com/wp-includes/js/ 14 KB
5 KB 138ms
135ms Script
application/javascript 88.99.251.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.hillreporter.com/wp-includes/js/wp-emoji-release.min.js?ver=5.7
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 88.99.251.232 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.232.251.99.88.clients.your-server.de
Software: nginx /
Resource Hash: 0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:42 GMT
content-encoding: gzip
last-modified: Wed, 06 Jan 2021 15:29:24 GMT
server: nginx
etag: W/"5ff5d754-3795"
x-presslabs-cache: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age = 315360000
x-cache-groups: assets
x-request-id: 02e7cbb96201ffac03f188052a578234
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 9 KB
970 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Noto+Sans%3A400%2C700%7CNoto+Serif%3A400%2C700&ver=5.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cc9bc1b8a8d7d7140117999c802b9be2e00337e9ab4bd7c69aff5ae57afa116c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 07 Apr 2021 10:33:30 GMT
server: ESF
date: Wed, 07 Apr 2021 11:25:42 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 07 Apr 2021 11:25:42 GMT

GET
H2 200 jquery.fitvids.js Show response
cdn.hillreporter.com/wp-content/plugins/fitvids-for-wordpress/ 4 KB
2 KB 68ms
68ms Script
application/javascript 88.99.251.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.hillreporter.com/wp-content/plugins/fitvids-for-wordpress/jquery.fitvids.js?ver=1.1
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 88.99.251.232 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.232.251.99.88.clients.your-server.de
Software: nginx /
Resource Hash: 4eeeaa4e345fef8be54d0a26426b4fb41a4fa9110bf30cba2254472189aca82c

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:42 GMT
content-encoding: gzip
last-modified: Fri, 02 Apr 2021 06:19:00 GMT
server: nginx
etag: W/"6066b754-edb"
x-presslabs-cache: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age = 315360000
x-cache-groups: assets
x-request-id: bf9db20ca27b48960f955f6412f42951
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-embed.min.js Show response
c0.wp.com/c/5.7/wp-includes/js/ 1 KB
717 B 32ms
32ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7/wp-includes/js/wp-embed.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT arn 2
date: Wed, 07 Apr 2021 11:25:42 GMT
content-encoding: br
last-modified: Wed, 06 Jan 2021 15:29:24 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Thu, 07 Apr 2022 11:25:42 GMT

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 44ms
26ms Script
application/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=5.7
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f877a798b0af17fb62564cc4a3b2c8f1fb76398c7e3156eae984fafe175bf4c3

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:42 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 410
etag: W/"29e3b92597e716694def18b1f85abbfb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 63c2e5957f366437-FRA
cf-request-id: 094dadd16f000064371fbac000000001
expires: Sat, 10 Apr 2021 11:25:42 GMT

GET
H2 200 ajax-load-more.min.js Show response
cdn.hillreporter.com/wp-content/plugins/ajax-load-more/core/dist/js/ 204 KB
61 KB 72ms
68ms Script
application/javascript 88.99.251.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.hillreporter.com/wp-content/plugins/ajax-load-more/core/dist/js/ajax-load-more.min.js?ver=5.4.4
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 88.99.251.232 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.232.251.99.88.clients.your-server.de
Software: nginx /
Resource Hash: 8039e55bd4746350f2afb2187ec8271e80c4dc8b0972bf24a47d45ebc17203a3

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:42 GMT
content-encoding: gzip
last-modified: Fri, 02 Apr 2021 06:19:00 GMT
server: nginx
etag: W/"6066b754-3314f"
x-presslabs-cache: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age = 315360000
x-cache-groups: assets
x-request-id: 324340a39ce30237f7a96552bd1d2110
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 drawer.min.js Show response
cdn.hillreporter.com/wp-content/themes/newsdesk_theme/js/ 36 KB
10 KB 124ms
120ms Script
application/javascript 88.99.251.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.hillreporter.com/wp-content/themes/newsdesk_theme/js/drawer.min.js?ver=5.7
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 88.99.251.232 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.232.251.99.88.clients.your-server.de
Software: nginx /
Resource Hash: 6bfc1cffba6bac80d7d839716f8aaac9a11c922685738ce9fe8ac273edcda947

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:42 GMT
content-encoding: gzip
last-modified: Fri, 02 Apr 2021 06:19:03 GMT
server: nginx
etag: W/"6066b757-9118"
x-presslabs-cache: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age = 315360000
x-cache-groups: assets
x-request-id: 324340a39ce30237f7a96552bd1d2110
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 e-202114.js Show response
stats.wp.com/ 9 KB
3 KB 35ms
32ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202114.js
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT arn
date: Wed, 07 Apr 2021 11:25:42 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Sun, 27 Mar 2022 22:14:37 GMT

GET
H2 200 V3CykjuIU7M2.js Show response
hillreporter.com/ 1 KB
992 B 71ms
69ms Script
application/javascript 136.243.171.217
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hillreporter.com/V3CykjuIU7M2.js?ts=45048

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

136.243.171.217 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx /

Resource Hash

3fa473d6b3c64226cfee6729a9c111dcef10b1312b1f5806036e7ea8348b2f7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:42 GMT
content-encoding: gzip
last-modified: Fri, 11 Sep 2020 11:27:18 GMT
server: nginx
etag: W/"5f5b5f16-5c4"
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache
strict-transport-security: max-age=31536000
x-presslabs-stats: desktop
x-request-id: e521d40d9b8ad88cf9ea6341f839e86a
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 91 KB
23 KB 8ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

86cc35989be655e6cbe68540cf835dec34388862a948fbd05850100797c32319

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23784
x-fb-rlafr: 0
pragma: public
x-fb-debug: dFLKI5mjeR5CIKmeycW9d7I46wqBXPO8nQRqUh/68kP/kBB4RpCp9xtHBonTuHjtTy/Mr41utCmyDf2D6h6DOg==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Wed, 07 Apr 2021 11:25:42 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 hillreporter.min.js Show response
global.proper.io/ 14 KB
5 KB 72ms
49ms Script
application/javascript 2606:4700::6811:4f22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://global.proper.io/hillreporter.min.js
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:4f22 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24f8db0cbffb9df08e4f3d194e9c9ccfc74a4c6b728bb5a61475464a77c00f43

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 23 Feb 2021 22:59:14 GMT
server: cloudflare
age: 3670470
etag: W/"603588c2-39bf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=300
cf-ray: 63c2e5958f5b536a-FRA
cf-request-id: 094dadd1740000536a77a6e000000001
expires: Wed, 07 Apr 2021 11:30:42 GMT

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/hillreporter-network/ 188 KB
25 KB 167ms
55ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/hillreporter-network/loader.js
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6ffb31549304ed3a751e32a8a509bbb938fce9d133a2b612f4642dd6d7855d0a

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: AnDVr.pKS5RVULv7MlhDgoCgurh4.qXf
content-encoding: gzip
etag: "9d094cd7294a9eaa96507488e53b080e"
age: 130
x-cache: HIT
content-length: 24923
x-amz-id-2: W9M026c4z34sH2hoUquj6QhVBB9JnZGprHp7uNgAYAc669D3ZEagUbWKa2frAnEdtS0tITRcuuw=
x-served-by: cache-hhn11535-HHN
last-modified: Tue, 06 Apr 2021 10:31:08 GMT
server: AmazonS3
x-timer: S1617794743.760919,VS0,VE1
date: Wed, 07 Apr 2021 11:25:42 GMT
vary: Accept-Encoding
x-amz-request-id: 6SYRSTGZY10TX5EB
via: 1.1 varnish
cache-control: private,max-age=14401
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 73
x-cache-hits: 1

GET
H2 200 header.jpg
cdn.hillreporter.com/wp-content/themes/newsdesk_theme/images/ 22 KB
23 KB 137ms
136ms Image
image/jpeg 88.99.251.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hillreporter.com/wp-content/themes/newsdesk_theme/images/header.jpg
Requested by: Host: cdn.hillreporter.com
URL: https://cdn.hillreporter.com/wp-content/themes/newsdesk_theme/style.css?ver=1617344343
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 88.99.251.232 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.232.251.99.88.clients.your-server.de
Software: nginx /
Resource Hash: db8be4a0e52d8799ebceedc633dcd7e52e7cb25f48e18f76203c8243a432a700

Request headers

Referer: https://cdn.hillreporter.com/wp-content/themes/newsdesk_theme/style.css?ver=1617344343
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:42 GMT
last-modified: Fri, 02 Apr 2021 06:19:03 GMT
server: nginx
etag: "6066b757-5960"
x-presslabs-cache: HIT
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age = 315360000
accept-ranges: bytes
x-cache-groups: assets
content-length: 22880
x-request-id: 1432b02a9935c88f6ee063f0be87d81d
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fontawesome-webfont.woff2
cdn.hillreporter.com/wp-content/themes/newsdesk_theme/fonts/ 75 KB
76 KB 201ms
68ms Font
application/octet-stream 88.99.251.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.hillreporter.com/wp-content/themes/newsdesk_theme/fonts/fontawesome-webfont.woff2
Requested by: Host: cdn.hillreporter.com
URL: https://cdn.hillreporter.com/wp-content/themes/newsdesk_theme/style.css?ver=1617344343
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 88.99.251.232 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.232.251.99.88.clients.your-server.de
Software: nginx /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Origin: https://hillreporter.com
Referer: https://cdn.hillreporter.com/wp-content/themes/newsdesk_theme/style.css?ver=1617344343
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:42 GMT
content-length: 77160
x-request-id: 7fb0785ca88c724dfb14ce90a40031d5
last-modified: Fri, 02 Apr 2021 06:19:03 GMT
server: nginx
etag: "6066b757-12d68"
x-presslabs-cache: HIT
vary: Accept-Encoding
access-control-allow-methods: HEAD,GET,POST,OPTIONS
content-type: application/octet-stream
access-control-allow-origin: https://hillreporter.com
access-control-expose-headers: Content-Length,Content-Range,X-WP-Total,X-WP-TotalPages,Link
cache-control: max-age = 315360000
accept-ranges: bytes
x-cache-groups: assets
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-WP-Nonce
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 GettyImages-1192138649-480x320.jpg
cdn.hillreporter.com/wp-content/uploads/2021/04/ 18 KB
19 KB 69ms
69ms Image
image/jpeg 88.99.251.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hillreporter.com/wp-content/uploads/2021/04/GettyImages-1192138649-480x320.jpg
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 88.99.251.232 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.232.251.99.88.clients.your-server.de
Software: nginx /
Resource Hash: f7dd3b8cd738e7a2a2074f652a6207fead649dc25b0b27e9a07160bef3372ea8

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:42 GMT
last-modified: Tue, 06 Apr 2021 20:32:53 GMT
server: nginx
etag: "606cc575-4941"
x-presslabs-cache: HIT
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age = 315360000
accept-ranges: bytes
content-length: 18753
x-request-id: e1079e62d5fa08722af136c8ca7784fb
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 SgJMSPwiyog
www.youtube.com/embed/ Frame 4F75 51 KB
0 45ms
45ms Document
text/html 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/SgJMSPwiyog?feature=oembed

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/SgJMSPwiyog?feature=oembed
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://hillreporter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://hillreporter.com/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 07 Apr 2021 11:25:42 GMT
strict-transport-security: max-age=31536000
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=SIPAea3e_bM; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none VISITOR_INFO1_LIVE=PUvf3wSNVtM; Domain=.youtube.com; Expires=Mon, 04-Oct-2021 11:25:42 GMT; Path=/; Secure; HttpOnly; SameSite=none CONSENT=PENDING+422; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 identity.js Show response
connect.facebook.net/signals/plugins/ 11 KB
5 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/identity.js?v=2.9.33

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3bea34f20c813024f046166fb0ad98a8eb93d5ab93052ceb993eee238ece5b66

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 4673
x-fb-rlafr: 0
pragma: public
x-fb-debug: gDQP/r+DrEI8xSxI9xoAySW/SCgkMDmSHSYF+Qlwaf2++zYwRwXhStbl28Ncx3BsiQb6CNWlZpRZW/RKc8dMRg==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Wed, 07 Apr 2021 11:25:42 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 223621711747335 Show response
connect.facebook.net/signals/config/ 240 KB
69 KB 99ms
99ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/223621711747335?v=2.9.33&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2d5f8410c4b80f219e98e31c036b9c6cf97669d8ad0ba3d3d11f20bded458cca

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr: 0
pragma: public
x-fb-debug: Z/rMbPVVCJwno2z2Bjj45vutC051XabnhHyxkMfSg2OBbAqad/1B0Qlam6ew8jmNYN30JxxDI1kbhSxBvu2WuA==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 07 Apr 2021 11:25:42 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coop_report","max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"include_subdomains":true}, {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
cross-origin-opener-policy-report-only: same-origin-allow-popups;report-to="coop_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 loader-fading-blocks.gif
cdn.hillreporter.com/wp-content/plugins/ajax-load-more/core/img/ 3 KB
3 KB 67ms
67ms Image
image/gif 88.99.251.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hillreporter.com/wp-content/plugins/ajax-load-more/core/img/loader-fading-blocks.gif
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 88.99.251.232 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.232.251.99.88.clients.your-server.de
Software: nginx /
Resource Hash: 614720662b401ebcc2e88a3b22d87311f4084e22881644ea7940d9841fb3dcf9

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:42 GMT
last-modified: Fri, 02 Apr 2021 06:19:00 GMT
server: nginx
etag: "6066b754-bab"
x-presslabs-cache: HIT
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age = 315360000
accept-ranges: bytes
x-cache-groups: assets
content-length: 2987
x-request-id: 4b68270fdde5fec83468cc37b58b8e99
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2
fonts.gstatic.com/s/notosans/v12/ 16 KB
16 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosans/v12/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans%3A400%2C700%7CNoto+Serif%3A400%2C700&ver=5.7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8beec539128cea621e511cd54f21a0d17ff891a16a0ebd7a98a3e4fbc00bd0e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://hillreporter.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 18:30:59 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Mar 2021 17:43:44 GMT
server: sffe
age: 579283
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16180
x-xss-protection: 0
expires: Thu, 31 Mar 2022 18:30:59 GMT

GET
H2 200 o-0IIpQlx3QUlC5A4PNr5TRA.woff2
fonts.gstatic.com/s/notosans/v12/ 16 KB
16 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosans/v12/o-0IIpQlx3QUlC5A4PNr5TRA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans%3A400%2C700%7CNoto+Serif%3A400%2C700&ver=5.7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a9f53c02752e79270686f1b2a3616b86d3af1ea2a288f2977e34b1141d552ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://hillreporter.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 18:29:35 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Mar 2021 17:50:31 GMT
server: sffe
age: 579367
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16056
x-xss-protection: 0
expires: Thu, 31 Mar 2022 18:29:35 GMT

GET
H3-Q050 200 ga6Iaw1J5X9T9RW6j9bNfFcWaA.woff2
fonts.gstatic.com/s/notoserif/v9/ 23 KB
23 KB 38ms
23ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notoserif/v9/ga6Iaw1J5X9T9RW6j9bNfFcWaA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans%3A400%2C700%7CNoto+Serif%3A400%2C700&ver=5.7

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eced2a68da9eed95cc9c956e26607f9a6176500fd01cc1e41410b562b290e3ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://hillreporter.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 02 Apr 2021 10:03:37 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:03:52 GMT
server: sffe
age: 436925
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23924
x-xss-protection: 0
expires: Sat, 02 Apr 2022 10:03:37 GMT

GET
H3-Q050 200 ga6Law1J5X9T9RW6j9bNdOwzfReecQ.woff2
fonts.gstatic.com/s/notoserif/v9/ 27 KB
27 KB 15ms
15ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notoserif/v9/ga6Law1J5X9T9RW6j9bNdOwzfReecQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans%3A400%2C700%7CNoto+Serif%3A400%2C700&ver=5.7

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

feaad76415c6eb7fb707e31a7f0bd3da9f47a60a5c6d34cd00e2ebf0bbb6766c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://hillreporter.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 02 Apr 2021 10:03:37 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:03:59 GMT
server: sffe
age: 436925
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27344
x-xss-protection: 0
expires: Sat, 02 Apr 2022 10:03:37 GMT

GET
H2 200 admin-ajax.php Show response
hillreporter.com/wp-admin/ 542 B
811 B 470ms
470ms XHR
application/json 136.243.171.217
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hillreporter.com/wp-admin/admin-ajax.php?id=97334&initial_id=97334&order=previous&taxonomy=&excluded_terms=&post_type=post&init=true&action=alm_get_single

Requested by

Host: cdn.hillreporter.com
URL: https://cdn.hillreporter.com/wp-content/plugins/ajax-load-more/core/dist/js/ajax-load-more.min.js?ver=5.4.4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

136.243.171.217 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx /

Resource Hash

eea3575a6370437c92c4ae52c65ebdc2bb8e59634dfb4edbf371f7242f89726a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-presslabs-stats: BYPASS; desktop
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
x-request-id: 33b46a3834191b31fa88ab3a402b06fd
cache-control: no-cache, must-revalidate, max-age=0, no-store
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000
x-robots-tag: noindex
vary: Accept-Encoding
server: nginx
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 latest.js Show response
global.proper.io/payloads/ 909 KB
165 KB 32ms
32ms Script
application/javascript 2606:4700::6811:4f22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://global.proper.io/payloads/latest.js
Requested by: Host: global.proper.io
URL: https://global.proper.io/hillreporter.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:4f22 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc4703203d777e92d2b1e5006deee6f4480203a4dd18b1ca34aa45aedd83fb6f

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 02 Apr 2021 17:18:53 GMT
server: cloudflare
age: 397340
etag: W/"606751fd-e3425"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=300
cf-ray: 63c2e596ea71536a-FRA
cf-request-id: 094dadd2520000536ad0325000000001
expires: Wed, 07 Apr 2021 11:30:42 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
17 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-100615071-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 19 Mar 2021 19:22:18 GMT
server: Golfe2
date: Wed, 07 Apr 2021 11:25:42 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17432
expires: Wed, 07 Apr 2021 13:25:42 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
74 B 36ms
36ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A9.5&blog=151552998&post=97334&tz=-4&srv=hillreporter.com&host=hillreporter.com&ref=&fcp=824&rand=0.08886690560375898
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:42 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H3-Q050 200 SgJMSPwiyog Show response
www.youtube.com/embed/ Frame C74C 51 KB
21 KB 81ms
63ms Document
text/html 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/SgJMSPwiyog?feature=oembed

Requested by

Host: c0.wp.com
URL: https://c0.wp.com/c/5.7/wp-includes/js/jquery/jquery.min.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c52a2b762b048ea339cc93a7703198fb2703057120ef379df6bf1f54e0bf65d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/SgJMSPwiyog?feature=oembed
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://hillreporter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: YSC=SIPAea3e_bM; VISITOR_INFO1_LIVE=PUvf3wSNVtM
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://hillreporter.com/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 07 Apr 2021 11:25:42 GMT
strict-transport-security: max-age=31536000
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: CONSENT=PENDING+693; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 impl.20210406-4-RELEASE.js Show response
cdn.taboola.com/libtrc/ 476 KB
109 KB 57ms
57ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20210406-4-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/hillreporter-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 83d8954d30034cc91b28572289b43478e10982fa4149cc358456a2493c2b1d66

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: rLJ92lBU3RqOJMTJh5LXtsaSRAioZ1uE
content-encoding: br
etag: "3a83308a8fe7086bc32fe56d25665737"
age: 13228
x-cache: HIT
content-length: 111743
x-amz-id-2: Pi39iwY3X2JbJp01BFHzbvmsboe8VKjl2WO9O1O2mOHe4Zu4hmGzHjMdcQ8kPK9wG5SLFJmJeZc=
x-served-by: cache-hhn11535-HHN
last-modified: Tue, 06 Apr 2021 07:27:59 GMT
server: AmazonS3-br
x-timer: S1617794743.941792,VS0,VE0
date: Wed, 07 Apr 2021 11:25:42 GMT
vary: Accept-Encoding
x-amz-request-id: 2DFNPWZQKMJ7RDBQ
via: 1.1 varnish
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: application/javascript
abp: 64
x-cache-hits: 98043

GET
H/1.1 200
OK beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 176ms
59ms Script
application/x-javascript 104.111.238.139
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/hillreporter-network/loader.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.238.139 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-238-139.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 07 Apr 2021 11:25:43 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 884
Expires: Thu, 08 Apr 2021 11:25:43 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
259 B 6ms
5ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=223621711747335&ev=PageView&dl=https%3A%2F%2Fhillreporter.com%2Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334%3F_hsmi%3D96965274%26_hsenc%3Dp2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg&rl=&if=false&ts=1617794742931&sw=1600&sh=1200&v=2.9.33&r=stable&a=wordpress-5.7-3.0.5&ec=0&o=30&fbp=fb.1.1617794742929.986396931&it=1617794742721&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:42 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 07 Apr 2021 11:25:42 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 23 KB
9 KB 26ms
9ms Script
application/javascript 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 16d7d7227f6d8251224d32cd45c81633a3a9d63bf35cd84b1d99d389becb5030

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:42 GMT
content-encoding: gzip
etag: "YoFsxqR3BwPygbSjh02Dug=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Wed, 14 Apr 2021 11:25:42 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
388 B 47ms
13ms XHR
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j89&a=100925289&t=pageview&_s=1&dl=https%3A%2F%2Fhillreporter.com%2Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334%3F_hsmi%3D96965274%26_hsenc%3Dp2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg&ul=en-us&de=UTF-8&dt=Pharma%20CEO%20Reveals%20Donald%20Trump%27s%20Sinister%20Vaccine%20Ideas%20%7C%20HillReporter.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=220179862&gjid=1130367120&cid=2108676921.1617794743&tid=UA-100615071-2&_gid=1329523666.1617794743&_r=1&gtm=2ou3v0&z=1536697232

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://hillreporter.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rules-p-mEzuYq24VEJ-3.js Show response
rules.quantcount.com/ 3 B
347 B 46ms
14ms Script
application/x-javascript 2600:9000:2016:d000:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-mEzuYq24VEJ-3.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2016:d000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:15:19 GMT
via: 1.1 dabb0767cb7bc0fc02f46ee84ad4dbd9.cloudfront.net (CloudFront)
last-modified: Sat, 04 Mar 2017 02:39:21 GMT
server: AmazonS3
age: 625
etag: "8a80554c91d9fca8acb82f023de02f11"
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=3600
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
content-length: 3
x-amz-cf-id: 6pRDVw1pGBuSW6esB_xM8SsuswGLd-Qlzb9v-2N8CP40DCkvw89ssg==

GET
H3-Q050 200 www-player-webp.css
www.youtube.com/s/player/1d7f16b4/ Frame C74C 356 KB
52 KB 11ms
10ms Stylesheet
text/css 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/1d7f16b4/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/SgJMSPwiyog?feature=oembed

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88e0a3323df787ff708bc5f3e407898796ba8eff28cc360382ee427195376bb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/SgJMSPwiyog?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 15:46:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 06 Apr 2021 00:22:30 GMT
server: sffe
age: 70759
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53425
x-xss-protection: 0
expires: Wed, 06 Apr 2022 15:46:24 GMT

GET
H3-Q050 200 www-embed-player.js Show response
www.youtube.com/s/player/1d7f16b4/www-embed-player.vflset/ Frame C74C 174 KB
62 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/1d7f16b4/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/SgJMSPwiyog?feature=oembed

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5a83d1a9d5cd5d03da79bc522572bff2685b7c4b1f4f68c53dd2a44ac4b4256

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/SgJMSPwiyog?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 15:46:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 06 Apr 2021 00:22:30 GMT
server: sffe
age: 70783
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 63351
x-xss-protection: 0
expires: Wed, 06 Apr 2022 15:46:00 GMT

GET
H3-Q050 200 base.js Show response
www.youtube.com/s/player/1d7f16b4/player_ias.vflset/en_US/ Frame C74C 2 MB
514 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/1d7f16b4/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/SgJMSPwiyog?feature=oembed

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

67ac5cda138bb3d13e0998c873d5cf57995edaac561a7dbaced67b01e7cd20cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/SgJMSPwiyog?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 15:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 06 Apr 2021 00:22:30 GMT
server: sffe
age: 70758
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 526242
x-xss-protection: 0
expires: Wed, 06 Apr 2022 15:46:25 GMT

GET
H3-Q050 200 fetch-polyfill.js Show response
www.youtube.com/s/player/1d7f16b4/fetch-polyfill.vflset/ Frame C74C 8 KB
3 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/1d7f16b4/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/SgJMSPwiyog?feature=oembed

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/SgJMSPwiyog?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 15:46:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 06 Apr 2021 00:22:30 GMT
server: sffe
age: 70783
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3027
x-xss-protection: 0
expires: Wed, 06 Apr 2022 15:46:00 GMT

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame C74C 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/SgJMSPwiyog?feature=oembed

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.youtube.com
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 02 Apr 2021 10:03:37 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
age: 436926
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
expires: Sat, 02 Apr 2022 10:03:37 GMT

GET
H2 200 json Show response
trc.taboola.com/hillreporter-hillreporter/trc/3/ 37 KB
11 KB 469ms
468ms XHR
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/hillreporter-hillreporter/trc/3/json?tim=13%3A25%3A43.058&lti=deflated&data=%7B%22id%22%3A428%2C%22ii%22%3A%22%2Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1617705066566%2C%22vi%22%3A1617794743056%2C%22cv%22%3A%2220210406-4-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fhillreporter.com%2Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%5D%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1600%2C%22dh%22%3A3140%2C%22qs%22%3A%22%3F_hsmi%3D96965274%26_hsenc%3Dp2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg%22%2C%22nsid%22%3A%22hillreporter-network%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A3%2C%22uim%22%3A%22thumbnails-a%3Apub%3Dhillreporter-network%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A2840.921875%2C%22mw%22%3A765%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210406-4-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 2b33465c978bb3d7316e2709edc0afbd94d8eb566bad83492bd9fefa067a3d15

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

x-vcl-time-ms: 413
date: Wed, 07 Apr 2021 11:25:43 GMT
content-encoding: gzip
server: nginx
x-timer: S1617794743.091184,VS0,VE413
x-served-by: cache-hhn11535-HHN
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://hillreporter.com
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
x-cache-hits: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
88 B 15ms
14ms XHR
text/plain 2a00:1450:400c:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j89&tid=UA-100615071-2&cid=2108676921.1617794743&jid=220179862&gjid=1130367120&_gid=1329523666.1617794743&_u=IEBAAUAAAAAAAC~&z=323729082

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0b::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 07 Apr 2021 11:25:43 GMT
content-type: text/plain
access-control-allow-origin: https://hillreporter.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 59 KB
20 KB 204ms
70ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

1ca443e62aefa4293bdddeb33c64a768dd3b2d96d97624a3e3096258ef347e6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "835 / 187 of 1000 / last-modified: 1617788606"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20374
x-xss-protection: 0
expires: Wed, 07 Apr 2021 11:25:43 GMT

GET
H2

200

usersync Show response
usync.proper.io/v1/
Redirect Chain

https://ups.analytics.yahoo.com/ups/58355/sync?redir=true&callback=window.proper_3f9c37db_91e80cb7_1
https://ups.analytics.yahoo.com/ups/58355/sync?redir=true&callback=window.proper_3f9c37db_91e80cb7_1&verify=true
https://usync.proper.io/v1/usersync?bidder=verizon_media_s2s&uid=y-fX.UWo9E2uGI0kOmO9wnrPP5I5_4ojnW~A

155 B
368 B

674ms
220ms

Script
text/javascript

35.164.25.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usync.proper.io/v1/usersync?bidder=verizon_media_s2s&uid=y-fX.UWo9E2uGI0kOmO9wnrPP5I5_4ojnW~A
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.164.25.130 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 943d65805453711c8263278913946c39cb35ab4da6a8e0b266cde064c823b1bf

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 07 Apr 2021 11:25:44 GMT
server: nginx/1.18.0
content-length: 155
content-type: text/javascript

Redirect headers

Date: Wed, 07 Apr 2021 11:25:43 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://usync.proper.io/v1/usersync?bidder=verizon_media_s2s&uid=y-fX.UWo9E2uGI0kOmO9wnrPP5I5_4ojnW~A
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200 445.json Show response
id5-sync.com/g/v2/ 606 B
928 B 247ms
62ms XHR
application/json 54.36.109.186
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/445.json

Requested by

Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.36.109.186 , France, ASN16276 (OVH, FR),

Reverse DNS

p06.id5-sync.com

Software

Resource Hash

c3d0a6b5e326650903581fc73225394a016423f0f0e16f39e06c8ea6518a70c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://hillreporter.com
Date: Wed, 07 Apr 2021 11:25:40 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET envelope
api.rlcdn.com/api/identity/ 0
0

POST
H/1.1 200
OK bidding Show response
bids.proper.io/api/ 0
171 B 876ms
219ms XHR
application/octet-stream 44.239.227.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bids.proper.io/api/bidding
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.239.227.210 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-227-210.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 07 Apr 2021 11:25:43 GMT
Connection: keep-alive
Content-Length: 0
Content-Type: application/octet-stream

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
111 B 29ms
29ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j89&tid=UA-100615071-2&cid=2108676921.1617794743&jid=220179862&_u=IEBAAUAAAAAAAC~&z=1878066559

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 29ms
29ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j89&tid=UA-100615071-2&cid=2108676921.1617794743&jid=220179862&_u=IEBAAUAAAAAAAC~&z=1878066559

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel;r=459839198;rf=0;a=p-mEzuYq24VEJ-3;url=https%3A%2F%2Fhillreporter.com%2Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334%3F_hsmi%3D96965274%26_hsenc%3Dp2ANqtz--psmECarVE4UPC3U...
pixel.quantserve.com/ 35 B
371 B 11ms
9ms Image
image/gif 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=459839198;rf=0;a=p-mEzuYq24VEJ-3;url=https%3A%2F%2Fhillreporter.com%2Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334%3F_hsmi%3D96965274%26_hsenc%3Dp2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg;uht=2;fpan=1;fpa=P0-391650129-1617794743121;ns=0;ce=1;qjs=1;qv=e576aef5-20210317211205;cm=;gdpr=0;ref=;d=hillreporter.com;je=0;sr=1600x1200x24;dst=1;et=1617794743121;tzo=-120;ogl=locale.en_US%2Ctype.article%2Ctitle.Pharma%20CEO%20Reveals%20Donald%20Trump's%20Sinister%20Vaccine%20Ideas%2Cdescription.Former%20White%20House%20tenant%20Donald%20Trump%E2%80%99s%20push%20for%20a%20COVID-19%20vaccine%20was%20less%20ab%2Curl.https%3A%2F%2Fhillreporter%252Ecom%2Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-prior%2Csite_name.HillReporter%252Ecom%2Cupdated_time.2021-04-06T20%3A56%3A24-04%3A00%2Cimage.https%3A%2F%2Fcdn%252Ehillreporter%252Ecom%2Fwp-content%2Fuploads%2F2021%2F04%2FGettyImages-1192138649%252Ej%2Cimage%3Asecure_url.https%3A%2F%2Fcdn%252Ehillreporter%252Ecom%2Fwp-content%2Fuploads%2F2021%2F04%2FGettyImages-1192138649%252Ej%2Cimage%3Awidth.1024%2Cimage%3Aheight.682

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:43 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

204
No Content

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&ns__t=1617794743124&ns_c=UTF-8&cv=3.5&c8=Pharma%20CEO%20Reveals%20Donald%20Trump%27s%20Sinister%20Vaccine%20Ideas%20%7C%20HillReporter.com&c...
https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1617794743124&ns_c=UTF-8&cv=3.5&c8=Pharma%20CEO%20Reveals%20Donald%20Trump%27s%20Sinister%20Vaccine%20Ideas%20%7C%20HillReporter.com&...

0
528 B

59ms
59ms

Image
text/plain

104.111.238.139
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1617794743124&ns_c=UTF-8&cv=3.5&c8=Pharma%20CEO%20Reveals%20Donald%20Trump%27s%20Sinister%20Vaccine%20Ideas%20%7C%20HillReporter.com&c7=https%3A%2F%2Fhillreporter.com%2Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334%3F_hsmi%3D96965274%26_hsenc%3Dp2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg&c9=&cs_ak_ss=1
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.238.139 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-238-139.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Apr 2021 11:25:43 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1617794743124&ns_c=UTF-8&cv=3.5&c8=Pharma%20CEO%20Reveals%20Donald%20Trump%27s%20Sinister%20Vaccine%20Ideas%20%7C%20HillReporter.com&c7=https%3A%2F%2Fhillreporter.com%2Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334%3F_hsmi%3D96965274%26_hsenc%3Dp2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg&c9=&cs_ak_ss=1
Pragma: no-cache
Date: Wed, 07 Apr 2021 11:25:43 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame C74C
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

113 B
921 B

66ms
52ms

XHR
application/json

2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/SgJMSPwiyog?feature=oembed

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b595cff63c0276ecd124be76c379ca5791f06dcfc512c87695a9ada2d99ba19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 07 Apr 2021 11:25:43 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame C74C 29 B
91 B 6ms
5ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/1d7f16b4/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:11:04 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
age: 879
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
expires: Wed, 07 Apr 2021 11:26:04 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 119 KB
31 KB 208ms
77ms Script
application/javascript 52.85.32.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.32.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-32-122.ham50.r.cloudfront.net
Software: Server /
Resource Hash: 2caa4dce1746cb73f218a783291388a3eb600753578f116b381bdf7ecdfc13e9

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 22:11:27 GMT
content-encoding: gzip
server: Server
age: 47655
etag: 9e0e0829d91a39f75ba9ebfdbaf1f5a9
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 cadd28ddf17473bac9ce00c18f8e1bc2.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: HAM50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-version-id: GYObFiYQFsAPpwZjonnhqGiTvSP1inUf
x-amz-cf-id: o69MZWLFWDVhaTk94wnZLq5i_RNb-YndWarVbKacM7tu5q_6z2mzVw==

POST
H2 200 bid-request Show response
a.teads.tv/hb/ 16 B
248 B 246ms
129ms XHR
application/json 184.30.21.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.teads.tv/hb/bid-request
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.21.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-21-51.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:43 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://hillreporter.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 42
expires: Wed, 07 Apr 2021 11:25:43 GMT

POST
H/1.1 204
No Content mvo Show response
tag.1rx.io/rmp/82079/0/ 0
273 B 303ms
124ms XHR
text/plain 213.19.147.210
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/82079/0/mvo?z=1r&hbv=4.25,2.1
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 213.19.147.210 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://hillreporter.com
Pragma: no-cache
Date: Wed, 07 Apr 2021 11:25:43 GMT
Cache-Control: private, max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Server: Tengine
Connection: keep-alive

POST
H2 204 / Show response
hb.emxdgt.com/ 0
159 B 186ms
73ms XHR
text/plain 18.196.230.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.emxdgt.com/?t=1000&ts=1617794743177
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.230.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-230-57.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://hillreporter.com
date: Wed, 07 Apr 2021 11:25:43 GMT
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: security, Content-Type

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
116 B 296ms
181ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://hillreporter.com
date: Wed, 07 Apr 2021 11:25:41 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 display Show response
mantodea.mantisadnetwork.com/prebid/ 56 B
341 B 458ms
160ms XHR
application/javascript 52.22.61.253
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mantodea.mantisadnetwork.com/prebid/display?tz=-120&buster=1617794743180&secure=true&version=9&mobile=false&title=Pharma%20CEO%20Reveals%20Donald%20Trump%27s%20Sinister%20Vaccine%20Ideas%20%7C%20HillReporter.com&url=https%3A%2F%2Fhillreporter.com%2Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334%3F_hsmi%3D96965274%26_hsenc%3Dp2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg&measurable=true&property=5b32cf14d866814de2efe8c2&bids[0][bidId]=hillreporter_sticky_728x90&bids[0][sizes][0][width]=728&bids[0][sizes][0][height]=90&foo
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.22.61.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-22-61-253.compute-1.amazonaws.com
Software: / Express
Resource Hash: 77d5eddd3eb6141a32d7dcf0bafee4a6a8c8b02feeb844b2e8cc684bd980139b

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:43 GMT
x-powered-by: Express
etag: W/"38-RnurNCVLesNsNlRf5aWUOp0+Vws"
vary: Origin
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://hillreporter.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 56
expires: -1

GET
H2 200 arj Show response
propermedia-d.openx.net/w/1.0/ 175 B
562 B 259ms
189ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://propermedia-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fhillreporter.com%2Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334%3F_hsmi%3D96965274%26_hsenc%3Dp2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-120&tws=1600x1200&aus=728x90%2C300x250%7C728x90%2C300x250%7C728x90%2C300x250%7C728x90%2C300x250%7C728x90&auid=540752001%2C540752002%2C540752003%2C540752004%2C540752005&aumfs=100%2C100%2C100%2C100%2C100&dddid=ed01c921-41ec-4e79-968f-86ad95cccb0c%2C7fc567fe-ebdc-4f17-a9b5-8d8b22e94c0f%2C39fb711e-6ddd-4644-91eb-b2592b72f4b4%2C0bdba1d4-529f-4374-b3ae-a6c028ae85ce%2Caf07f046-ef86-4a35-b8d3-d6768c96fbc2&divIds=openx-c411c112-7b26-4a20-bb87-fee1bdadabe2%2Copenx-6b9f6962-d179-4dcf-ac6a-40a0563d7d22%2Copenx-0dfd2b67-eebd-4232-a0e9-df51339e9063%2Copenx-80bc301e-090a-4a12-bc1e-7812c0c69c13%2Copenx-110ac5c5-ee64-4cd5-bc54-1e91bb86aca2&be=1&bc=hb_pb_3.0.1&nocache=1617794743181&schain=1.0%2C1!proper.io%2Ce5961d07-eb92-11e9-a488-69e3386c7506%2C1&_pubcid=c6a918ab-4dbb-443d-9735-9f7f03cd9d67
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.205.50 /
Resource Hash: 2c167c1f37c51a94df3146439e0b9f627ee49b2054368157c53f6c7ca874f852

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:43 GMT
content-encoding: gzip
server: OXGW/16.205.50
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://hillreporter.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 164
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 45 B
601 B 204ms
80ms XHR
application/json 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_4.25.0
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: b8b72481546a78eafc9cb50cff9598ddce4a1479f68f5ae62a174a645241a59a

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 07 Apr 2021 11:25:43 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://hillreporter.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 65

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 581 B
1 KB 212ms
100ms XHR
application/json 185.33.220.243
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

030b4ceafa5fd07a47047662aec00b07af890fa9e75940db26460c6e7ba4d518

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 07 Apr 2021 11:25:43 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 86.106.103.103; 86.106.103.103; 722.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.55:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: d256d81d-1739-43cc-a322-2f059c5325e2
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://hillreporter.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
114 B 195ms
80ms XHR
text/plain 3.122.57.214
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=atyQyvahFzLs1Y697wSjckSR&bidId=atyQyvahFzLs1Y697wSjckSR&bidfloor=0.1&instant_play_capable=true&hbSource=prebid&hbVersion=3.0.0&strVersion=3.2.0&pubcid=0fa270c2-a6aa-4ada-99fa-63c95d0c0038&schain=%7B%22ver%22%3A%221.0%22%2C%22nodes%22%3A%5B%7B%22hp%22%3A1%2C%22asi%22%3A%22proper.io%22%2C%22sid%22%3A%22e5961d07-eb92-11e9-a488-69e3386c7506%22%7D%5D%2C%22complete%22%3A1%7D
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.57.214 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-57-214.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: https://hillreporter.com
date: Wed, 07 Apr 2021 11:25:43 GMT
access-control-allow-credentials: true
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
113 B 207ms
94ms XHR
text/plain 3.122.57.214
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=wmTfpxGdWkszAANgWXjobJ9d&bidId=wmTfpxGdWkszAANgWXjobJ9d&bidfloor=0.1&instant_play_capable=true&hbSource=prebid&hbVersion=3.0.0&strVersion=3.2.0&pubcid=0fa270c2-a6aa-4ada-99fa-63c95d0c0038&schain=%7B%22ver%22%3A%221.0%22%2C%22nodes%22%3A%5B%7B%22hp%22%3A1%2C%22asi%22%3A%22proper.io%22%2C%22sid%22%3A%22e5961d07-eb92-11e9-a488-69e3386c7506%22%7D%5D%2C%22complete%22%3A1%7D
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.57.214 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-57-214.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: https://hillreporter.com
date: Wed, 07 Apr 2021 11:25:43 GMT
access-control-allow-credentials: true
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
113 B 213ms
100ms XHR
text/plain 3.122.57.214
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Mh54tRrkdVydv6NkzTPh6TsM&bidId=Mh54tRrkdVydv6NkzTPh6TsM&bidfloor=0.1&instant_play_capable=true&hbSource=prebid&hbVersion=3.0.0&strVersion=3.2.0&pubcid=0fa270c2-a6aa-4ada-99fa-63c95d0c0038&schain=%7B%22ver%22%3A%221.0%22%2C%22nodes%22%3A%5B%7B%22hp%22%3A1%2C%22asi%22%3A%22proper.io%22%2C%22sid%22%3A%22e5961d07-eb92-11e9-a488-69e3386c7506%22%7D%5D%2C%22complete%22%3A1%7D
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.57.214 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-57-214.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: https://hillreporter.com
date: Wed, 07 Apr 2021 11:25:43 GMT
access-control-allow-credentials: true
vary: Origin

GET
H3-Q050 200 remote.js Show response
www.youtube.com/s/player/1d7f16b4/player_ias.vflset/en_US/ Frame C74C 97 KB
32 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/1d7f16b4/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/1d7f16b4/player_ias.vflset/en_US/base.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4784af117d6a622d9fc0bd27c60b86bf06a7f444a20644672ad875d7dfb8dcf1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/SgJMSPwiyog?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 15:46:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 06 Apr 2021 00:22:30 GMT
server: sffe
age: 70757
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32721
x-xss-protection: 0
expires: Wed, 06 Apr 2022 15:46:26 GMT

GET
H3-Q050 200 aeODL3IsgW4-lUbekjUPXfbd8dX-NY4OoxLW4uFDbgM.js Show response
www.google.com/js/th/ Frame C74C 33 KB
13 KB 35ms
21ms Script
text/javascript 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/aeODL3IsgW4-lUbekjUPXfbd8dX-NY4OoxLW4uFDbgM.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/1d7f16b4/player_ias.vflset/en_US/base.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69e3832f722c816e3e9546de92350f5df6ddf1d5fe358e0ea312d6e2e1436e03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 03 Apr 2021 16:47:10 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:00:00 GMT
server: sffe
age: 326313
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12747
x-xss-protection: 0
expires: Sun, 03 Apr 2022 16:47:10 GMT

GET
H3-Q050 200 embed.js Show response
www.youtube.com/s/player/1d7f16b4/player_ias.vflset/en_US/ Frame C74C 24 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/1d7f16b4/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/1d7f16b4/player_ias.vflset/en_US/base.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ba789b68cad54c32c72abbfce1848ac55c88ad4f81ef2dbc33d610a34d326c09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/SgJMSPwiyog?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 15:47:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 06 Apr 2021 00:22:30 GMT
server: sffe
age: 70703
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7486
x-xss-protection: 0
expires: Wed, 06 Apr 2022 15:47:20 GMT

GET
DATA 200
OK truncated
/ Frame C74C 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AAUvwngiKceMSvxt-MiZ6RRce69cNlGtlB35XDfvh-WSNw=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame C74C 2 KB
2 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AAUvwngiKceMSvxt-MiZ6RRce69cNlGtlB35XDfvh-WSNw=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/SgJMSPwiyog?feature=oembed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

93ce5374cb5619cd02111a93130a4dc43aa6e0f1f28fd47ead50d5507c662136

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 09:41:51 GMT
x-content-type-options: nosniff
age: 6232
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1970
x-xss-protection: 0
server: fife
etag: "v52b"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 07 Apr 2021 01:30:54 GMT

GET
H2 200 maxresdefault.webp
i.ytimg.com/vi_webp/SgJMSPwiyog/ Frame C74C 43 KB
43 KB 16ms
15ms Image
image/webp 2a00:1450:4001:808::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/SgJMSPwiyog/maxresdefault.webp

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/SgJMSPwiyog?feature=oembed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49ef1e8a44a79a386c234ee5b016187ae34c64eae1027c21b70ea35bff05e9a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:43 GMT
x-content-type-options: nosniff
server: sffe
age: 0
etag: "0"
vary: Origin
content-type: image/webp
cache-control: public, max-age=300
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43880
x-xss-protection: 0
expires: Wed, 07 Apr 2021 11:30:43 GMT

GET
H3-Q050 200 pubads_impl_2021040501.js Show response
securepubads.g.doubleclick.net/gpt/ 294 KB
104 KB 155ms
84ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021040501.js?31060697

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

6afdb4c99349e317ab25f9be5c0b6819b3910df88259f171bd36cf31c66d73c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 08:36:53 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 105885
x-xss-protection: 0
expires: Wed, 07 Apr 2021 11:25:43 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame C74C 4 KB
2 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/1d7f16b4/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
expires: Wed, 07 Apr 2021 11:25:43 GMT

GET
H3-Q050 204 generate_204
www.youtube.com/ Frame C74C 0
38 B 6ms
5ms Image
text/plain 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?k3IeZw
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/SgJMSPwiyog?feature=oembed
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.youtube.com/embed/SgJMSPwiyog?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:43 GMT
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 ads-beacon.js Show response
hillreporter.com/ 80 B
329 B 70ms
70ms Script
application/javascript 136.243.171.217
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hillreporter.com/ads-beacon.js?ts=72909

Requested by

Host: hillreporter.com
URL: https://hillreporter.com/V3CykjuIU7M2.js?ts=45048

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

136.243.171.217 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx /

Resource Hash

647c226cf491168b04b3ae87a1dcf648640b8affe7ee736e96ccf754276caf69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:43 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache
strict-transport-security: max-age=31536000
x-presslabs-stats: desktop
x-request-id: 90ab8dccdde6ed545eceff37921358ee
expires: Thu, 01 Jan 1970 00:00:01 GMT

POST
H2 200 /
www.facebook.com/tr/ 0
72 B 6ms
5ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryaqd51sLdUSm4rXyf

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Wed, 07 Apr 2021 11:25:43 GMT
content-type: text/plain
access-control-allow-origin: https://hillreporter.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 196ms
66ms XHR
application/javascript 52.85.32.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.32.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-32-122.ham50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 05:52:38 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin
age: 19986
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Wed, 07 Apr 2021 05:49:36 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: eEYYOb32LZFr6yGAi8hXG4401uAIPew2
via: 1.1 bc46151b0550c2139685cbf8e4ad4762.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: HAM50-C1
content-type: application/javascript
x-amz-cf-id: VFL2QlcrZr0a4bww47Aadn7a-K7vwpame4lPX0wXAsmzgN_Ca8I5Xg==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
369 B 101ms
101ms XHR
text/javascript 52.85.32.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fhillreporter.com%2Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334%3F_hsmi%3D96965274%26_hsenc%3Dp2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg&pid=VcWjXOUPJoMwK&cb=0&ws=1600x1200&v=7.61.00&t=2000&slots=%5B%7B%22sd%22%3A%22desktop-1%22%2C%22s%22%3A%5B%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22desktop-2%22%2C%22s%22%3A%5B%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22desktop-3%22%2C%22s%22%3A%5B%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22desktop-4%22%2C%22s%22%3A%5B%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22desktop-5%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&cfgv=0&pubid=cb3b5777-430d-4622-b7fc-358cfa27d518&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.32.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-32-122.ham50.r.cloudfront.net
Software: Server /
Resource Hash: 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 cadd28ddf17473bac9ce00c18f8e1bc2.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: HAM50-C1
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://hillreporter.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: BKq3f629FdGifRfEtF5CjjGytnmM_ACcOUftyhsi3xOekZCop39tEw==

GET
H2 200 cta-branding.js Show response
cdn.taboola.com/demand-formats/cta-branding/ 13 KB
5 KB 54ms
54ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/demand-formats/cta-branding/cta-branding.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210406-4-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7474826a7899a6d07f454946ba3f1156161cd9a84247c4a18e7ea6a3fc1c784b

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: jTb9JpL2bWR8xmQjz_DG9sFF5wIEimoq
content-encoding: gzip
etag: "9c906e3a0def1030bf63438c52b761e6"
age: 16624
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 4445
x-amz-id-2: LEeG0YPRb9d4CIcXQsHKbLNiM3uAVP+V213VRJukdz8PzjfAI+4lHj5kBeyRglMDPlTbW3T3nwc=
x-served-by: cache-hhn11535-HHN
last-modified: Tue, 06 Apr 2021 14:48:02 GMT
server: AmazonS3
x-timer: S1617794744.578502,VS0,VE0
date: Wed, 07 Apr 2021 11:25:43 GMT
vary: Accept-Encoding
x-amz-request-id: JY82QFS7PG4NK95J
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript
abp: 64
x-cache-hits: 238242

GET
H2 200 cta-branding.css
cdn.taboola.com/demand-formats/cta-branding/ 2 KB
970 B 55ms
54ms Stylesheet
text/css 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/demand-formats/cta-branding/cta-branding.css
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210406-4-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6fe77418e833f1ddfcf701ba7b6ebbd24efd2e93bce56065e0f1e711b1d829f8

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 10qGt8O9hKdbB5IigEtXn8Bn._HPfO8j
content-encoding: gzip
etag: "10c372ee2c83a7fd12df18aebc5320c6"
age: 16618
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 719
x-amz-id-2: WKHOafpT9qf7ClanGhqGwcczB303Ax3znQ9/m3xHolnoZIR6HeT7S39m4QTumo+QVxjz+gbVzlI=
x-served-by: cache-hhn11535-HHN
last-modified: Tue, 06 Apr 2021 14:48:01 GMT
server: AmazonS3
x-timer: S1617794744.578488,VS0,VE0
date: Wed, 07 Apr 2021 11:25:43 GMT
vary: Accept-Encoding
x-amz-request-id: CR4E2RJ6SANDVYVF
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: text/css
abp: 64
x-cache-hits: 233139

GET
H2 200 tfa-eid.20210406-4-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 13 KB
5 KB 55ms
54ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/tfa-eid.20210406-4-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/hillreporter-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 26d7181620be300c6568ac9d72aac042d93498380bc83d5545db0d22073e21ea

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: Dhr715km3x8DBJebrOJDM2LRfDWhz7_4
content-encoding: gzip
etag: "31cd0debd1e5c63aede5c89d58243786"
age: 33
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 4857
x-amz-id-2: yv8B5QSl9U03WfFzIEXhSRo8mAuXrXnZBmr5J+duCnoqeovCbr1etAfjLVZCwFeb3gAEUaAkH7E=
x-served-by: cache-hhn11535-HHN
last-modified: Tue, 06 Apr 2021 10:39:55 GMT
server: AmazonS3
x-timer: S1617794744.582343,VS0,VE0
date: Wed, 07 Apr 2021 11:25:43 GMT
vary: Accept-Encoding
x-amz-request-id: F02CYXRKK861C3SA
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 64
x-cache-hits: 373

GET
H2 200 sha256.20210406-4-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 6 KB
3 KB 54ms
54ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/sha256.20210406-4-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/hillreporter-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 99da5c0f78a0aa5fde3c413e67522c36d2d97af7a2823e892afd082e38d052b1

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: lj9aJl4qBHDhe_27jkbraYLBUOL86FSP
content-encoding: gzip
etag: "c1a4b4e5c8315bf49a86715df01ea1f5"
age: 23
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 2596
x-amz-id-2: NeTOMdUi3aAmIff0qKl6Pci+8ndM1ltFiQHN/K0J4E4R+mpsfUHzNN81Ko+u/WQf11bzVzzBx9o=
x-served-by: cache-hhn11535-HHN
last-modified: Tue, 06 Apr 2021 10:40:05 GMT
server: AmazonS3
x-timer: S1617794744.582327,VS0,VE0
date: Wed, 07 Apr 2021 11:25:43 GMT
vary: Accept-Encoding
x-amz-request-id: S651ZQ3RW84HRH8M
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 64
x-cache-hits: 265

GET
H2 200 floating-unit.20210406-4-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 7 KB
3 KB 58ms
57ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/floating-unit.20210406-4-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/hillreporter-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 92863b8bdeb01a98cfd443c9edf03bef9cbfb71f0bfc349a8700a13a6bed2eee

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: _21eFDQkn7eDS8EuST27jvuRZiiDD.3s
content-encoding: gzip
etag: "02741006c56f54525dda6b2a52d87c40"
age: 75
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 2292
x-amz-id-2: 3ouOMHM4cJyV38QibAE81JNltTstBWm63MJdmiawjJF/2QbeQgQR1Xu5ZFKYRG8rKksD4RUgs20=
x-served-by: cache-hhn11535-HHN
last-modified: Tue, 06 Apr 2021 10:40:14 GMT
server: AmazonS3
x-timer: S1617794744.587847,VS0,VE0
date: Wed, 07 Apr 2021 11:25:43 GMT
vary: Accept-Encoding
x-amz-request-id: 7T2X1AR7YY8FX3GF
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 64
x-cache-hits: 48

GET
H2 200 explore-more.20210406-4-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 18 KB
7 KB 58ms
58ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/explore-more.20210406-4-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/hillreporter-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7445e8aca54720855c187617ac8825fffbbd84b0fa06a9eaee2326c5eea72d7e

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: McBZY_0u2RFJPp.QuPeD6PJyPaAgIWNU
content-encoding: gzip
etag: "99a05de393386e7c53ae65e48b8bde2c"
age: 50
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 6620
x-amz-id-2: cj3q8yHTLr3GD25tQxAlUQCo+uaWj7SMRpIgZARAEilCR9oUKj3TC2aDEuf8OnJSh2st7RQ1rjk=
x-served-by: cache-hhn11535-HHN
last-modified: Tue, 06 Apr 2021 10:40:24 GMT
server: AmazonS3
x-timer: S1617794744.587856,VS0,VE0
date: Wed, 07 Apr 2021 11:25:43 GMT
vary: Accept-Encoding
x-amz-request-id: TSAE3C8F2MSW2AYV
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 64
x-cache-hits: 105

GET
H2 200 feed-card-placeholder.20210406-4-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 5 KB
1 KB 55ms
55ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/feed-card-placeholder.20210406-4-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/hillreporter-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 92d05b6eb5d398798202e1cc5431b66c27bc5d3f872672645ae45c934abd02f3

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: hZRUFc9WBAAarMDXRL6RhD26GauAWSeq
content-encoding: gzip
etag: "92d826daceb56790dd64f8d7632ff113"
age: 2
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 1269
x-amz-id-2: dWcAA/ADe0a+OKvr3EN66DGmEDpSse2cddMIPEFa8BIbl8szVh0unWjHe08rzTn/059rHKba49A=
x-served-by: cache-hhn11535-HHN
last-modified: Tue, 06 Apr 2021 10:40:22 GMT
server: AmazonS3
x-timer: S1617794744.587820,VS0,VE0
date: Wed, 07 Apr 2021 11:25:43 GMT
vary: Accept-Encoding
x-amz-request-id: 4HQ3DGD66HHDETRD
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 64
x-cache-hits: 11

GET
H2 200 userx.20210406-4-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 23 KB
8 KB 57ms
57ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/userx.20210406-4-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/hillreporter-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 92d29ddb8ae4beefaa8067b2285d98d9be8e403f3eafc711455b3291c6b7522e

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: ExOm6pmIXBxs1lDtySidM6nu3sH7A.mC
content-encoding: gzip
etag: "3b5c2633078870153f11ef9064b21f5b"
age: 16
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 7856
x-amz-id-2: DT8B0dSuX/FcdiGUWvPiTAOhqff5xD6nXiUXqjwZh4u2UaIy6BGDUJ2biMWF6FhU1o9rs0FbCdQ=
x-served-by: cache-hhn11535-HHN
last-modified: Tue, 06 Apr 2021 10:39:50 GMT
server: AmazonS3
x-timer: S1617794744.603685,VS0,VE0
date: Wed, 07 Apr 2021 11:25:43 GMT
vary: Accept-Encoding
x-amz-request-id: MV0RFW83Y3VYF41E
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 64
x-cache-hits: 53

GET
H2 204 supply-feature
trc.taboola.com/hillreporter-hillreporter/log/3/ 0
222 B 123ms
123ms Image
image/gif 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/hillreporter-hillreporter/log/3/supply-feature?route=IL:IL:V&lti=deflated&ri=565fe42c3448a9998ac9ea7f806f6386&sd=v2_510787ae8849ba2cffae9614c26c8b2d_45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37_1617794743_1617794743_CNawjgYQ3-1IGJD20uCKLyABKAEwvwE4krUNQKidEEi5htgDUJPzLVgAYABosa_ptcr9986tAQ&ui=45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37&pi=/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334&wi=7618936112988656330&pt=text&vi=1617794743056&d=%7B%22event_type%22%3A%22next_up%22%2C%22event_state%22%3A%22RENDERED%22%2C%22event_value%22%3Anull%2C%22event_msg%22%3Anull%7D&tim=13%3A25%3A43.555&id=7682&llvl=1&cv=20210406-4-RELEASE&
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 68
pragma: no-cache
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish
server: nginx
x-timer: S1617794744.619074,VS0,VE68
x-served-by: cache-hhn11535-HHN
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/hillreporter-hillreporter/log/3/ 0
61 B 123ms
122ms Image
image/gif 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/hillreporter-hillreporter/log/3/abtests?route=IL:IL:V&lti=deflated&ri=565fe42c3448a9998ac9ea7f806f6386&sd=v2_510787ae8849ba2cffae9614c26c8b2d_45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37_1617794743_1617794743_CNawjgYQ3-1IGJD20uCKLyABKAEwvwE4krUNQKidEEi5htgDUJPzLVgAYABosa_ptcr9986tAQ&ui=45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37&pi=/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334&wi=7618936112988656330&pt=text&vi=1617794743056&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22DEDUP_DEBUG%22%2C%22type%22%3A%22true%22%2C%22eventTime%22%3A1617794743557%7D&tim=13%3A25%3A43.558&id=5241&llvl=1&cv=20210406-4-RELEASE&
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 69
pragma: no-cache
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish
server: nginx
x-timer: S1617794744.619367,VS0,VE69
x-served-by: cache-hhn11535-HHN
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 204 debug
trc-events.taboola.com/hillreporter-hillreporter/log/2/ 0
277 B 172ms
57ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc-events.taboola.com/hillreporter-hillreporter/log/2/debug?tim=13%3A25%3A43.558&type=warn&msg=Duplicated%20items%20monitoring%20enabled&id=9586&cv=20210406-4-RELEASE&lt=deflated&pcs=%5Bdata-feed-main-container-id%3D%22tbl-explore-more-container%22%5D&vi=1617794743056
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:43 GMT
server: nginx
x-fastly-to-nlb-rtt: 24932
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
tbl-x-upstream: 10.40.0.195:10213

GET
H2 200 tb Show response
15.taboola.com/ 31 KB
9 KB 85ms
84ms XHR
text/html 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://15.taboola.com/tb?oid=15&pubnm=hillreporter-hillreporter&unitType=226&tbloc=&pageType=text&pstn=Below%20Article%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fhillreporter.com%2Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334&encoded=1&uid=45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37&variant=0|1&callback=TRC.videoTagCallbacks.videoCallback1&cb=1617794743623&tagid=&cntry=SE&platform=1&sesid=510787ae8849ba2cffae9614c26c8b2d&itemid=/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334&viewid=1617794743056&geolat=&geoing=&deviceifa=&appid=&sd=v2_510787ae8849ba2cffae9614c26c8b2d_45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37_1617794743_1617794743_CNawjgYQ3-1IGJD20uCKLyABKAEwvwE4krUNQKidEEi5htgDUJPzLVgAYABosa_ptcr9986tAQ&ri=565fe42c3448a9998ac9ea7f806f6386&appname=&cdb=&gdprApplies=true&rid=&sii=7618936112988656330&oee=true&tpubid=1193695&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=&region=AB&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1193692&prcnt=&layer=
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210406-4-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 281883448ec46209297c0ce12557e350d63bb8e6eef01e793883bcede00e9a3e

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 07 Apr 2021 11:25:43 GMT
content-encoding: gzip
access-control-allow-origin: https://hillreporter.com
machineid: 1415
x-cache: MISS
xvid-debug: mrmr - :
x-served-by: cache-hhn11535-HHN
pragma: no-cache
server: nginx
x-timer: S1617794744.655724,VS0,VE28
vary: Accept-Encoding
content-type: text/html;charset=ISO-8859-1
via: 1.1 varnish
expires: Sat, 26 Jul 1997 05:00:00 GMT
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
link: <https://am-wf.taboola.com>; rel=preconnect
x-cache-hits: 0

GET
H2 200 donald-trump-miss-moscow-kompromat.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/08/ 16 KB
17 KB 57ms
54ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/08/donald-trump-miss-moscow-kompromat.jpg
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 16c4f109b12e909b1789636cfb11f8603d443ff6945e589e676de1e5f929d274

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 463818
edge-cache-tag: 581119067824749595703660208873932690934,308988584250984091245729376248888710740,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 99
x-cache: HIT, MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/08/donald-trump-miss-moscow-kompromat.jpg
content-length: 16528
x-request-id: 8ade5ece4f4dec55697e7eb525a306b7
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
last-modified: Wed, 17 Mar 2021 21:27:51 GMT
server: nginx
x-timer: S1617794744.660652,VS0,VE1
etag: "135432698c7af6c452d6989466d82fa8"
x-served-by: cache-wdc5556-WDC, cache-dca17723-DCA, cache-hhn11535-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 0, 1

GET
H2 200 EZmAh37XgAA-r0u.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/06/ 25 KB
26 KB 151ms
148ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/06/EZmAh37XgAA-r0u.jpg
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: a8dc79f5c3a2a63ffdb7127ea4aea923a344db0c9913531e27ee34e92a3dd210

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 92
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 658206
edge-cache-tag: 394222813551010388299887913481265835926,308988584250984091245729376248888710740,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-cache: HIT, HIT, MISS
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/06/EZmAh37XgAA-r0u.jpg
content-length: 25548
x-request-id: 6ab1c5fb23b7ce7e16bbde680bcee38a
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
last-modified: Wed, 24 Mar 2021 05:02:44 GMT
server: nginx
x-timer: S1617794744.660761,VS0,VE92
etag: "fad6b56ae34cd0bb4cb55023ec83cee6"
x-served-by: cache-wdc5571-WDC, cache-dca17744-DCA, cache-hhn11535-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 0

GET
H2 200 conway.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/01/ 42 KB
42 KB 59ms
57ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/01/conway.jpg
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 6a287ae8d7772cc6782d3dfb12b7c06a36258782789d74bfb37642cdc0540f28

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 458442
edge-cache-tag: 459364329051071396208901290682828250873,308988584250984091245729376248888710740,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 98
x-cache: HIT, MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/01/conway.jpg
content-length: 42830
x-request-id: 29c9a897f153893e4a8c3c3f04f37944
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb101
last-modified: Sat, 06 Mar 2021 20:05:29 GMT
server: nginx
x-timer: S1617794744.660784,VS0,VE1
etag: "fd8d29ec97a724cb4ea762728b7986d0"
x-served-by: cache-wdc5553-WDC, cache-dca12924-DCA, cache-hhn11535-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 0, 1

GET
H2 200 EY-Qjj7U4AAPo6p.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/05/ 27 KB
27 KB 154ms
152ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/05/EY-Qjj7U4AAPo6p.png
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 5450e0d381ab380cd377afaeb9ec764e07856d320db7ca325dcee4407c1aa505

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 96
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 414431
edge-cache-tag: 527884993452665455194045710703620496070,308988584250984091245729376248888710740,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 99
x-cache: HIT, HIT, MISS
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/05/EY-Qjj7U4AAPo6p.png
content-length: 27500
x-request-id: d359861ab822837708f78b24de71fa9a
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb101
last-modified: Thu, 25 Mar 2021 13:14:39 GMT
server: nginx
x-timer: S1617794744.660612,VS0,VE96
etag: "abb42498d2c98d82ea1242132f92f8e5"
x-served-by: cache-wdc5563-WDC, cache-dca17727-DCA, cache-hhn11535-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 0

GET
H2 200 maxresdefault-7.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/07/ 10 KB
11 KB 211ms
209ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/07/maxresdefault-7.jpg
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: eea8bfb497df2b05d97e4bfb0af2ee89c23d300c30eeb371140c6dd26bf78048

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 155
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 131631
edge-cache-tag: 323838117775372062634012089173817895359,388671775900320025315642327208943500211,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-cache: HIT, MISS, MISS
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/07/maxresdefault-7.jpg
content-length: 10130
x-request-id: 82f6c0aed2ba8ab36e99abf15e8094c1
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb103
last-modified: Mon, 15 Mar 2021 04:04:57 GMT
server: nginx
x-timer: S1617794744.660783,VS0,VE155
etag: "f16b198da9d731e63452d5b21895f242"
x-served-by: cache-wdc5522-WDC, cache-dca12927-DCA, cache-hhn11535-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 0, 0

GET
H2 200 rick-wiles-trump-bullets.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/07/ 12 KB
12 KB 154ms
153ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/07/rick-wiles-trump-bullets.jpg
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 5aabb9807d49cda75d501e2bd377bf5545e622b3c4222325aa01e2bae6559f37

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 94
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 2636865
edge-cache-tag: 428756437118247686985182364018493478887,392933856032853361833841845111496461250,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 99
x-cache: HIT, HIT, MISS
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/07/rick-wiles-trump-bullets.jpg
content-length: 11930
x-request-id: c391104da75b96ab4ecaefdb5b8462fe
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803
last-modified: Tue, 09 Feb 2021 00:26:37 GMT
server: nginx
x-timer: S1617794744.661017,VS0,VE94
etag: "96b1cbcee0d0556dc2ff98af0cb14c5b"
x-served-by: cache-wdc5566-WDC, cache-dca17764-DCA, cache-hhn11535-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 0

GET
H2 200 don-jr-says-time-for-war.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/11/ 35 KB
35 KB 58ms
58ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/11/don-jr-says-time-for-war.jpg
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: a6830f5db9a85b4da12e295221f89f01b7f8c65869ea4fa5f4ad6c4466424208

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 2211221
edge-cache-tag: 360747594628005386293289651668651280829,392933856032853361833841845111496461250,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 99
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/11/don-jr-says-time-for-war.jpg
content-length: 35390
x-request-id: 35cf25974ec1836ba57f6fc9b4129fe3
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
last-modified: Thu, 04 Mar 2021 15:15:32 GMT
server: nginx
x-timer: S1617794744.719038,VS0,VE1
etag: "f46479fc2d4f660971a9dc3e024fd800"
x-served-by: cache-wdc5536-WDC, cache-dca17748-DCA, cache-hhn11535-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 586f7e9594cabb82516768507fb9cc1b.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 53 KB
53 KB 57ms
57ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/586f7e9594cabb82516768507fb9cc1b.jpg
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: f5ee8456df401c6a1d57af0df1a63fe746523b68dd7231af87b664a5ad1eda7f

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 2339579
edge-cache-tag: 319697351889667228755712168849771479534,392933856032853361833841845111496461250,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/586f7e9594cabb82516768507fb9cc1b.jpg
content-length: 54204
x-request-id: e7fd112d6814870aaf9b719fc0600ba9
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb102
last-modified: Thu, 04 Mar 2021 01:01:18 GMT
server: nginx
x-timer: S1617794744.726619,VS0,VE1
etag: "308926ccbd27284fc49689d7aafe9136"
x-served-by: cache-wdc5565-WDC, cache-dca17738-DCA, cache-hhn11535-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 204 abtests
trc.taboola.com/hillreporter-hillreporter/log/3/ 0
272 B 124ms
123ms Image
image/gif 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/hillreporter-hillreporter/log/3/abtests?route=IL:IL:V&lti=deflated&ri=565fe42c3448a9998ac9ea7f806f6386&sd=v2_510787ae8849ba2cffae9614c26c8b2d_45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37_1617794743_1617794743_CNawjgYQ3-1IGJD20uCKLyABKAEwvwE4krUNQKidEEi5htgDUJPzLVgAYABosa_ptcr9986tAQ&ui=45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37&pi=/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334&wi=7618936112988656330&pt=text&vi=1617794743056&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22animated_story%22%2C%22type%22%3A%22available%22%2C%22eventTime%22%3A1617794743637%7D&tim=13%3A25%3A43.638&id=1081&llvl=1&cv=20210406-4-RELEASE&
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 67
pragma: no-cache
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish
server: nginx
x-timer: S1617794744.745015,VS0,VE67
x-served-by: cache-hhn11535-HHN
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 200 4b33bbdbea98a7937e28316923a57e30.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 74 KB
75 KB 58ms
57ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4b33bbdbea98a7937e28316923a57e30.png
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 55a567616f057b616d1dae911636c951cb3bdd129401f660e24cc63c64ba3d14

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 2
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 262927
edge-cache-tag: 500553205901944001151781488628605754714,475000658346574341699039966618312097677,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 99
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4b33bbdbea98a7937e28316923a57e30.png
content-length: 76004
x-request-id: 724142c374748a6aa7b41e858e9d78a0
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb106
last-modified: Wed, 24 Mar 2021 14:26:11 GMT
server: nginx
x-timer: S1617794744.779860,VS0,VE2
etag: "68073c0c301f27e0b64e69124c7dcf12"
x-served-by: cache-wdc5568-WDC, cache-dca17757-DCA, cache-hhn11535-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 25f2dddb9414180d05d45d54f16bb2bb.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 61 KB
61 KB 60ms
60ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/25f2dddb9414180d05d45d54f16bb2bb.png
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 841b175f91a2769de960ba51794ca84cce643b59ddaecfbdb67b449d3663dc98

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 2613706
edge-cache-tag: 324635541349952902596426984790319037041,475000658346574341699039966618312097677,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/25f2dddb9414180d05d45d54f16bb2bb.png
content-length: 62094
x-request-id: 5826ce08f76b5f35f6ac0057bfa3be08
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
last-modified: Sun, 07 Feb 2021 18:53:14 GMT
server: nginx
x-timer: S1617794744.790347,VS0,VE1
etag: "5039c48477b2fb084e1b18928df227da"
x-served-by: cache-wdc5558-WDC, cache-dca17781-DCA, cache-hhn11535-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 matt-gaetz-newsmax.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2021/03/ 9 KB
9 KB 144ms
144ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2021/03/matt-gaetz-newsmax.jpg
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 7e5dc0dd5cc26c3fe8d0a24ac8fc33cabab8e561e56daf1e43a6be84dd86a9a6

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 87
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 405262
edge-cache-tag: 474460352432699581170726298898708203087,491862125603500554501118228743896000770,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-cache: HIT, HIT, MISS
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2021/03/matt-gaetz-newsmax.jpg
content-length: 8890
x-request-id: cb2279fcae2c4318df4950547bb6a742
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb103
last-modified: Fri, 02 Apr 2021 01:13:53 GMT
server: nginx
x-timer: S1617794744.812568,VS0,VE87
etag: "18dfead8b4e838d7b294c3342c96a8cf"
x-served-by: cache-wdc5526-WDC, cache-dca17764-DCA, cache-hhn11535-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 0

GET
H2 200 21f05bb6cd8fee556e330ea0ba403370.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 7 KB
7 KB 62ms
61ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/21f05bb6cd8fee556e330ea0ba403370.png
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: cc2f1fdbdb15bec5fb564bdc0018c0462ab16817b0c3db5f8474cd1ee5cbf3a4

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 2316442
edge-cache-tag: 398815540089257733725843364890817862074,491862125603500554501118228743896000770,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/21f05bb6cd8fee556e330ea0ba403370.png
content-length: 7110
x-request-id: 94816893a4ac73d6272c1b57380ed61e
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb101
last-modified: Thu, 04 Mar 2021 12:56:44 GMT
server: nginx
x-timer: S1617794744.820229,VS0,VE1
etag: "d47f9a34b6bd1bb3339c15dab372b751"
x-served-by: cache-wdc5545-WDC, cache-dca17756-DCA, cache-hhn11535-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 d2920b3cfd4de9095abddc49ca88c90a.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 24 KB
25 KB 145ms
145ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d2920b3cfd4de9095abddc49ca88c90a.jpg
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: fa7a42bab39b00a8eb6da8aa16f9d6fc142cb75c22fd60135c843543328999f1

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 88
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 999533
edge-cache-tag: 598549022527467857191070802410931014186,491862125603500554501118228743896000770,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 99
x-cache: HIT, HIT, MISS
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d2920b3cfd4de9095abddc49ca88c90a.jpg
content-length: 24558
x-request-id: 509455a8b96cc3408f32190ae66b2bec
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb106
last-modified: Sun, 07 Mar 2021 19:01:23 GMT
server: nginx
x-timer: S1617794744.820192,VS0,VE88
etag: "4a59891fc689a07cee9f68336baf27e1"
x-served-by: cache-wdc5566-WDC, cache-dca17742-DCA, cache-hhn11535-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 0

GET
H2 200 matt-gaetz-surprise-son.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/06/ 16 KB
16 KB 144ms
144ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/06/matt-gaetz-surprise-son.png
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: a487557c7271f931407672af0dd7d6c75c6495af3421132d6c0909a6da29b685

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 89
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 396483
edge-cache-tag: 546724955207182487732076372196325662873,491862125603500554501118228743896000770,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 99
x-cache: HIT, HIT, MISS
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.hillreporter.com/wp-content/uploads/2020/06/matt-gaetz-surprise-son.png
content-length: 16090
x-request-id: 7e8f1e92c1bec0fd578cc0609ebea476
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb104
last-modified: Wed, 31 Mar 2021 23:23:36 GMT
server: nginx
x-timer: S1617794744.844305,VS0,VE89
etag: "b1d71ee1697959962f911b9e85da052b"
x-served-by: cache-wdc5554-WDC, cache-dca17744-DCA, cache-hhn11535-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 0

GET
H2 200 586f7e9594cabb82516768507fb9cc1b.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_250%2Cw_300%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 23 KB
24 KB 55ms
55ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_250%2Cw_300%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/586f7e9594cabb82516768507fb9cc1b.jpg
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: f1a6bf982c68130251e8fa1ce0a8a04592017cd40a184b5580c22e5679efaef7

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 236791
edge-cache-tag: 319697351889667228755712168849771479534,382462852265061629683480083300601098295,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_250%2Cw_300%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/586f7e9594cabb82516768507fb9cc1b.jpg
content-length: 23810
x-request-id: 0d2ae48db9215ff3b9bb99fe1dc1dbfa
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803
last-modified: Sat, 13 Mar 2021 10:09:49 GMT
server: nginx
x-timer: S1617794744.855670,VS0,VE1
etag: "71fe9ffc71e51573501854dccd51b84e"
x-served-by: cache-wdc5547-WDC, cache-dca17737-DCA, cache-hhn11535-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 4b33bbdbea98a7937e28316923a57e30.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_250%2Cw_300%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 13 KB
14 KB 55ms
55ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_250%2Cw_300%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4b33bbdbea98a7937e28316923a57e30.png
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 3c02d78dc67fc7e2c6d7455345ae37b24eaf142a83e27ec3f87fd99a62a3349c

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 1191443
edge-cache-tag: 500553205901944001151781488628605754714,382462852265061629683480083300601098295,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_250%2Cw_300%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4b33bbdbea98a7937e28316923a57e30.png
content-length: 13706
x-request-id: 767630dd7bc42874f773256c1a0f9bd9
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
last-modified: Wed, 24 Mar 2021 14:29:49 GMT
server: nginx
x-timer: S1617794744.870956,VS0,VE0
etag: "fed0eadd40e4b82acad5793c749a7012"
x-served-by: cache-wdc5553-WDC, cache-dca17745-DCA, cache-hhn11535-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 3

GET
H2 200 25f2dddb9414180d05d45d54f16bb2bb.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_250%2Cw_300%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 14 KB
15 KB 57ms
57ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_250%2Cw_300%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/25f2dddb9414180d05d45d54f16bb2bb.png
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 12cc78842a4e4188acd67eede36f554ad41648f239360954f03f578a1d60e782

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 1132517
edge-cache-tag: 324635541349952902596426984790319037041,382462852265061629683480083300601098295,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_250%2Cw_300%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/25f2dddb9414180d05d45d54f16bb2bb.png
content-length: 14810
x-request-id: b503a639196df5a6045583949aecf3aa
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
last-modified: Sun, 21 Mar 2021 09:49:40 GMT
server: nginx
x-timer: S1617794744.880823,VS0,VE1
etag: "ba182b3293ca79bd2eb462e4fd97ac26"
x-served-by: cache-wdc5575-WDC, cache-dca17744-DCA, cache-hhn11535-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 next-up-widget.20210406-4-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 13 KB
5 KB 55ms
54ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/next-up-widget.20210406-4-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/hillreporter-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 326951b5ee8b1051d3db2ba571ac2992da91987f24cce2f07f307efd7412b7ec

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: ccW7txyrDtB6TZTjsJWOnVLIWgbY_rpd
content-encoding: gzip
etag: "2d271e5e9e861d8f6241710931c27ee1"
age: 85
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 4366
x-amz-id-2: +K8JOGpwF4HURtMrcon059GvI0Up5YKMd4BPlumh/JhW4k9kT9+xad/d0lavhxVKGFNOF/dSZwY=
x-served-by: cache-hhn11535-HHN
last-modified: Tue, 06 Apr 2021 10:40:12 GMT
server: AmazonS3
x-timer: S1617794744.719019,VS0,VE0
date: Wed, 07 Apr 2021 11:25:43 GMT
vary: Accept-Encoding
x-amz-request-id: TVWZ3XZ0CH9X0FWY
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 64
x-cache-hits: 735

GET
H2 200 UnitWidgetItemDesktop.min.js Show response
vidstat.taboola.com/lite-unit/3.3.7/ 95 KB
27 KB 59ms
58ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/lite-unit/3.3.7/UnitWidgetItemDesktop.min.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210406-4-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7fe452b6d12b9a0f6d2c06daa3f67ae0faeb8d4710e7c31880fb73f7d616a81d

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 a1098f0eeab192209962e3a9d76d0339.cloudfront.net (CloudFront), 1.1 varnish
age: 354171
x-cache: Miss from cloudfront, HIT
content-encoding: gzip
content-length: 27588
x-served-by: cache-hhn11535-HHN
last-modified: Sat, 03 Apr 2021 09:02:14 GMT
server: AmazonS3
x-timer: S1617794744.744990,VS0,VE0
etag: "139c4c3eacd4f66ca326e0b101650830"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: Q682fUCSyrrKpVkvp--XoDG4_o_l_o1iYqB5FX_3akCe6dLkADexIw==
x-cache-hits: 65142

GET
H2 200 586f7e9594cabb82516768507fb9cc1b.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 10 KB
10 KB 59ms
59ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/586f7e9594cabb82516768507fb9cc1b.jpg
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: cb589acb8f718259c22eb6bf60c43a516888c93b8909e87453d768daa2330861

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 2261894
edge-cache-tag: 319697351889667228755712168849771479534,484438202950987515417932874384580560546,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/586f7e9594cabb82516768507fb9cc1b.jpg
content-length: 9916
x-request-id: ab3161f8a5212a6adcad1c522c2b0a77
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
last-modified: Tue, 09 Mar 2021 11:41:29 GMT
server: nginx
x-timer: S1617794744.912662,VS0,VE1
etag: "624828ee08aa04c54b8bfdd8dc89bd55"
x-served-by: cache-wdc5579-WDC, cache-dca17767-DCA, cache-hhn11535-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 4b33bbdbea98a7937e28316923a57e30.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 5 KB
6 KB 54ms
54ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4b33bbdbea98a7937e28316923a57e30.png
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 01ca162dfd0e48c91f820cf05725881876b4b6e87a57c50dc378faa964aaeaee

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 529742
edge-cache-tag: 500553205901944001151781488628605754714,484438202950987515417932874384580560546,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4b33bbdbea98a7937e28316923a57e30.png
content-length: 5136
x-request-id: 8e9cb12133b374536162ec408c65d9f5
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
last-modified: Wed, 24 Mar 2021 13:56:24 GMT
server: nginx
x-timer: S1617794744.925771,VS0,VE1
etag: "7a87a6a345743738d86b43c51f5aea4e"
x-served-by: cache-wdc5570-WDC, cache-dca17722-DCA, cache-hhn11535-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 25f2dddb9414180d05d45d54f16bb2bb.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 7 KB
7 KB 58ms
58ms Image
image/webp 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/25f2dddb9414180d05d45d54f16bb2bb.png
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 804d5ad06837ef1dcd8eb04c43aa807833b1387ab65d6cb42204e662e1b31c1e

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 07 Apr 2021 11:25:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 1795206
edge-cache-tag: 324635541349952902596426984790319037041,484438202950987515417932874384580560546,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/25f2dddb9414180d05d45d54f16bb2bb.png
content-length: 6668
x-request-id: e10d4eda0ee94bb2f77afbbe3ad2098b
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
last-modified: Mon, 01 Mar 2021 02:37:48 GMT
server: nginx
x-timer: S1617794744.936868,VS0,VE1
etag: "a0ac5071dbbdfeeb2670fc5557e24b59"
x-served-by: cache-wdc5522-WDC, cache-dca12928-DCA, cache-hhn11535-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 st Show response
imprammp.taboola.com/ Frame 6AAB 973 B
609 B 65ms
64ms Document
text/html 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66318735&crid=5397665&dast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&cmcv=&pix=undefined&cb=1617794744043&uv=2946&tms=1617794744043&abt=adh5c-1_vA!insc_vA!pl1213_vB!rvf1_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=D30EE2B2E592472611921098861&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.3.7/UnitWidgetItemDesktop.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 0574e172e3545369b75a00ab474444ad0b84bc2c6dd4f93c302d19d5c555fecc

Request headers

:method: GET
:authority: imprammp.taboola.com
:scheme: https
:path: /st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66318735&crid=5397665&dast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&cmcv=&pix=undefined&cb=1617794744043&uv=2946&tms=1617794744043&abt=adh5c-1_vA!insc_vA!pl1213_vB!rvf1_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=D30EE2B2E592472611921098861&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://hillreporter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://hillreporter.com/

Response headers

server: nginx
content-type: text/html;charset=ISO-8859-1
content-encoding: gzip
accept-ranges: bytes
date: Wed, 07 Apr 2021 11:25:44 GMT
via: 1.1 varnish
x-served-by: cache-hhn11535-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1617794744.075550,VS0,VE10
vary: Accept-Encoding

GET
H2 200 sync Show response
am-match.taboola.com/ Frame 2406 973 B
1 KB 59ms
59ms Document
text/html 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://am-match.taboola.com/sync?dast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&excid=22&docw=0&cijs=1&nlb=true
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.3.7/UnitWidgetItemDesktop.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: 0574e172e3545369b75a00ab474444ad0b84bc2c6dd4f93c302d19d5c555fecc

Request headers

:method: GET
:authority: am-match.taboola.com
:scheme: https
:path: /sync?dast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&excid=22&docw=0&cijs=1&nlb=true
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://hillreporter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://hillreporter.com/

Response headers

server: nginx
date: Wed, 07 Apr 2021 11:25:44 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3401

POST
H2 200 VideoBidRequestHandlerServlet Show response
wf.taboola.com/ 4 KB
3 KB 134ms
133ms XHR
application/json 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=505&height=284&pubid=169497&tagid=953497&crid=5397665&noaop=5&sortOrderType=0&cb=1617794744047&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1212&pt=562876811&tz=120&viewable=true&ddast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&amp=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&dtagid=1750105&dpubid=347175&abtst=adh5c-1_vA!insc_vA!pl1213_vB!rvf1_vA!smbs!ufm&mPre=0.033&cirf=https%3A%2F%2Fhillreporter.com&en=1
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.3.7/UnitWidgetItemDesktop.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: c073e5cf8259ff7220fc9809ed3d0d34f03f74809c6048a350b8fc61b63efa83

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

date: Wed, 07 Apr 2021 11:25:44 GMT
content-encoding: gzip
access-control-allow-origin: https://hillreporter.com
machineid: 1479
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-hhn11535-HHN
pragma: no-cache
server: nginx
x-timer: S1617794744.080091,VS0,VE77
vary: Accept-Encoding
content-type: application/json;charset=utf-8
via: 1.1 varnish
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
link: <https://search.spotxchange.com>; rel=preconnect
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 st
am-vid-events.taboola.com/ 0
43 B 58ms
57ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66318735&crid=5397665&dast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&cmcv=&pix=31589837&cb=1617794744043&uv=2946&tms=1617794744043&abt=adh5c-1_vA!insc_vA!pl1213_vB!rvf1_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1617794741817.8892!ts:1617794744043&mntl=1
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:44 GMT
content-length: 0
server: nginx

POST
H2 200 s2s Show response
eb.proper.io/ 267 B
543 B 195ms
194ms XHR
application/json 2606:4700::6811:4f22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://eb.proper.io/s2s?proper_uid=0fa270c2-a6aa-4ada-99fa-63c95d0c0038
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:4f22 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 716f44f30e257f0b07d75bfa9023aef0e2386ae961b48cda8c08424dbcf047db

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:44 GMT
content-encoding: br
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://hillreporter.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 63c2e59e8b43536a-FRA
cf-request-id: 094dadd7170000536ac88c5000000001
expires: -1

GET
H2 200 sync
taboola-supply-partners.tremorhub.com/ Frame 2406 43 B
182 B 268ms
87ms Image
image/gif 2600:1f18:612b:4232:1f73:43cf:8eeb:9521
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&excid=22&docw=0&cijs=1&nlb=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4232:1f73:43cf:8eeb:9521 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:44 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 2406 70 B
265 B 221ms
72ms Image
image/gif 34.247.242.33
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&excid=22&docw=0&cijs=1&nlb=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.242.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-242-33.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:44 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 sync Show response
pixel.advertising.com/ups/58166/ Frame 2406 0
125 B 174ms
57ms Script
text/plain 35.156.106.231
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://pixel.advertising.com/ups/58166/sync?gdpr=1&uid=&_origin=1&us_privacy=1---&redir=true

Requested by

Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&excid=22&docw=0&cijs=1&nlb=true

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.106.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:44 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

rtb-h Show response
sync-t1.taboola.com/sg/spotx-rtb-network/1/ Frame 2406
Redirect Chain

https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3D...
https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3D...
https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=fe0caf43-9793-11eb-a057-1ac061c71606&orig=video&us_privacy=1---

0
228 B

58ms
56ms

Script
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=fe0caf43-9793-11eb-a057-1ac061c71606&orig=video&us_privacy=1---
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&excid=22&docw=0&cijs=1&nlb=true
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.41.34.222:10213
date: Wed, 07 Apr 2021 11:25:44 GMT
server: nginx
x-fastly-to-nlb-rtt: 24807

Redirect headers

Date: Wed, 07 Apr 2021 11:25:44 GMT
Server: nginx
Location: https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=fe0caf43-9793-11eb-a057-1ac061c71606&orig=video&us_privacy=1---
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 107
Connection: keep-alive
Content-Length: 0

GET
H2 200 sync
x.bidswitch.net/ Frame 2406 43 B
146 B 176ms
56ms Image
image/gif 52.58.102.227
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&excid=22&docw=0&cijs=1&nlb=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.102.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:44 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2 200 sync
taboola-supply-partners.tremorhub.com/ Frame 6AAB 43 B
183 B 261ms
87ms Image
image/gif 2600:1f18:612b:4232:1f73:43cf:8eeb:9521
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66318735&crid=5397665&dast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&cmcv=&pix=undefined&cb=1617794744043&uv=2946&tms=1617794744043&abt=adh5c-1_vA!insc_vA!pl1213_vB!rvf1_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=D30EE2B2E592472611921098861&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4232:1f73:43cf:8eeb:9521 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:44 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 6AAB 70 B
264 B 216ms
73ms Image
image/gif 34.247.242.33
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66318735&crid=5397665&dast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&cmcv=&pix=undefined&cb=1617794744043&uv=2946&tms=1617794744043&abt=adh5c-1_vA!insc_vA!pl1213_vB!rvf1_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=D30EE2B2E592472611921098861&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.242.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-242-33.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:44 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 sync Show response
pixel.advertising.com/ups/58166/ Frame 6AAB 0
124 B 172ms
61ms Script
text/plain 35.156.106.231
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://pixel.advertising.com/ups/58166/sync?gdpr=1&uid=&_origin=1&us_privacy=1---&redir=true

Requested by

Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66318735&crid=5397665&dast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&cmcv=&pix=undefined&cb=1617794744043&uv=2946&tms=1617794744043&abt=adh5c-1_vA!insc_vA!pl1213_vB!rvf1_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=D30EE2B2E592472611921098861&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.106.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:44 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

rtb-h Show response
sync-t1.taboola.com/sg/spotx-rtb-network/1/ Frame 6AAB
Redirect Chain

https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3D...
https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3D...
https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=fe0caf43-9793-11eb-a057-1ac061c71606&orig=video&us_privacy=1---

0
228 B

57ms
57ms

Script
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=fe0caf43-9793-11eb-a057-1ac061c71606&orig=video&us_privacy=1---
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66318735&crid=5397665&dast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&cmcv=&pix=undefined&cb=1617794744043&uv=2946&tms=1617794744043&abt=adh5c-1_vA!insc_vA!pl1213_vB!rvf1_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=D30EE2B2E592472611921098861&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.41.34.201:10213
date: Wed, 07 Apr 2021 11:25:44 GMT
server: nginx
x-fastly-to-nlb-rtt: 24807

Redirect headers

Date: Wed, 07 Apr 2021 11:25:44 GMT
Server: nginx
Location: https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=fe0caf43-9793-11eb-a057-1ac061c71606&orig=video&us_privacy=1---
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 30
Connection: keep-alive
Content-Length: 0

GET
H2 200 sync
x.bidswitch.net/ Frame 6AAB 43 B
145 B 171ms
56ms Image
image/gif 52.58.102.227
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66318735&crid=5397665&dast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&cmcv=&pix=undefined&cb=1617794744043&uv=2946&tms=1617794744043&abt=adh5c-1_vA!insc_vA!pl1213_vB!rvf1_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=D30EE2B2E592472611921098861&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.102.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:44 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2 200 cmTagWIDGET_ITEM.js Show response
vidstat.taboola.com/vpaid/units/29_4_6/infra/ 633 KB
112 KB 165ms
56ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/units/29_4_6/infra/cmTagWIDGET_ITEM.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.3.7/UnitWidgetItemDesktop.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: e0b128ed82b201796fb9088e8e30557bd2b22f9354355d2193927c7debc99b5b

Request headers

Origin: https://hillreporter.com
Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:44 GMT
via: 1.1 varnish
age: 94521
x-amz-meta-mtime: 1617700004
x-cache: HIT
x-amz-meta-ctime: 1617700180
x-amz-meta-mode: 33188
content-encoding: br
content-length: 114538
x-amz-id-2: PhCKqkzPhX/RRS2Q1CZwYir9Is/B52WoxfXTD0bZwdRkgUoIQg7lrySuWFF6Od2StF4AdVp3dv0=
x-served-by: cache-hhn11554-HHN
accept-ranges: bytes
last-modified: Tue, 06 Apr 2021 09:09:42 GMT
server: AmazonS3-br
x-timer: S1617794744.330435,VS0,VE0
etag: "0e42626cd8997e02392d1104b030558a"
x-amz-meta-uid: 0
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
x-amz-request-id: CEK2DVJZXEMDPD12
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-meta-gid: 0
content-type: application/javascript
access-control-allow-headers: *
x-cache-hits: 21610

GET
H2 200 cmOsUnit.css
vidstat.taboola.com/vpaid/units/29_4_6/assets/css/ 58 KB
8 KB 54ms
54ms Stylesheet
text/css 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/units/29_4_6/assets/css/cmOsUnit.css
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.3.7/UnitWidgetItemDesktop.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 3fa2d05c853e9ae626a42e17be01f3959480d9a36518b9f35c7647750dab6fff

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:44 GMT
via: 1.1 varnish
age: 94523
x-amz-meta-mtime: 1617700004
x-cache: HIT
x-amz-meta-ctime: 1617700127
x-amz-meta-mode: 33188
content-encoding: br
content-length: 7758
x-amz-id-2: 2AKDiAMYsb+I8zmJQ52OLq9KyqmOPNLdT7Qx9fC2avtYRPpxTljLrPNVs9XaqIBq0TsONOEB88g=
x-served-by: cache-hhn11535-HHN
accept-ranges: bytes
last-modified: Tue, 06 Apr 2021 09:08:49 GMT
server: AmazonS3-br
x-timer: S1617794744.219225,VS0,VE0
etag: "e5a46ef3bd4c553a76fa4e52d4e0347e"
x-amz-meta-uid: 0
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
x-amz-request-id: Y0VETEQNV7CTHRXH
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-meta-gid: 0
content-type: text/css
access-control-allow-headers: *
x-cache-hits: 104247

GET
H2 200 integrator.js Show response
adservice.google.se/adsid/ 107 B
799 B 51ms
17ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.se/adsid/integrator.js?domain=hillreporter.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021040501.js?31060697

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 07 Apr 2021 11:25:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 16ms
15ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=hillreporter.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021040501.js?31060697

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 07 Apr 2021 11:25:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 184 KB
53 KB 772ms
772ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2118233785719736&correlator=4141107679835644&output=ldjh&impl=fifs&eid=31060437%2C31060550%2C31060697%2C44733568%2C31060506%2C44739387&vrg=2021040501&ptt=17&tfcd=0&sc=1&sfv=1-0-38&ecs=20210407&iu_parts=5376056%2Chillreporter_leaderboard%2Chillreporter_content_1%2Chillreporter_content_2%2Chillreporter_content_3%2Chillreporter_sticky&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5&prev_iu_szs=1x1%7C300x250%7C728x90%2C320x50%7C1x1%7C300x250%7C336x280%7C728x90%2C320x50%7C1x1%7C300x250%7C336x280%7C728x90%2C320x50%7C1x1%7C300x250%7C336x280%7C728x90%2C1x1%7C728x90&fluid=0%2Cheight%2Cheight%2Cheight%2C0&prev_scp=post_id%3Dunknown%26member%3Dno%26split_version%3D3702%26proper_site%3Dhillreporter%26proper_slot%3D1%26proper_floor%3D0.10%26s_depth%3D1%26refresh_count%3D0%7Cpost_id%3Dunknown%26member%3Dno%26split_version%3D3702%26proper_site%3Dhillreporter%26proper_slot%3D2%26proper_floor%3D0.10%26s_depth%3D1%26refresh_count%3D0%7Cpost_id%3Dunknown%26member%3Dno%26split_version%3D3702%26proper_site%3Dhillreporter%26proper_slot%3D3%26proper_floor%3D0.10%26s_depth%3D1%26refresh_count%3D0%7Cpost_id%3Dunknown%26member%3Dno%26split_version%3D3702%26proper_site%3Dhillreporter%26proper_slot%3D4%26proper_floor%3D0.10%26s_depth%3D1%26refresh_count%3D0%7Cpost_id%3Dunknown%26member%3Dno%26split_version%3D3702%26proper_site%3Dhillreporter%26proper_slot%3D5%26proper_sticky%3Dtrue%26proper_floor_320x50%3D0.75%26proper_floor_728x90%3D1.00%26proper_floor_160x600%3D1.00%26proper_floor_320x100%3D0.75%26proper_floor_sticky_horizontal%3D1.75%26proper_floor%3D0.10%26s_depth%3D1%26refresh_count%3D0&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1617793919&dt=1617794744321&dlt=1617794742338&idt=1331&frm=20&biw=1600&bih=1200&oid=3&adxs=340%2C418%2C418%2C418%2C800&adys=226%2C391%2C1201%2C1650%2C4&adks=2004394596%2C3596030282%2C3707461873%2C122173973%2C4241150287&ucis=1%7C2%7C3%7C4%7C5&ifi=1&u_tz=120&u_his=4&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fhillreporter.com%2Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334%3F_hsmi%3D96965274%26_hsenc%3Dp2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg&vis=1&dmc=8&scr_x=0&scr_y=0&psz=920x21%7C765x21%7C765x21%7C765x21%7C1600x-1&msz=920x1%7C765x1%7C765x1%7C765x1%7C1x-1&ga_vid=2108676921.1617794743&ga_sid=1617794744&ga_hid=100925289&ga_fc=false&fws=0%2C0%2C0%2C0%2C512&ohw=0%2C0%2C0%2C0%2C0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021040501.js?31060697

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

82a74f0a75491ad22787c4c9ad46b5ca4a5f5a923de6a87b458a092d7dfc9184

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17423466578448422575/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17423466578448422575/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CN-3v4iD7O8CFVn5dwodGc0NUw&gqi=&layout=/sadbundle/%24csp%253Der3%24/17423466578448422575/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17423466578448422575/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17423466578448422575/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CN-3v4iD7O8CFVn5dwodGc0NUw&gqi=&layout=/sadbundle/%24csp%253Der3%24/17423466578448422575/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1,-1,-1,-1,-1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53590
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1,-1
pragma: no-cache
server: cafe
date: Wed, 07 Apr 2021 11:25:45 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://hillreporter.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 28ms
14ms Other
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021040501.js?31060697
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/ 0
0 6ms
5ms Other
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021040501.js?31060697
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 PMS.js Show response
vidstat.taboola.com/PMS/3.2.2/ 59 KB
17 KB 55ms
55ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/PMS/3.2.2/PMS.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/29_4_6/infra/cmTagWIDGET_ITEM.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 82fba5f2a3814f5a06b59a3a4a84d9edc1145d1ca57d54ccf321ce03af57bb9a

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:44 GMT
via: 1.1 34f50889bc574f1edeb41dd758962a5b.cloudfront.net (CloudFront), 1.1 varnish
age: 2650079
x-cache: Hit from cloudfront, HIT
content-encoding: gzip
content-length: 17509
x-served-by: cache-hhn11535-HHN
last-modified: Thu, 21 Jan 2021 11:30:56 GMT
server: AmazonS3
x-timer: S1617794745.520966,VS0,VE0
etag: "f237b8d35060f133ac8c595fd1234e1c"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: RuZTYf9ZWA96SQeo8HHRHLcCv200QVgjNg5SQ7cxYBxr9Ka4rjgQ-w==
x-cache-hits: 702914

GET
H2 200 content14_10_18m.js Show response
vidstat.taboola.com/ 37 KB
8 KB 56ms
56ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/content14_10_18m.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/29_4_6/infra/cmTagWIDGET_ITEM.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ab8bbbaf028510d8b119cce741f0c2cc94816dcc113d83cac81a6aade6a76fa9

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:44 GMT
via: 1.1 e0064d0a2437e206ed082e1fa1cdae61.cloudfront.net (CloudFront), 1.1 varnish
age: 2553196
x-cache: Hit from cloudfront, HIT
content-encoding: gzip
content-length: 7638
x-served-by: cache-hhn11535-HHN
last-modified: Sun, 14 Oct 2018 13:31:31 GMT
server: AmazonS3
x-timer: S1617794745.642953,VS0,VE0
etag: "d8d81221ec6e604811ce469d899c9c8b"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: omj5vaGwuVO0u1DUElZ04p0xjblvLHfKzDESlIUndnM3CZOy52LCcg==
x-cache-hits: 1405983

GET
H2 200 oppsula.js Show response
vidstat.taboola.com/oppsula/1.3.8/ 15 KB
5 KB 58ms
58ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/oppsula/1.3.8/oppsula.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/29_4_6/infra/cmTagWIDGET_ITEM.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f60c4600705d04f5c55db54f646fec728f9458c4fbba35adb4ac114077cb2391

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:44 GMT
via: 1.1 c05282a87474a55ae2a8dd2aa77d1233.cloudfront.net (CloudFront), 1.1 varnish
age: 4783852
x-cache: Miss from cloudfront, HIT
content-encoding: gzip
content-length: 5164
x-served-by: cache-hhn11535-HHN
last-modified: Tue, 14 Apr 2020 06:07:12 GMT
server: AmazonS3
x-timer: S1617794745.647761,VS0,VE0
etag: "328b70146f77a19d2bc0172c656d921e"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: mX0WwlTmUO4x6xuR8DDLZg909FJ4TvyaVteRGEevDZZ-WfTsdjHQoQ==
x-cache-hits: 7382032

GET
H2 200 video-autoplay-detector.js Show response
vidstat.taboola.com/video-autoplay-detector/1.0.0/ 8 KB
2 KB 58ms
58ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/video-autoplay-detector/1.0.0/video-autoplay-detector.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/29_4_6/infra/cmTagWIDGET_ITEM.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5b497b3dea8511b361da644850f9a576c982e26ce7b18754c5c82f50f4049024

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:44 GMT
via: 1.1 eab88762658052b4a1e386f8521a38cf.cloudfront.net (CloudFront), 1.1 varnish
age: 2446103
x-cache: Miss from cloudfront, HIT
content-encoding: gzip
content-length: 2210
x-served-by: cache-hhn11535-HHN
last-modified: Mon, 10 Jun 2019 11:55:53 GMT
server: AmazonS3
x-timer: S1617794745.647745,VS0,VE0
etag: "2fac39530c1c168282a35d1ab56450ed"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: duXZV0i4ZSVC1-tAr6cZHFunN-GB24YQyZTOQIqiUhVHBP_fxBkvMQ==
x-cache-hits: 2050513

GET
H2 200 OvaMediaPlayer.js Show response
vidstat.taboola.com/vpaid/vPlayer/player/v12.1.2/ 545 KB
112 KB 57ms
57ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v12.1.2/OvaMediaPlayer.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/29_4_6/infra/cmTagWIDGET_ITEM.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: f945c51048597580e69d43f98e7ce3c63f8c7b0a2235c988d03ff27a38b61628

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:44 GMT
via: 1.1 varnish
age: 699651
x-amz-meta-mtime: 1617095019
x-cache: HIT
x-amz-meta-ctime: 1617095032
x-amz-meta-mode: 33188
content-encoding: br
content-length: 113823
x-amz-id-2: G/0AeGFRNLss1l2YlKk72uJSm7m97qdPDf4p1gn3M9CDQ/RYgyEH6zvE+2+XLXJ/s5qgqODkCZQ=
x-served-by: cache-hhn11535-HHN
accept-ranges: bytes
last-modified: Tue, 30 Mar 2021 09:03:53 GMT
server: AmazonS3-br
x-timer: S1617794745.669270,VS0,VE0
etag: "4cdf59918882c7e55b1af8742c08ebe3"
x-amz-meta-uid: 0
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
x-amz-request-id: B08YF31074A56CXS
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-meta-gid: 0
content-type: application/javascript
access-control-allow-headers: *
x-cache-hits: 1172864

GET
H2 200 sync Show response
am-match.taboola.com/ Frame 2E10 980 B
1 KB 60ms
59ms Document
text/html 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://am-match.taboola.com/sync?dast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&excid=22&docw=0&cijs=1&nlb=true
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/29_4_6/infra/cmTagWIDGET_ITEM.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: 248ccb60ff73ec7c27ca22bbfe068770600c60bfc1cf44155fd2b77859d4e9de

Request headers

:method: GET
:authority: am-match.taboola.com
:scheme: https
:path: /sync?dast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&excid=22&docw=0&cijs=1&nlb=true
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://hillreporter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: t_gid=66af7ff4-269b-4b95-ac25-d4150f08d239-tuct7671c38
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://hillreporter.com/

Response headers

server: nginx
date: Wed, 07 Apr 2021 11:25:44 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3403

POST
H2 204 bulk Show response
trc.taboola.com/hillreporter-hillreporter/log/3/ 0
278 B 165ms
165ms XHR
image/gif 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/hillreporter-hillreporter/log/3/bulk?route=IL%3AIL%3AV&lti=deflated&bulkSize=7
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210406-4-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 77
pragma: no-cache
date: Wed, 07 Apr 2021 11:25:44 GMT
via: 1.1 varnish
server: nginx
x-timer: S1617794745.719657,VS0,VE77
x-served-by: cache-hhn11535-HHN
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://hillreporter.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
BLOB 206
Partial Content adea92da-7a96-4008-b596-b8abd66efa42
https://hillreporter.com/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://hillreporter.com/adea92da-7a96-4008-b596-b8abd66efa42
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
BLOB 206
Partial Content c4f6c994-832d-4a68-a174-edf1887ad376
https://hillreporter.com/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://hillreporter.com/c4f6c994-832d-4a68-a174-edf1887ad376
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
H2 200 f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ 254 B
730 B 54ms
54ms Image
image/png 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
via: 1.1 varnish
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
age: 13867
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 254
x-amz-id-2: grODyaFUyHwi27S6u2hd746yPHwUf+y1im5Wn93DxT7wozhn8KMFUP712WAAG3eD1t2rnF4k3Bs=
x-served-by: cache-hhn11535-HHN
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer: S1617794745.740247,VS0,VE0
date: Wed, 07 Apr 2021 11:25:44 GMT
x-amz-request-id: 29D722C296265892
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: image/png
abp: 32
x-cache-hits: 26160

GET
H/1.1 200
OK 296474 Show response
search.spotxchange.com/vast/2.00/ 67 B
1 KB 241ms
74ms XHR
text/xml 185.94.180.124
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/vast/2.00/296474?VPAID=js&content_page_url=https%3A%2F%2Fhillreporter.com%2Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334&player_width=505&player_height=284&vid_duration=NaN&content_id=inline&ad_mute=1&custom_skin=1&custom[content][]=IAB12&custom[pub_lang]=en&schain[schainobject]=1.0,1!taboola.com,1193695,1,1832663094&gdpr=1&gdpr_consent=&playtime=60&us_privacy=1---
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v12.1.2/OvaMediaPlayer.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.124 , United States, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: 78e958d620d6e40a19e424eee3a9b23932cd9bfa4d7f736442048777d203052d

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Wed, 07 Apr 2021 11:25:44 GMT
Content-Encoding: gzip
X-SpotX-Timing-Transform: 0.000398
X-SpotX-Timing-SpotMarket: 0.012256
X-SpotX-Timing-Page-Mux: 0.000227
X-SpotX-Timing-Page-Require: 0.000356
X-fe: 103
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000024
Content-Length: 77
X-SpotX-Timing-Page: 0.017287
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.000409
Last-Modified: Wed, 07 Apr 2021 11:25:44 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Vary: Accept-Encoding
X-SpotX-Timing-SpotMarket-Primary: 0.012256
Content-Type: text/xml;charset=UTF-8
Access-Control-Allow-Origin: https://hillreporter.com
X-SpotX-Timing-Page-Misc: 0.003606
X-SpotX-Timing-Page-Exception: 0.000001
X-SpotX-Timing-SpotMarket-Secondary: 0.000000
X-SpotX-Timing-Page-URI: 0.000010
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 sync
taboola-supply-partners.tremorhub.com/ Frame 2E10 43 B
182 B 88ms
87ms Image
image/gif 2600:1f18:612b:4232:1f73:43cf:8eeb:9521
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&excid=22&docw=0&cijs=1&nlb=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4232:1f73:43cf:8eeb:9521 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:44 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 2E10 70 B
264 B 74ms
73ms Image
image/gif 34.247.242.33
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&excid=22&docw=0&cijs=1&nlb=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.242.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-242-33.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:44 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 sync Show response
pixel.advertising.com/ups/58166/ Frame 2E10 0
124 B 58ms
58ms Script
text/plain 35.156.106.231
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://pixel.advertising.com/ups/58166/sync?gdpr=1&uid=&_origin=1&us_privacy=1---&redir=true

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.106.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:44 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 sync
x.bidswitch.net/ Frame 2E10 43 B
145 B 56ms
56ms Image
image/gif 52.58.102.227
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&excid=22&docw=0&cijs=1&nlb=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.102.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:44 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame BAD8
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=

281 B
554 B

178ms
58ms

Document
text/html

104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&excid=22&docw=0&cijs=1&nlb=true
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.230.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://am-match.taboola.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://am-match.taboola.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 23 Feb 2021 20:47:52 GMT
ETag: "402b0-119-5bc0708346e00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 07 Apr 2021 11:25:45 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Date: Wed, 07 Apr 2021 11:25:45 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *

GET
H3-Q050 200 container.html Show response
f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B6B1 6 KB
3 KB 39ms
22ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021040501.js?31060697

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://hillreporter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://hillreporter.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 07 Apr 2021 11:25:44 GMT
expires: Thu, 07 Apr 2022 11:25:44 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 container.html Show response
f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8247 6 KB
3 KB 35ms
23ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021040501.js?31060697

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://hillreporter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://hillreporter.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 07 Apr 2021 11:25:44 GMT
expires: Thu, 07 Apr 2022 11:25:44 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021040501.js?31060697

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fa5e01e38d554ca21f9c4aa9e7a6345d7d8f017520925a73648e4f3ee3a7b79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1617660453263920"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28267
x-xss-protection: 0
expires: Wed, 07 Apr 2021 11:25:45 GMT

GET
H3-Q050 200 container.html Show response
f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A9E5 6 KB
3 KB 11ms
11ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021040501.js?31060697

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://hillreporter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://hillreporter.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 07 Apr 2021 11:25:44 GMT
expires: Thu, 07 Apr 2022 11:25:44 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 container.html Show response
f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3582 6 KB
3 KB 9ms
8ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021040501.js?31060697

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://hillreporter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://hillreporter.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 07 Apr 2021 11:25:44 GMT
expires: Thu, 07 Apr 2022 11:25:44 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 container.html Show response
f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2130 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021040501.js?31060697

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://hillreporter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://hillreporter.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 07 Apr 2021 11:25:44 GMT
expires: Thu, 07 Apr 2022 11:25:44 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 945E 624 B
350 B 18ms
17ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COmppwIQ6vyuAhis7-KhATAB&v=APEucNXlCcz0ajOs70y_J_JrdFCX3alE5q5-vvE8YJqzFwitwLjdDk6j9oc3tkWaI4EkYFZCEcLlI8MrwQRs8KFDmDewqHuunGO3Mxd-PaDQnI6Y9CHVS9PjcFyB8yrLYa27nlEg8vbWvbG6Da3i-SPcQyUgFA7nL_Dw1SCnVdjxV6p5hHO3_3kjOZnZRTFFvojo9M2HyFp7LVs9Ug3K8FGWvnDhZ3THEg

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=COmppwIQ6vyuAhis7-KhATAB&v=APEucNXlCcz0ajOs70y_J_JrdFCX3alE5q5-vvE8YJqzFwitwLjdDk6j9oc3tkWaI4EkYFZCEcLlI8MrwQRs8KFDmDewqHuunGO3Mxd-PaDQnI6Y9CHVS9PjcFyB8yrLYa27nlEg8vbWvbG6Da3i-SPcQyUgFA7nL_Dw1SCnVdjxV6p5hHO3_3kjOZnZRTFFvojo9M2HyFp7LVs9Ug3K8FGWvnDhZ3THEg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkpk0r0gX6fxhnq4uyMWyKOu5jnOvEPpeoKDe2Xe4H4P3AvE2glWjzvnyVI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 07 Apr 2021 11:25:45 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 get_page_signal_url_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210401/r20110914/elements/html/ Frame B6B1 4 KB
2 KB 40ms
24ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210401/r20110914/elements/html/get_page_signal_url_fy2019.js

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

858361d285ad5b0369469afc26ff28e975019a3b3a25ad4748e95178eae88192

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 08:57:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8871
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2074
x-xss-protection: 0
server: cafe
etag: 10027585619949027602
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Apr 2021 08:57:54 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210401/r20110914/client/ Frame B6B1 2 KB
1 KB 39ms
22ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210401/r20110914/client/window_focus_fy2019.js

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:19:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 362
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Apr 2021 11:19:43 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B6B1 118 KB
36 KB 47ms
30ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0518695a30c166fb5ef9104028ce570005450472c3f120a7d2904fae59f2423

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1617660447179276"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36710
x-xss-protection: 0
expires: Wed, 07 Apr 2021 11:25:45 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210401/r20110914/client/ Frame B6B1 13 KB
5 KB 37ms
21ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210401/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9581d69ef8a7435f061d76045cc929310f436366f9ced3b9b9811ca6ed26feb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5599
x-xss-protection: 0
server: cafe
etag: 2241650964481140939
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Apr 2021 11:25:03 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame B6B1 0
0 16ms
15ms Image
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ4WR2HtsWe2lvEFMZLFfxsHWnQ3GGocjvdsfk0gvvoqnaW-h5ZcIpdCzrLLbMYjOMaIBc7rilyaBIyDG0MmYvaZGlc9w
Requested by: Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B6B1 42 B
107 B 40ms
39ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Ak1MEcgOoEfszXszm7_7kjQXl5XLThklBTLDxS-KYS6hnAwrIlyNSgrx6Lx-87d4-azGEpQY3ld44pKiH8WPBBwmyOOLIB1NdGEF9W2i9tsufcEQw

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6778 640 B
321 B 17ms
16ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COmppwIQ6vyuAhis7-KhATAB&v=APEucNWaAbxWYqURMM-ko7nSmtqf6LCCv_OAy5otlxNo4GHNEYZOysWwfCDm4DrrLuE9IUOJY0Xq5bNB8l-jeYmU_Bz_BwTk5R_OL1H2uBpu5ZqsmUqKghN1-6EJOXwrC2TtlVrkRuH8HWcnLHrghIJRyZ3Butid5MbtDLWW9Ji9AGD--Kd5Ti_kRSl3cG1C6_uNt-Fg2klAw-2161KNaI3bdNRZYDWL-g

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=COmppwIQ6vyuAhis7-KhATAB&v=APEucNWaAbxWYqURMM-ko7nSmtqf6LCCv_OAy5otlxNo4GHNEYZOysWwfCDm4DrrLuE9IUOJY0Xq5bNB8l-jeYmU_Bz_BwTk5R_OL1H2uBpu5ZqsmUqKghN1-6EJOXwrC2TtlVrkRuH8HWcnLHrghIJRyZ3Butid5MbtDLWW9Ji9AGD--Kd5Ti_kRSl3cG1C6_uNt-Fg2klAw-2161KNaI3bdNRZYDWL-g
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkpk0r0gX6fxhnq4uyMWyKOu5jnOvEPpeoKDe2Xe4H4P3AvE2glWjzvnyVI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 07 Apr 2021 11:25:45 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 get_page_signal_url_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210401/r20110914/elements/html/ Frame 8247 4 KB
2 KB 37ms
26ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210401/r20110914/elements/html/get_page_signal_url_fy2019.js

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

858361d285ad5b0369469afc26ff28e975019a3b3a25ad4748e95178eae88192

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 08:57:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8871
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2074
x-xss-protection: 0
server: cafe
etag: 10027585619949027602
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Apr 2021 08:57:54 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210401/r20110914/client/ Frame 8247 2 KB
1 KB 33ms
23ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210401/r20110914/client/window_focus_fy2019.js

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:19:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 362
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Apr 2021 11:19:43 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8247 118 KB
36 KB 39ms
28ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0518695a30c166fb5ef9104028ce570005450472c3f120a7d2904fae59f2423

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1617660447179276"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36710
x-xss-protection: 0
expires: Wed, 07 Apr 2021 11:25:45 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210401/r20110914/client/ Frame 8247 13 KB
5 KB 68ms
58ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210401/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9581d69ef8a7435f061d76045cc929310f436366f9ced3b9b9811ca6ed26feb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5599
x-xss-protection: 0
server: cafe
etag: 2241650964481140939
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Apr 2021 11:25:03 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 8247 0
0 15ms
14ms Image
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQkLMogb4L_4IcK0I-_vNWnQS1U6kMt1i1HYFi3z67qtrOg6WOnWmkJxDI-V--FpzIV6lSElot5MSdd1R9zzISwW1o1Uw
Requested by: Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8247 42 B
107 B 39ms
38ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DmwxXeLyQcOuKXl_gP7IvyLLDuXDqWVlgcJDeAxb4NPqri-HZEEvy450BkSep6_Ak2eSDoZ5LDDQwy8z--Acol1hjY1RMPZOyblPeZbpkDRq_bXXQ

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame EAD8 640 B
317 B 18ms
17ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COmppwIQ6vyuAhis7-KhATAB&v=APEucNVEt49JIAgMT-X8Bx2MmA9johB7Dn8wvZb9zBMtwx9tukGlEd2GATtVXvBQRPT5acsO7d8Q7GsYKarjsFbvgGbCueC3OXLkSQQ4_GVcWlRZkh1O1lYHAxe0PzvdcHSLM5TLcEi55W3k3f6aoGJArAwPSu7Rw0OvmhA-zFsckUh7TA23HN9OK69T-8S-vKiD8414fGfL891mugxUhCohKmD--JwXPA

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=COmppwIQ6vyuAhis7-KhATAB&v=APEucNVEt49JIAgMT-X8Bx2MmA9johB7Dn8wvZb9zBMtwx9tukGlEd2GATtVXvBQRPT5acsO7d8Q7GsYKarjsFbvgGbCueC3OXLkSQQ4_GVcWlRZkh1O1lYHAxe0PzvdcHSLM5TLcEi55W3k3f6aoGJArAwPSu7Rw0OvmhA-zFsckUh7TA23HN9OK69T-8S-vKiD8414fGfL891mugxUhCohKmD--JwXPA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkpk0r0gX6fxhnq4uyMWyKOu5jnOvEPpeoKDe2Xe4H4P3AvE2glWjzvnyVI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 07 Apr 2021 11:25:45 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 get_page_signal_url_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210401/r20110914/elements/html/ Frame A9E5 4 KB
2 KB 34ms
26ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210401/r20110914/elements/html/get_page_signal_url_fy2019.js

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

858361d285ad5b0369469afc26ff28e975019a3b3a25ad4748e95178eae88192

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 08:57:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8871
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2074
x-xss-protection: 0
server: cafe
etag: 10027585619949027602
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Apr 2021 08:57:54 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210401/r20110914/client/ Frame A9E5 2 KB
1 KB 30ms
22ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210401/r20110914/client/window_focus_fy2019.js

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:19:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 362
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Apr 2021 11:19:43 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A9E5 118 KB
36 KB 38ms
29ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0518695a30c166fb5ef9104028ce570005450472c3f120a7d2904fae59f2423

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1617660447179276"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36710
x-xss-protection: 0
expires: Wed, 07 Apr 2021 11:25:45 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210401/r20110914/client/ Frame A9E5 13 KB
6 KB 27ms
20ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210401/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9581d69ef8a7435f061d76045cc929310f436366f9ced3b9b9811ca6ed26feb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5599
x-xss-protection: 0
server: cafe
etag: 2241650964481140939
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Apr 2021 11:25:03 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame A9E5 0
0 15ms
14ms Image
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTVXXH9lZRovmtIorNZBuuXlwbeuKNzLFEi_HTQntAkDYUa-o0DFtvS2Sl6njuGNsOOPaaajGLfRdju_FK24-B_ZQC3uA
Requested by: Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A9E5 42 B
107 B 39ms
38ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DuSR8xgwtY5HUVlBgHdynIV4B7N_Ia5gGzMsHaabs22MHCKtPKopjS1OiO4QNw_kFwFwcRMqfcHFK884Wl7I4NcmhAFHQAUeYo3YNUJpktlwn4otQ

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210401/r20110914/client/ Frame 3582 1 KB
979 B 28ms
24ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210401/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Apr 2021 11:25:18 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 3582 0
0 98ms
97ms Fetch
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C6UZ_uJZtYN77Gtny3wOZmreYBZei85hip5Wpts8N9aqYvrUhEAEg2Oq2IGDxrfyFpB-gAYK_j_8DyAEG4AIAqAMByAObBKoEzwNP0P80R_3G5dlag6nu-mv0fW1D8AABQtKUizNl8WkVSQq7IgGjkyaQceJQ2kBMc6Tfxfv5-ftSMDLwmXFNXgQheH64opXIgxzWi9KM3vUDy6lnHOGMyYCSXOQO0z4PXsG7uNKE6VqfMftZQaURhev_pSoCUlZbTQK8viQJ6uf3wkKsMDm9i_ibODgwppB97OR5w3m1HuEZvuFAvC3LbM1giNn2moyFvRcQzPsg-KCpi1j7af84KtD0cXr7f_VzJJt8CSkcKbXv-SuhaxQP19koucAl1PPKXkQnLyuxzbiIPh8Rasbw4qLzpLFnPXZAOt89t-wrdhDFYc-sl1VyeDpMNTbtdPiUfPuF6W17x0PzaTuACqyoTTtRIsNJBhyFIYhosJjKufcIihlqRNbWB3MIUlpmwcjFsTrrC_cW4zS-TwYFtEB_Lepkqzqb4QYNOjYVwdekwZOXVryC9lWROO8tb3Eh4ojlvoduvv-co3Nk6ZfayLM505nHbYnsMAu6C-SOg9Uy0qPMGwaMoONf0MA43fTiB5iXZiMezUj8duETrBCKa53x9IUZnYy2ROChwXvwnwO6OMluinvVRIH4-WGYd9pQs3oD8OC0NUwmCuqNwASJoJPktQPgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGN4AH5sBwqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEENzdCNIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tMTg4NTM5NjA5MjI3ODgwMoAKA8gLAdgTDIgUBbIXGgoYCAASFHB1Yi02ODk3OTAyMTkxNzE0ODMz&sigh=_4JglEVfXOs&template_id=492&tpd=AGWhJmuW5hAPe-baM9hrvFGViFagNdZhCh7yIxrzGKeP_aMI_Q
Requested by: Host: info.silobreaker.com
URL: https://info.silobreaker.com/e2t/tc/VX2vBD5-Yg9vW837tWm8gQfm5W24t7JB4q59SpN52hRhc2-Hw7V1-WJV7CgB0DW1Hyy-R3gpQ0wVwZcdr8plYMqW6QtYmq4Bk2VyW7MRzNc4WH8JWW7HNfTP4-K9xJW227XFj1qlG6FW31__FB4KwY4mW4TlW-W4ZxSNVN5S-zQH_phBcW3lbCJx4ygsx9W3Lnwkx8_FLpCVwSGjF70TSNVW7d4P-P202-2-W2Bk9PW5TFtd6W7hflxr3PxKvZW3z59yj4HnXCkW7cszk08ZnHKpW7mFgDG7CTTybW1bPWmy712BYTW4jlB1P5qQsC8W4jL1f22z87rqW61ZbqP32P7v4W8hK92l8PM6QSW8ZHNy-17NMLX35r11
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s49-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210401/r20110914/ Frame 3582 17 KB
7 KB 66ms
63ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210401/r20110914/abg_lite_fy2019.js

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b2a4352595bb834d956d7ae260ecf56b9f1b9785b46f3314ed7b82ef506b2f00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:24:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7115
x-xss-protection: 0
server: cafe
etag: 360627091892979634
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Apr 2021 11:24:38 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210401/r20110914/client/ Frame 3582 2 KB
1 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210401/r20110914/client/window_focus_fy2019.js

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:19:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 362
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Apr 2021 11:19:43 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3582 118 KB
36 KB 34ms
31ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0518695a30c166fb5ef9104028ce570005450472c3f120a7d2904fae59f2423

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1617660447179276"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36710
x-xss-protection: 0
expires: Wed, 07 Apr 2021 11:25:45 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210401/r20110914/client/ Frame 3582 13 KB
5 KB 65ms
62ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210401/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9581d69ef8a7435f061d76045cc929310f436366f9ced3b9b9811ca6ed26feb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5599
x-xss-protection: 0
server: cafe
etag: 2241650964481140939
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Apr 2021 11:25:03 GMT

GET
H3-Q050 200 1f3867f1f27527e43574e1cbaa2e66c3.js Show response
www.gstatic.com/mysidia/ Frame 3582 25 KB
11 KB 36ms
21ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1f3867f1f27527e43574e1cbaa2e66c3.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47266f5d8118cec1898402204dbdfa8d5a2343b6ceec8c2036ea1d86552d519b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 07:36:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 01 Apr 2021 07:29:15 GMT
server: sffe
age: 532129
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10498
x-xss-protection: 0
expires: Wed, 30 Jun 2021 07:36:56 GMT

GET
H3-Q050 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17423466578448422575/ Frame 95B3 69 KB
44 KB 59ms
58ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17423466578448422575/index.html

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b27ea60a67dc4f271e7d44d8b52826057ce2ed54fe55f828e762e7866bae6f4b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/17423466578448422575/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Fri, 02 Apr 2021 15:02:59 GMT
expires: Sat, 02 Apr 2022 15:02:59 GMT
last-modified: Tue, 23 Mar 2021 21:23:14 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
content-length: 43537
age: 418966
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 2130 0
0 98ms
97ms Fetch
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CfTWauJZtYN_7Gtny3wOZmreYBbuk2Jli0ZKpjM4N0frkqq4JEAEg2Oq2IGDxrfyFpB-gAe78jsYDyAEJqQLDU4JJ6eyzPuACAKgDAcgDCKoE0ANP0L0FjcoUBln2gbH3HbDPn6QHKt6AAYNs4I8ScdbeOaT42rl9tQmvu7IzEnwBEpx0TQnouHgFkPNTlrENeCyVA3NmP1kE8HNgA0iqCCRw33v8uGTu8-2JCSgw7nos5_W10A_xI5sCxkF_qHKZycfNzPhMIP3mJmXaI5yGyi2YQT2kc2pm5HoQkiORtaiiEbQ879TIiPfV7m9X6PqGuVpgAuEdnV4FwJTXU2Ql8ynXBKhcHRC0AHerS_d2sRLZiKMDgGLAicnkaUvqqAQcbvfTcvNdij1r7SR2yvQdEOgN5Q9ie6IYuWwDdH4z1nnckjzfn9zgOLajdwWGFIstKAXeHcwB1eeLL4B2qsR1MDbZag_oaP8CQQn4GpooF25a_tmSDH0xwwUD_56gx6LAVQDg-Q8T1d_tWaQpIOvZBwXxtODU_KaCcKb6ItHQtfpfEVUbsHCbtJn1uVVSm9a6_9KTJXcV10z2HZCGCZ5psuJpXvRZDPZYg7j3DIgNwdV_2-a53_3BzhHvxCPgT4wvRjZBO6YJBbvV_Fp2hQrklgX4KaISLG0A-QHfOvHvO0MGwJ6svapJEZz4xDfQa8gMmkijQV7N3JoF1QoXNm-K9l1z58AEubDQ0acC4AQBkgUECAQYAZIFBAgFGASgBi6AB_qC8TmoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQqcUK0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xODg1Mzk2MDkyMjc4ODAygAoDyAsB2BMCshcaChgIABIUcHViLTY4OTc5MDIxOTE3MTQ4MzM&sigh=9-8fRg-9Xew&template_id=419&tpd=AGWhJmt0VU1TSiVR4F_G83dBsVHue3VQBFQJQfPafpPZ4tvH_A
Requested by: Host: info.silobreaker.com
URL: https://info.silobreaker.com/e2t/tc/VX2vBD5-Yg9vW837tWm8gQfm5W24t7JB4q59SpN52hRhc2-Hw7V1-WJV7CgB0DW1Hyy-R3gpQ0wVwZcdr8plYMqW6QtYmq4Bk2VyW7MRzNc4WH8JWW7HNfTP4-K9xJW227XFj1qlG6FW31__FB4KwY4mW4TlW-W4ZxSNVN5S-zQH_phBcW3lbCJx4ygsx9W3Lnwkx8_FLpCVwSGjF70TSNVW7d4P-P202-2-W2Bk9PW5TFtd6W7hflxr3PxKvZW3z59yj4HnXCkW7cszk08ZnHKpW7mFgDG7CTTybW1bPWmy712BYTW4jlB1P5qQsC8W4jL1f22z87rqW61ZbqP32P7v4W8hK92l8PM6QSW8ZHNy-17NMLX35r11
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s49-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210401/r20110914/ Frame 2130 17 KB
7 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210401/r20110914/abg_lite_fy2019.js

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b2a4352595bb834d956d7ae260ecf56b9f1b9785b46f3314ed7b82ef506b2f00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:24:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7115
x-xss-protection: 0
server: cafe
etag: 360627091892979634
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Apr 2021 11:24:38 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210401/r20110914/client/ Frame 2130 2 KB
1 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210401/r20110914/client/window_focus_fy2019.js

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:19:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 362
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Apr 2021 11:19:43 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2130 118 KB
36 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0518695a30c166fb5ef9104028ce570005450472c3f120a7d2904fae59f2423

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1617660447179276"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36710
x-xss-protection: 0
expires: Wed, 07 Apr 2021 11:25:45 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210401/r20110914/client/ Frame 2130 13 KB
5 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210401/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9581d69ef8a7435f061d76045cc929310f436366f9ced3b9b9811ca6ed26feb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5599
x-xss-protection: 0
server: cafe
etag: 2241650964481140939
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Apr 2021 11:25:03 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 2130 0
0 16ms
16ms Image
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaREt80z-OQRyS61A5cjY6LzFln9yDa4IWRvacUwfDWIpW8qNcDt8bdHc2-qnbbi7pEOOe3XmUjDB6WVDbjWiSg0ip1MNg
Requested by: Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/4422153126869695556/ Frame 3582 33 KB
34 KB 61ms
61ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4422153126869695556/downsize_200k_v1?w=400&h=209

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b4aac7df022d114787623ff2f913972b993c8fe87934a71b75131c3aa4f4e1f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 14:41:30 GMT
x-content-type-options: nosniff
age: 506655
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34024
x-xss-protection: 0
last-modified: Tue, 22 Sep 2020 15:28:57 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Apr 2022 14:41:30 GMT

GET
DATA 200
OK truncated
/ Frame 3582 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ce5ab0260a7860ea167511114f1b2a1a8c5dff2b1a3885e2c2e70fb54c4e7a9

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame BAD8 31 KB
10 KB 64ms
63ms Script
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.230.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: bf97d54048ff565046af3d9dbb31300a9b12c8a3b8e3ac73a49abef835c7d225

Request headers

Referer: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 07 Apr 2021 11:25:45 GMT
Content-Encoding: gzip
Last-Modified: Wed, 31 Mar 2021 23:26:33 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=59031
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9418
Expires: Thu, 08 Apr 2021 03:49:36 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 945E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKZkZcc_wOTb7mdGkknNr_g&google_cver=1

43 B
1012 B

124ms
122ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKZkZcc_wOTb7mdGkknNr_g&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COmppwIQ6vyuAhis7-KhATAB&v=APEucNXlCcz0ajOs70y_J_JrdFCX3alE5q5-vvE8YJqzFwitwLjdDk6j9oc3tkWaI4EkYFZCEcLlI8MrwQRs8KFDmDewqHuunGO3Mxd-PaDQnI6Y9CHVS9PjcFyB8yrLYa27nlEg8vbWvbG6Da3i-SPcQyUgFA7nL_Dw1SCnVdjxV6p5hHO3_3kjOZnZRTFFvojo9M2HyFp7LVs9Ug3K8FGWvnDhZ3THEg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Apr 2021 11:25:45 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 07 Apr 2021 11:25:45 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKZkZcc_wOTb7mdGkknNr_g&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 945E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YG2WuYpDZvV3gEw.eVctyAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKZkZcc_wOTb7mdGkknNr_g&google_cver=1&google_hm=2

43 B
892 B

76ms
76ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKZkZcc_wOTb7mdGkknNr_g&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COmppwIQ6vyuAhis7-KhATAB&v=APEucNXlCcz0ajOs70y_J_JrdFCX3alE5q5-vvE8YJqzFwitwLjdDk6j9oc3tkWaI4EkYFZCEcLlI8MrwQRs8KFDmDewqHuunGO3Mxd-PaDQnI6Y9CHVS9PjcFyB8yrLYa27nlEg8vbWvbG6Da3i-SPcQyUgFA7nL_Dw1SCnVdjxV6p5hHO3_3kjOZnZRTFFvojo9M2HyFp7LVs9Ug3K8FGWvnDhZ3THEg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Apr 2021 11:25:46 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 07 Apr 2021 11:25:46 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKZkZcc_wOTb7mdGkknNr_g&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 945E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEHn_go1mVW6MI5xD1rEuQGM&google_cver=1

43 B
1019 B

56ms
55ms

Image
image/gif

185.33.220.243
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEHn_go1mVW6MI5xD1rEuQGM&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COmppwIQ6vyuAhis7-KhATAB&v=APEucNXlCcz0ajOs70y_J_JrdFCX3alE5q5-vvE8YJqzFwitwLjdDk6j9oc3tkWaI4EkYFZCEcLlI8MrwQRs8KFDmDewqHuunGO3Mxd-PaDQnI6Y9CHVS9PjcFyB8yrLYa27nlEg8vbWvbG6Da3i-SPcQyUgFA7nL_Dw1SCnVdjxV6p5hHO3_3kjOZnZRTFFvojo9M2HyFp7LVs9Ug3K8FGWvnDhZ3THEg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Apr 2021 11:25:45 GMT
X-Proxy-Origin: 86.106.103.103; 86.106.103.103; 722.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.39:80
AN-X-Request-Uuid: 5e47e699-0eef-4db6-a209-364a285093ee
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEHn_go1mVW6MI5xD1rEuQGM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 945E
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDQ3MzA2MTY1MDM4MTIzMjk3Nw%3D%3D

170 B
232 B

86ms
86ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDQ3MzA2MTY1MDM4MTIzMjk3Nw%3D%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 07 Apr 2021 11:25:45 GMT
X-Proxy-Origin: 86.106.103.103; 86.106.103.103; 722.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.250:80
AN-X-Request-Uuid: 8e8c4e39-9e9e-4440-8a08-a9a7339a60d7
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDQ3MzA2MTY1MDM4MTIzMjk3Nw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 6778
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENtQuhu35mSsyiAdXmNI144&google_cver=1

43 B
114 B

60ms
59ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENtQuhu35mSsyiAdXmNI144&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COmppwIQ6vyuAhis7-KhATAB&v=APEucNWaAbxWYqURMM-ko7nSmtqf6LCCv_OAy5otlxNo4GHNEYZOysWwfCDm4DrrLuE9IUOJY0Xq5bNB8l-jeYmU_Bz_BwTk5R_OL1H2uBpu5ZqsmUqKghN1-6EJOXwrC2TtlVrkRuH8HWcnLHrghIJRyZ3Butid5MbtDLWW9Ji9AGD--Kd5Ti_kRSl3cG1C6_uNt-Fg2klAw-2161KNaI3bdNRZYDWL-g
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.205.50 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
via: 1.1 google
server: OXGW/16.205.50
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENtQuhu35mSsyiAdXmNI144&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 6778
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NjJkYTY3NGItODhkNC02MjViLTZmMjEtZjEyY2MwNWY5M2Nm

170 B
232 B

97ms
96ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NjJkYTY3NGItODhkNC02MjViLTZmMjEtZjEyY2MwNWY5M2Nm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COmppwIQ6vyuAhis7-KhATAB&v=APEucNWaAbxWYqURMM-ko7nSmtqf6LCCv_OAy5otlxNo4GHNEYZOysWwfCDm4DrrLuE9IUOJY0Xq5bNB8l-jeYmU_Bz_BwTk5R_OL1H2uBpu5ZqsmUqKghN1-6EJOXwrC2TtlVrkRuH8HWcnLHrghIJRyZ3Butid5MbtDLWW9Ji9AGD--Kd5Ti_kRSl3cG1C6_uNt-Fg2klAw-2161KNaI3bdNRZYDWL-g

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 07 Apr 2021 11:25:45 GMT
content-encoding: gzip
server: OXGW/16.205.50
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NjJkYTY3NGItODhkNC02MjViLTZmMjEtZjEyY2MwNWY5M2Nm
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2

200

um
sync.teads.tv/ Frame 6778
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEMlj0Rlc0TloGL7e-S3KADo&google_cver=1

23 B
172 B

89ms
89ms

Image
image/gif

104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEMlj0Rlc0TloGL7e-S3KADo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COmppwIQ6vyuAhis7-KhATAB&v=APEucNWaAbxWYqURMM-ko7nSmtqf6LCCv_OAy5otlxNo4GHNEYZOysWwfCDm4DrrLuE9IUOJY0Xq5bNB8l-jeYmU_Bz_BwTk5R_OL1H2uBpu5ZqsmUqKghN1-6EJOXwrC2TtlVrkRuH8HWcnLHrghIJRyZ3Butid5MbtDLWW9Ji9AGD--Kd5Ti_kRSl3cG1C6_uNt-Fg2klAw-2161KNaI3bdNRZYDWL-g
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.1.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
cache-control: max-age=0, no-cache, no-store
expires: Wed, 07 Apr 2021 11:25:45 GMT
server: akka-http/10.1.9
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEMlj0Rlc0TloGL7e-S3KADo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 6778
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=YmU4MGU4N2YtYjMxMi00NDkzLWE5NTYtODNjZmUyZjQwOTg0

170 B
287 B

109ms
83ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=YmU4MGU4N2YtYjMxMi00NDkzLWE5NTYtODNjZmUyZjQwOTg0

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: akka-http/10.1.9
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=YmU4MGU4N2YtYjMxMi00NDkzLWE5NTYtODNjZmUyZjQwOTg0
cache-control: max-age=0, no-cache, no-store
content-length: 189
expires: Wed, 07 Apr 2021 11:25:45 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame EAD8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENtQuhu35mSsyiAdXmNI144&google_cver=1

43 B
106 B

60ms
60ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENtQuhu35mSsyiAdXmNI144&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COmppwIQ6vyuAhis7-KhATAB&v=APEucNVEt49JIAgMT-X8Bx2MmA9johB7Dn8wvZb9zBMtwx9tukGlEd2GATtVXvBQRPT5acsO7d8Q7GsYKarjsFbvgGbCueC3OXLkSQQ4_GVcWlRZkh1O1lYHAxe0PzvdcHSLM5TLcEi55W3k3f6aoGJArAwPSu7Rw0OvmhA-zFsckUh7TA23HN9OK69T-8S-vKiD8414fGfL891mugxUhCohKmD--JwXPA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.205.50 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
via: 1.1 google
server: OXGW/16.205.50
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENtQuhu35mSsyiAdXmNI144&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame EAD8
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NjJkYTY3NGItODhkNC02MjViLTZmMjEtZjEyY2MwNWY5M2Nm

170 B
243 B

85ms
85ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NjJkYTY3NGItODhkNC02MjViLTZmMjEtZjEyY2MwNWY5M2Nm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COmppwIQ6vyuAhis7-KhATAB&v=APEucNVEt49JIAgMT-X8Bx2MmA9johB7Dn8wvZb9zBMtwx9tukGlEd2GATtVXvBQRPT5acsO7d8Q7GsYKarjsFbvgGbCueC3OXLkSQQ4_GVcWlRZkh1O1lYHAxe0PzvdcHSLM5TLcEi55W3k3f6aoGJArAwPSu7Rw0OvmhA-zFsckUh7TA23HN9OK69T-8S-vKiD8414fGfL891mugxUhCohKmD--JwXPA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 07 Apr 2021 11:25:45 GMT
content-encoding: gzip
server: OXGW/16.205.50
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NjJkYTY3NGItODhkNC02MjViLTZmMjEtZjEyY2MwNWY5M2Nm
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2

200

um
sync.teads.tv/ Frame EAD8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEMlj0Rlc0TloGL7e-S3KADo&google_cver=1

23 B
172 B

90ms
89ms

Image
image/gif

104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEMlj0Rlc0TloGL7e-S3KADo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COmppwIQ6vyuAhis7-KhATAB&v=APEucNVEt49JIAgMT-X8Bx2MmA9johB7Dn8wvZb9zBMtwx9tukGlEd2GATtVXvBQRPT5acsO7d8Q7GsYKarjsFbvgGbCueC3OXLkSQQ4_GVcWlRZkh1O1lYHAxe0PzvdcHSLM5TLcEi55W3k3f6aoGJArAwPSu7Rw0OvmhA-zFsckUh7TA23HN9OK69T-8S-vKiD8414fGfL891mugxUhCohKmD--JwXPA
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.1.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
cache-control: max-age=0, no-cache, no-store
expires: Wed, 07 Apr 2021 11:25:45 GMT
server: akka-http/10.1.9
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEMlj0Rlc0TloGL7e-S3KADo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame EAD8
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=NDIyY2Q3ZjEtM2JjOC00OGI0LThhOWYtOTVkMGIxNzQ4OTNl

170 B
190 B

110ms
84ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=NDIyY2Q3ZjEtM2JjOC00OGI0LThhOWYtOTVkMGIxNzQ4OTNl

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: akka-http/10.1.9
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=NDIyY2Q3ZjEtM2JjOC00OGI0LThhOWYtOTVkMGIxNzQ4OTNl
cache-control: max-age=0, no-cache, no-store
content-length: 189
expires: Wed, 07 Apr 2021 11:25:45 GMT

GET
H3-Q050 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B6B1 42 KB
20 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B4Z44Cl3P0sGOGb29lbftL2ywtRiliPD6OF-HDVfHBm4Ja2woL4dvnwBrxS4goY3sL4iqzXIHL3BJTtOKHdlUyMHnGPlmfOLzUw7IMRmwhEtlpMnFa-C8fEPGJ5iOyhzT3MsL8hZVIMfL8FUNof3rAN-z-KA&dbm_d=AKAmf-D1jqteOgv0KPtZ6eQjinTrc7m0xsWUFlX3b19mnmW-jk79sV1GOl9A9ResYC69uK9Orekhnjs2u0TGJ0oUATR08Tl0CpircJi5VnFtg5PU46Fug3VFMCJcbYCCQV3bTVlCgSH5HVfFN_-X7stylJ_U2UzhbGm3NqNI07GUvMLJ856JCvtt7l4xW0QxxjgOLdiadh6ELoI96Q44PgacK1VgOFisnM-2141TnnqS1WzIZId6Nd0Ibe1hewkFUf5De-YieycxKEFb-cDNpVO280nOPliRpSYUE-Rd58DErloVv2HnEbd3gsdi1hjdgs6JUdSWO03a7LYW22YjJbXtciqrLLbBB7UFfwuH6yuoJJ2DWh9ob6V81uTZXYH1YGch_beRIAVdBYmxMBdp_nDDG3DdVvayfmHdHrzFB-Avs9YwJeyuAJj5TV8SLdAsO6-S32WJAzG1Sbbz-SlAtwmEKlnXt9XibnC1DwYkHCOvbWycIwcRubGnWKyqxKmh_lyPEK7wa3S4yOWGhbkcxZwtC2QLKHyQtkWXTp6bgfTbcKyAomHo5z7Dswp82OheJ2fEZMy3OWiMdKEzucUYHUsKjddMHCRJfEzmat5QogalLuaIxSq_RrTpcqP51hHQgsvVP7uUmE05bBfcm2DSFW59qz9KQ24aoJiWioTZQu5TtNo241S3tT8vd1DOSXcq0Vnd8MYXmlmWWqN2vC8y8DY2YTjAvE8c6XWtcA8ceUscB4mkrz7VbCFxXgYCOaxs_UQdDxv2rg6XMgEnVL_ez3z6QPQ4NOcZG5fiOONElA6UMYCVhqYCnZZl8i8rOcR4oAz_XU0SPzcbiZEyayVKEOIpziPflxoUCEVSHezwJ420HrLGqIhrDapHqeZob7qMAkeMnF9nqxQmwpEuylkLUyVkgShfRPXhM1OTu_zXRpHFwBCxse6RHDrhBa-g0Hp6W1TsbE7Mfn7-SJweS6aT1SpIeXFAaso-WGvLfUStY-qEGiBMYK0H1rHwP4xm-a1ZG2QFZHGRHNeouwlUKYaJdXNtwQof8RdyIxvQRvDlvoKeiPE9RQQKnbUgDGr1O7hMUBLtiY3uQ4gyDWHL4XxU7tQjvOnKYMopwWyEB5nAjNrpvcXR8IL9WlZN-38NcceK8gmqLbuTRSd5p4VoiO4NYU7Ttnmc17a9oUJcrpINNM7ETkAUJapL5_j4qnPjXh55HUkxKGjiQpvfegfT9m_00piXk3EyFQb_ez97jy3WkjkttYGkV38d5_7q3v16lrxYj_fJ2Y6sed68aWcTtZg2r6VzLlpG8GNsxomDtmuSg2KsY1jO-svuCrVukvp3mkE41ZQQIjK1LHgPIh_IAlpNCpZtKD0wilKInUQ68L5qxcmGIPXdKackTK7BUTyofbqDvoCTnfOr7FU8ZBOJe4wFzzgPLbvRPfK6HS4EY9N5NEA5MJ-Ph5FcKYeLN-WNDnmSuScSewZjFRibi06YzQ4h8eCoGHhEHBsl9EoUih0zjLvVRfHvcYw4f4sFVfVsK5oTlaBmUJhIHBV_LOOkDPBcVnOA7FKWdNtsNxIkKNMP2APLadx4scDw5keHIZav6U3RL4n6Gi0XIW31w7Xg5Qm6IEeAtTEAr8mpw-m4eCBE74D9Cr0OVv3UC7ol38_l7WBQoQUzsihKHyXyopsiPvJQ2_-0hInSzmes6DyglLeWwA9rWmUDgFTwv72cUX2_AQ6BApSsvqzsGTK1O7ylRVNngyVcO7m0fijmgwX996FRwobnEko2qzM_Ggk7SUj4NLeDdiNW-fJf4N60a4kvV0ZAR8MHK9WJ1r44L2N5eE5eD_6kKtCRrA_3ytbXnZ_XlfwWO7dfxhn-j3X6drTbbL4HijMXdSb0cDO6e6dZIZYuCGy4QikU_okA67gVq27wmofuHayewn2ejcT84ZZdHLYFmlcq6PEpwIi-mL3-JLdNoVA0G0yB6jJ_8qnsxEPv6Bl_gieK4cmk1n_v_vjeFSpgz9sJgMYPzGIS74CR_1UZ60WUkxZh2ujmr5wZyzlqSIIIdOjYy4zJwKmBy-6gIM5YBlq6l9P1Kubv9DpsrDkBN0qYVpP5GRHmO8r7R1qNHLJbmJzc0wH_9H4Gj-1wiR7GIrKC5egKq3f6ge70RDqIHoVjNSNdnlHTbUGXkJwuJ1xnmTbD_UMqz3Ok-5jmo2DYYjQosSm8GseXDxLpAJYNKogzJq9tBQgEDHEB1PIwPaTDdaYYYuVU7HUbmevgTEdnyrLwg5TZD2gMugMbqZqRcHqYrrVmVVkM2dE4vEdg5GzrSH5p-w8DhQ_tUdJ4XdRwB3-6gLxtP4u9vDTx52YuK0spJZRJQ5HyM31vJij0EQayvZ1bPBsqQiDPz6v1fbtjSSnvIplkcP6H4xq2aPBW1UatE9i27tX6ilNFUpXwVD5WWh5jlfFSZd3WlSbElBFR7jnHdtCVUaZ6eLmYsfa673_khlwcI0Uchs4VcK_a5bvljlq9AgaVpaztL89vszm89iqT7x1Kfn8jnLOmNKphqytrPqgqKJx0_WQUgTidI29012ug3y72j6jwam_U55B9Lx_rjI61IOONp6AL9QlrkY7DDGUf9VlxQwjyrdFUfoZNjUrjdy5hQH8f-LNlGsPgxvTIBwqp7IDV8TCWijFTIqFa5KLwr-2Y9ZM-8AbJ9m46Qv3YmLgrhpgvSHCwjPKYfoG2RwN8Swa3WXUHgrQCZ63W3VcqUSbu_AuAdAaHyiaSDTXOSNEPwdTm8oWqQQObOyAZb-VbPhROloyQVvGEPLGP6g_1oaho7QS9uBYNh84V8F-lrk-tufgXMOkPHsF2E5tsyYl6z47ldPQzRN6qwo_-ONwELhEvjsFKT3q2Rlikh7P-ZFBY-aFxECLpWANRD47737-nf4gSGOy4GezDl3rlJ5Gmt4UupqAzi9q3Y5mQsuSM3U5WyH486XJn5nlFe6EhXdHPyU_oJrL0-YOHjOgLCE34zCoqEiRGmH9gSgY8c0vU5B-xV_SGLwmiq1VgljmCuY0rlmWnLycCuXJtY57i6y3zNiZH2aomLfjO76dsSoWBvMCFOhWnhPxcP6Jg7t88qaoi2DmTRn_aoQR4KCbXj-0Hl_4k6cSYq08PImV_p-3sxW2s9kVaKqNsCQmkYnp3-QdRgpLQRNPvSEWsgMoSQQnt1iRkCkm7ge-03dyEBP0MKLaJFGzJ0jW_MQ2ScPdLRsKla9b2uqNlymsnBD5nrFJXl5WTdxXvNQW8b9LK5VG5LQh67WsFFqBruMOAB4DjjSLJE6cwi-3BBeUeybwAIzamAl6KzjyBOxIIRWSoWqBGW4BGxrhcpzNkZ7OWJbB90vB4tNG26vUomJyx8gmhZSG5lAikR1VA9WWj-XgrdTPzNExYLksLSsNZgN6k4Ldwmfe2WlSa-w&cid=CAASEuRoyYYcT0KlO6V39kDNfkv2-g&rfl=1%2Chttps%253A%252F%252Fhillreporter.com%252F%240

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dc2afce4130a35b1ba709bbbab0112ac1697c3b070fbe31b7f193242e7138e56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20322
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A9E5 42 KB
20 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A4erQy0TthaTslhdcGP1tOBC_n3dCKzDbASZ1vHsK_3dKReWPFUpr6EQhh_Yf3o5SDxl5jAUQnnoYIruF5UiQy2_eu9WSiuk57NneR3hM7prx9wk2D2tQ932UIKOnv_y9LJARn5t4lAmKUNcxRCfAGPqr0qg&dbm_d=AKAmf-DUTOWgWMiF-DqhG6OjO9NneAonZ7gIA7iB0Xz_HVGf0ulT_X9haLzNU5BkFpuk0PnpMf9D3zPZ9F3Vc4mcKGcL2YzNJGp1Nh10luCvUjC8xF5AjmjqLaPKwNMOHyicwdMHgnEyVFEujwvtf_Xfy0w56IUjVYUN54B7nJgggxSdlkeiobqON2RB7qK8TuP5T94jf7dvbHYsr8u7HLC4sE8pAk87hf3ye-F6l06gPuSrKK2KL1J6AEN-FNQpiCe6MRPlKG7HxfSI5kANOBQUNPgl9dyntaNXg1JJlsj23de528KjXlseQyQxTWwlGdKDM1rF08sIDz3t7ymB1JIw3FtnY8zrhqOB6FzaYf3TwXk7_xixN9c53aoEMpM8Vf4ZemrNdoYdeTWSQKcqb4h9MBAhIFONl_W53HJ6qSw-QMnkV88gs33d9aAnx_UP1uwrq7c_hAifsIX5lSlarqetoEX_Ng3GCf8B5TVj4Ex_3OX1uwcYfYsDRmWDFJhOs83zhA6BateUFjI1n_1IEhuUUTmaTubMV2H9ZRRihU9vGokdqpIKjcqlMUcaYW4kcW3d4MNxqEiaugqmPxNNX_wiJcV1jistx361c7xZn5SmBCbvxMVoaByN4_j3mPDn1YspHtMdPhbymX4AE2-zCrmPU6dIwURzEmQinWhGfeRyULAqrwFhuZNjkODDu1h587yu1ZO0-52zKaAQn4dhULU_D8f6f_9-O1veU70RXDuzMVDAf_Iu6GpFvbKCR8sKY9hX2h6NiTeKrgYkhB4Lpq8l-Vd_rmebSPAiCDKBPg5hJpG4ouSsBvSqZ5kfVVa-NTBZd_EwFtnrvzm2JTIdBv-WuKQC6DToqM6u-gkrMJGpP0PM06qxp8SzRyE0Ply4yxuDxJszxKF410AbVU7jdJBU0fXEnPztEPpz4BcO2k8LVzRRGEa24IW1zE04x-rCgRpoBHra0LYlcA1x5eYrH1EKfjFiGRTFOTveVwZEoUvIs7wtH5CZVyZPRlWav5Kvnv_walH1GmIi9uPg9JKpO3FVSnCW5v6Ah_Wa1KnMpKGMUBfsDbD9v_I3Qhww4GtiVEkx983XJDsuPbNwVSl-0NpQBWziPkFwkWM5YxcXlHkXmBR_oK7alApDcWTEi8rl9oqO7CCnNosdaJC8NePIDTh36I9-e_BbEmDQCT8hMhTBVyURUqr7wXngdYbzfM_LaWeKV_2NiJp8ipmlE8ePSmUX6yXZ8eHqG3mA_OU-AMZn3QQMT81aqFlqE1rsYauU1Kp0hqF1GQ8yS1A5PcqTqm30hG-ZLFvEt7zaSdQU0csIaQF2Q2Moijf3JRPj4k1PcEEHtVSqiOOXaF4CZv0JIiBwsjE7TsmjIkcmafZ8eu0kfrdTFw9n-piWyIYpLL2RVkVA5aiWx8Xf6FfASdySdIPnlFvAB_y_DNq16dURqLZnxLPUK5FjSDo0nAWX0vAdIm3TUfwH78JT8nT6_YdmhvNSQbNArdt-HVpksEDeramkqlmYZH3uvxa6L8Dm22V3BZsr2BlZRhNcXCVWtDApd8RDJGOvZD3zRvv2eRpmYV8Q_xjUR4VRvpCOyoneJKXfT5O8KAZlYx3I6XAIR5GRK4RYR8FW8WvgO3cEqBaRvqU8cYHqvyeQayBFKtp3P7DB8L2SH-LoetEBrEQOSBTMO5MThA2g7Yw7Jt6klF8Fn5ns8QToaAquf97SIk0tRrpovYUXgXEbA2LzviANcfD06Z0KBCtp1Zd4KroVCo_tIHKWzjF9y32Qy5CFdOgMioXvBZZoQ_iODr5hZnEcE7CS40lkGI72sIM0OLu8tH5h5lMr2v-ze4pdL0z3bOo1WBxS5Qeo3Lgbh0XQZIRKodetyciHnIEDdT9faclp-vrEV9UUfFFw6eIbam_wlT7dfi8HAipQC5UJyg_-ZoLNjCvKr5_cioRoocsqH0wMV_FbdV0mtHAy8sS8Owa1bf-WxU093cLfdUm9Z5DjC0Y_H_3izB0V8sE-tkWt2aD3X9i8_ZnHy5s_vbtxDk7eE2q5WZdvszst6wA4j3-Pf5eB76VjcjtBinJCenHoRolbiCo79PG0spx4bzIGyCm6Oaqmiaj5D7ZH3aeX8Ww_mTLl4e6zP0yjkJaxQqMCRYjvbP_SKHkhVni69raPwnOAA4sL7cVBgi_EzKbMN-FfyuuTMstT03g5PyCNGJGLi_qXvZXDiyaqzqN6tR0Wiuj60EIIB9mAfbWM07ocwIhsvApfNbShD_M9MfCaS2V7GeCE2LhGwClTj0SV1DkqYx5X2Z2iXUyZy6VNf3rsgqoxllpqawrZdywErnppdmYT_jpTLzdWDWy91Gnurr9cz-j93cN8YsQh-DC9NzfyTFu-KY84q_TEbBr0q2VB1UGFlY3v-bAHbtSoJZWo_QgwFlzMUvs1VzU7gGbRee_AoWZy5YDtGEVUd_EB6g1kkW3PEcI5H7B37VGj_mBk3vPYC0QqF2CrVUnPZYgSE71KcpmIpGQdObrA-vyBNavngBxktss2izHxfjVW6C6mSA4RismrPUzNpxMZKIxAPGUucmilboDGZSIP0kLBXj37gdJvlix5aVZA-JdkZR-pZSTo6zefzmfLb_NWv7UmDD64kbrPT5wy3hlzu3J5TQ_Y2tMMjthUPbjA_ePdydEUZaEZVq3hiYfAZu8Khay46tzdYtV5wsCL0SjMyDfSkoFs_3FAvvfMYYSiPFkipVktKk3ZSLdwt6oeyW_KgzY9cP2JJ0psjQmOK1S7V5QG_E9w0sDMbdo2ska3HRQErzvkxqybAhK9r5QKgm-NENShjplsgEMymP1ed_J8sRBSKwnXe8mDUDSdZqm_Kjn7dNm7D_Qk48MhAXo_Mpi967DIQY5fIc18SKimc-a-IHsG0UCG92IMRaUsfYVi_H-jPG2cDO-jQJ68_pOb2RlvyJMyS9nfe-hfI-J-fQwcm_rDxJ0LEOdFq3vvcahk6FR-ZTzlQCJo_zpNw7qUDcx-9fWswx6rl2bsOuyIYMHYOyBJxB6b_lVTtyQb2n2wSxtGm-tbkXQwlmMAFA7uT-tgLy3K8ze98JJ0JS5gkwlvD433479IZ9szHGeh3fvDZnRCcDS9lwq5Zxi5eFweOqM1beLmbGomWsizkH5eGI3PjOMhvYWUeGjh9OpXjrzsFDMEM6wMtu1MPZuGaTMPX_Qb06DNdVvc1oYUe0Sbq1Wh6fhrOr_wz7mBU53Otgcw_lmRlrieT9RK11LLF6ADfjMLEZdP6RN2NTt7QU8LsiSLgHj6rh8wWbDCcVV6HpKrROdIc4HpXF0DJEAZvor9vlUrE2dvxle4Sq3is0KeXJLAe2RIFLCqwGhHDgvv2cS_vz9ZKeevSUL-cuemN7vDmCh5zP9VfASAIpNmpywiCyWZnBQzj-M7ou2JhrWdk92hehghRbdkAoOQuSSwwMm3gP4-bIUYHUT4yzre6YDPqVVEFVc4uypIYfarrZyUlHXSLNZrHnf5agXtWr0T0EkOnf6_uYYADoxBJrgebttrcrz3hwcJCf8B9aFmWdxF6HvKYpZQYphf0_YZxMGxl19-40zIj_0yu80MizBDo_Gy_CAwm8Cg7GN6q2Vt2Q&cid=CAASEuRoJYujslNK43-bKiRXqdg5-Q&rfl=1%2Chttps%253A%252F%252Fhillreporter.com%252F%240

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2191c983b94117e89511b863377cc17e94e87b2fa06dd73cb37c00b1c17f3a88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20077
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 8247 42 KB
20 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DoH0_jVfMWfYAVMDoNGo5WAltX8oorq4GhgkFASbfoqpEfqiu5OGm0nHEnC-cr1A3flhtotjEOWy9VuQx4pfy2Y0c_RrOJnmul8DIe0T8JZUrBCPkDobQgBfluzFP2m9ACFEnSEUb0ofmwvGQV0b8ATWb_Eg&dbm_d=AKAmf-DndZyLho0TWIyAyG4v8qIzEwtxSi1K5c3Z6CCOQ1iEv3Y3MLy0jB8JgMc8xOpi5bv1xQeYEvROOG6t_jJZVZbkNxmCQwpMhXDLwp6m3-gfbSIGJ8E9uMW53YNQ2KdQNT5UHxvVpwO-63y3FazutDqZ78ABJMSGyeIZEhH0fqxxQS4S-Hh_Epe0gU7QScFE7vn41_NyO-G1m8r4rZ75tgcJ62EjEsoFwl_WfzudEDSBres58emT0kppZ1IuDPbR3wxEJmGJQ8921ZXTe4rrvd_btZuUbQOVqRzxL6HJA4UFIKtGkw_OWElCRHgcxXksL8tCdmGQv-kBWfIPd-mgoX-etRo6vbRRikPo0Z0DuhxcpWph4Qx4HPwLg4g8BeCAtv0A6VUBQdJ_pUb1WtX8g9J8HMMa3f8Y1zl-TYpkIf8D3UbClb_H6EhihyPOhE9X-VPE7lUu6lD_kr3E0fFwvJK_vCqsUhglEcOSjG6Edg4DVF3UnukccNgeEeZRnmgtWT4WW1BOvRHwBCZDPw4bAhzNLj2IPxKPDarIDQaKtUDfwPhDjbkiPbRaG6Es55NpEDhrCB18awttq-op__n16XuNzgFJvO9sJendVkTFkBWx8024a40PCkTFjOn8AwyTyn-ZARey5FrgRSh0TkXfVOq5jdDcjyqfLCd-wW7UhTwaqD2bnQWpVRV6-cY_9mmTHAMV3tRgp7uLGt2EidfkxXRDvdNSr5J5fV8DSiKEJdq-7ve6OCcuSKNE9PTe-P0zBVIh3iAPISpvglZXd3AzKa14fy_ICaQN4AI6dr2l5N72vjwYHSOH9YvQQ77Dm6xStDkomZNuOcikEvSpIunbHxpaocOb3kg9_8AOlifjKPMt7thd-l4jtIsmJtLo9dsDP2-6Uf0_cK9uZz3J7VTnxlntIt1KT8eRq9pjikqFEDzcrvEqQfcuFfLM_07Un06d8FAX0b8gevJMFMIMQrCYTsZQoi0j2Pr_7BkjLeNjwYSeDb54OKk5nwBGfOMkfBjfrcSQL9Ne4OOkJdQsOAuvKuR2XYUiII_v217hvh__nJNDRtV6bqptdd9p5-z21iMjzySrllrL2lBEW30NTrFQi-vunU6sceXoxe2A1AG-5HCYcEl9-eZKm91hFQY7rOwLbVURim7O1yOJkOsAwb16o65W1H8Twcll5mtNTAX0pPLOVoSubySQ9fm1qbPsRCM5smqoz3e4AuYvQR4NTvHhC5UBok1dAdkSbKgS6mwRl-y5JJNoDRBfYSAeflHJ82enoIolbPOvERb2FgzfR3b45j9_iJzrV3aCp8fmBqTfJDA3qw09Bgrunv8Lav4LIx1yj532yNNVoDX6AoznMPQNrokKSdITo8fHVfB9pLtLvZc65l9jGfuS0d_ZvzIsanS6Z99BBYle0MX0RVGl63UxfuYIJFBCty7CWsXwkZkZJ0Urw9O5O9XlDiKGV9quh2IefsibMRPe5valoUihvuym_RMn6b0ZPJE8EUNMLbtp6fC0TcoIMS9SzfChhBSEgaVfut5mN2k3ya5ko52myhkuih6SXYjnKsS-CzFaqO0BhAauvZTHWwnUrfWwTVg8A2XOnmHSId-MrNv3ePAfIPBc_RsBiayo7POZxloZtHZ9NH823ARZnHJnJK0JmeLqNzDnIR7-4iMAsnvJVsggVyIeChsCyurxTsgAk4QKYq4EF2VgsJygYjZje4rmYfCu_vAjv8RJAbcM6I2oPP2hmy3JwOUt8KIrxtcjfzBMB0oqfUsZIV31lx6fJfZTBdTOLYg_thAaQhjhlfrtpBcruyY5f4PMDhEP45LKLDnQiqVvM6evX4LfxBXvjrSDEEVnNB5nbZzPr1F2kcYhfTWkpPSYg9H1WqYqb7u-FHmIqQCWWuEvAo5LTIqhNwwVr3L01fPJp4DDYdATo2b1w7EgUUomNE6sZ9DqAUu2s7Hk8lxoFL9702OFjnRnvDfnwE5zHXZfz6-BuaQZZw5Qu1kN4Nh6XFlIcetyOOqnpplWjuFUyjcZ72YGx1izSgeNGpIgNhbH-EH5s-FqdUfqU3T9wZonxU91SwUfSoMbi-n6SbRywAWkEqgvRqyVbFgoycVC8h-PUKKSxAmXjOmOp7nfCvU6_ULU3R6pVYm_rTT-pv91kcOnggO3e6CUvAWLTji6ZfSFyIm50RDFjq6gBH9AqDW6Uimb-Mz69BAus6R3zSJpx7DlOpaUZ9RQ9LelFCRYqqh7BOhfa_Eo9zp1We9BkeuHGf7OugfKfmpCRZQroXsNnlW6aIPiRPuRnNtMeCIBoRYwV9U3VyVihInpui8AGSJhahacsySSyoXt5WRqQ6xMce_cv81kV7zdlyvWB2wGOrVhjDUv3TORbFyp1J4k5G8r8XNOrbgWmBIyd1eKNBFDdDuRel4nInFWKS8RsqPLjbvrtpVANWAVtZItaO50_nBhIffKuVk-9VY_w4HI63_tAYnD8qCXDEDUTLKDPs6_RzNO36jywCGu9nMcPFDhpxjmdV-c52rtSsXq3VIG63qCPcFm_gX5njWEI00tvSI_Qpq3SmGoBu4lZiQ_7CePULO-ZoN2H4Lv9BepovryFQ39EfmKovP4zLvLI3lCWNNKet7XpTcvRsAVtRHb0U96S_P2dgbWQleJEaNBaero6SMQSguPM7_HsiqptVHu5MvDPJ5gVfXKOvMpLyHC1z9RXRBNJDXdYIBMjvZyI502SAZccIGL319DvSqck3GXcEk2gKYO9o4IiuD09maAovYjpllXyWmVc-eN8RTlusND1D6mMeMyNulW6CrS0WBOEvG3SjEF9Tz9xEyz6hFhQ7-RkUmdLkLcuY9dIZJeDnELCNwjgaK4S86dr9MBBi0Kb-cXfSS-5Cs4o59rqTp3FHEwjDX25eni9k_uqfc3-atQd9JkZpH-1ktMb7yYZHCwk4qS2qkbJNO_UHv2sNAXLEMVb-ctpxwr-ApwLGUHg9_VeMNCzGhziK-YDTJJkjNaaPKVfKViB0oRJth1pQLd8T4ixrtLJhGCobf2nZCMkRofSnD1rww80qr1zgTKRy7R8nP6WrI1_Bd06GM65Vl2A7PXKmaR8gqMokhwrJUnq0DPWY54ghSaYHiwTQrKrkKZJsKXg8--Y7xNeVc2vHQ058KB8w5Ypud6yk9FGIgKtdf5LGXxmlEUImqoRB_l1pRip2jMemNMoIERMz3w2lhZoaJUd26xmh65LxmaDZN8tyeo4dN5uYBt0Z79IOFAiazQY5BO21X81U4bvTtAaO1JDIzNRKENf72FoazAIPpUsW5f5KBSlPZWDH-GBNor4jW0whRWji9Tb1aAYQa8nQsviUjmNybd-XG2Orz3idhtAHONDb_Q8R2Xh9SqqdbmgvgDmYzYr5qTLKoGHn-3HpilZ6gi2CaFT4dG_wACzw&cid=CAASEuRopk8RX_wrsPw1L6ep5avs5g&rfl=1%2Chttps%253A%252F%252Fhillreporter.com%252F%240

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0030d1532d92d242902b35e05715706c651b11752b8f38df0225b6543ff04c1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20234
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 6542 1 KB
1 KB 35ms
20ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 07 Apr 2021 03:14:09 GMT
expires: Thu, 08 Apr 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 29496
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 3582 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7c08e731e88cf70eee23a88b5ecb1354faed7f9d25d74e80c54dd86b6da28696

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0851 143 B
216 B 7ms
6ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkpk0r0gX6fxhnq4uyMWyKOu5jnOvEPpeoKDe2Xe4H4P3AvE2glWjzvnyVI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 07 Apr 2021 10:41:26 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2659
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 2130 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e6f0a6ed4df5afccf7b66c67ce59a6ca8d99d2ad54cad0dd503169d2d5884b06

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210401/r20110914/ Frame 8247 21 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210401/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DoH0_jVfMWfYAVMDoNGo5WAltX8oorq4GhgkFASbfoqpEfqiu5OGm0nHEnC-cr1A3flhtotjEOWy9VuQx4pfy2Y0c_RrOJnmul8DIe0T8JZUrBCPkDobQgBfluzFP2m9ACFEnSEUb0ofmwvGQV0b8ATWb_Eg&dbm_d=AKAmf-DndZyLho0TWIyAyG4v8qIzEwtxSi1K5c3Z6CCOQ1iEv3Y3MLy0jB8JgMc8xOpi5bv1xQeYEvROOG6t_jJZVZbkNxmCQwpMhXDLwp6m3-gfbSIGJ8E9uMW53YNQ2KdQNT5UHxvVpwO-63y3FazutDqZ78ABJMSGyeIZEhH0fqxxQS4S-Hh_Epe0gU7QScFE7vn41_NyO-G1m8r4rZ75tgcJ62EjEsoFwl_WfzudEDSBres58emT0kppZ1IuDPbR3wxEJmGJQ8921ZXTe4rrvd_btZuUbQOVqRzxL6HJA4UFIKtGkw_OWElCRHgcxXksL8tCdmGQv-kBWfIPd-mgoX-etRo6vbRRikPo0Z0DuhxcpWph4Qx4HPwLg4g8BeCAtv0A6VUBQdJ_pUb1WtX8g9J8HMMa3f8Y1zl-TYpkIf8D3UbClb_H6EhihyPOhE9X-VPE7lUu6lD_kr3E0fFwvJK_vCqsUhglEcOSjG6Edg4DVF3UnukccNgeEeZRnmgtWT4WW1BOvRHwBCZDPw4bAhzNLj2IPxKPDarIDQaKtUDfwPhDjbkiPbRaG6Es55NpEDhrCB18awttq-op__n16XuNzgFJvO9sJendVkTFkBWx8024a40PCkTFjOn8AwyTyn-ZARey5FrgRSh0TkXfVOq5jdDcjyqfLCd-wW7UhTwaqD2bnQWpVRV6-cY_9mmTHAMV3tRgp7uLGt2EidfkxXRDvdNSr5J5fV8DSiKEJdq-7ve6OCcuSKNE9PTe-P0zBVIh3iAPISpvglZXd3AzKa14fy_ICaQN4AI6dr2l5N72vjwYHSOH9YvQQ77Dm6xStDkomZNuOcikEvSpIunbHxpaocOb3kg9_8AOlifjKPMt7thd-l4jtIsmJtLo9dsDP2-6Uf0_cK9uZz3J7VTnxlntIt1KT8eRq9pjikqFEDzcrvEqQfcuFfLM_07Un06d8FAX0b8gevJMFMIMQrCYTsZQoi0j2Pr_7BkjLeNjwYSeDb54OKk5nwBGfOMkfBjfrcSQL9Ne4OOkJdQsOAuvKuR2XYUiII_v217hvh__nJNDRtV6bqptdd9p5-z21iMjzySrllrL2lBEW30NTrFQi-vunU6sceXoxe2A1AG-5HCYcEl9-eZKm91hFQY7rOwLbVURim7O1yOJkOsAwb16o65W1H8Twcll5mtNTAX0pPLOVoSubySQ9fm1qbPsRCM5smqoz3e4AuYvQR4NTvHhC5UBok1dAdkSbKgS6mwRl-y5JJNoDRBfYSAeflHJ82enoIolbPOvERb2FgzfR3b45j9_iJzrV3aCp8fmBqTfJDA3qw09Bgrunv8Lav4LIx1yj532yNNVoDX6AoznMPQNrokKSdITo8fHVfB9pLtLvZc65l9jGfuS0d_ZvzIsanS6Z99BBYle0MX0RVGl63UxfuYIJFBCty7CWsXwkZkZJ0Urw9O5O9XlDiKGV9quh2IefsibMRPe5valoUihvuym_RMn6b0ZPJE8EUNMLbtp6fC0TcoIMS9SzfChhBSEgaVfut5mN2k3ya5ko52myhkuih6SXYjnKsS-CzFaqO0BhAauvZTHWwnUrfWwTVg8A2XOnmHSId-MrNv3ePAfIPBc_RsBiayo7POZxloZtHZ9NH823ARZnHJnJK0JmeLqNzDnIR7-4iMAsnvJVsggVyIeChsCyurxTsgAk4QKYq4EF2VgsJygYjZje4rmYfCu_vAjv8RJAbcM6I2oPP2hmy3JwOUt8KIrxtcjfzBMB0oqfUsZIV31lx6fJfZTBdTOLYg_thAaQhjhlfrtpBcruyY5f4PMDhEP45LKLDnQiqVvM6evX4LfxBXvjrSDEEVnNB5nbZzPr1F2kcYhfTWkpPSYg9H1WqYqb7u-FHmIqQCWWuEvAo5LTIqhNwwVr3L01fPJp4DDYdATo2b1w7EgUUomNE6sZ9DqAUu2s7Hk8lxoFL9702OFjnRnvDfnwE5zHXZfz6-BuaQZZw5Qu1kN4Nh6XFlIcetyOOqnpplWjuFUyjcZ72YGx1izSgeNGpIgNhbH-EH5s-FqdUfqU3T9wZonxU91SwUfSoMbi-n6SbRywAWkEqgvRqyVbFgoycVC8h-PUKKSxAmXjOmOp7nfCvU6_ULU3R6pVYm_rTT-pv91kcOnggO3e6CUvAWLTji6ZfSFyIm50RDFjq6gBH9AqDW6Uimb-Mz69BAus6R3zSJpx7DlOpaUZ9RQ9LelFCRYqqh7BOhfa_Eo9zp1We9BkeuHGf7OugfKfmpCRZQroXsNnlW6aIPiRPuRnNtMeCIBoRYwV9U3VyVihInpui8AGSJhahacsySSyoXt5WRqQ6xMce_cv81kV7zdlyvWB2wGOrVhjDUv3TORbFyp1J4k5G8r8XNOrbgWmBIyd1eKNBFDdDuRel4nInFWKS8RsqPLjbvrtpVANWAVtZItaO50_nBhIffKuVk-9VY_w4HI63_tAYnD8qCXDEDUTLKDPs6_RzNO36jywCGu9nMcPFDhpxjmdV-c52rtSsXq3VIG63qCPcFm_gX5njWEI00tvSI_Qpq3SmGoBu4lZiQ_7CePULO-ZoN2H4Lv9BepovryFQ39EfmKovP4zLvLI3lCWNNKet7XpTcvRsAVtRHb0U96S_P2dgbWQleJEaNBaero6SMQSguPM7_HsiqptVHu5MvDPJ5gVfXKOvMpLyHC1z9RXRBNJDXdYIBMjvZyI502SAZccIGL319DvSqck3GXcEk2gKYO9o4IiuD09maAovYjpllXyWmVc-eN8RTlusND1D6mMeMyNulW6CrS0WBOEvG3SjEF9Tz9xEyz6hFhQ7-RkUmdLkLcuY9dIZJeDnELCNwjgaK4S86dr9MBBi0Kb-cXfSS-5Cs4o59rqTp3FHEwjDX25eni9k_uqfc3-atQd9JkZpH-1ktMb7yYZHCwk4qS2qkbJNO_UHv2sNAXLEMVb-ctpxwr-ApwLGUHg9_VeMNCzGhziK-YDTJJkjNaaPKVfKViB0oRJth1pQLd8T4ixrtLJhGCobf2nZCMkRofSnD1rww80qr1zgTKRy7R8nP6WrI1_Bd06GM65Vl2A7PXKmaR8gqMokhwrJUnq0DPWY54ghSaYHiwTQrKrkKZJsKXg8--Y7xNeVc2vHQ058KB8w5Ypud6yk9FGIgKtdf5LGXxmlEUImqoRB_l1pRip2jMemNMoIERMz3w2lhZoaJUd26xmh65LxmaDZN8tyeo4dN5uYBt0Z79IOFAiazQY5BO21X81U4bvTtAaO1JDIzNRKENf72FoazAIPpUsW5f5KBSlPZWDH-GBNor4jW0whRWji9Tb1aAYQa8nQsviUjmNybd-XG2Orz3idhtAHONDb_Q8R2Xh9SqqdbmgvgDmYzYr5qTLKoGHn-3HpilZ6gi2CaFT4dG_wACzw&cid=CAASEuRopk8RX_wrsPw1L6ep5avs5g&rfl=1%2Chttps%253A%252F%252Fhillreporter.com%252F%240

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4298d384ad9772bc9c1fbcd762958b8964fe825e6ac071202a5dcdbd7098198

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:20:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 308
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8467
x-xss-protection: 0
server: cafe
etag: 2526620560005500144
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Apr 2021 11:20:37 GMT

GET
H3-Q050 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210401/r20110914/elements/html/ Frame 8247 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210401/r20110914/elements/html/omrhp.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:20:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 300
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Apr 2021 11:20:45 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 8247 0
61 B 237ms
105ms Other
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstLQ-HaZ9nkY_xGtx3i7U_U4GQEhDI4dn6XPasupA9APethn4-mK5x6rbSkZtr0BRJgjIER9nmn8rMkQDiR_grgjMMPXdeE_tYCu-_f2NdIMpalGBceAhntZ-6f8utcs_87SD3J8qCd00SiJCDrviodDgI33wVWfWVvAlZORFboQTMC8l_pImp2Gna7suFQi_I2ubkY7FnVwrWchKt47EFI6AqY-MsvpFg1WKKpgqJPJAzqA8u0c7iGRMUtZv5LWY6GVpCyzKZF1It4nw-RNonN03agQhnx4UGSmIKhK65xgd8ASCaik27rHvg9QvBf58VHUpNVphiwwBT3afhTIGgs0PbMbaScdPgcoxeUqcvElz4_kZUWnRwmMSsdjU4j60nu2e7vxZgKmqJnpS7_pZqN_vf1xDM59NfMlyPQuI7GyZw42VnTJ_EOHbwjG4r8izUgwTV38UG6dsOjKaBI0Yk0U2XZYZxtUltD3gYQDHtvO5zvG3uvaIHqV2EScRiYGM1uRG3HqQFPxfj3vFb7iLCekdAfSIs-gbYxXD26V9XOM0MXdRdWPN-rOKSZwsUFCyK3izUgW4Xvulkuane58hxfjG2und18c8xOVn7wJWz7cfGOUb9i7qovrY_tWMNqwuVP2_JYICrHV8LV5BupqHPN8dErn0XrtEnuH8M-WReiUF2KtzHn27xCaf2kc-iQ-UyDAaTZrtFg9b-ntywmgdyZFEN_qDqRHCIkmJJLVGuBKPX-W_nNvCDOklkS8WZCAK6wIjZjThiplL_i_YOX_hsHMLkLUrlqT1Dj4_mFxdx6A0AS58siSWhcF9enIyyFTuas2N-FGqb40A6FkxTndUS8XMkgKtYKDedohrnHI7zOY8FEaqjuaikU71wSyCQxm6GILNNCw5s1T9IHp0K1g76rPed2uVcYmxx_5iIJfUHBTNiq6kAgmDquWSmue4nL2jo9An4Fous_2yh54YP90a7L7vdAFpNygah73m2FS0R6SDxRtnDN0BSd4RgJYkOn62kq0EchmboLiaMVuYN_lONz4HCY2MT82zjG_zmgm9NjM37nQ-Ib_DzuOZgTdK_ZTa1JeFyjCADURrzryK5bT6EoxF7kpbP_hab0xj7LAbLcCCFiGZ78_7f7Wd504YI2tJ4RFWQIY4hQ_PAS5CTywmHfnxAxCTx7S0RWMW4N7UnXA-ToVTS7bAkDaR0_VVkzSfraILUiqmL2oMhCtYopJahGryw4Os5OSPu-uCmlna0MqZRXRqqohukVvAY1_mYn9WZgsYyHiM7dg1RTqkPlHN7G-9I&sai=AMfl-YTl6ac3H85RPWg_0R1qfyhw6WuT50gBksy-CG1lJLdRyjKcEcURP9ILu8RAQ8A5fQvlTNyD1wLORbF9Hrb45-RkbnUiXsCASZQm99Za9SR39MVlSQ6Hw0BvGEO_CYI4IGyuhM8AHXFCPq-o_dwAGhBnr98cmA&sig=Cg0ArKJSzL7yyvEthnqVEAE&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210401.71259&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 07 Apr 2021 11:25:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-Q050 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 8247 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 09:26:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7149
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Apr 2022 09:26:36 GMT

GET
H2 200 SE-awereness-fitstation-300x250-.jpg
s0.2mdn.net/6710523/ Frame 8247 36 KB
37 KB 28ms
7ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/6710523/SE-awereness-fitstation-300x250-.jpg

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10362f3f084fcdca194879f5ddbcefd0f41c8400b8eeff7bbfe41ecb761675aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 07:02:51 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Mar 2021 18:27:40 GMT
server: sffe
age: 15774
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37375
x-xss-protection: 0
expires: Thu, 08 Apr 2021 07:02:51 GMT

GET
H2 200 SE-awereness-fitstation-300x250-.jpg
s0.2mdn.net/6710523/ Frame B6B1 36 KB
37 KB 33ms
20ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/6710523/SE-awereness-fitstation-300x250-.jpg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B4Z44Cl3P0sGOGb29lbftL2ywtRiliPD6OF-HDVfHBm4Ja2woL4dvnwBrxS4goY3sL4iqzXIHL3BJTtOKHdlUyMHnGPlmfOLzUw7IMRmwhEtlpMnFa-C8fEPGJ5iOyhzT3MsL8hZVIMfL8FUNof3rAN-z-KA&dbm_d=AKAmf-D1jqteOgv0KPtZ6eQjinTrc7m0xsWUFlX3b19mnmW-jk79sV1GOl9A9ResYC69uK9Orekhnjs2u0TGJ0oUATR08Tl0CpircJi5VnFtg5PU46Fug3VFMCJcbYCCQV3bTVlCgSH5HVfFN_-X7stylJ_U2UzhbGm3NqNI07GUvMLJ856JCvtt7l4xW0QxxjgOLdiadh6ELoI96Q44PgacK1VgOFisnM-2141TnnqS1WzIZId6Nd0Ibe1hewkFUf5De-YieycxKEFb-cDNpVO280nOPliRpSYUE-Rd58DErloVv2HnEbd3gsdi1hjdgs6JUdSWO03a7LYW22YjJbXtciqrLLbBB7UFfwuH6yuoJJ2DWh9ob6V81uTZXYH1YGch_beRIAVdBYmxMBdp_nDDG3DdVvayfmHdHrzFB-Avs9YwJeyuAJj5TV8SLdAsO6-S32WJAzG1Sbbz-SlAtwmEKlnXt9XibnC1DwYkHCOvbWycIwcRubGnWKyqxKmh_lyPEK7wa3S4yOWGhbkcxZwtC2QLKHyQtkWXTp6bgfTbcKyAomHo5z7Dswp82OheJ2fEZMy3OWiMdKEzucUYHUsKjddMHCRJfEzmat5QogalLuaIxSq_RrTpcqP51hHQgsvVP7uUmE05bBfcm2DSFW59qz9KQ24aoJiWioTZQu5TtNo241S3tT8vd1DOSXcq0Vnd8MYXmlmWWqN2vC8y8DY2YTjAvE8c6XWtcA8ceUscB4mkrz7VbCFxXgYCOaxs_UQdDxv2rg6XMgEnVL_ez3z6QPQ4NOcZG5fiOONElA6UMYCVhqYCnZZl8i8rOcR4oAz_XU0SPzcbiZEyayVKEOIpziPflxoUCEVSHezwJ420HrLGqIhrDapHqeZob7qMAkeMnF9nqxQmwpEuylkLUyVkgShfRPXhM1OTu_zXRpHFwBCxse6RHDrhBa-g0Hp6W1TsbE7Mfn7-SJweS6aT1SpIeXFAaso-WGvLfUStY-qEGiBMYK0H1rHwP4xm-a1ZG2QFZHGRHNeouwlUKYaJdXNtwQof8RdyIxvQRvDlvoKeiPE9RQQKnbUgDGr1O7hMUBLtiY3uQ4gyDWHL4XxU7tQjvOnKYMopwWyEB5nAjNrpvcXR8IL9WlZN-38NcceK8gmqLbuTRSd5p4VoiO4NYU7Ttnmc17a9oUJcrpINNM7ETkAUJapL5_j4qnPjXh55HUkxKGjiQpvfegfT9m_00piXk3EyFQb_ez97jy3WkjkttYGkV38d5_7q3v16lrxYj_fJ2Y6sed68aWcTtZg2r6VzLlpG8GNsxomDtmuSg2KsY1jO-svuCrVukvp3mkE41ZQQIjK1LHgPIh_IAlpNCpZtKD0wilKInUQ68L5qxcmGIPXdKackTK7BUTyofbqDvoCTnfOr7FU8ZBOJe4wFzzgPLbvRPfK6HS4EY9N5NEA5MJ-Ph5FcKYeLN-WNDnmSuScSewZjFRibi06YzQ4h8eCoGHhEHBsl9EoUih0zjLvVRfHvcYw4f4sFVfVsK5oTlaBmUJhIHBV_LOOkDPBcVnOA7FKWdNtsNxIkKNMP2APLadx4scDw5keHIZav6U3RL4n6Gi0XIW31w7Xg5Qm6IEeAtTEAr8mpw-m4eCBE74D9Cr0OVv3UC7ol38_l7WBQoQUzsihKHyXyopsiPvJQ2_-0hInSzmes6DyglLeWwA9rWmUDgFTwv72cUX2_AQ6BApSsvqzsGTK1O7ylRVNngyVcO7m0fijmgwX996FRwobnEko2qzM_Ggk7SUj4NLeDdiNW-fJf4N60a4kvV0ZAR8MHK9WJ1r44L2N5eE5eD_6kKtCRrA_3ytbXnZ_XlfwWO7dfxhn-j3X6drTbbL4HijMXdSb0cDO6e6dZIZYuCGy4QikU_okA67gVq27wmofuHayewn2ejcT84ZZdHLYFmlcq6PEpwIi-mL3-JLdNoVA0G0yB6jJ_8qnsxEPv6Bl_gieK4cmk1n_v_vjeFSpgz9sJgMYPzGIS74CR_1UZ60WUkxZh2ujmr5wZyzlqSIIIdOjYy4zJwKmBy-6gIM5YBlq6l9P1Kubv9DpsrDkBN0qYVpP5GRHmO8r7R1qNHLJbmJzc0wH_9H4Gj-1wiR7GIrKC5egKq3f6ge70RDqIHoVjNSNdnlHTbUGXkJwuJ1xnmTbD_UMqz3Ok-5jmo2DYYjQosSm8GseXDxLpAJYNKogzJq9tBQgEDHEB1PIwPaTDdaYYYuVU7HUbmevgTEdnyrLwg5TZD2gMugMbqZqRcHqYrrVmVVkM2dE4vEdg5GzrSH5p-w8DhQ_tUdJ4XdRwB3-6gLxtP4u9vDTx52YuK0spJZRJQ5HyM31vJij0EQayvZ1bPBsqQiDPz6v1fbtjSSnvIplkcP6H4xq2aPBW1UatE9i27tX6ilNFUpXwVD5WWh5jlfFSZd3WlSbElBFR7jnHdtCVUaZ6eLmYsfa673_khlwcI0Uchs4VcK_a5bvljlq9AgaVpaztL89vszm89iqT7x1Kfn8jnLOmNKphqytrPqgqKJx0_WQUgTidI29012ug3y72j6jwam_U55B9Lx_rjI61IOONp6AL9QlrkY7DDGUf9VlxQwjyrdFUfoZNjUrjdy5hQH8f-LNlGsPgxvTIBwqp7IDV8TCWijFTIqFa5KLwr-2Y9ZM-8AbJ9m46Qv3YmLgrhpgvSHCwjPKYfoG2RwN8Swa3WXUHgrQCZ63W3VcqUSbu_AuAdAaHyiaSDTXOSNEPwdTm8oWqQQObOyAZb-VbPhROloyQVvGEPLGP6g_1oaho7QS9uBYNh84V8F-lrk-tufgXMOkPHsF2E5tsyYl6z47ldPQzRN6qwo_-ONwELhEvjsFKT3q2Rlikh7P-ZFBY-aFxECLpWANRD47737-nf4gSGOy4GezDl3rlJ5Gmt4UupqAzi9q3Y5mQsuSM3U5WyH486XJn5nlFe6EhXdHPyU_oJrL0-YOHjOgLCE34zCoqEiRGmH9gSgY8c0vU5B-xV_SGLwmiq1VgljmCuY0rlmWnLycCuXJtY57i6y3zNiZH2aomLfjO76dsSoWBvMCFOhWnhPxcP6Jg7t88qaoi2DmTRn_aoQR4KCbXj-0Hl_4k6cSYq08PImV_p-3sxW2s9kVaKqNsCQmkYnp3-QdRgpLQRNPvSEWsgMoSQQnt1iRkCkm7ge-03dyEBP0MKLaJFGzJ0jW_MQ2ScPdLRsKla9b2uqNlymsnBD5nrFJXl5WTdxXvNQW8b9LK5VG5LQh67WsFFqBruMOAB4DjjSLJE6cwi-3BBeUeybwAIzamAl6KzjyBOxIIRWSoWqBGW4BGxrhcpzNkZ7OWJbB90vB4tNG26vUomJyx8gmhZSG5lAikR1VA9WWj-XgrdTPzNExYLksLSsNZgN6k4Ldwmfe2WlSa-w&cid=CAASEuRoyYYcT0KlO6V39kDNfkv2-g&rfl=1%2Chttps%253A%252F%252Fhillreporter.com%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10362f3f084fcdca194879f5ddbcefd0f41c8400b8eeff7bbfe41ecb761675aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 07:02:51 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Mar 2021 18:27:40 GMT
server: sffe
age: 15774
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37375
x-xss-protection: 0
expires: Thu, 08 Apr 2021 07:02:51 GMT

GET
H3-Q050 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210401/r20110914/ Frame B6B1 21 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210401/r20110914/abg_lite.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4298d384ad9772bc9c1fbcd762958b8964fe825e6ac071202a5dcdbd7098198

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:20:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 308
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8467
x-xss-protection: 0
server: cafe
etag: 2526620560005500144
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Apr 2021 11:20:37 GMT

GET
H3-Q050 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210401/r20110914/elements/html/ Frame B6B1 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210401/r20110914/elements/html/omrhp.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:20:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 300
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Apr 2021 11:20:45 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B6B1 0
61 B 226ms
104ms Other
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssoVoAqqL1UQbQxOoOigzaasW69BR37-3hsfT-LpiffBU1X0cjxQtEKp85KnlbADrcPwpHjui1X6jjeo3D3vXCcePlYdkIuVEZ9zQMfWTLvx5IeXQ2RZ4HMwUcE_zuEoxUK7ycG75qU80SVS1SzJzaXdahaYwI2gN-MIMlwqmcoersNrg1lpsvkHoyOWVzHbMmCZ0DTZVxMMoxtLZek-NWyNCaffhQfY4I6bGqNq1euROPnvPL3x-WtPiqShGzhjORbV2gu9QAw2pIWIhM28OIkMGx8GCk9H24eTtRReqsEgmh_BSaUmMqbiSvmQqpgubb1ayINIM4mLDlnfaidpy0ZGe7bE2w5HSjDzF11HscCnT7SV35JFQ77nOHC4vnCaEziZSx00t2Ep8fQRRSCSy9wViB5Aj7YNJU_5wdOvX07k5Li2t6DckfFOCIoZMCN6uVAMm3gawSUEUCnF21CWIAJi0v9Gxs8UYaOiKc1fi6rOtEahEfiwOkqogFUXfS4GlUNWDT7Syxmh0-2BT6w5ckLVtn4491y411m2Qf6GxV5xC32lrSM6DTIl-THHzqaF30oWh5cruiYubkAduJPUVag_LD0hBnzKjmaF5p6IWAi12fDgcOpz_EeP5QmSTCowKTrE45HrkiOZOVPu3ID503iTWVFkiGb3ZiTQ1NE1_VovPOYvVh_x4bsKvPB4UnafidZOPn56pqDMGzMU8qnEXl8q12ISVp5UYCVgrbdPysButH78C5Yw09AcU4LS2eUd8zqgfWBitzvuYf8Vl1unsx7YGimlm_XIoKtASJLA6mbCtSA7Z9nDRex3ffM-NrsnfgTMd9oyUstts2nti8q2oiUWV5hNVvMCSGhgxzEH7VplqN7BVmJXSi5XAtt8kBB1VleRRobaSaP1xPJjJUkuVX9-mZ2IuYikuLFkqsNcvuq0rcx0p0-sDjyQoVl4H-C-nyraT3grvWrfiHDBmu_5_su7E-UPcUhHxhtZbx2QgvGpZVKrOCWgbSWORfwAMFEz3ZUwVjd-u98dQ5ow4PNF5_-izUF_qJuSCOpSRqaWd1bvoOF0DWbGJiIWmyXmvKu2ToSSU9Q_C8ilvvyYcyzhyIRa4pxSUCNVGE4EHpdnwPy2lgsj7fmFc-LJnPNl6Rn-c6HMSeEdhM_pi-Dns3QUd_R9LTgAljn9kHWkL-GeSESqs5wkxBm9g1yfnhS1Lv0MX3vZv5Xnm6tq8dt7KTcNfS9Why9J-uOyxBnzC5rbOdyKB_ntc2yRciWR4DI6UPctA59Wnzd3IFMt5f6DaU8kjcf_CE&sai=AMfl-YQFHV88JMO5at1EHOPjh4t6h586iA4jLti0PERtlbjUG2J01ABCLApHIQpzcy5OpDRtyTBIaIz_5hfCM--GZpiO6qo0_ST823j3-1j4POOpIWo5j3x1VOxJf5TGYP11rsa8OOFETpp8ChZOwXTCZ34PKlOoSQ&sig=Cg0ArKJSzL4eUcrb-ycwEAE&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210401.05952&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 07 Apr 2021 11:25:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-Q050 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B6B1 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 09:26:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7149
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Apr 2022 09:26:36 GMT

GET
H2 200 SE-awereness-fitstation-300x250-.jpg
s0.2mdn.net/6710523/ Frame A9E5 36 KB
37 KB 23ms
15ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/6710523/SE-awereness-fitstation-300x250-.jpg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A4erQy0TthaTslhdcGP1tOBC_n3dCKzDbASZ1vHsK_3dKReWPFUpr6EQhh_Yf3o5SDxl5jAUQnnoYIruF5UiQy2_eu9WSiuk57NneR3hM7prx9wk2D2tQ932UIKOnv_y9LJARn5t4lAmKUNcxRCfAGPqr0qg&dbm_d=AKAmf-DUTOWgWMiF-DqhG6OjO9NneAonZ7gIA7iB0Xz_HVGf0ulT_X9haLzNU5BkFpuk0PnpMf9D3zPZ9F3Vc4mcKGcL2YzNJGp1Nh10luCvUjC8xF5AjmjqLaPKwNMOHyicwdMHgnEyVFEujwvtf_Xfy0w56IUjVYUN54B7nJgggxSdlkeiobqON2RB7qK8TuP5T94jf7dvbHYsr8u7HLC4sE8pAk87hf3ye-F6l06gPuSrKK2KL1J6AEN-FNQpiCe6MRPlKG7HxfSI5kANOBQUNPgl9dyntaNXg1JJlsj23de528KjXlseQyQxTWwlGdKDM1rF08sIDz3t7ymB1JIw3FtnY8zrhqOB6FzaYf3TwXk7_xixN9c53aoEMpM8Vf4ZemrNdoYdeTWSQKcqb4h9MBAhIFONl_W53HJ6qSw-QMnkV88gs33d9aAnx_UP1uwrq7c_hAifsIX5lSlarqetoEX_Ng3GCf8B5TVj4Ex_3OX1uwcYfYsDRmWDFJhOs83zhA6BateUFjI1n_1IEhuUUTmaTubMV2H9ZRRihU9vGokdqpIKjcqlMUcaYW4kcW3d4MNxqEiaugqmPxNNX_wiJcV1jistx361c7xZn5SmBCbvxMVoaByN4_j3mPDn1YspHtMdPhbymX4AE2-zCrmPU6dIwURzEmQinWhGfeRyULAqrwFhuZNjkODDu1h587yu1ZO0-52zKaAQn4dhULU_D8f6f_9-O1veU70RXDuzMVDAf_Iu6GpFvbKCR8sKY9hX2h6NiTeKrgYkhB4Lpq8l-Vd_rmebSPAiCDKBPg5hJpG4ouSsBvSqZ5kfVVa-NTBZd_EwFtnrvzm2JTIdBv-WuKQC6DToqM6u-gkrMJGpP0PM06qxp8SzRyE0Ply4yxuDxJszxKF410AbVU7jdJBU0fXEnPztEPpz4BcO2k8LVzRRGEa24IW1zE04x-rCgRpoBHra0LYlcA1x5eYrH1EKfjFiGRTFOTveVwZEoUvIs7wtH5CZVyZPRlWav5Kvnv_walH1GmIi9uPg9JKpO3FVSnCW5v6Ah_Wa1KnMpKGMUBfsDbD9v_I3Qhww4GtiVEkx983XJDsuPbNwVSl-0NpQBWziPkFwkWM5YxcXlHkXmBR_oK7alApDcWTEi8rl9oqO7CCnNosdaJC8NePIDTh36I9-e_BbEmDQCT8hMhTBVyURUqr7wXngdYbzfM_LaWeKV_2NiJp8ipmlE8ePSmUX6yXZ8eHqG3mA_OU-AMZn3QQMT81aqFlqE1rsYauU1Kp0hqF1GQ8yS1A5PcqTqm30hG-ZLFvEt7zaSdQU0csIaQF2Q2Moijf3JRPj4k1PcEEHtVSqiOOXaF4CZv0JIiBwsjE7TsmjIkcmafZ8eu0kfrdTFw9n-piWyIYpLL2RVkVA5aiWx8Xf6FfASdySdIPnlFvAB_y_DNq16dURqLZnxLPUK5FjSDo0nAWX0vAdIm3TUfwH78JT8nT6_YdmhvNSQbNArdt-HVpksEDeramkqlmYZH3uvxa6L8Dm22V3BZsr2BlZRhNcXCVWtDApd8RDJGOvZD3zRvv2eRpmYV8Q_xjUR4VRvpCOyoneJKXfT5O8KAZlYx3I6XAIR5GRK4RYR8FW8WvgO3cEqBaRvqU8cYHqvyeQayBFKtp3P7DB8L2SH-LoetEBrEQOSBTMO5MThA2g7Yw7Jt6klF8Fn5ns8QToaAquf97SIk0tRrpovYUXgXEbA2LzviANcfD06Z0KBCtp1Zd4KroVCo_tIHKWzjF9y32Qy5CFdOgMioXvBZZoQ_iODr5hZnEcE7CS40lkGI72sIM0OLu8tH5h5lMr2v-ze4pdL0z3bOo1WBxS5Qeo3Lgbh0XQZIRKodetyciHnIEDdT9faclp-vrEV9UUfFFw6eIbam_wlT7dfi8HAipQC5UJyg_-ZoLNjCvKr5_cioRoocsqH0wMV_FbdV0mtHAy8sS8Owa1bf-WxU093cLfdUm9Z5DjC0Y_H_3izB0V8sE-tkWt2aD3X9i8_ZnHy5s_vbtxDk7eE2q5WZdvszst6wA4j3-Pf5eB76VjcjtBinJCenHoRolbiCo79PG0spx4bzIGyCm6Oaqmiaj5D7ZH3aeX8Ww_mTLl4e6zP0yjkJaxQqMCRYjvbP_SKHkhVni69raPwnOAA4sL7cVBgi_EzKbMN-FfyuuTMstT03g5PyCNGJGLi_qXvZXDiyaqzqN6tR0Wiuj60EIIB9mAfbWM07ocwIhsvApfNbShD_M9MfCaS2V7GeCE2LhGwClTj0SV1DkqYx5X2Z2iXUyZy6VNf3rsgqoxllpqawrZdywErnppdmYT_jpTLzdWDWy91Gnurr9cz-j93cN8YsQh-DC9NzfyTFu-KY84q_TEbBr0q2VB1UGFlY3v-bAHbtSoJZWo_QgwFlzMUvs1VzU7gGbRee_AoWZy5YDtGEVUd_EB6g1kkW3PEcI5H7B37VGj_mBk3vPYC0QqF2CrVUnPZYgSE71KcpmIpGQdObrA-vyBNavngBxktss2izHxfjVW6C6mSA4RismrPUzNpxMZKIxAPGUucmilboDGZSIP0kLBXj37gdJvlix5aVZA-JdkZR-pZSTo6zefzmfLb_NWv7UmDD64kbrPT5wy3hlzu3J5TQ_Y2tMMjthUPbjA_ePdydEUZaEZVq3hiYfAZu8Khay46tzdYtV5wsCL0SjMyDfSkoFs_3FAvvfMYYSiPFkipVktKk3ZSLdwt6oeyW_KgzY9cP2JJ0psjQmOK1S7V5QG_E9w0sDMbdo2ska3HRQErzvkxqybAhK9r5QKgm-NENShjplsgEMymP1ed_J8sRBSKwnXe8mDUDSdZqm_Kjn7dNm7D_Qk48MhAXo_Mpi967DIQY5fIc18SKimc-a-IHsG0UCG92IMRaUsfYVi_H-jPG2cDO-jQJ68_pOb2RlvyJMyS9nfe-hfI-J-fQwcm_rDxJ0LEOdFq3vvcahk6FR-ZTzlQCJo_zpNw7qUDcx-9fWswx6rl2bsOuyIYMHYOyBJxB6b_lVTtyQb2n2wSxtGm-tbkXQwlmMAFA7uT-tgLy3K8ze98JJ0JS5gkwlvD433479IZ9szHGeh3fvDZnRCcDS9lwq5Zxi5eFweOqM1beLmbGomWsizkH5eGI3PjOMhvYWUeGjh9OpXjrzsFDMEM6wMtu1MPZuGaTMPX_Qb06DNdVvc1oYUe0Sbq1Wh6fhrOr_wz7mBU53Otgcw_lmRlrieT9RK11LLF6ADfjMLEZdP6RN2NTt7QU8LsiSLgHj6rh8wWbDCcVV6HpKrROdIc4HpXF0DJEAZvor9vlUrE2dvxle4Sq3is0KeXJLAe2RIFLCqwGhHDgvv2cS_vz9ZKeevSUL-cuemN7vDmCh5zP9VfASAIpNmpywiCyWZnBQzj-M7ou2JhrWdk92hehghRbdkAoOQuSSwwMm3gP4-bIUYHUT4yzre6YDPqVVEFVc4uypIYfarrZyUlHXSLNZrHnf5agXtWr0T0EkOnf6_uYYADoxBJrgebttrcrz3hwcJCf8B9aFmWdxF6HvKYpZQYphf0_YZxMGxl19-40zIj_0yu80MizBDo_Gy_CAwm8Cg7GN6q2Vt2Q&cid=CAASEuRoJYujslNK43-bKiRXqdg5-Q&rfl=1%2Chttps%253A%252F%252Fhillreporter.com%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10362f3f084fcdca194879f5ddbcefd0f41c8400b8eeff7bbfe41ecb761675aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 07:02:51 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Mar 2021 18:27:40 GMT
server: sffe
age: 15774
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37375
x-xss-protection: 0
expires: Thu, 08 Apr 2021 07:02:51 GMT

GET
H3-Q050 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210401/r20110914/ Frame A9E5 21 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210401/r20110914/abg_lite.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4298d384ad9772bc9c1fbcd762958b8964fe825e6ac071202a5dcdbd7098198

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:20:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 308
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8467
x-xss-protection: 0
server: cafe
etag: 2526620560005500144
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Apr 2021 11:20:37 GMT

GET
H3-Q050 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210401/r20110914/elements/html/ Frame A9E5 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210401/r20110914/elements/html/omrhp.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:20:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 300
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Apr 2021 11:20:45 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame A9E5 0
107 B 221ms
104ms Other
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvtPNbGE1eqe-Ps3kqgf1a8uKfY9Iow_SET7AaI6FGG_fLOKE-5YQmqzYvHLNg2XJJnAVb4HUrZKVNqbPrI3S004yUXbZBPDsmXBtVVRphsURWvND0oCUiv6ROyi_7LEfnngNg5m77Kp2nKOnNzbDWWP6iP2mox2pCW1xO5SH-_reFVNuaquiOwQOB2wZw43Z_02mHrcpNhHrhdmn4raum_Fu572JHkGT-DkAHwb3alQJku2FyrNYheDQ8tfmLQfqel4bEq7t3-qq5Y2xlKWLzBwLwiGxRepuZxDqhBXO7gC8xsRL43-Uz9aZCiClufy5EgB0ZIvgWMyqj65R5XEQ_-MhYdpH1PPwG8Xt4m88nMMlsY4OiphCpczUT4HWpqtn7B-wrACMr7EUkBzj__boQ1d8cfc0PUPup8RLjr1X6SNqEpeHsgXwL6rvrwTzAJyrw5RNIRxbiO8j-zle8zjxJivo7NpndQqNMcF7-o5igxuPUoCmv0BKUYKLRhzf2guMziXXqaquqEo2dAx55EjfGfcxgZs8bj-rwBbrl6F9yyxn-R-xymEaUWEJz7CZf9PJxEuTZ4Yh2FpLshTUclnpZfCemQEl0n3p3svhpHc0qJOsnuSbdf4tqCtgWKnnlvmD_kQqqAD--rp515sQNNvoit6w3PmhrLm9T1LQ2GictjXIkMJK2oD1ZsWEFvwV3e3KNa5fPscm0iApXiwTAK8NggFViKX_3a49fGcT533_MUUiH59KLPcz85yUqGJGCBE-VIk13zpWtguP4D1VrzqSYqnWAH3tgAv3zgCnhEWnYimQ0VpkTVXDNyFOA2g0iDRxQbEipi9CM1wOXpPIsYaCCMwf9ERX29iKvoS61PeeEPY4P80LUuqy6E3gTXkzBn4nTZ1AukdnGUpsbK-YYPanAkRpF5qEZT6EYrEJ5zs85SLZPLFaihJ_O56Tade6nVVxaQs4dBRCTyKmr_Okfv7B3Ksxue7sTxfy4bJ0V-LogpK_AOa3We9snrtg5yqcgOkVKLqbRtgnPCNOWM4O4325IVjXMnXKmx3bZ9I24_e4fkE1ES97XCUjEgqTFVzmY6LhvHc2VKULfQlRBwxHQJMxez6lgiQ45cOl0LwEB_2GLfPsmb0aQ1q0OuHYYVWe1u-gyrPzbmwrTAlFUXuJYc3oQrKbch1BXaBDKOV2gVtDpj3USyfvukGYXiHv9Zq73BarAoJ9Fp5qqDl5JODe90WZOhhFDs_Pv7ClOpvI0sNRRtGtsmzTXRCcZNnwM0TWFYsfPINyMBICT65y4i5BXV&sai=AMfl-YQd8NO6-ZPf-AYnohUoMsifYeA7sR5qxzmO9Cyos6P4Vgz40H2rpHperqQo8qyuW-7UAy-OdxnPOnun57WJaoKwUPm4sY6xli6lhNP6xGhkfXVt484p5G3lsw5EyD0V1tQxAFu4ggeZIBjwazO1EB1aIHSWmQ&sig=Cg0ArKJSzNbJ7wznU936EAE&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210401.88095&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 07 Apr 2021 11:25:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-Q050 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A9E5 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 09:26:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7149
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Apr 2022 09:26:36 GMT

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame BAD8 284 B
536 B 247ms
60ms Image
image/jpg 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?gdpr=1&us_privacy=1---
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Content-Type: image/jpg

POST
H/1.1 200
OK bidding Show response
bids.proper.io/api/ 0
171 B 219ms
218ms XHR
application/octet-stream 44.239.227.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bids.proper.io/api/bidding
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.239.227.210 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-227-210.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 07 Apr 2021 11:25:45 GMT
Connection: keep-alive
Content-Length: 0
Content-Type: application/octet-stream

GET
H3-Q050 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 95B3 9 KB
3 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17423466578448422575/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 12:33:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82340
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 07 Apr 2021 12:33:25 GMT

GET
H3-Q050 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 95B3 22 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17423466578448422575/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 18:54:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59468
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8867
x-xss-protection: 0
server: cafe
etag: 18043545750443934562
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 07 Apr 2021 18:54:37 GMT

GET
H3-Q050 200 logo_d.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17423466578448422575/ Frame 95B3 1 KB
3 KB 7ms
7ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17423466578448422575/logo_d.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17423466578448422575/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d29ff1a0d107b4a6a4508c99edb4b7783e2813b98d0a999ac4fbce8915b1cd66

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 426177
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1450
x-xss-protection: 0
last-modified: Tue, 23 Mar 2021 21:23:14 GMT
server: sffe
date: Fri, 02 Apr 2021 13:02:48 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Apr 2022 13:02:48 GMT

GET
H3-Q050 200 tyre.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17423466578448422575/ Frame 95B3 18 KB
18 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17423466578448422575/tyre.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17423466578448422575/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a395738ab00593d944dd8fe3c917c5808269a2f7c189366973c42489d7e04267

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 574672
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18790
x-xss-protection: 0
last-modified: Tue, 23 Mar 2021 21:23:14 GMT
server: sffe
date: Wed, 31 Mar 2021 19:47:53 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Mar 2022 19:47:53 GMT

GET
H3-Q050 200 bg.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17423466578448422575/ Frame 95B3 41 KB
41 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17423466578448422575/bg.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17423466578448422575/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

38667e6cb6af765f673dc7a19714a0aaa1fe985f4462ae602ffed6a7a2d96022

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 426177
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42050
x-xss-protection: 0
last-modified: Tue, 23 Mar 2021 21:23:14 GMT
server: sffe
date: Fri, 02 Apr 2021 13:02:48 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Apr 2022 13:02:48 GMT

GET
H3-Q050 200 logo_l.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17423466578448422575/ Frame 95B3 1 KB
2 KB 9ms
8ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17423466578448422575/logo_l.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17423466578448422575/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9f714fe4238276cbacceb8400a76d9c33a9fb83e4abecdc52aebe8ee87772781

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 426177
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1497
x-xss-protection: 0
last-modified: Tue, 23 Mar 2021 21:23:14 GMT
server: sffe
date: Fri, 02 Apr 2021 13:02:48 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Apr 2022 13:02:48 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 8247 0
528 B 184ms
99ms Other
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 07 Apr 2021 11:25:45 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-Q050 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8542 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 07 Apr 2021 09:38:44 GMT
expires: Thu, 07 Apr 2022 09:38:44 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 6421
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 6602 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 07 Apr 2021 09:38:44 GMT
expires: Thu, 07 Apr 2022 09:38:44 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 6421
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B22E 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 07 Apr 2021 09:38:44 GMT
expires: Thu, 07 Apr 2022 09:38:44 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 6421
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3DA2 1 KB
750 B 6ms
6ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 07 Apr 2021 03:14:09 GMT
expires: Thu, 08 Apr 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 29496
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 8247 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b771a694d38201540e8545e10057eba804dc9f68a5bf9065ed5a1e901a99a348

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1687 1 KB
750 B 6ms
6ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 07 Apr 2021 03:14:09 GMT
expires: Thu, 08 Apr 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 29496
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame B6B1 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 691670eb9eadf2f368b880ffd1b6bd81e1ff2642a4e8d94cbec726e54bc41359

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame EAAC 1 KB
750 B 6ms
6ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 07 Apr 2021 03:14:09 GMT
expires: Thu, 08 Apr 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 29496
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame A9E5 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8e6b4a8bec38f1f1c4fd7fdddec3ef39d672a3f17c1dd62280e6ffb916de5401

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 6542
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEIPH3ycAPmjwwRexu80HgHE&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEIPH3ycAPmjwwRexu80HgHE&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=dldTdGNNRTExTHU2akQ1&google_gid=CAESEIPH3ycAPmjwwRexu80HgHE&google_cver=1&google_push=AQvitULckhJdZf7kSZUrbakYnd3aFrh9lGGcoic9V2iO3xX...

170 B
190 B

70ms
69ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=dldTdGNNRTExTHU2akQ1&google_gid=CAESEIPH3ycAPmjwwRexu80HgHE&google_cver=1&google_push=AQvitULckhJdZf7kSZUrbakYnd3aFrh9lGGcoic9V2iO3xX8szwfeFUFZsi9KpNZffvgJrsfzCdHNUu4P7WkrJm45C1YLuAzSyfR

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 07 Apr 2021 11:25:44 GMT
Server: PingMatch/v2.0.30-639-g719035a#rel-ec2-master i-080424a23a22eec76@eu-central-1a@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=dldTdGNNRTExTHU2akQ1&google_gid=CAESEIPH3ycAPmjwwRexu80HgHE&google_cver=1&google_push=AQvitULckhJdZf7kSZUrbakYnd3aFrh9lGGcoic9V2iO3xX8szwfeFUFZsi9KpNZffvgJrsfzCdHNUu4P7WkrJm45C1YLuAzSyfR
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 6542
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEESWJy5JWA9VIvxdqNG8A7Y&google_push=AQvitUK6rpxMLGe64gWAAGKtpGqLMQbq0CjEqX8ii2ImE7wG90IpAVbZpi...

170 B
190 B

70ms
70ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEESWJy5JWA9VIvxdqNG8A7Y&google_push=AQvitUK6rpxMLGe64gWAAGKtpGqLMQbq0CjEqX8ii2ImE7wG90IpAVbZpiE-FAnN7YIusGYt1CLYHrirsUUMEybJZJTaw0nX6tPl

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
via: 1.1 varnish
server: Jetty(9.3.8.v20160314)
x-timer: S1617794746.724248,VS0,VE186
x-served-by: cache-fra19138-FRA
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEESWJy5JWA9VIvxdqNG8A7Y&google_push=AQvitUK6rpxMLGe64gWAAGKtpGqLMQbq0CjEqX8ii2ImE7wG90IpAVbZpiE-FAnN7YIusGYt1CLYHrirsUUMEybJZJTaw0nX6tPl
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
x-cache-hits: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 6542
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEDiaI6NAurHhoJnu9rbtadA&google_cver=1&google_push=AQvitUISt4bt1uam029DbnkamUtBziN_8MiFkQJ6DZzH4anP3GfPBx60kMsMD1CjTS5iIS8EFFquIy0L0f99vZ3C6NAiNvVBSHs
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A40B2E471C6E4428861A27BEB8AF717B&google_push=AQvitUISt4bt1uam029DbnkamUtBziN_8MiFkQJ6DZzH4anP3GfPBx60kMsMD1CjTS5iIS8EFFquIy0L0f99vZ3...

170 B
190 B

69ms
69ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A40B2E471C6E4428861A27BEB8AF717B&google_push=AQvitUISt4bt1uam029DbnkamUtBziN_8MiFkQJ6DZzH4anP3GfPBx60kMsMD1CjTS5iIS8EFFquIy0L0f99vZ3C6NAiNvVBSHs

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 07 Apr 2021 11:25:45 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A40B2E471C6E4428861A27BEB8AF717B&google_push=AQvitUISt4bt1uam029DbnkamUtBziN_8MiFkQJ6DZzH4anP3GfPBx60kMsMD1CjTS5iIS8EFFquIy0L0f99vZ3C6NAiNvVBSHs
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Tue, 06 Apr 2021 11:25:45 GMT

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 6542 0
191 B 208ms
71ms Image
text/plain 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEKZziIhK7OiwSpZLQhXJSwI&google_cver=1&google_push=AQvitUKcRIpgG1I5_0RXVpelsflTVjFR3EsTx7b5fQDBXGvakjkgW2LK3JLjQ_tdqurJVl5smPOvO8BfZ-BT5m6SWT35qEpMM1UR
Requested by: Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:44 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 6542
Redirect Chain

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESENfhA4ZPCG6Z9C8e9m1mxPQ&google_cver=1&google_push=AQvitUL9mS0tkVRhumjKvMYZmHwXJZTlYPQlgTLn_mP1ss19PwpqAKdkXXEMP...
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESENfhA4ZPCG6Z9C8e9m1mxPQ&google_cver=1&google_push=AQvitUL9mS0tkVRhumjKvMYZmHwXJZTlYPQlgTLn_mP1ss19PwpqAKdkXXEMP...
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=bOgyoQtUUeL5ItLc04z8ew&google_push=AQvitUL9mS0tkVRhumjKvMYZmHwXJZTlYPQlgTLn_mP1ss19PwpqAKdkXXEMP9HJsPSkJuDOKOVX5Pry_...

170 B
190 B

70ms
69ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=bOgyoQtUUeL5ItLc04z8ew&google_push=AQvitUL9mS0tkVRhumjKvMYZmHwXJZTlYPQlgTLn_mP1ss19PwpqAKdkXXEMP9HJsPSkJuDOKOVX5Pry_Mz5ssVyeI4kTIFDnjvb

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=bOgyoQtUUeL5ItLc04z8ew&google_push=AQvitUL9mS0tkVRhumjKvMYZmHwXJZTlYPQlgTLn_mP1ss19PwpqAKdkXXEMP9HJsPSkJuDOKOVX5Pry_Mz5ssVyeI4kTIFDnjvb
Date: Wed, 07 Apr 2021 11:25:45 GMT
Server: nginx
Connection: keep-alive
Content-Type: text/plain; charset=utf-8
Content-Length: 238
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 6542
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKaBqfQqA3YDekeMmF5hzlE&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YG2WuYpDZvV3gEw-eVctyAAAAUQAAAAB&google_push=AQvitUIvg612oG-rZBl7jL4hkH-VUdoj2buuDLEraSd8BnKeBgS8uv9Fwl0peS2_s4L1XA4XbcL2AYPtJ5xI32F-3K...

170 B
190 B

70ms
69ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YG2WuYpDZvV3gEw-eVctyAAAAUQAAAAB&google_push=AQvitUIvg612oG-rZBl7jL4hkH-VUdoj2buuDLEraSd8BnKeBgS8uv9Fwl0peS2_s4L1XA4XbcL2AYPtJ5xI32F-3KCmBPMvVaW8&google_cver=1&google_gid=CAESEKaBqfQqA3YDekeMmF5hzlE

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 07 Apr 2021 11:25:45 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YG2WuYpDZvV3gEw-eVctyAAAAUQAAAAB&google_push=AQvitUIvg612oG-rZBl7jL4hkH-VUdoj2buuDLEraSd8BnKeBgS8uv9Fwl0peS2_s4L1XA4XbcL2AYPtJ5xI32F-3KCmBPMvVaW8&google_cver=1&google_gid=CAESEKaBqfQqA3YDekeMmF5hzlE
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 460
Expires: Wed, 07 Apr 2021 11:25:45 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 6542
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEF...
https://sync.targeting.unrulymedia.com/csync/RX-3477bd72-549a-408d-aada-ae04e7e31136-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAQvitUKLLfa6YyR9bAI4zQL2W...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUKLLfa6YyR9bAI4zQL2W5VhLq4KkFiPGZaSQrshRx9z-4-noNZwREi6Gqz52tl69ARPIb_dc87x_19u92TlkV3pBFYfGak&google_hm=AzR3vXJUmkCNqtquBOfjETY
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUKLLfa6YyR9bAI4zQL2W5VhLq4KkFiPGZaSQrshRx9z-4-noNZwREi6Gqz52tl69ARPIb_dc87x_19u92TlkV3pBFYfGak&google_hm=AzR3vXJUmkCNqtquBOfjETY&go...

170 B
190 B

71ms
71ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUKLLfa6YyR9bAI4zQL2W5VhLq4KkFiPGZaSQrshRx9z-4-noNZwREi6Gqz52tl69ARPIb_dc87x_19u92TlkV3pBFYfGak&google_hm=AzR3vXJUmkCNqtquBOfjETY&google_tc=

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:46 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUKLLfa6YyR9bAI4zQL2W5VhLq4KkFiPGZaSQrshRx9z-4-noNZwREi6Gqz52tl69ARPIb_dc87x_19u92TlkV3pBFYfGak&google_hm=AzR3vXJUmkCNqtquBOfjETY&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 414
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame 6542 0
223 B 150ms
82ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LCF_hDaFlzQqFlqQJWMM6SeeNcs-nJvFElvEf3P21cB21iovSDXw3m6CUNt1ppDx1r3YEm

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame A9E5 0
60 B 106ms
106ms Other
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 07 Apr 2021 11:25:45 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B6B1 0
60 B 99ms
99ms Other
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 07 Apr 2021 11:25:45 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame 95B3 34 KB
34 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e7ba7486df51b247d667ddfef156c72ed4f149a3693b1ca9be424f2ea680a50

Request headers

Origin: null
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H2

200

rtb-h
match.taboola.com/sg/mediaforcebidder-network/1/ Frame 2405
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=taboola
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=taboola
https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=5e66623d-9585-46a3-8a1b-0b252c81a944
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=5e66623d-9585-46a3-8a1b-0b252c81a944&tbid=66af7ff4-269b-4b95-ac25-d4150f08d239-tuct7671c38&query=taboola_hm%3D5e66623d-9585-...

0
76 B

68ms
64ms

Image
text/plain

199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=5e66623d-9585-46a3-8a1b-0b252c81a944&tbid=66af7ff4-269b-4b95-ac25-d4150f08d239-tuct7671c38&query=taboola_hm%3D5e66623d-9585-46a3-8a1b-0b252c81a944&isDirect=0
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:46 GMT
via: 1.1 varnish
server: nginx
x-timer: S1617794746.092008,VS0,VE9
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn11535-HHN

Redirect headers

location: https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=5e66623d-9585-46a3-8a1b-0b252c81a944&tbid=66af7ff4-269b-4b95-ac25-d4150f08d239-tuct7671c38&query=taboola_hm%3D5e66623d-9585-46a3-8a1b-0b252c81a944&isDirect=0
tbl-x-upstream: 10.40.0.195:10213
date: Wed, 07 Apr 2021 11:25:46 GMT
server: nginx
x-fastly-to-nlb-rtt: 30056

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame 2405 0
239 B 253ms
66ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=16698
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Content-Type: image/gif

GET
H2

204

/
sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/ Frame 2405
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=562107&ev=1&rurl=https%3A%2F%2Fsync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=%%VGUID%%&orig=trc
https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=mGTPhkecNmQU&ev=1&orig=trc&pid=562107

0
217 B

57ms
57ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=mGTPhkecNmQU&ev=1&orig=trc&pid=562107
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.41.34.64:10213
date: Wed, 07 Apr 2021 11:25:46 GMT
server: nginx
x-fastly-to-nlb-rtt: 29385

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=mGTPhkecNmQU&ev=1&orig=trc&pid=562107
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-7c488d4f5b-784pg
expires: -1

GET
H2

200

/
sync.taboola.com/sg/appnexus-network/1/rtb-h/ Frame 2405
Redirect Chain

https://ib.adnxs.com/getuidnb?https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID&orig=trc
https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=4473061650381232977&orig=trc

0
227 B

58ms
58ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=4473061650381232977&orig=trc
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.40.0.199:10213
date: Wed, 07 Apr 2021 11:25:45 GMT
server: nginx
x-fastly-to-nlb-rtt: 24758

Redirect headers

Pragma: no-cache
Date: Wed, 07 Apr 2021 11:25:45 GMT
X-Proxy-Origin: 86.106.103.103; 86.106.103.103; 722.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.51:80
AN-X-Request-Uuid: fb927bf0-12f6-457b-806e-4ea79049ca40
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=4473061650381232977&orig=trc
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

/
trc.taboola.com/sg/google-network/1/rtb-h/ Frame 2405
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESECISSt2aJZ9-I42t3xE13Xg&google_cver=1

0
206 B

121ms
121ms

Image
text/plain

199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESECISSt2aJZ9-I42t3xE13Xg&google_cver=1
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 68
date: Wed, 07 Apr 2021 11:25:45 GMT
via: 1.1 varnish
server: nginx
x-timer: S1617794746.770966,VS0,VE68
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn11535-HHN

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESECISSt2aJZ9-I42t3xE13Xg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 304
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK Pug
simage2.pubmatic.com/AdServer/ Frame 2405 42 B
805 B 194ms
64ms Image
image/gif 185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37:$UID
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 07 Apr 2021 11:25:45 GMT
X-lat: lhrpug002:0:963
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 2405
Redirect Chain

https://sync.taboola.com/sg/google-network/1/rtb?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=66af7ff4-269b-4b95-ac25-d4150f08d239-tuct7671c38

170 B
190 B

69ms
69ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=66af7ff4-269b-4b95-ac25-d4150f08d239-tuct7671c38

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=66af7ff4-269b-4b95-ac25-d4150f08d239-tuct7671c38
tbl-x-upstream: 10.41.34.222:10213
date: Wed, 07 Apr 2021 11:25:45 GMT
server: nginx
x-fastly-to-nlb-rtt: 24761

GET
H2

200

/
trc.taboola.com/sg/thetradedesk-network/1/rtb-h/ Frame 2405
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=054f32o&ttd_tpi=1
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=b2830265-d107-49a1-8546-b2471502f479

0
56 B

126ms
125ms

Image
text/plain

199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=b2830265-d107-49a1-8546-b2471502f479
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 68
date: Wed, 07 Apr 2021 11:25:45 GMT
via: 1.1 varnish
server: nginx
x-timer: S1617794746.873570,VS0,VE68
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn11535-HHN

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=b2830265-d107-49a1-8546-b2471502f479
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 239

GET
H/1.1

204
No Content

merge
ce.lijit.com/ Frame 2405
Redirect Chain

https://ce.lijit.com/merge?pid=42&3pid=45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37&us_privacy=&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=42&3pid=45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37&us_privacy=&gdpr=0&gdpr_consent=&dnr=1

0
577 B

74ms
73ms

Image
text/plain

72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=42&3pid=45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37&us_privacy=&gdpr=0&gdpr_consent=&dnr=1
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Apr 2021 11:25:45 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap2ams1
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 07 Apr 2021 11:25:45 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ce.lijit.com/merge?pid=42&3pid=45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37&us_privacy=&gdpr=0&gdpr_consent=&dnr=1
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap2ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2 200 rtset
bh.contextweb.com/bh/ Frame 2405 49 B
406 B 375ms
125ms Image
image/gif 198.148.27.140
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=553204&ev=45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.140 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-7c488d4f5b-kx42z
expires: -1

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame 2405 43 B
697 B 299ms
167ms Image
image/gif 185.86.137.132
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=107&partneruserid=45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37&gdpr=0&gdpr_consent=
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.132 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
cache-control: no-cache,no-store
content-type: image/gif
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H2 204 put
e1.emxdgt.com/ Frame 2405 0
59 B 1335ms
84ms Image
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e1.emxdgt.com/put?d=d41&uid=45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:46 GMT
content-length: 0
content-type: text/html

GET
H2

200

/
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame 2405
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=29&p=282&cp=taboolaortb&cu=1&url=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fcriteortb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%40%40CRITEO_USERID%40%40
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=2c0a3e64-140e-44fc-a2be-05e33e8bf965

0
227 B

58ms
57ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=2c0a3e64-140e-44fc-a2be-05e33e8bf965
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.41.14.127:10213
date: Wed, 07 Apr 2021 11:25:48 GMT
server: nginx
x-fastly-to-nlb-rtt: 28284

Redirect headers

pragma: no-cache
x-errorlevel: 0
date: Wed, 07 Apr 2021 11:25:48 GMT
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=2c0a3e64-140e-44fc-a2be-05e33e8bf965
cache-control: no-cache
server-processing-duration-in-ticks: 1666
content-type: text/html; charset=utf-8
content-length: 222
expires: Wed, 07 Apr 2021 00:00:00 GMT

GET
H/1.1

200

2.gif
id5-sync.com/cq/464/124/6/ Frame 2405
Redirect Chain

https://id5-sync.com/s/464/9.gif?puid=45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37&gdpr=0&gdpr_consent=&callback=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fid5-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D...
https://id5-sync.com/c/464/464/7/1.gif?puid=45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37&gdpr=1&gdpr_consent=
https://ice.360yield.com/match?publisher_dsp_id=79&dsp_callback=1&external_user_id=ID5-ZHMOxLCw4xF_jrBxXXGri-0M07uU3QHpPdPJ1BGTVA&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F464%2F124%2F6%2F2.gif%3Fpuid%3D...
https://ice.360yield.com/ul_cb/match?publisher_dsp_id=79&dsp_callback=1&external_user_id=ID5-ZHMOxLCw4xF_jrBxXXGri-0M07uU3QHpPdPJ1BGTVA&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F464%2F124%2F6%2F2.gif%3Fp...
https://id5-sync.com/cq/464/124/6/2.gif?puid=0c04acef-2078-4ef2-9156-3d671bb01675&gdpr=1&gdpr_consent=&gdpr=1&gdpr_consent=

43 B
1 KB

62ms
61ms

Image
image/gif

54.36.109.186
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/cq/464/124/6/2.gif?puid=0c04acef-2078-4ef2-9156-3d671bb01675&gdpr=1&gdpr_consent=&gdpr=1&gdpr_consent=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.36.109.186 , France, ASN16276 (OVH, FR),

Reverse DNS

p06.id5-sync.com

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 07 Apr 2021 11:25:43 GMT
Transfer-Encoding: chunked
Content-Type: image/gif;charset=UTF-8
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
P3P: CP="CAO PSA OUR"

Redirect headers

location: https://id5-sync.com/cq/464/124/6/2.gif?puid=0c04acef-2078-4ef2-9156-3d671bb01675&gdpr=1&gdpr_consent=&gdpr=1&gdpr_consent=
date: Wed, 07 Apr 2021 11:25:46 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

204

rtb-h
sync.taboola.com/sg/appierrtb-network/1/ Frame 2405
Redirect Chain

https://s.c.appier.net/taboola
https://sync.taboola.com/sg/appierrtb-network/1/rtb-h?taboola_hm=RPlhHev8BheAqztFvZZtYA

0
217 B

56ms
56ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/appierrtb-network/1/rtb-h?taboola_hm=RPlhHev8BheAqztFvZZtYA
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.40.0.175:10213
date: Wed, 07 Apr 2021 11:25:50 GMT
server: nginx
x-fastly-to-nlb-rtt: 27833

Redirect headers

location: https://sync.taboola.com/sg/appierrtb-network/1/rtb-h?taboola_hm=RPlhHev8BheAqztFvZZtYA
date: Wed, 07 Apr 2021 11:25:49 GMT
cache-control: no-store
server: nginx
content-type: text/html; charset=utf-8
content-length: 110
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

GET
H/1.1 200
OK cookiesync
bttrack.com/pixel/ Frame 2405 35 B
380 B 562ms
141ms Image
image/gif 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bttrack.com/pixel/cookiesync?source=14b8c562-d12b-418b-b680-ad517d5839ec
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-ServerName: Track002-dc3
Pragma: no-cache
Date: Wed, 07 Apr 2021 11:25:04 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

GET
H/1.1 204
No Content /
cds.taboola.com/ Frame 2405 0
155 B 651ms
133ms Image
text/plain 141.226.224.32
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cds.taboola.com/?uid=45d8b9df-ce51-4a27-b7c2-49a5325a134f-tuct7671c37&_r=6542083
Requested by: Host: hillreporter.com
URL: https://hillreporter.com/pharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334?_hsmi=96965274&_hsenc=p2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.32 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 07 Apr 2021 11:25:46 GMT
Cache-Control: no-store
Server: nginx
Connection: close

GET
H2

200

rtb-h
sync-t1.taboola.com/sg/bidswitch-network/1/ Frame 2405
Redirect Chain

https://x.bidswitch.net/sync?ssp=taboola&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=taboola&gdpr=0&gdpr_consent=
https://ads.betweendigital.com/match?bidder_id=43092&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dtaboola%26expires%3D30%26user_group%3D%24%...
https://ads.betweendigital.com/match?bidder_id=43092&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dtaboola%26expires%3D30%26user_group%3D%24%...
https://x.bidswitch.net/sync?dsp_id=429&user_id=3eb4cb8b-e885-5161-9927-5f39f94ac983&ssp=taboola&expires=30&user_group=1
https://x.bidswitch.net/ul_cb/sync?dsp_id=429&user_id=3eb4cb8b-e885-5161-9927-5f39f94ac983&ssp=taboola&expires=30&user_group=1
https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=2acd77d0-e066-4761-a422-e601a20c46d2

0
226 B

57ms
57ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=2acd77d0-e066-4761-a422-e601a20c46d2
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.41.22.84:10213
date: Wed, 07 Apr 2021 11:25:47 GMT
server: nginx
x-fastly-to-nlb-rtt: 28793

Redirect headers

location: //sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=2acd77d0-e066-4761-a422-e601a20c46d2
date: Wed, 07 Apr 2021 11:25:47 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3-Q050

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0851
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
135 B

39ms
38ms

Document
text/html

2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkpk0r0gX6fxhnq4uyMWyKOu5jnOvEPpeoKDe2Xe4H4P3AvE2glWjzvnyVI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 07 Apr 2021 11:25:45 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 07-Apr-2021 12:25:45 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 07 Apr 2021 11:25:45 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 07 Apr 2021 11:25:45 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 3DA2 0
104 B 102ms
67ms Image
text/plain 2a02:fa8:8806:13::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEHJuN5PHJE-Lta9958xGndk&google_cver=1&google_push=AQvitUJ3hcNlUIhMVHkYYIkPm3qkviP4lLitts2tkZkxI5t7HHOEsG0eW2Qdji6K06kzgdrGH419L3ha0xkR3YUE1df286wKNIs
Requested by: Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1400 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 3DA2 0
191 B 69ms
65ms Image
text/plain 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEKZziIhK7OiwSpZLQhXJSwI&google_cver=1&google_push=AQvitUKM-8NgGd6fbrfCabE8k_QO_yJfQDnf0sW8PSLkXA09NDa8Wouop6dfT_IcIgHSZiUKKeEKbgf9MLJyWZ9qZGoPsmokIq0
Requested by: Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET gg_pixel
sync.adaptv.advertising.com/ Frame 3DA2 0
0

GET
H3-Q050 200 dot.gif
s0.2mdn.net/ Frame 3DA2 43 B
383 B 43ms
28ms Image
image/gif 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEPMpnrhZ-uyCSPXRYMRH6R0&google_cver=1&google_push=AQvitULIqw58uAd1wqZkKJcrukb9XYneDaW22bFh-T9Bz4HzUoCUVnhFE0GmG0p5GzlCxcj4j2ZtKmnBzVzRrmgQDefNxv_zWKwc

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:45 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Thu, 08 Apr 2021 11:25:45 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 3DA2
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEAREAKTwX3Gtc1ezvW9DjoA&google_cver=1&google_push=AQvitUK75_zEtlWo4xoDF4zmm8Qny6t1GgyCLMRQ0QNjEIHZ9sEwxQMJ6LWoL6rpyyJhdr96q2tTTiwBP_ZEJx6G2X8pIENx-i0M
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AQvitUK75_zEtlWo4xoDF4zmm8Qny6t1GgyCLMRQ0QNjEIHZ9sEwxQMJ6LWoL6rpyyJhdr96q2tTTiwBP_ZEJx6G2X8pIENx-i0M&goog...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NzI2MjIzODM5ODA0NTk1Nzc0MQ%3D%3D&google_push=AQvitUK75_zEtlWo4xoDF4zmm8Qny6t1GgyCLMRQ0QNjEIHZ9sEwxQMJ6LWo...

170 B
213 B

69ms
69ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NzI2MjIzODM5ODA0NTk1Nzc0MQ%3D%3D&google_push=AQvitUK75_zEtlWo4xoDF4zmm8Qny6t1GgyCLMRQ0QNjEIHZ9sEwxQMJ6LWoL6rpyyJhdr96q2tTTiwBP_ZEJx6G2X8pIENx-i0M

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NzI2MjIzODM5ODA0NTk1Nzc0MQ%3D%3D&google_push=AQvitUK75_zEtlWo4xoDF4zmm8Qny6t1GgyCLMRQ0QNjEIHZ9sEwxQMJ6LWoL6rpyyJhdr96q2tTTiwBP_ZEJx6G2X8pIENx-i0M
date: Wed, 07 Apr 2021 11:25:45 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 3DA2
Redirect Chain

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEDLcTLngaPHy8c9-yMy3zDI&google_cver=1&google_push=AQvitUKCxvy3WyunnYbfK6WOxBtW8PSRCYebaapi_1q3EirWOM9lMniT...
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEDLcTLngaPHy8c9-yMy3zDI&google_cver=1&google_push=AQvitUKCxvy3WyunnYbfK6WOxBtW8PSRCYebaapi_1q3EirWOM9lMniT...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEDLcTLngaPHy8c9-yMy3zDI&google_cver=1&google_push=AQvitUKCxvy3WyunnYbfK6WOxBtW8PSRCYebaapi_1q3EirWOM9lMn...
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBmZWVjN2QwNC05NzkzLTExZWItOThjNC0wNjEwMWQwZGYzYWM%3D&google_push=AQvitUKCxvy3WyunnYbfK6WOxBtW8PSRCYebaapi_1q3EirWOM9lMniTlPOOBoPyHS...

170 B
190 B

69ms
69ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBmZWVjN2QwNC05NzkzLTExZWItOThjNC0wNjEwMWQwZGYzYWM%3D&google_push=AQvitUKCxvy3WyunnYbfK6WOxBtW8PSRCYebaapi_1q3EirWOM9lMniTlPOOBoPyHSLnTbQhPjUr6B72WoZv8fKW_B8_bSIFj-tTkw

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 07 Apr 2021 11:25:47 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBmZWVjN2QwNC05NzkzLTExZWItOThjNC0wNjEwMWQwZGYzYWM%3D&google_push=AQvitUKCxvy3WyunnYbfK6WOxBtW8PSRCYebaapi_1q3EirWOM9lMniTlPOOBoPyHSLnTbQhPjUr6B72WoZv8fKW_B8_bSIFj-tTkw
Connection: keep-alive
Content-Length: 0

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame 3DA2 0
16 B 70ms
68ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JbYuUt-SEvTTWf5kwaeEtsB6Ko8icfyAKIDJYeizvSe2CsAdNMpOJBnEC6QOeDlII

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 1687 70 B
264 B 76ms
72ms Image
image/gif 34.247.242.33
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEJqmAXfKtNRrhVUEynLN0_k&google_cver=1&google_push=AQvitUL_eADWJlepVg6NhbfljgZ_jIXsLxwQMt0lSGRiP6sPnpqepVvbLuYKJ1HDrh3gDwDBUF-2_gzbmEr__3TtnxLoesdZMtto
Requested by: Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.242.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-242-33.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 1687 0
191 B 73ms
70ms Image
text/plain 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEKZziIhK7OiwSpZLQhXJSwI&google_cver=1&google_push=AQvitUJRjBF8pPrt_bhXMwDMySNUZBI1itJhulWF6F45VI0lj-SmTh3DTBwgaKMat-Cezcf0pkKlW2ZTGRWYJlzKiLYnZANf7bU
Requested by: Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:44 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 1687
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEGc027Uv7pEc2A7HuTfg6go&google_cver=1&google_push=AQvitUJK_RwqYl8OaSYnHZ3qYIngHcU2AZ1eyq6iwZI-FkfPdQlGqktKAggj9PyVRSUsNtEpW4QbrdUHm-1emwsoa19D...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AQvitUJK_RwqYl8OaSYnHZ3qYIngHcU2AZ1eyq6iwZI-FkfPdQlGqktKAggj9PyVRSUsNtEpW4QbrdUHm-1emwsoa19DYr2wdvg&google_hm=ucvNsn8yTSqOl-a7e4JMRA==

170 B
190 B

70ms
69ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AQvitUJK_RwqYl8OaSYnHZ3qYIngHcU2AZ1eyq6iwZI-FkfPdQlGqktKAggj9PyVRSUsNtEpW4QbrdUHm-1emwsoa19DYr2wdvg&google_hm=ucvNsn8yTSqOl-a7e4JMRA==

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AQvitUJK_RwqYl8OaSYnHZ3qYIngHcU2AZ1eyq6iwZI-FkfPdQlGqktKAggj9PyVRSUsNtEpW4QbrdUHm-1emwsoa19DYr2wdvg&google_hm=ucvNsn8yTSqOl-a7e4JMRA==
date: Wed, 07 Apr 2021 11:25:45 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 1687
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEJ6nnLWl_k3Sl3CQBNcHeDo&google_cver=1&google_push=AQvitULc-xjSrX0crlxhEnBWG2NOXKW5hGL_wA755a1UtDr8hfgogPFAV4OwI-phiF5Fi4yFlDCMBHFvOJCewiR-VPV42BN...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEJ6nnLWl_k3Sl3CQBNcHeDo&google_cver=1&google_push=AQvitULc-xjSrX0crlxhEnBWG2NOXKW5hGL_wA755a1UtDr8hfgogPFAV4OwI-phiF5Fi4yFlDCMBHFvOJCewiR-VPV42...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AQvitULc-xjSrX0crlxhEnBWG2NOXKW5hGL_wA755a1UtDr8hfgogPFAV4OwI-phiF5Fi4yFlDCMBHFvOJCewiR-VPV42BNdIkmD

170 B
190 B

71ms
71ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AQvitULc-xjSrX0crlxhEnBWG2NOXKW5hGL_wA755a1UtDr8hfgogPFAV4OwI-phiF5Fi4yFlDCMBHFvOJCewiR-VPV42BNdIkmD

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AQvitULc-xjSrX0crlxhEnBWG2NOXKW5hGL_wA755a1UtDr8hfgogPFAV4OwI-phiF5Fi4yFlDCMBHFvOJCewiR-VPV42BNdIkmD
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 1687
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESECNFhhnw9E7LcIvDR03nSuk&google_cver=1&google_push=AQvitUKaAmpL6KWo1SNZPRS6N3cnp7csQlfc7ifMNGS4v2aeExMYn32epyV1UW6uudKz7-BKkOV4qEi9...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESECNFhhnw9E7LcIvDR03nSuk&google_cver=1&google_push=AQvitUKaAmpL6KWo1SNZPRS6N3cnp7csQlfc7ifMNGS4v2aeExMYn32epyV1UW6uudKz7-BKkOV...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzY2NjUwMDc2NjEwMDAyNzQ4&google_push=AQvitUKaAmpL6KWo1SNZPRS6N3cnp7csQlfc7ifMNGS4v2aeExMYn32epyV1UW6uudKz7-BKkOV4qEi9...

170 B
190 B

70ms
69ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzY2NjUwMDc2NjEwMDAyNzQ4&google_push=AQvitUKaAmpL6KWo1SNZPRS6N3cnp7csQlfc7ifMNGS4v2aeExMYn32epyV1UW6uudKz7-BKkOV4qEi9O3_Djiej63KnDduDfXvR

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:46 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzY2NjUwMDc2NjEwMDAyNzQ4&google_push=AQvitUKaAmpL6KWo1SNZPRS6N3cnp7csQlfc7ifMNGS4v2aeExMYn32epyV1UW6uudKz7-BKkOV4qEi9O3_Djiej63KnDduDfXvR
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 1687
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEAREAKTwX3Gtc1ezvW9DjoA&google_cver=1&google_push=AQvitUI_FJSB1qBBRqfKc7RmZqIb01WAcPut0MNamg5jk5LQ-vuz9iG1QfA16I10Gs_cgB9EKljzCRnD4TtYP3UGc5h6D5KucJtO
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AQvitUI_FJSB1qBBRqfKc7RmZqIb01WAcPut0MNamg5jk5LQ-vuz9iG1QfA16I10Gs_cgB9EKljzCRnD4TtYP3UGc5h6D5KucJtO&goog...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NzI2MjIzODM5ODA0NTk1Nzc0MQ%3D%3D&google_push=AQvitUI_FJSB1qBBRqfKc7RmZqIb01WAcPut0MNamg5jk5LQ-vuz9iG1QfA1...

170 B
190 B

70ms
70ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NzI2MjIzODM5ODA0NTk1Nzc0MQ%3D%3D&google_push=AQvitUI_FJSB1qBBRqfKc7RmZqIb01WAcPut0MNamg5jk5LQ-vuz9iG1QfA16I10Gs_cgB9EKljzCRnD4TtYP3UGc5h6D5KucJtO

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NzI2MjIzODM5ODA0NTk1Nzc0MQ%3D%3D&google_push=AQvitUI_FJSB1qBBRqfKc7RmZqIb01WAcPut0MNamg5jk5LQ-vuz9iG1QfA16I10Gs_cgB9EKljzCRnD4TtYP3UGc5h6D5KucJtO
date: Wed, 07 Apr 2021 11:25:45 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 1687
Redirect Chain

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEDLcTLngaPHy8c9-yMy3zDI&google_cver=1&google_push=AQvitULtiYiLWDKdg0NZyPkLfimiemPAiLmRB9f2CErARMDsmsioi8pK...
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEDLcTLngaPHy8c9-yMy3zDI&google_cver=1&google_push=AQvitULtiYiLWDKdg0NZyPkLfimiemPAiLmRB9f2CErARMDsmsioi8pK...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEDLcTLngaPHy8c9-yMy3zDI&google_cver=1&google_push=AQvitULtiYiLWDKdg0NZyPkLfimiemPAiLmRB9f2CErARMDsmsioi8...
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBmZWVjN2QwNC05NzkzLTExZWItOThjNC0wNjEwMWQwZGYzYWM%3D&google_push=AQvitULtiYiLWDKdg0NZyPkLfimiemPAiLmRB9f2CErARMDsmsioi8pK0lDLvmIsjz...

170 B
190 B

75ms
75ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBmZWVjN2QwNC05NzkzLTExZWItOThjNC0wNjEwMWQwZGYzYWM%3D&google_push=AQvitULtiYiLWDKdg0NZyPkLfimiemPAiLmRB9f2CErARMDsmsioi8pK0lDLvmIsjzufBfi8rBKHP0zmLTUQfAvyCTD0UaEBLRqSTQ

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 07 Apr 2021 11:25:46 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBmZWVjN2QwNC05NzkzLTExZWItOThjNC0wNjEwMWQwZGYzYWM%3D&google_push=AQvitULtiYiLWDKdg0NZyPkLfimiemPAiLmRB9f2CErARMDsmsioi8pK0lDLvmIsjzufBfi8rBKHP0zmLTUQfAvyCTD0UaEBLRqSTQ
Connection: keep-alive
Content-Length: 0

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame 1687 0
16 B 69ms
67ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L4byXx6nnygO02oWsI54q7mHpgIxLTX_uPjJZCMlxjKCDKyjsdXaKvQUAYTXTwcJlyLyS_yg

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dpixel
cms.quantserve.com/ Frame EAAC 35 B
362 B 14ms
9ms Image
image/gif 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPW2dIa09MdJPC3WvEVdSmA&google_cver=1&google_push=AQvitULwb9ZooD_VX6L4XZtOmW2x5G6cZoPwuwep1ZV_n6u755Fu7YOzROX6yettp9mrXZNy34Av2KERkyw40BZYXI-x-Yd8Tzg

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:45 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame EAAC
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESELUAwXt4fWbdJHwgDieuzvU&google_cver=1&google_push=AQvitUKmnYoBEaiLF2NP0iEAAIDAZX_bmnAIZqg8QJ6EfdShTe4Cj99FnmsqrRiibJU4-YadnN2U9aLoWAixiQX9...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=VS2E_oaSTFWpIunBUzrgog2&google_push=AQvitUKmnYoBEaiLF2NP0iEAAIDAZX_bmnAIZqg8QJ6EfdShTe4Cj99FnmsqrRiibJU4-YadnN2U9aLoWAixiQX9vQgQY600FzI

170 B
190 B

70ms
70ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=VS2E_oaSTFWpIunBUzrgog2&google_push=AQvitUKmnYoBEaiLF2NP0iEAAIDAZX_bmnAIZqg8QJ6EfdShTe4Cj99FnmsqrRiibJU4-YadnN2U9aLoWAixiQX9vQgQY600FzI

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 07 Apr 2021 11:25:46 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.15.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=VS2E_oaSTFWpIunBUzrgog2&google_push=AQvitUKmnYoBEaiLF2NP0iEAAIDAZX_bmnAIZqg8QJ6EfdShTe4Cj99FnmsqrRiibJU4-YadnN2U9aLoWAixiQX9vQgQY600FzI
x-host: tde-deliveryengine-production-75dcf9479f-fkb54
alt-svc: clear
content-length: 0

GET match
um.wbtrk.net/doubleclick/user/ Frame EAAC 0
0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame EAAC
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESECNFhhnw9E7LcIvDR03nSuk&google_cver=1&google_push=AQvitUKWnKjMRow2rQSaGR5X0Tf58qOMrIaADZg6KlL0RRM6xLwG-t6wMlLaDiGGE-CVKtdOLP1U_7-d...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESECNFhhnw9E7LcIvDR03nSuk&google_cver=1&google_push=AQvitUKWnKjMRow2rQSaGR5X0Tf58qOMrIaADZg6KlL0RRM6xLwG-t6wMlLaDiGGE-CVKtdOLP1...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTM5NzQ3ODYzNDcyOTk3OTk3NA&google_push=AQvitUKWnKjMRow2rQSaGR5X0Tf58qOMrIaADZg6KlL0RRM6xLwG-t6wMlLaDiGGE-CVKtdOLP1U_7...

170 B
190 B

70ms
69ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTM5NzQ3ODYzNDcyOTk3OTk3NA&google_push=AQvitUKWnKjMRow2rQSaGR5X0Tf58qOMrIaADZg6KlL0RRM6xLwG-t6wMlLaDiGGE-CVKtdOLP1U_7-daQBPe4tTA68UlhFrOmoJ

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:46 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTM5NzQ3ODYzNDcyOTk3OTk3NA&google_push=AQvitUKWnKjMRow2rQSaGR5X0Tf58qOMrIaADZg6KlL0RRM6xLwG-t6wMlLaDiGGE-CVKtdOLP1U_7-daQBPe4tTA68UlhFrOmoJ
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame EAAC
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEItTKZG1kUWN2sv0XGL2lng&google_cver=1&google_push=AQvitUIVK7O4O7yfZ-YCa6jSbW3nupOXY6QB07-30Y5DDYALi1PslYKTYENO7U4MIIARDSCQaYBsoPH-3Xaqfc-vJ64OffXL_zXj
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIVK7O4O7yfZ-YCa6jSbW3nupOXY6QB07-30Y5DDYALi1PslYKTYENO7U4MIIARDSCQaYBsoPH-3Xaqfc-vJ64OffXL_zXj&google_hm=keM-veglhdGcteci2aRnFQ==

170 B
190 B

72ms
71ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIVK7O4O7yfZ-YCa6jSbW3nupOXY6QB07-30Y5DDYALi1PslYKTYENO7U4MIIARDSCQaYBsoPH-3Xaqfc-vJ64OffXL_zXj&google_hm=keM-veglhdGcteci2aRnFQ==

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:46 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIVK7O4O7yfZ-YCa6jSbW3nupOXY6QB07-30Y5DDYALi1PslYKTYENO7U4MIIARDSCQaYBsoPH-3Xaqfc-vJ64OffXL_zXj&google_hm=keM-veglhdGcteci2aRnFQ==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: oucf8ir8rr54aof35nppr522t3e6fitf

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame EAAC
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEF...
https://sync.targeting.unrulymedia.com/csync/RX-4f07bd75-2884-4bb8-9b56-5acc2f023ecf-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAQvitUJwzeMHlFgCL1XBMos_B...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUJwzeMHlFgCL1XBMos_BxV_xHC57Z_F83ODjJwz1Gzvy804obSbZ3XOd0kCRzJEgRI82slP_ZE-TwiOmAvQK80e5k13phA&google_hm=A08HvXUohEu4m1ZazC8CPs8
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUJwzeMHlFgCL1XBMos_BxV_xHC57Z_F83ODjJwz1Gzvy804obSbZ3XOd0kCRzJEgRI82slP_ZE-TwiOmAvQK80e5k13phA&google_hm=A08HvXUohEu4m1ZazC8CPs8&go...

170 B
190 B

71ms
70ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUJwzeMHlFgCL1XBMos_BxV_xHC57Z_F83ODjJwz1Gzvy804obSbZ3XOd0kCRzJEgRI82slP_ZE-TwiOmAvQK80e5k13phA&google_hm=A08HvXUohEu4m1ZazC8CPs8&google_tc=

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:46 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUJwzeMHlFgCL1XBMos_BxV_xHC57Z_F83ODjJwz1Gzvy804obSbZ3XOd0kCRzJEgRI82slP_ZE-TwiOmAvQK80e5k13phA&google_hm=A08HvXUohEu4m1ZazC8CPs8&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 414
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame EAAC
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEBQ9jJdhLRy7Th3VjtFy2-A&google_cver=1&google_push=AQvitUI6Ibz-HXBdCub1czfc9jr3QrLaOaPlsELuSLLZ3oVXvC-J6FccL3W8QVq-oAMxB3YROS...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1NRkh0N0VSRTJ1R2M2QkxyNnIuVHN1ME5VbnpKWkQxNn5B&google_push=AQvitUI6Ibz-HXBdCub1czfc9jr3QrLaOaPlsELuSLLZ3oVXvC-J6FccL...

170 B
213 B

70ms
70ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1NRkh0N0VSRTJ1R2M2QkxyNnIuVHN1ME5VbnpKWkQxNn5B&google_push=AQvitUI6Ibz-HXBdCub1czfc9jr3QrLaOaPlsELuSLLZ3oVXvC-J6FccL3W8QVq-oAMxB3YROStjP7zR7lODYwG_SGqiaWLVFrbnfQ

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 07 Apr 2021 11:25:46 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1NRkh0N0VSRTJ1R2M2QkxyNnIuVHN1ME5VbnpKWkQxNn5B&google_push=AQvitUI6Ibz-HXBdCub1czfc9jr3QrLaOaPlsELuSLLZ3oVXvC-J6FccL3W8QVq-oAMxB3YROStjP7zR7lODYwG_SGqiaWLVFrbnfQ
Connection: keep-alive
Content-Length: 0

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame EAAC 0
16 B 69ms
67ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IER6dH2t05tL1hkWTdfcga9w9kO6MV9u1aOXoviLNApu7ni6wqtCNuZi5hDgHNl9Oa08JBjg

Requested by

Host: f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com
URL: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:45 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 200 DE6_jZsYe42TxIvZMyCjeDFY2mBt4gt7GQO59cBhhbM.js Show response
pagead2.googlesyndication.com/bg/ Frame 8542 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/DE6_jZsYe42TxIvZMyCjeDFY2mBt4gt7GQO59cBhhbM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c4ebf8d9b187b8d93c48bd93320a3783158da606de20b7b1903b9f5c06185b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 09:04:04 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 24 Mar 2021 17:18:00 GMT
server: sffe
age: 8501
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5698
x-xss-protection: 0
expires: Thu, 07 Apr 2022 09:04:04 GMT

GET
H3-Q050 200 DE6_jZsYe42TxIvZMyCjeDFY2mBt4gt7GQO59cBhhbM.js Show response
pagead2.googlesyndication.com/bg/ Frame 6602 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/DE6_jZsYe42TxIvZMyCjeDFY2mBt4gt7GQO59cBhhbM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c4ebf8d9b187b8d93c48bd93320a3783158da606de20b7b1903b9f5c06185b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 09:04:04 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 24 Mar 2021 17:18:00 GMT
server: sffe
age: 8501
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5698
x-xss-protection: 0
expires: Thu, 07 Apr 2022 09:04:04 GMT

GET
H3-Q050 200 DE6_jZsYe42TxIvZMyCjeDFY2mBt4gt7GQO59cBhhbM.js Show response
pagead2.googlesyndication.com/bg/ Frame B22E 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/DE6_jZsYe42TxIvZMyCjeDFY2mBt4gt7GQO59cBhhbM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c4ebf8d9b187b8d93c48bd93320a3783158da606de20b7b1903b9f5c06185b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 09:04:04 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 24 Mar 2021 17:18:00 GMT
server: sffe
age: 8501
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5698
x-xss-protection: 0
expires: Thu, 07 Apr 2022 09:04:04 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
6 KB 20ms
20ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021040501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021040501.js?31060697

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d301f738fc62e61af65e49ed361227ca3109489244a03ddebeea8108eeb6055e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 07 Apr 2021 11:25:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6496
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021040501.js?31060697

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Wed, 07 Apr 2021 11:25:46 GMT

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame D537 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://hillreporter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://hillreporter.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Wed, 07 Apr 2021 11:22:07 GMT
expires: Thu, 07 Apr 2022 11:22:07 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 219
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8542 0
111 B 43ms
42ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B1s_duZZtYPa-E5rm3wO9lbD4CQAAAAA4AeAEAg&bg=!RUalRgLNAAY56aLOOek7ACkAdvg8Wrh2eYx5V3CHHTJecw6oCez5o3zpkrxGMUpH3d3mKzN0p9iu2wIAAAGCUgAAADhoAQcKAJlGtV2s-u8otyoSGYtWN-dItSen7bfCPL6TEM_cAFitrigth1d8CkbL_QOq0KqOPVsSB_HjMYjqWuad6ErmXjd7Y7k9SWL73QvowDthqC03thuGy07BGQcp0IWzIEcCWNMc48bfobjtSlUG8NSWM9IAWyhFECXMhRttRcr9JblRbo8nNQHPaDCEX4l96TwTNiPhE_nmaIude-2ZAnfw0_uCWv0-pCAhkYHadkqEfhmMkkOij3um8mxNvtqQQ7xX6GWAjmXJJbWISwhegjfjzsbSHefyFmFZvtZR-licFFA3G2CHen3bMZSyGoN-l3rhr0AGpnY66ThPSz0HI5TmrHfAriCSrWel3oPe-5YAeaZrgw0RGQAfjaNpEPBRUnLPV-3srzajL3GL1SCeLq5OeWzR3HV17XFhJtoSWpQcoAEFjfiYmZSc3gKWl0LDZeXMHDkhmoAAcMXdFeLZCFrRSMq4iA9QjtxEt3m7vkcGKcXNHosIZqHzvq-JwotffA4--duy1GPTQEJIPJsvQ8tuxXcA84s0fEu4d2t2vkNgrF-8yx3JZCqWneYc_kxnYKe6mKE8Fzf-4xGcAvXJZPQJLfG1iKWZ4YgO4JvPpIhzrhI0Ac71mDWdSmMWwBe6Kg2jbedwUUSUnz01ASyrh4PmOBUUBkAwbHJsapNPSDw9mMeItAatDqNrUkogTmyByb5iogorvrfEDdTgdm7YFLf1jHCzdpmFtRU_iqLc-EKxY8ttHSQboQvtRc_GuKz60AYkWGf3fmJ81d3ExW-Txm13z8x6kdA6Bs3UwdS3wezggrSRCN1WUqkgifWSMHqC-iuvZCUy_rzOeczik8TP5dLz9YcVN3anCDY3N9NRvJxIlDAiTh5EOVf5JpUTHFdKB3K0jBRWLpFKmncjyPv2V8GezcXfoW_8y-UQsrX-pVRmR4Ou6nEZorMz-ZDQ09UTPtg7xZEpHZeFm5qp4Y336pD3p8pZu5_Gyfw8gckrdCMxu_2cyty_kwA4jhaC6JvTrnokWkcS1WXrKy43Bi_xT5s-Xl0FAwax

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6602 0
23 B 40ms
39ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BPiPkuZZtYNWvE9Pv3wOczKK4DgAAAAA4AeAEAg&bg=!iYqlis7NAAY56aLOOek7ACkAdvg8WjPbcwJMBbLt2FcpqWo0gce5Dc2tpLmd9zx3UNZyr1YkzNbDsQIAAAF6UgAAADJoAQeZAm2DFzT0xn4X5Q3TDO0krIuIlTyaQ0r2hhILLat2Ct4A0sLO_hWfq_0nkKrlGi8bNOtVgZRaMsTbw25nihtEhPisjg5N5_dLKGGIc60fURXtBIyKyT1w7OozlWPQ5E2L-AziIPMl0jCz1tA7fQ0WXxK8W8O9q3T1pWNeCTXlrmv_VYjXU1QqplJ87-dLMNTRNroMUehumrKpqvDClvwBRXXK8SpjkBOjIB3cXXqb-R846vJacw8x7Fpi8U_dV7av4BwV2R1Wo356IPpm5LpiQDDiTwLXIer4YiAWMJLhFQyKZme_7p6qX11HqXsW9iutmTPuz36tSozH5olGdScP9LAtVLq9NBR300r3xHQUlYKQVX7LcpyDcd5aGZU8tahCPP4GHmnryg3tnALNxYIt4dqYfZr3OGasyZSphLlkNyibbfWCDsj4EhBcYPbUGaWpfLIHrLhefhSIveHrytt0rYCcioLgebqvza0bjBrNNEod2Eit_QXX9vleeT_dpsdUzND70bUKXRUYDkcAx4FHDE_Pnyq2JTCsM1Wk8BjjJtCRAf2sUdXXseKZxDlq_V1SeKgMbfprJ3c7RIvM_vRMF8HQKhJq5pzVKHP26NCb8rVea26KGmemE2j3MY8CD-Zn-yXLu58vDObtpz-TjE8iS1GoPnMqRzTuWQ9K-TpvVZajshQLQ-EHQiqbeeqw4QSl8HJUQWwma2qfAMNFrYSSz-xt_Vni1EoODbmIUfGgvfukL51dIbsbdccCuXDhAojYcmR3JyntRUoYNXcKTzOcrTsbYgOCYQxfvXA3mbw-laFqGG26t0D0ovYjC_pGR1Y

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B22E 0
23 B 42ms
42ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BHTTruZZtYNbCE5CKjuwPr4umwA4AAAAAOAHgBAI&bg=!XF-lXxvNAAY56aLOOek7ACkAdvg8WikBOddRPGa5OJVtrbkZv2IlYqZr-o-U60ZLeYO8wtEvUktXCAIAAAF5UgAAABloAQcKAO2hhEAkN_73GI4v3fv81HtzrIht3gTyePQJfEkUt7G-ww3lwQ5AKvtN1kGOGPS1yHDKxKY8QMG8iIFReRmZG0felrF3mxxES90ppYoq7gqfUYy8fi3aseMhEvODw0Fd6AuNYIJ4JTwcZdSYVpeRRxN2HujVDsHgOJywhpxkS1nGY0n5AfFJdayRyFSkpJcVPkSaLN4Z7JrWnDaJcv2aO-mfoZ6xZbJ6N4-Sj8stsmzSpSAN77agTgaqqVFsKgwp41YUjiG4ehJ3TY1wIWcFDLXFvoXU4-eEw6d1okuSS6DApOEeWUJ_oAUpz_Ml32iZAm0CzHz6ulTQ9PPXxMmy_p6qJ598uXJ5NpIYB_OtHhUB5rEuLG2hFbKvwxsNix2Q-awCm0cNosMfN4tz4GV8QOnowfsbHDrmIYOuwep5_HmRhwhMyALwDZJKD8jTX6XB8bYNWCyJ_Eiw9znEDUrpc3UKt3J9lyJQfSPqghbzsIGqpDc8J7KZ0CWbqlKR7FYEzVNhsMO_wis8qB0JvDdwDgBh73xtG-lE2duNH3qoxAypWUeP_7He_f-Ly_cIAzJ2j1FtXIjwZ-litseQPwABWcqFGMFFW-ZqGQAQ5-T9iHn9SykVzVy9nN3FiL3Sj6S2a5bBtMFK1TNtDZ-j3E6hEVt3yCDv7bus00hqHrFJdXHJnFaGsW57F7b9ZHMfKGpLeR7za58zP5IK4Xu5VKdVzLQ160Ek-msV9AbvWRWj7gR8M5fTXrn5Bo8vDU32t0M_YlhNs8pJhMoK0JBw2RtqjC0K_Ko9WwKyI5VCZlc8slVxkZPHBTeWInl-rzKWvgtAkA1hzg9jB1WtR-n9S7k5KStVFpPsycVagX7l-g4bIS1b2RwvsGHSofelp1mACKgkjKLsaecIBQmPtlJ4AKV-PLaRpVsCuRuWIk_kLbwTGUWyyJlUC_IQtSK39M9XPitlbSOUsJ4muuWwAoxdk5RBZkhHbkmk6si46wsPKL-T_mH_aZDkgVwPEA8PHdWfi8GyrCKqQS1UA1cWMg1xjcBcAADqK27Fh8ylQOVDWz---C_c3XwOqCocblvFqWSDWVDUmxQh1GFunQEfSTYijbvNAJbByZ7d0Ix0mhHgj6Ekzjuxc4NZFAPYqRgxRs0lQUs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 DE6_jZsYe42TxIvZMyCjeDFY2mBt4gt7GQO59cBhhbM.js Show response
pagead2.googlesyndication.com/bg/ Frame D537 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/DE6_jZsYe42TxIvZMyCjeDFY2mBt4gt7GQO59cBhhbM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c4ebf8d9b187b8d93c48bd93320a3783158da606de20b7b1903b9f5c06185b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 09:04:04 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 24 Mar 2021 17:18:00 GMT
server: sffe
age: 8502
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5698
x-xss-protection: 0
expires: Thu, 07 Apr 2022 09:04:04 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
23 B 41ms
41ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021040501&jk=2118233785719736&bg=!uLulu__NAAY56aLOOek7ACkAdvg8WkBP85mldcCROmHZcEhlBNR_qFScaNpvlma3yftp8wssCLQZVwIAAAB5UgAAABBoAQcKAaJbz1b5B-3y4f4AKs3JnXv7_Of5MnigEx6Dhz4k-252ZQUs9ywO7xlfRgVyaf6-64gObMODbJLkAfaUAuVZUQbuidWTiuT0qaJbFRfB5lbPoAVXyTjEhWucueQ2ivTajdpJFm4hbzbndkpnGK4L-Ow-ArxIxozSQsBwOpscnRRjUnKaYRV-XPyc7vquUXUAYKy4WSiT1r3v25qFto2j6tk1hKZblzEbmqxYhJkpkLcfSqQwGG1Z9BNufMlSdlWP0DXHA7MIsaY775ex3T3aJ5RK-lzTh_2BdtXMYZCGhPxj6cR3qgI80n1Gdrt5_XCfRT03-hf1JAavXMEQDBs8C8wXXrGW0awCHwSC3dTKabkkVuWcYY6qL62mj4JA-83PUy3ivsm80ovsG39Y93ZIO6ULoj8Q8in9xYHsBI8rNOpGlPTfVLFh0B5dy3QcG8M8NBGWIdbsTxVG3To91dT-glMgmr_dTlW-fW5Y-95HGFbhi-2WUvg5LZwhBNDP3m3h6yVMPsoQQMBgvQc7vDymF7rTRJkbqOO3qwxbi531CIFNEo02mQHU-DueSimV8N3n46iB2ZWnQ-B5061W-R6CaQQJadXw9CyL30_bc78AwMiLV5G4Q5ffc2HPje1rkhnzO_OARDDbZoKt4IWRaMeCeIrD4Gi5ja2x06FxtpZgkOonm2F3ENRIv8VwzsiRscKe9A1TqiORCiHFKWwIeNjq-aHZrLQUc4R2ltt_Z-7lXZqfJ7Yvw51onoHpcb3uTIB4tudvTdTa7LowChSReF6HZLlryXi0LO4IIWrumMpmxnicaaMmh45Cf6mpiCmEKkq0vQlY39h7ULI8HpjYiZl0Z87syI_y5-TgytoitA1PtQWzrrvKOsnWc9h39640ZN5Gl7lrguwp56Da6RP_P_th9Uy7mrxcjZq9Pa019zCEXVaDko1uumRuWX7fkE9n3fj46vP4H5MXIaMkw9AKRGuenRnDT9RZYOtwt7_KKX24rwtSUPyioXZkviG97Amnskyxy02ng_e-qvbQ0OCyJRploOYVcIk8fjJvq4k7RwzlLZWHuqqz_NMz25h5jevykClquAv_e50-NpfGCkmPaaod2iQKQFBf7aiAUTZFybpBXogSqdW_X4FQ8wp5KRN0URjbsFhLrCgjQyLgsjpEfUOYbxdCbIwL9CzqIov9

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2130 42 B
479 B 72ms
58ms Fetch
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv56DazDBBBirOF32O_800yiPLoSAx1eXejKmWDyHuOcXBSTCCDpTp6T4yS7w4PFGjpoJ3itN4cWy51Ca1GeVEQx4VWJR8lK6kG1vtB72kss9ntqfLQwFcu2ydCaWWzToeA0f6on6-GwA7xKQYGEGpPsw&sai=AMfl-YQBb1HncWYWHXchLSkBqT6QnsQ3P0u6zRMtkKDWEgYsig57VapaVrKhjJWdhnyGifhGCC1tPAKp8hxwY_cdvGByh7Bo5PVKIgM5OGxqNLb5ElbVvPvB5w-e8sw&sig=Cg0ArKJSzDE9upMB_XvIEAE&cid=CAASF-RoB5nK2ZJLRgRQZqOWCl0GgEOERKfA&id=osdim&mcvt=1000&p=1110,436,1200,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210405&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=4241150287&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1617794745179&dlt=17&rpt=262&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B6B1 42 B
66 B 44ms
44ms Fetch
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstR9mRR5nvNXDtpaD3OgGcoxu8zxWGLCvvWIAQW1zVGUvK6bXAJUhYOh7pUJe-sgVtV4FaOYgBY-LDX3lP_mJz9agF0nDl0suyUrvMCQHZlHhd_ibKEd3_7NRRxYw&sai=AMfl-YR1RcRA54X1XisBGGbFZEOB0wCUoxapHQtepazj6jeX5W6v6a8tC2tqsseCW8M6bnxCdBZED9SKhOp0egPqk5IW4tknQboV79gMIY5eHsTBO2AaP1XGtpY1foo&sig=Cg0ArKJSzH79AZVf1uhgEAE&cid=CAASEuRoyYYcT0KlO6V39kDNfkv2-g&id=osdim&mcvt=1001&p=226,650,480,950&mtos=0,1001,1001,1001,1001&tos=0,1001,0,0,0&v=20210405&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&app=0&itpl=20&adk=2004394596&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1617794745137&dlt=47&rpt=497&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8247 42 B
66 B 44ms
44ms Fetch
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst4yvFRkciUBP_ujk_d-AAfI244lROj4lSDTM8fDRsNjhBq_3EyCddxzlguFRKlwilimYMr91l5GE7hDWyqKGpTr7YhHCoYf6GdIZe3HOR-1F9HIViwUHCVnypilA&sai=AMfl-YQbtk0WRluw-vrUWd2IqMh2YkhBUgTniX8rCn9kQArFIOd6GX0W3xYqHNdEXhzNPqwFdXglaU20OA4ZJfvxZLxbNm5uuIRmxXcDEjzfn_1jWSjoTgC-PUl7oBc&sig=Cg0ArKJSzFjzuazKi2IOEAE&cid=CAASEuRopk8RX_wrsPw1L6ep5avs5g&id=osdim&mcvt=1013&p=640,650,894,950&mtos=0,1013,1013,1013,1013&tos=0,1013,0,0,0&v=20210405&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&app=0&itpl=20&adk=3596030282&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1617794745139&dlt=48&rpt=490&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f1ceb1269c267ad2e94c4f720644b007.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/ib/static/usersync/v3/ Frame 1C3E 995 B
875 B 177ms
58ms Document
text/html 23.218.208.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-187.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 8730c26defc411dd8a51f1da47e5ae3804fab6868f7914a26b09d8e0791bbe39

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://hillreporter.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://hillreporter.com/

Response headers

Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: "573e714d-3e3"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 506
Cache-Control: max-age=31536000
Expires: Thu, 07 Apr 2022 11:25:48 GMT
Date: Wed, 07 Apr 2021 11:25:48 GMT
Connection: keep-alive

GET
H2 200 iframe Show response
mantodea.mantisadnetwork.com/prebid/ Frame 86D1 332 B
571 B 139ms
139ms Document
text/html 52.22.61.253
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-120&buster=1617794742971&secure=true&version=9&mobile=false&title=Pharma%20CEO%20Reveals%20Donald%20Trump%27s%20Sinister%20Vaccine%20Ideas%20%7C%20HillReporter.com&url=https%3A%2F%2Fhillreporter.com%2Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334%3F_hsmi%3D96965274%26_hsenc%3Dp2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.22.61.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-22-61-253.compute-1.amazonaws.com
Software: / Express
Resource Hash: 98df0c08f0bcc86bd3397315ef1b9a24ea5593c6e753dc4afcc2d476b671432e

Request headers

:method: GET
:authority: mantodea.mantisadnetwork.com
:scheme: https
:path: /prebid/iframe?tz=-120&buster=1617794742971&secure=true&version=9&mobile=false&title=Pharma%20CEO%20Reveals%20Donald%20Trump%27s%20Sinister%20Vaccine%20Ideas%20%7C%20HillReporter.com&url=https%3A%2F%2Fhillreporter.com%2Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334%3F_hsmi%3D96965274%26_hsenc%3Dp2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://hillreporter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://hillreporter.com/

Response headers

date: Wed, 07 Apr 2021 11:25:48 GMT
content-type: text/html; charset=utf-8
content-length: 332
x-powered-by: Express
vary: Origin
access-control-allow-credentials: true
cache-control: private, no-cache, no-store, must-revalidate
pragma: no-cache
expires: -1
etag: W/"14c-5/YnmpJZOJCTzWRJvyoFAmZHKIs"

GET
H/1.1 200
OK Cookie set check.html Show response
biddr.brealtime.com/ Frame C6F8 926 B
1 KB 124ms
50ms Document
text/html 104.17.119.107
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://biddr.brealtime.com/check.html
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.17.119.107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Host: biddr.brealtime.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://hillreporter.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://hillreporter.com/

Response headers

Date: Wed, 07 Apr 2021 11:25:48 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=df3404ed7674f42c429c535f2f8d912851617794748; expires=Fri, 07-May-21 11:25:48 GMT; path=/; domain=.brealtime.com; HttpOnly; SameSite=Lax
x-amz-id-2: PDpVQFMB7Plni1kdUv8bHleeuXAB94tJrPSqFWb9VzAF/wb6yvagp7GHM3Pa6xMOqZ7TP6znRjI=
x-amz-request-id: 6A24845899282E4B
Last-Modified: Tue, 08 Sep 2020 13:51:51 GMT
CF-Cache-Status: HIT
Age: 5919
Expires: Wed, 07 Apr 2021 11:26:48 GMT
Cache-Control: public, max-age=60
cf-request-id: 094dade74a0000f13a9cb50000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 63c2e5b87855f13a-ARN
Content-Encoding: gzip

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 7394 38 KB
14 KB 207ms
89ms Document
text/html 23.218.208.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.200 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-200.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 6f80d2ce30fd487ef699cbde41c7c334981b9c49d5ac09de4023346911b10696

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://hillreporter.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://hillreporter.com/

Response headers

Last-Modified: Thu, 01 Apr 2021 09:51:48 GMT
ETag: "13006b6-98c9-5bee62e0efabf"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14061
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=115506
Expires: Thu, 08 Apr 2021 19:30:54 GMT
Date: Wed, 07 Apr 2021 11:25:48 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 iframe Show response
sync.teads.tv/ Frame D7F9 153 B
1 KB 85ms
85ms Document
text/html 104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.teads.tv/iframe?gdprIab=%7B%22status%22%3A0%7D
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.1.9 /
Resource Hash: 716a727e47216ad28191f60fb09d59015b1bcb3df8cc32b5bb94f73d534a5732

Request headers

:method: GET
:authority: sync.teads.tv
:scheme: https
:path: /iframe?gdprIab=%7B%22status%22%3A0%7D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://hillreporter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://hillreporter.com/

Response headers

content-type: text/html; charset=UTF-8
server: akka-http/10.1.9
content-length: 153
expires: Wed, 07 Apr 2021 11:25:48 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 07 Apr 2021 11:25:48 GMT
set-cookie: tt_bluekai=; Expires=Thu, 08 Apr 2021 11:25:48 GMT; Max-Age=86400; Domain=.teads.tv; Path=/; Secure; SameSite=None tt_exelate=; Expires=Thu, 08 Apr 2021 11:25:48 GMT; Max-Age=86400; Domain=.teads.tv; Path=/; Secure; SameSite=None tt_emetriq=; Expires=Thu, 08 Apr 2021 11:25:48 GMT; Max-Age=86400; Domain=.teads.tv; Path=/; Secure; SameSite=None tt_liveramp=; Expires=Thu, 08 Apr 2021 11:25:48 GMT; Max-Age=86400; Domain=.teads.tv; Path=/; Secure; SameSite=None tt_neustar=; Expires=Thu, 08 Apr 2021 11:25:48 GMT; Max-Age=86400; Domain=.teads.tv; Path=/; Secure; SameSite=None tt_salesforce=; Expires=Thu, 08 Apr 2021 11:25:48 GMT; Max-Age=86400; Domain=.teads.tv; Path=/; Secure; SameSite=None tt_dar=; Expires=Thu, 08 Apr 2021 11:25:48 GMT; Max-Age=86400; Domain=.teads.tv; Path=/; Secure; SameSite=None tt_skp=; Expires=Thu, 08 Apr 2021 11:25:48 GMT; Max-Age=86400; Domain=.teads.tv; Path=/; Secure; SameSite=None tt_retargetly=; Expires=Thu, 08 Apr 2021 11:25:48 GMT; Max-Age=86400; Domain=.teads.tv; Path=/; Secure; SameSite=None

GET
H2 200 quant.js Show response
secure.quantserve.com/ Frame 86D1 23 KB
9 KB 8ms
7ms Script
application/javascript 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-120&buster=1617794742971&secure=true&version=9&mobile=false&title=Pharma%20CEO%20Reveals%20Donald%20Trump%27s%20Sinister%20Vaccine%20Ideas%20%7C%20HillReporter.com&url=https%3A%2F%2Fhillreporter.com%2Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334%3F_hsmi%3D96965274%26_hsenc%3Dp2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 16d7d7227f6d8251224d32cd45c81633a3a9d63bf35cd84b1d99d389becb5030

Request headers

Referer: https://mantodea.mantisadnetwork.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:48 GMT
content-encoding: gzip
etag: "YoFsxqR3BwPygbSjh02Dug=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Wed, 14 Apr 2021 11:25:48 GMT

GET
H2

200

query
ecs.mantisadnetwork.com/sync/pixel/ Frame 86D1
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=rjrqv8k&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=rjrqv8k&ttd_tpi=1
https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=3adc4e78-78a0-4f7f-bb50-200e43e3be2f

35 B
152 B

162ms
152ms

Image
image/gif

52.22.61.253
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=3adc4e78-78a0-4f7f-bb50-200e43e3be2f
Requested by: Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-120&buster=1617794742971&secure=true&version=9&mobile=false&title=Pharma%20CEO%20Reveals%20Donald%20Trump%27s%20Sinister%20Vaccine%20Ideas%20%7C%20HillReporter.com&url=https%3A%2F%2Fhillreporter.com%2Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334%3F_hsmi%3D96965274%26_hsenc%3Dp2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.22.61.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-22-61-253.compute-1.amazonaws.com
Software: / Express
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://mantodea.mantisadnetwork.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:48 GMT
x-powered-by: Express
etag: W/"23-X71HIiL+uKIs9biqXcW44Tr4jis"
content-length: 35
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:48 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=3adc4e78-78a0-4f7f-bb50-200e43e3be2f
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 241

GET
H2 200 rules-p-8p-p7hkcWNjJm.js Show response
rules.quantcount.com/ Frame 86D1 3 B
349 B 16ms
16ms Script
application/x-javascript 2600:9000:2016:d000:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-8p-p7hkcWNjJm.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2016:d000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://mantodea.mantisadnetwork.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 08:29:38 GMT
via: 1.1 dabb0767cb7bc0fc02f46ee84ad4dbd9.cloudfront.net (CloudFront)
last-modified: Sat, 04 Mar 2017 20:14:17 GMT
server: AmazonS3
age: 10571
etag: "8a80554c91d9fca8acb82f023de02f11"
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
content-length: 3
x-amz-cf-id: IL3c1DFqyrK-FOnSHI429rzdWDjJak7qv-I0dSKSYCi5AwlCm37GHA==

GET
H2 200 pixel;r=1742030545;labels=property.5cd4a43e83eac200087e1fc0;rf=0;a=p-8p-p7hkcWNjJm;url=https%3A%2F%2Fmantodea.mantisadnetwork.com%2Fprebid%2Fiframe%3Ftz%3D-120%26buster%3D1617794742971%26secure%3Dt...
pixel.quantserve.com/ Frame 86D1 35 B
372 B 8ms
8ms Image
image/gif 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1742030545;labels=property.5cd4a43e83eac200087e1fc0;rf=0;a=p-8p-p7hkcWNjJm;url=https%3A%2F%2Fmantodea.mantisadnetwork.com%2Fprebid%2Fiframe%3Ftz%3D-120%26buster%3D1617794742971%26secure%3Dtrue%26version%3D9%26mobile%3Dfalse%26title%3DPharma%2520CEO%2520Reveals%2520Donald%2520Trump%2527s%2520Sinister%2520Vaccine%2520Ideas%2520%257C%2520HillReporter.com%26url%3Dhttps%253A%252F%252Fhillreporter.com%252Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334%253F_hsmi%253D96965274%2526_hsenc%253Dp2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg;ref=https%3A%2F%2Fhillreporter.com%2F;uht=2;fpan=1;fpa=P0-262510681-1617794748310;ns=1;ce=1;qjs=1;qv=e576aef5-20210317211205;cm=;gdpr=0;d=mantodea.mantisadnetwork.com;je=0;sr=1600x1200x24;dst=1;et=1617794748310;tzo=-120;ogl=

Requested by

Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-120&buster=1617794742971&secure=true&version=9&mobile=false&title=Pharma%20CEO%20Reveals%20Donald%20Trump%27s%20Sinister%20Vaccine%20Ideas%20%7C%20HillReporter.com&url=https%3A%2F%2Fhillreporter.com%2Fpharma-ceo-reveals-donald-trumps-sinister-vaccine-priority-97334%3F_hsmi%3D96965274%26_hsenc%3Dp2ANqtz--psmECarVE4UPC3UAa_NmHdC6srRJO0qYOwu4VQzaaESb1tYlUVI-IMeiDfSkVoR81khRWfG6ZYqsAcx4j4_wg9SCu3O8ArpCQCkGlg_R5s89Vvqg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://mantodea.mantisadnetwork.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:48 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

bounce Show response
secure.adnxs.com/ Frame 1C3E
Redirect Chain

https://secure.adnxs.com/async_usersync?cbfn=AN_async_load
https://secure.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DAN_async_load

0
819 B

65ms
63ms

Script
text/html

185.33.220.243
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DAN_async_load

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Apr 2021 11:25:48 GMT
X-Proxy-Origin: 86.106.103.103; 86.106.103.103; 722.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.146:80
AN-X-Request-Uuid: 1d35f368-b65a-4c86-973f-f0afa63e59cf
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 07 Apr 2021 11:25:48 GMT
X-Proxy-Origin: 86.106.103.103; 86.106.103.103; 722.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.170:80
AN-X-Request-Uuid: c8227350-3fa3-443b-b014-11d1c101875a
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DAN_async_load
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 7394 3 KB
4 KB 233ms
57ms Script
text/html 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=19300476&p=109126&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: be0ea0c808fe0e8c4aa2372a73a84f8a368f8413b12accf5115824c21a7772b3

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 07 Apr 2021 11:25:48 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

Cookie set Pug Show response
image2.pubmatic.com/AdServer/ Frame F1B0
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8570601444235523484

42 B
769 B

231ms
57ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8570601444235523484
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=19300476&p=109126&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: image2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KADUSERCOOKIE=72AC28D2-A95D-4ECF-9DF0-FF6A8BD43FCA; chkChromeAb67Sec=1; DPSync3=1618963200%3A201_227_226_221; SyncRTB3=1618963200%3A21_13_71_54_3_220_56_161_7%7C1619049600%3A35%7C1618358400%3A223%7C1618617600%3A63
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Server: nginx
Date: Wed, 07 Apr 2021 11:25:47 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 42
Connection: keep-alive
Set-Cookie: KRTBCOOKIE_336=5844-8570601444235523484; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 07-May-2021 11:25:47 GMT; path=/ PugT=1617794747; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 07-May-2021 11:25:47 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 06-Jul-2021 11:25:47 GMT; path=/
X-lat: amspug002:0:377
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8570601444235523484
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame 0067 43 B
284 B 210ms
69ms Document
image/gif 178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=19300476&p=109126&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method: GET
:authority: dis.criteo.com
:scheme: https
:path: /dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: Wed, 07 Apr 2021 00:00:00 GMT
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
server-processing-duration-in-ticks: 1341
date: Wed, 07 Apr 2021 11:25:48 GMT
content-length: 43

GET
H/1.1

200
OK

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 7394
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=cqwo0qldTs-d8P9qi9Q_yg%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

8 KB
8 KB

59ms
59ms

Image
text/html

23.218.208.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.200 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-200.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 07 Apr 2021 11:25:48 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Oct 2020 18:57:29 GMT
Server: Apache/2.2.15 (CentOS)
ETag: "1300708-1f78-5b232eb4914bb"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: max-age=34378
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 2654
Expires: Wed, 07 Apr 2021 20:58:46 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 mw
mwzeom.zeotap.com/ Frame 7394 95 B
596 B 48ms
26ms Image
image/png 2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=72AC28D2-A95D-4ECF-9DF0-FF6A8BD43FCA
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:48 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 63c2e5bafa6e3250-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 094dade8da0000325061275000000001

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame 7394
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=72AC28D2-A95D-4ECF-9DF0-FF6A8BD43FCA&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=72AC28D2-A95D-4ECF-9DF0-FF6A8BD43FCA&sInitiator=external&gdpr=0&gdpr_consent=

42 B
602 B

65ms
65ms

Image
image/gif

77.243.60.138
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=72AC28D2-A95D-4ECF-9DF0-FF6A8BD43FCA&sInitiator=external&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 77.243.60.138 Aalborg, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:47 GMT
frontend-id: 0
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 42
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:47 GMT
frontend-id: 2
location: /pubmatic/1/info2?sType=sync&sExtCookieId=72AC28D2-A95D-4ECF-9DF0-FF6A8BD43FCA&sInitiator=external&gdpr=0&gdpr_consent=
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H/1.1

200
OK

Artemis
aud.pubmatic.com/AdServer/ Frame 7394
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=72AC28D2-A95D-4ECF-9DF0-FF6A8BD43FCA&gdpr=
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=72AC28D2-A95D-4ECF-9DF0-FF6A8BD43FCA&gdpr=&fbounce=1
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=72AC28D2-A95D-4ECF-9DF0-FF6A8BD43FCA&addseg=22

7 B
147 B

177ms
64ms

Image
text/plain

185.64.189.249
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=72AC28D2-A95D-4ECF-9DF0-FF6A8BD43FCA&addseg=22
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.64.189.249 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 07 Apr 2021 11:25:48 GMT
Connection: keep-alive
Content-Length: 7
Content-Type: text/plain; charset=utf-8

Redirect headers

date: Wed, 07 Apr 2021 11:25:48 GMT
via: 1.1 google
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=72AC28D2-A95D-4ECF-9DF0-FF6A8BD43FCA&addseg=22
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: text/html; charset=utf-8
alt-svc: clear
content-length: 135

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 7394
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NzJBQzI4RDItQTk1RC00RUNGLTlERjAtRkY2QThCRDQzRkNB&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
505 B

229ms
57ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 07 Apr 2021 11:25:47 GMT
X-lat: amspug005:0:285
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 7394
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEKMc-Esfu4uQMI2WbYl--VA&google_cver=1

42 B
855 B

229ms
57ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEKMc-Esfu4uQMI2WbYl--VA&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 07 Apr 2021 11:25:48 GMT
X-lat: amspug020:0:324
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEKMc-Esfu4uQMI2WbYl--VA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 7394 43 B
610 B 60ms
51ms Image
image/gif 169.50.137.190
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.190 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

be.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:48 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Tue, 06 Apr 2021 11:25:48 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame 7394
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=766650076610002748

42 B
799 B

64ms
64ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=766650076610002748
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 07 Apr 2021 11:25:48 GMT
X-lat: lhrpug018:0:447
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:48 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=766650076610002748
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame 7394
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:f54c606d-96bc-4400-8926-eaa59acd3267&gdpr=0&gdpr_consent=

42 B
946 B

65ms
64ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:f54c606d-96bc-4400-8926-eaa59acd3267&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 07 Apr 2021 11:25:48 GMT
X-lat: lhrpug006:0:294
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Date: Wed, 07 Apr 2021 11:25:46 GMT
Server: MT3 3628 75f709e master zrh-pixel-x13
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:f54c606d-96bc-4400-8926-eaa59acd3267&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 07 Apr 2021 11:25:45 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame 7394
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3adc4e78-78a0-4f7f-bb50-200e43e3be2f

42 B
882 B

64ms
64ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3adc4e78-78a0-4f7f-bb50-200e43e3be2f
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 07 Apr 2021 11:25:48 GMT
X-lat: lhrpug008:0:637
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:48 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3adc4e78-78a0-4f7f-bb50-200e43e3be2f
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 7394
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=9009414776003929772&gdpr=0&gdpr_consent=

42 B
769 B

228ms
57ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=9009414776003929772&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 07 Apr 2021 11:25:48 GMT
X-lat: amspug014:0:351
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Pragma: no-cache
Date: Wed, 07 Apr 2021 11:25:48 GMT
X-Proxy-Origin: 86.106.103.103; 86.106.103.103; 722.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.141:80
AN-X-Request-Uuid: 4762bdff-d7fe-4638-8a70-c17de6547a11
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=9009414776003929772&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 72AC28D2-A95D-4ECF-9DF0-FF6A8BD43FCA
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 7394 43 B
923 B 102ms
33ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/72AC28D2-A95D-4ECF-9DF0-FF6A8BD43FCA?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:48 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

SPug
image4.pubmatic.com/AdServer/ Frame 7394
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=72AC28D2-A95D-4ECF-9DF0-FF6A8BD43FCA&redir=true&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-y4wNrc9E2uXfDPa0lrCmla9KUZr66Uw-~A&gdpr=0&gdpr_consent=

0
587 B

231ms
58ms

Image
text/plain

185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-y4wNrc9E2uXfDPa0lrCmla9KUZr66Uw-~A&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-Cnection: close
Date: Wed, 07 Apr 2021 11:25:48 GMT
Content-Encoding: gzip
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-cache
Transfer-Encoding: chunked
Content-Type: text/plain; charset=utf-8

Redirect headers

Date: Wed, 07 Apr 2021 11:25:48 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-y4wNrc9E2uXfDPa0lrCmla9KUZr66Uw-~A&gdpr=0&gdpr_consent=
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame 7394
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://prod.perf-serving.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic
https://prod.perf-serving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic
https://x.bidswitch.net/sync?dsp_id=366&expires=14&user_id=014b1b07-e9e0-4017-a6a7-8569c9e12da8&ssp=pubmatic&user_group=1
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=2acd77d0-e066-4761-a422-e601a20c46d2&gdpr=&gdpr_consent=&gdpr_pd=

1 B
745 B

65ms
65ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=2acd77d0-e066-4761-a422-e601a20c46d2&gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 07 Apr 2021 11:25:49 GMT
X-lat: lhrpug011:0:969
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=2acd77d0-e066-4761-a422-e601a20c46d2&gdpr=&gdpr_consent=&gdpr_pd=
date: Wed, 07 Apr 2021 11:25:49 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

pd Show response
eu-u.openx.net/w/1.0/ Frame BCCB
Redirect Chain

https://eu-u.openx.net/w/1.0/pd?plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=1
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=1

1007 B
863 B

61ms
61ms

Document
text/html

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=1
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.205.50 /
Resource Hash: 5cd608f1c839b5644e227e39e87b8de520a3936a8f2e57a4d0510f411c342fca

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?cc=1&plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://hillreporter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=11ca3dae-d8f3-057e-35ca-9e3c52cd5cbd|1617794749
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://hillreporter.com/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=11ca3dae-d8f3-057e-35ca-9e3c52cd5cbd|1617794749; Version=1; Expires=Thu, 07-Apr-2022 11:25:49 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1617794749|mOgegqnskin0vNomiygu; Version=1; Expires=Thu, 22-Apr-2021 11:25:49 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.205.50
p3p: CP="CUR ADM OUR NOR STA NID"
date: Wed, 07 Apr 2021 11:25:49 GMT
content-type: text/html
content-length: 545
content-encoding: gzip
via: 1.1 google
alt-svc: clear

Redirect headers

set-cookie: i=11ca3dae-d8f3-057e-35ca-9e3c52cd5cbd|1617794749; Version=1; Expires=Thu, 07-Apr-2022 11:25:49 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.205.50
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=1
date: Wed, 07 Apr 2021 11:25:49 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

POST
H2 200 OpportunityServlet Show response
am-vid-events.taboola.com/ 1 B
121 B 175ms
58ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://am-vid-events.taboola.com/OpportunityServlet
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v12.1.2/OvaMediaPlayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

access-control-allow-origin: https://hillreporter.com
date: Wed, 07 Apr 2021 11:25:49 GMT
access-control-allow-credentials: true
server: nginx
content-length: 1

POST
H2 200 VideoBidRequestHandlerServlet Show response
wf.taboola.com/ 4 KB
3 KB 120ms
120ms XHR
application/json 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=505&height=284&pubid=169497&tagid=953497&crid=5397665&noaop=5&sortOrderType=0&cb=1617794749754&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1056001&pt=1901252860&tz=120&viewable=true&ddast=V7j9ACFgNI3DsZku6duQRI3DsZku6duQUAAAAGBuIHG8QZrFiUCWXFWk5Gu8lssVhOFoPlcDhbDGGDOIMVizKhrFjLyWg3mQ0Wm-VyNhluVpspYAjL7PcdFJTT02N2GURF19tidzjNnjdkoel0-Fz3eqHTbLa8DH_L6WW5a_xuv-DosLwdbo3L75a8bC-H2fMW-e0Os8kturzehs9b87Q7PaeX5S17eDxOu8stuDz9lqfp-VbuNpvRHAAAAAAeAKS4QiF-AAEAIgAAAAAkAAAAACgCKv4tBC4AAAAAMAAQECo1AJw5CuZvtjv8AQDwUAACACCAQQJQwHRSAqBBm3UCAAAAAAAAAMDy____HzMwH_8oAwDiltQD8OAD8EBUcFjECAAAAMBK7ezsaFInVBZVAAAE6VYAVwAAAXisFL15YQAAAAFjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTait8CMt6HG9UO0XEABg7RcQAIBN3QAA3gTggi4AVhcQswMAAAC4-____9cDqcVgN9wtXMbhaDlxWDY2m8PlnC1GG8tsY5xYRt5D7EKctUu4KuzDEJbZ7zsoKKenx-wyiIqut8XucJo995uwxWg1mWyWw9lyMRkMR8PRaH8CuBzgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCIMrUbGiXNkc2tcrsVatLDs1hLfxrIWLReuzWS1cGxGM7fo9TH9ZrvFxrPbomDA1l4EF-lE6DSbLS_D33J6Wd5Cp9lseRn-ltPLchFLNCeLdCK77FuLwW64W7iMw9Fy4rBsbDaHyzlbjDaW2cY4sYz8pdXIOHGObG6Ny7VYixaW3Vri21jWouXCtZmsFo7NaOYWvT6m32y32Hh2-8ZssdstR7vRZt-YLXa75Wg32uw7dIbv6nM2OmvFkkclUQarD5fMfFC4DBbv9nuRtpZXndFlmlwspmto-plYVUL1TOs5mA0K3_PwF04fy3M5nI0ejIpYIjhdpBPRy3i6iCWSp0U6Uc1WM5dpsvGMRsOFc7kcLjzOlcM3Mw5mM9tmOJuIJUrTRTrRC44Oy9vh1rj8bsnL9nKYPW-R3-4wm9yiy-tt-Lw1T7vTc3pZ3rKHx-O0u9yCy9NveZqeb-VusxlN1H90wNlcMZjNFYPNXDHYrBIAAAAAAAAAwBLmzJsAAAAAnAYz2i12q-UCSNh86_40hhK6pHCV7abtmh-UVEgqFzd-nIFOs9nyMvwtp5flLXSazZaX4W85vSxXBpCw4Wbe7Jkg1mq1rAEAAASwAQAAArh18xYICskB!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&amp=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&dtagid=1750105&dpubid=347175&abtst=adh5c-1_vA!insc_vA!pl1213_vB!rvf1_vA!smbs!ufm_vA&mPre=0.033&cirf=https%3A%2F%2Fhillreporter.com&en=1
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v12.1.2/OvaMediaPlayer.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: cc5b23caa6e1e9c7cd937a9eaa679e09c54ecf7829060f894e55a9a3ffce0bca

Request headers

Referer: https://hillreporter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

date: Wed, 07 Apr 2021 11:25:49 GMT
content-encoding: gzip
access-control-allow-origin: https://hillreporter.com
machineid: 1458
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-hhn11535-HHN
pragma: no-cache
server: nginx
x-timer: S1617794750.786313,VS0,VE65
vary: Accept-Encoding
content-type: application/json;charset=utf-8
via: 1.1 varnish
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
link: <https://search.spotxchange.com>; rel=preconnect
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 56a164b3-e1d8-a8c0-5ecb-4021c9bda209
pr-bh.ybp.yahoo.com/sync/openx/ Frame BCCB 43 B
192 B 33ms
32ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/openx/56a164b3-e1d8-a8c0-5ecb-4021c9bda209?gdpr=1

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 11:25:49 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame BCCB
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=rTzNMCZq1Lu6jH5

43 B
106 B

60ms
59ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537072979&val=rTzNMCZq1Lu6jH5
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.205.50 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:49 GMT
via: 1.1 google
server: OXGW/16.205.50
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 07 Apr 2021 11:25:48 GMT
Server: PingMatch/v2.0.30-639-g719035a#rel-ec2-master i-080424a23a22eec76@eu-central-1a@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://eu-u.openx.net/w/1.0/sd?id=537072979&val=rTzNMCZq1Lu6jH5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame BCCB
Redirect Chain

https://x.bidswitch.net/sync?ssp=openx
https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dopenx
https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dopenx
https://x.bidswitch.net/sync?dsp_id=59&user_id=75374452-8b61-40da-85e6-eef51e7dd14a&ssp=openx
https://us-u.openx.net/w/1.0/sd?id=537072968&val=2acd77d0-e066-4761-a422-e601a20c46d2

43 B
106 B

61ms
61ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072968&val=2acd77d0-e066-4761-a422-e601a20c46d2
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.205.50 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:50 GMT
via: 1.1 google
server: OXGW/16.205.50
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: //us-u.openx.net/w/1.0/sd?id=537072968&val=2acd77d0-e066-4761-a422-e601a20c46d2
date: Wed, 07 Apr 2021 11:25:50 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

adx
match.prod.bidr.io/cookie-sync/ Frame BCCB
Redirect Chain

https://match.prod.bidr.io/cookie-sync/ox
https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFEVHRFN0EyeTBBQUNxWFNoWmJwdw&bee_sync_partners=pm%2Csas%2Cpp%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&b...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Csas%2Cpp%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1

43 B
430 B

76ms
75ms

Image
image/gif

52.49.202.212
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Csas%2Cpp%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.49.202.212 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
Date: Wed, 07 Apr 2021 11:25:50 GMT
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
content-type: image/gif
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:50 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Csas%2Cpp%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 360
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame BCCB
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=f54c606d-96bc-4400-8926-eaa59acd3267

43 B
106 B

59ms
58ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=f54c606d-96bc-4400-8926-eaa59acd3267
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.205.50 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:49 GMT
via: 1.1 google
server: OXGW/16.205.50
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Wed, 07 Apr 2021 11:25:47 GMT
Server: MT3 3628 75f709e master zrh-pixel-x1
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=f54c606d-96bc-4400-8926-eaa59acd3267
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 07 Apr 2021 11:25:46 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame BCCB
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=kYvGd56NknCKj5Qiw47dJsKDwHaK3cghl4Pfw5Rl

43 B
106 B

59ms
59ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=kYvGd56NknCKj5Qiw47dJsKDwHaK3cghl4Pfw5Rl
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.205.50 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:49 GMT
via: 1.1 google
server: OXGW/16.205.50
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:49 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=kYvGd56NknCKj5Qiw47dJsKDwHaK3cghl4Pfw5Rl
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame BCCB
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=766650076610002748

43 B
106 B

59ms
59ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=766650076610002748
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.205.50 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:49 GMT
via: 1.1 google
server: OXGW/16.205.50
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:49 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=766650076610002748
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame BCCB 70 B
264 B 75ms
72ms Image
image/gif 34.247.242.33
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=c26602f7-7174-3a89-6f1c-56d436ea6f40&gdpr=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.242.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-242-33.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 11:25:49 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-Q050 200 pixel
cm.g.doubleclick.net/ Frame BCCB 170 B
213 B 70ms
68ms Image
image/png 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZWUwOWQxM2QtYjgwMy02NDJkLTdhZmMtMGM2ZGZjMDhhMTIw

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS