www.ora.tv Open in urlscan Pro
18.155.145.112 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Submission: On December 13 via api (December 13th 2022, 10:17:37 pm UTC) from BG — Scanned from DE

Summary HTTP 229 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 50 IPs in 12 countries across 46 domains to perform 229 HTTP transactions. The main IP is 18.155.145.112, located in United States and belongs to AMAZON-02, US. The main domain is www.ora.tv.

This is the only time www.ora.tv was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
10	18.155.145.112 18.155.145.112	16509 (AMAZON-02) (AMAZON-02)
8	13.32.27.92 13.32.27.92	16509 (AMAZON-02) (AMAZON-02)
12	65.9.86.5 65.9.86.5	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
1	2606:50c0:800... 2606:50c0:8002::153	54113 (FASTLY) (FASTLY)
1	2606:4700:440... 2606:4700:4400::ac40:991c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
49	2a00:1450:400... 2a00:1450:4001:82a::2006	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:7eb1:3826:be7e:d981	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1 2	2600:9000:205... 2600:9000:2057:f000:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	54.225.192.210 54.225.192.210	14618 (AMAZON-AES) (AMAZON-AES)
9	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c07::9a	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:ef75:8280:f209:5ba1	16509 (AMAZON-02) (AMAZON-02)
2	2a04:4e42:200... 2a04:4e42:200::729	54113 (FASTLY) (FASTLY)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
26	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f04... 2a03:2880:f045:12:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
20	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
4	176.9.26.250 176.9.26.250	24940 (HETZNER-AS) (HETZNER-AS)
12 30	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
9 15	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
6 9	185.89.210.101 185.89.210.101	29990 (ASN-APPNEX) (ASN-APPNEX)
1 4	178.63.52.121 178.63.52.121	24940 (HETZNER-AS) (HETZNER-AS)
4	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
2 4	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 1	2a05:d018:d29... 2a05:d018:d29:3601:a6b1:a514:8d07:4a	16509 (AMAZON-02) (AMAZON-02)
2 2	213.155.156.169 213.155.156.169	1299 (TWELVE99 ...) (TWELVE99 Arelion)
1	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2 2	2600:9000:223... 2600:9000:223f:aa00:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
3 3	213.19.147.44 213.19.147.44	3356 (LEVEL3) (LEVEL3)
2	2a02:fa8:8806... 2a02:fa8:8806:13::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2 2	3.68.131.166 3.68.131.166	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	37.157.6.233 37.157.6.233	198622 (ADFORM) (ADFORM)
2 2	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
1 2	184.31.88.106 184.31.88.106	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	3.124.135.253 3.124.135.253	16509 (AMAZON-02) (AMAZON-02)
1	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
2 2	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
1	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
1	18.133.151.109 18.133.151.109	16509 (AMAZON-02) (AMAZON-02)
1 2	142.250.186.102 142.250.186.102	15169 (GOOGLE) (GOOGLE)
1 1	94.23.99.218 94.23.99.218	16276 (OVH) (OVH)
1	54.76.176.197 54.76.176.197	16509 (AMAZON-02) (AMAZON-02)
1	184.24.12.207 184.24.12.207	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
1 1	103.229.206.240 103.229.206.240	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.98.67.61 34.98.67.61	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	176.34.141.217 176.34.141.217	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
1	108.157.4.50 108.157.4.50	16509 (AMAZON-02) (AMAZON-02)
1	13.225.78.118 13.225.78.118	16509 (AMAZON-02) (AMAZON-02)
2	18.170.123.253 18.170.123.253	16509 (AMAZON-02) (AMAZON-02)
229	50

10 18.155.145.112 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-155-145-112.ham50.r.cloudfront.net

www.ora.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 13.32.27.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-92.fra56.r.cloudfront.net

f.ora.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 65.9.86.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-86-5.ams1.r.cloudfront.net

vidthm.ora.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:50c0:8002::153 (United States)

ASN54113 (FASTLY, US)

googleads.github.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:991c (United States)

ASN13335 (CLOUDFLARENET, US)

stream.mux.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

49 2a00:1450:4001:82a::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:7eb1:3826:be7e:d981 (United States)

ASN16509 (AMAZON-02, US)

edge.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2057:f000:6:44e3:f8c0:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.225.192.210 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-225-192-210.compute-1.amazonaws.com

user.ora.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:ef75:8280:f209:5ba1 (United States)

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:200::729 (United States)

ASN54113 (FASTLY, US)

manifest-gce-us-east4-production.fastly.mux.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
chunk-gce-us-east4-production.fastly.mux.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f045:12:face:b00c:0:2 (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

web.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 176.9.26.250 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.250.26.9.176.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 142.250.186.98 (United States) 12 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 185.80.39.216 (Canada) 9 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 185.89.210.101 (Frankfurt am Main, Germany) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.63.52.121 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.121.52.63.178.clients.your-server.de

hal900020.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:678:cb4:bbbb::11 (United Kingdom) 2 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Tuttlingen, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3601:a6b1:a514:8d07:4a (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.169 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)
PTR: 213-155-156-169.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223f:aa00:1b:5138:8a40:93a1 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.44 (United Kingdom) 3 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:fa8:8806:13::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.68.131.166 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-68-131-166.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.233 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.0.31 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.31.88.106 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-31-88-106.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.124.135.253 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-135-253.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 145.239.193.130 (France) 2 redirects

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.198.250.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.133.151.109 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-133-151-109.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.102 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f6.1e100.net

8019191.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.23.99.218 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.76.176.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com

ad-server.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.24.12.207 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-24-12-207.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.229.206.240 (Singapore) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 176.34.141.217 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-176-34-141-217.eu-west-1.compute.amazonaws.com

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.4.50 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-50.dus51.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.78.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-118.fra2.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.170.123.253 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-170-123-253.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
50	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 103 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 139	304 KB
49	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 269	474 KB
47	doubleclick.net 13 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193 pubads.g.doubleclick.net — Cisco Umbrella Rank: 419 stats.g.doubleclick.net — Cisco Umbrella Rank: 81 googleads.g.doubleclick.net — Cisco Umbrella Rank: 34 cm.g.doubleclick.net — Cisco Umbrella Rank: 215 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 297 8019191.fls.doubleclick.net — Cisco Umbrella Rank: 669004	241 KB
31	ora.tv www.ora.tv f.ora.tv vidthm.ora.tv user.ora.tv	631 KB
15	casalemedia.com 9 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 507	12 KB
9	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 218	9 KB
8	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 55258 hal900020.redintelligence.net — Cisco Umbrella Rank: 497962	40 KB
7	google.com adservice.google.com — Cisco Umbrella Rank: 72 www.google.com — Cisco Umbrella Rank: 2	2 KB
4	turn.com 2 redirects ad.turn.com — Cisco Umbrella Rank: 743 r.turn.com — Cisco Umbrella Rank: 3406	2 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 192	168 KB
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 21627 api.webgains.io — Cisco Umbrella Rank: 72989	31 KB
3	medialead.de 3 redirects pv.medialead.de — Cisco Umbrella Rank: 79736 medialead.de — Cisco Umbrella Rank: 79042	1 KB
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 290	1 KB
3	yahoo.com 3 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 418 ups.analytics.yahoo.com — Cisco Umbrella Rank: 287	2 KB
3	mux.com stream.mux.com — Cisco Umbrella Rank: 25405 manifest-gce-us-east4-production.fastly.mux.com — Cisco Umbrella Rank: 87102 chunk-gce-us-east4-production.fastly.mux.com — Cisco Umbrella Rank: 236825	1 MB
3	googleapis.com imasdk.googleapis.com — Cisco Umbrella Rank: 416 fonts.googleapis.com — Cisco Umbrella Rank: 37	348 KB
2	360yield.com 2 redirects match.360yield.com — Cisco Umbrella Rank: 2400	789 B
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1250	459 B
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 639	1 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 795 s.tribalfusion.com — Cisco Umbrella Rank: 1875	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 718	2 KB
2	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2681	207 B
2	1rx.io 2 redirects sync.1rx.io — Cisco Umbrella Rank: 503	2 KB
2	smaato.net 2 redirects s.ad.smaato.net — Cisco Umbrella Rank: 677	881 B
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 5026	647 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 152	89 KB
2	quantcount.com 1 redirects rules.quantcount.com — Cisco Umbrella Rank: 851	778 B
2	quantserve.com edge.quantserve.com — Cisco Umbrella Rank: 15782 pixel.quantserve.com — Cisco Umbrella Rank: 655	10 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 28	20 KB
1	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 71719	3 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 47	40 KB
1	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 951	356 B
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 1918	174 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 447	859 B
1	awin1.com www.awin1.com — Cisco Umbrella Rank: 16963	704 B
1	ad-server.eu ad-server.eu — Cisco Umbrella Rank: 170782	312 B
1	webgains.com track.webgains.com — Cisco Umbrella Rank: 58240	2 KB
1	media01.eu pb.media01.eu — Cisco Umbrella Rank: 77716	607 B
1	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 230269	931 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 936	574 B
1	openx.net rtb.openx.net — Cisco Umbrella Rank: 1545	351 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1494	584 B
1	facebook.com web.facebook.com — Cisco Umbrella Rank: 240
1	google.de adservice.google.de — Cisco Umbrella Rank: 11832	792 B
1	github.io googleads.github.io — Cisco Umbrella Rank: 51095	2 KB
0	livefyre.com Failed zor.livefyre.com Failed
229	46

	Domain	Requested by
49	s0.2mdn.net	imasdk.googleapis.com www.ora.tv s0.2mdn.net
30	cm.g.doubleclick.net	12 redirects googleads.g.doubleclick.net 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
26	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net www.googletagservices.com
20	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net
15	dsum-sec.casalemedia.com	9 redirects googleads.g.doubleclick.net
12	vidthm.ora.tv	www.ora.tv
10	www.ora.tv	www.ora.tv
9	ib.adnxs.com	6 redirects googleads.g.doubleclick.net
8	f.ora.tv	www.ora.tv
6	googleads.g.doubleclick.net	16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com www.ora.tv
4	googleads4.g.doubleclick.net	www.ora.tv
4	hal900020.redintelligence.net	1 redirects 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com hal900020.redintelligence.net
4	hal9000.redintelligence.net	16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com hal900020.redintelligence.net
4	www.google.com	tpc.googlesyndication.com 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
4	16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	www.googletagservices.com	www.ora.tv 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
3	x.bidswitch.net	3 redirects
3	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
3	adservice.google.com	imasdk.googleapis.com securepubads.g.doubleclick.net 8019191.fls.doubleclick.net
2	api.webgains.io	analytics.webgains.io
2	match.360yield.com	2 redirects
2	8019191.fls.doubleclick.net	1 redirects www.ora.tv
2	pv.medialead.de	2 redirects
2	sync.teads.tv	1 redirects
2	ups.analytics.yahoo.com	2 redirects
2	c1.adform.net	2 redirects
2	pm.w55c.net	2 redirects
2	dclk-match.dotomi.com	16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
2	sync.1rx.io	2 redirects
2	s.ad.smaato.net	2 redirects
2	d5p.de17a.com	2 redirects
2	r.turn.com	16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
2	ad.turn.com	2 redirects
2	connect.facebook.net	www.ora.tv connect.facebook.net
2	rules.quantcount.com	1 redirects www.ora.tv
2	www.google-analytics.com	www.ora.tv
2	imasdk.googleapis.com	www.ora.tv imasdk.googleapis.com
1	cdn.track.production.webgains.team	16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
1	analytics.webgains.io	track.webgains.com
1	www.googletagmanager.com	adv.office-partner.de
1	odr.mookie1.com	16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
1	tr.blismedia.com	16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
1	sync.mathtag.com	1 redirects
1	fonts.googleapis.com	hal900020.redintelligence.net
1	www.awin1.com	16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
1	ad-server.eu	16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
1	medialead.de	1 redirects
1	track.webgains.com	www.ora.tv
1	pb.media01.eu	hal900020.redintelligence.net
1	adv.office-partner.de	hal900020.redintelligence.net
1	s.tribalfusion.com
1	a.tribalfusion.com	1 redirects
1	sync.targeting.unrulymedia.com	1 redirects
1	rtb.openx.net	16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
1	pr-bh.ybp.yahoo.com	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	web.facebook.com	connect.facebook.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	chunk-gce-us-east4-production.fastly.mux.com	www.ora.tv
1	manifest-gce-us-east4-production.fastly.mux.com	www.ora.tv
1	pixel.quantserve.com	www.ora.tv
1	stats.g.doubleclick.net	www.google-analytics.com
1	pubads.g.doubleclick.net	imasdk.googleapis.com
1	user.ora.tv	www.ora.tv
1	edge.quantserve.com	www.ora.tv
1	stream.mux.com	www.ora.tv
1	googleads.github.io	www.ora.tv
0	zor.livefyre.com Failed	www.ora.tv
229	68

This site contains links to these domains. Also see Links.

Domain
videocdn-pmd.ora.tv
www.aboutads.info
www.facebook.com
twitter.com
plus.google.com
www.youtube.com
oratv.tumblr.com

Subject Issuer	Validity	Valid
*.github.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-07` - `2023-04-07`	a year	crt.sh
mux.com Cloudflare Inc ECC CA-3	`2022-12-12` - `2023-12-12`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.fastly.mux.com GlobalSign Atlas R3 DV TLS CA 2022 Q3	`2022-08-13` - `2023-09-14`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-09-22` - `2022-12-21`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
redintelligence.net R3	`2022-12-05` - `2023-03-05`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
adv.office-partner.de R3	`2022-11-02` - `2023-01-31`	3 months	crt.sh
*.media01.eu RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-05-20` - `2023-05-21`	a year	crt.sh
*.webgains.com Amazon	`2022-06-14` - `2023-07-13`	a year	crt.sh
www.awin1.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-18` - `2023-04-19`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
tr.blismedia.com GTS CA 1D4	`2022-10-16` - `2023-01-14`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.webgains.io Amazon	`2022-08-23` - `2023-09-21`	a year	crt.sh
cdn.track.production.webgains.team Amazon	`2022-09-29` - `2023-10-28`	a year	crt.sh

This page contains 26 frames:

Primary Page: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Frame ID: 092ACAD3D0D2A790D5558EC236B7176E
Requests: 59 HTTP requests in this frame

Frame: http://imasdk.googleapis.com/js/core/bridge3.549.0_en.html
Frame ID: 018716A261EE8FEF973A01400E0CEC54
Requests: 2 HTTP requests in this frame

Frame: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 0AE322B3581ECCBCBF57523DF71A8030
Requests: 1 HTTP requests in this frame

Frame: https://web.facebook.com/v2.3/plugins/comments.php?app_id=403196106449180&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3cd2b2d3e612f%26domain%3Dwww.ora.tv%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fwww.ora.tv%252Ff248fa870c3496c%26relation%3Dparent.parent&color_scheme=light&container_width=870&height=100&href=http%3A%2F%2Fwww.ora.tv%2Frubinreport%2F2015%2F9%2F10%2Fsam-harris-is-he-a-neocon&locale=en_US&numposts=5&sdk=joey&version=v2.3&width=
Frame ID: 3EAD7EC85741DB00575B20BBFA9145A1
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 4EA63D77F1CD8BCF0793F988AEA324D5
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 68D1E4C20958B9F320949A8D0C3C0C43
Requests: 2 HTTP requests in this frame

Frame: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: AF14C2F608071885614781A4E4879BE4
Requests: 18 HTTP requests in this frame

Frame: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 1884F01D0BCD7CC25D38DBF1AF860B6B
Requests: 18 HTTP requests in this frame

Frame: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: FF741CDB9A1AE30D7E58A39767D81A1B
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXkLRozDLasm3slIODm3_ptUAKDrndPrqs__7sK0L3TwXlDwZ6AvEbKnU9Lgjt-5mdzy9cT4JN5AhobaxBYXsdVfDwVzplMIvOzPux_iEEcRwpMoGpLRA7d8S7Kl7pEruQOe5e7rwOxH0Dsd8KeE_hM985EATZT8sjGhsr0IuPEPyIhIJw
Frame ID: 195F1F105BA7293D13EEEA8ACAA25AD6
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmw9gIQ_bPr_AEY14H1uwEwAQ&v=APEucNWY5mpt85397rIhnj78KLQJw15xzTBsaFRRGadr40BmJwKHCSOyiH2k2hV9FVWRIWlyuDpLeVIAwigcGdm4hYxVF5qWzuEAff8GeWjo988G5Bgou8twp-hBLX3ALQar6ZIE5-AACzGDI4WvCXxBjErsooMG7THJlXQ0-u2arbKBcnDWXxg
Frame ID: 2F4B743F534302570A4F0A9B6B53338A
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmw9gIQ_bPr_AEY14H1uwEwAQ&v=APEucNUnKVHOH5CC2xJQFWuT-LUIUm-k3gYTZ0AFGlvmV_IwU1_Is4KEOZL7dur13fI3JICDug9GRzXiEf3B2eq-8cv8ySbdS_6F7SviSs-E6M03eHujkIZGQwvk-9A1GhFpTAxmOeg0iCnNhEyCXEXPnZjcGEKUHPQHesUs8ErvEO_zuR6aHQs
Frame ID: 6C07EF5F0AC8DD64CE4B79F5D08F9DA3
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C0CED92248F8A9DEB1998038ED0F1151
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 99D278A0DAAF311881025D36D8F33A3B
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: FA58D4BA4A9E9D0EC1B7B123C132B749
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 26C1A08136EB9659A8903E2E30D46101
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
Frame ID: C87EE0A5B502F6FB87133D3A40DE8206
Requests: 23 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
Frame ID: 659075B4B42FB72D7BD5CFF1E12EBC33
Requests: 23 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1449B11F7D1C14F64E52B6958283C2E0
Requests: 3 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 036586009F6E4AC46CCD32042F26416C
Requests: 2 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=24621300135258104444550012172020&actionid=981741&produktid=&dt_url=
Frame ID: A992B0C1D97227E8DBB1D51982379520
Requests: 1 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CNTryuPP9_sCFUqPsgodLS0Kxg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3308521129699.784
Frame ID: 08AB12146B0B274B3557C602B24E1BB2
Requests: 2 HTTP requests in this frame

Frame: https://hal900020.redintelligence.net/request_content.php?s=24621300135258104444550012172020&a=3bac2f09
Frame ID: 5FBA33CE28B1D204DF09CF8AC41E8573
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 32C3BEB27F4112CBA2D246FF5390F095
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js
Frame ID: 3A5ACB013E8BC0CB19F67486D1DBCF20
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js
Frame ID: CEF330F11D7F0A395790CB1D37264B1B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sam Harris: Is He a Neocon? - The Rubin Report: Ora.tv

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

googleapis\.com/.+webfont

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Mautic (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

[^a-z]mtc.*\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

229
Requests

68 %
HTTPS

47 %
IPv6

46
Domains

68
Subdomains

50
IPs

12
Countries

3700 kB
Transfer

7778 kB
Size

44
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: http://videocdn-pmd.ora.tv/rubinreport/video-48068/audio256.mp4
Title: Podcast

Search URL Search Domain Scan URL

URL: http://www.aboutads.info/choices/
Title: Advertising Opt-Out

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Oratv

Search URL Search Domain Scan URL

URL: https://twitter.com/oratv

Search URL Search Domain Scan URL

URL: https://plus.google.com/+OraTV/posts

Search URL Search Domain Scan URL

URL: http://www.youtube.com/user/OraTVnetwork

Search URL Search Domain Scan URL

URL: http://oratv.tumblr.com/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

Request Chain 40

http://rules.quantcount.com/rules-p-z5kYUhc0JkypP.js HTTP 301
https://rules.quantcount.com/rules-p-z5kYUhc0JkypP.js

Request Chain 46

http://www.google-analytics.com/collect?v=1&_v=j98&a=2048476980&t=pageview&_s=1&dl=http%3A%2F%2Fwww.ora.tv%2Frubinreport%2F2015%2F9%2F10%2Fsam-harris-is-he-a-neocon&ul=en-us&de=UTF-8&dt=Sam%20Harris%3A%20Is%20He%20a%20Neocon%3F%20-%20The%20Rubin%20Report%3A%20Ora.tv&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IGBAgEABAAAAAAAAI~&jid=952727103&gjid=245007000&cid=859120219.1670969850&tid=UA-32528428-1&_gid=1404241583.1670969850&z=621840491 HTTP 307
https://www.google-analytics.com/collect?v=1&_v=j98&a=2048476980&t=pageview&_s=1&dl=http%3A%2F%2Fwww.ora.tv%2Frubinreport%2F2015%2F9%2F10%2Fsam-harris-is-he-a-neocon&ul=en-us&de=UTF-8&dt=Sam%20Harris%3A%20Is%20He%20a%20Neocon%3F%20-%20The%20Rubin%20Report%3A%20Ora.tv&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IGBAgEABAAAAAAAAI~&jid=952727103&gjid=245007000&cid=859120219.1670969850&tid=UA-32528428-1&_gid=1404241583.1670969850&z=621840491

Request Chain 49

http://connect.facebook.net/en_US/sdk.js HTTP 307
https://connect.facebook.net/en_US/sdk.js

Request Chain 94

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&C=1

Request Chain 95

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5j5.2psEOGc-VyNQy3X2QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&google_hm=2

Request Chain 96

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOBWAYYDiXKT7LU1-NivAfc&google_cver=1

Request Chain 97

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODM5NDQ3MjU0MjUzODQxMTAyMQ%3D%3D

Request Chain 98

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&C=1

Request Chain 99

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5j5.2psEOGc-VyNQy3X2QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&google_hm=2

Request Chain 100

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOBWAYYDiXKT7LU1-NivAfc&google_cver=1

Request Chain 101

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODM5NDQ3MjU0MjUzODQxMTAyMQ%3D%3D

Request Chain 102

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&C=1

Request Chain 103

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5j5.2psEOGc-VyNQy3X2QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&google_hm=2

Request Chain 104

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOBWAYYDiXKT7LU1-NivAfc&google_cver=1

Request Chain 105

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODM5NDQ3MjU0MjUzODQxMTAyMQ%3D%3D

Request Chain 117

https://hal900020.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=e81db74cf7&subid=&uid=6772183f1018fb71&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCq_iA-vmYY5qDMojL3gOVxZXoDqblvaBphZWcp8kP8C4QASDNgtMgYJWCgICgB8gBCakCta-wpZ_QsT6oAwGqBIkCT9COjbwpsFC_5ZcvFr80Hi9DR0X_67bU3FUI8ZEexj0I0QgeofPWAvAVRMR6M942PUDFvPBwweXUWZnU6YEk-gnP_GvyPL1ksld3ikUg2cQBzEXVgNBHmJFiaAFhh0x1JlSYqYQDja9KNh-IxP98xxEEDyRbEXT46dBohHXth-4nQgNtA8pTdI2ZystEE_qcMfXPA8yi5UnEPysLUQ-QndgV1NjbCdZfzmaNogUajqe39z736soyG9KW1B0uIQK_BOdpJKE_fP8U0SD-jPfG44KSadWAGvxFY0RUClMjiXWQy3-ca40Tj7T3r4lNqNXpc1TcvVdk3yU4fCBbBHAweoCbLChHz23CNcAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSOwDq26N9fR5gNoEm_MCintaSIrLqxQTYc3pcil_ueG22KqtwrzyaQ6QtBDOif0j-NPVf16b81cjyTnGVGAEgEw%26sig%3DAOD64_3c083Qnpe6XVVKwVPr3vqNpsltOw%26client%3Dca-pub-8380580761190214%26dbm_c%3DAKAmf-CI2dSGB2CpyQJb0gvC2XofadrZDIpazueMzIEk3ioPNskAQInajRlOahdqQEJt3SHidSp5ZnQPvnk52fvx7lm5oMJscK8eDufaO9WJpPxl5kykADXDUuIgu_BkVVbOWEOIptWSEWeJDyGBkGuJ_bYhkoz9Vm9r7gchz1m_XrEriOUr7_g%26cry%3D1%26dbm_d%3DAKAmf-D8NUAfcMUoy4pGQvksNA5l8y0KxRDLR0MrlnoxY9auapGHYLDN1pmjfbCnz6lces0MvU5SDgvEuVTML0KWfcG1Jnyf9q04z9XIwDdiCe_59s8p5IFlAOH1Wvj9XMkMIoCQvpVaiV_LMU3Go6oHuktR5dGdwh72MO9G3xki_9R_jaDpLpMmeaCOkFcUpAsmM3UMBXUVsDMaZkHn9k0cdaWI5KXEIFBD2CfTc8Jdjmy8wmmBrw6RYOELcW9_UOUCTRqKZ67SxnzQyyVm0KkY2SKfRpUrj2AoqdmxAUpeEpRtZxfPsgslIHhBfBH4-SmG1XwBMg7xZxWtGNgMt8z4C0YPgj6kPVK7zq2HFjjKq6mJkyWGcUDjL7-lCZ5GPh08CLa-1Y-CZl5GjFNQ4caIg657enX-1HDkEeQfrFdHEfQ_9t1Q8NuNzv3iWDvEYjgPUrA6rNL27Mt7xaM0m4jjVcBqPAvQFOHLHKcoxiL7xGIukr0dqQtgBnR17a1Fb3Xlacp57o7SEUfg5yuruayTSQT56Y0Ktw5VL0Sy2IqOKvSsx9hCq_fvzPIRCFmUrko0jqgx_jJuodLQalXf68Ikbb82u4F4KA%26adurl%3D&documentReferer=http%3A%2F%2Fwww.ora.tv%2F&ancestorOrigins=http%3A%2F%2Fwww.ora.tv&random=3966157455036&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900020.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=e81db74cf7&subid=&uid=6772183f1018fb71&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCq_iA-vmYY5qDMojL3gOVxZXoDqblvaBphZWcp8kP8C4QASDNgtMgYJWCgICgB8gBCakCta-wpZ_QsT6oAwGqBIkCT9COjbwpsFC_5ZcvFr80Hi9DR0X_67bU3FUI8ZEexj0I0QgeofPWAvAVRMR6M942PUDFvPBwweXUWZnU6YEk-gnP_GvyPL1ksld3ikUg2cQBzEXVgNBHmJFiaAFhh0x1JlSYqYQDja9KNh-IxP98xxEEDyRbEXT46dBohHXth-4nQgNtA8pTdI2ZystEE_qcMfXPA8yi5UnEPysLUQ-QndgV1NjbCdZfzmaNogUajqe39z736soyG9KW1B0uIQK_BOdpJKE_fP8U0SD-jPfG44KSadWAGvxFY0RUClMjiXWQy3-ca40Tj7T3r4lNqNXpc1TcvVdk3yU4fCBbBHAweoCbLChHz23CNcAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSOwDq26N9fR5gNoEm_MCintaSIrLqxQTYc3pcil_ueG22KqtwrzyaQ6QtBDOif0j-NPVf16b81cjyTnGVGAEgEw%26sig%3DAOD64_3c083Qnpe6XVVKwVPr3vqNpsltOw%26client%3Dca-pub-8380580761190214%26dbm_c%3DAKAmf-CI2dSGB2CpyQJb0gvC2XofadrZDIpazueMzIEk3ioPNskAQInajRlOahdqQEJt3SHidSp5ZnQPvnk52fvx7lm5oMJscK8eDufaO9WJpPxl5kykADXDUuIgu_BkVVbOWEOIptWSEWeJDyGBkGuJ_bYhkoz9Vm9r7gchz1m_XrEriOUr7_g%26cry%3D1%26dbm_d%3DAKAmf-D8NUAfcMUoy4pGQvksNA5l8y0KxRDLR0MrlnoxY9auapGHYLDN1pmjfbCnz6lces0MvU5SDgvEuVTML0KWfcG1Jnyf9q04z9XIwDdiCe_59s8p5IFlAOH1Wvj9XMkMIoCQvpVaiV_LMU3Go6oHuktR5dGdwh72MO9G3xki_9R_jaDpLpMmeaCOkFcUpAsmM3UMBXUVsDMaZkHn9k0cdaWI5KXEIFBD2CfTc8Jdjmy8wmmBrw6RYOELcW9_UOUCTRqKZ67SxnzQyyVm0KkY2SKfRpUrj2AoqdmxAUpeEpRtZxfPsgslIHhBfBH4-SmG1XwBMg7xZxWtGNgMt8z4C0YPgj6kPVK7zq2HFjjKq6mJkyWGcUDjL7-lCZ5GPh08CLa-1Y-CZl5GjFNQ4caIg657enX-1HDkEeQfrFdHEfQ_9t1Q8NuNzv3iWDvEYjgPUrA6rNL27Mt7xaM0m4jjVcBqPAvQFOHLHKcoxiL7xGIukr0dqQtgBnR17a1Fb3Xlacp57o7SEUfg5yuruayTSQT56Y0Ktw5VL0Sy2IqOKvSsx9hCq_fvzPIRCFmUrko0jqgx_jJuodLQalXf68Ikbb82u4F4KA%26adurl%3D&documentReferer=http%3A%2F%2Fwww.ora.tv%2F&ancestorOrigins=http%3A%2F%2Fwww.ora.tv&random=3966157455036&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 127

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEEaJUQ9DXnZkN0l92vLu-ug&google_cver=1&google_push=ASkJ3FY_das2KnUdIYNL71xnjTpvcjNkg2SaRqF7-DWLvSSaseLb_AnYHTV8eDcORJFHRUJPrItWAX6-YtdV7vcFntuUzsPz7XBW HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzM1MTIxMzAwODA5Mzk3NTA1MQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEEaJUQ9DXnZkN0l92vLu-ug&google_cver=1

Request Chain 128

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESENCf8QjPaShPdyL6nZhA8D8&google_cver=1&google_push=ASkJ3FbYgGyVUWj0nTOH-FPPZDD8pO7r43kv_q3tLOvy5Gmn3jH1I53uAuRt_n3XSDcMD0UO2O4TP5-zjGWXkkJzkWAdOxkGL9q8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE3Njc2MDg2MjY2MjUyMzAyNA%3D%3D&google_push=ASkJ3FbYgGyVUWj0nTOH-FPPZDD8pO7r43kv_q3tLOvy5Gmn3jH1I53uAuRt_n3XSDcMD0UO2O4TP5-zjGWXkkJzkWAdOxkGL9q8

Request Chain 129

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEK4BWl-J-NzXRIuU-3cBeXE&google_cver=1&google_push=ASkJ3FYI8dnwjh5y7hdDMB82ds9uVWnd8aqhWQeKSRJJcIXxkoVbKVhKXFX2YLTAdEBYJ0fv7JV4WsHQ8azNXuhN5Xp7XQ_AxMG_ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ASkJ3FYI8dnwjh5y7hdDMB82ds9uVWnd8aqhWQeKSRJJcIXxkoVbKVhKXFX2YLTAdEBYJ0fv7JV4WsHQ8azNXuhN5Xp7XQ_AxMG_&google_hm=eS0yUmFIYXlwRTJwSDBNZEFpdXRzWlNNbDhWMWRubFpocn5B

Request Chain 130

https://d5p.de17a.com/cookies/google?google_gid=CAESECKil6GhrvWCWqXqFldgjgk&google_cver=1&google_push=ASkJ3FZfQPfPxfny9m2nKThJ4YAQ0QxlsApQx92BYWxKT6lQrVGY3BcGx89coaHDkS0df5Y--Js5IT_Ect995UAxC0f3AicrFhw_ HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESECKil6GhrvWCWqXqFldgjgk&google_cver=1&google_push=ASkJ3FZfQPfPxfny9m2nKThJ4YAQ0QxlsApQx92BYWxKT6lQrVGY3BcGx89coaHDkS0df5Y--Js5IT_Ect995UAxC0f3AicrFhw_ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ASkJ3FZfQPfPxfny9m2nKThJ4YAQ0QxlsApQx92BYWxKT6lQrVGY3BcGx89coaHDkS0df5Y--Js5IT_Ect995UAxC0f3AicrFhw_

Request Chain 132

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEP8ZeO461oVKgycUsebSvno&google_cver=1&google_push=ASkJ3FZRtwp0BP_G-3THjMz3s0PUAObdvrf0hHE2MmlcKIkljmg12uoXSbcii3XgudJj3-b_ZHoQz-7brjQgxdCbpAQM6X7PYO33 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ASkJ3FZRtwp0BP_G-3THjMz3s0PUAObdvrf0hHE2MmlcKIkljmg12uoXSbcii3XgudJj3-b_ZHoQz-7brjQgxdCbpAQM6X7PYO33

Request Chain 133

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEPWUmoWx_Pj-EMezpfOiBjE&google_cver=1&google_push=ASkJ3FYnZxnBqD0VC_XaS3ihEliT-z-mK9DoO61oO-200LwsjXAHKacgnuJ62S7IQUj8LpFxdNPU-8PBMZJqU1zop5cY3CN_Tqd4 HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=ASkJ3FYnZxnBqD0VC_XaS3ihEliT-z-mK9DoO61oO-200LwsjXAHKacgnuJ62S7IQUj8LpFxdNPU-8PBMZJqU1zop5cY3CN_Tqd4&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1670969851565 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-9c207172-b093-4340-8049-412b960a1ac0-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DASkJ3FYnZxnBqD0VC_XaS3ihEliT-z-mK9DoO61oO-200LwsjXAHKacgnuJ62S7IQUj8LpFxdNPU-8PBMZJqU1zop5cY3CN_Tqd4%26google_hm%3DA5wgcXKwk0NAgElBK5YKGsA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ASkJ3FYnZxnBqD0VC_XaS3ihEliT-z-mK9DoO61oO-200LwsjXAHKacgnuJ62S7IQUj8LpFxdNPU-8PBMZJqU1zop5cY3CN_Tqd4&google_hm=A5wgcXKwk0NAgElBK5YKGsA

Request Chain 137

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEC33zE2TQGs66OZYqwoTfN0&google_cver=1&google_push=ASkJ3FZmLS0uv2YHt5jk6bYOSUY4xY3zXR8FDcius1_DO4dbF8xzf-CftK6g_4P5l-XLREWM9dKhk5fT59tMlN4i588kZScaHCwm HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEC33zE2TQGs66OZYqwoTfN0&google_cver=1&google_push=ASkJ3FZmLS0uv2YHt5jk6bYOSUY4xY3zXR8FDcius1_DO4dbF8xzf-CftK6g_4P5l-XLREWM9dKhk5fT59tMlN4i588kZScaHCwm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=U3U5VG9CU1QxUDVkQUQ1&google_gid=CAESEC33zE2TQGs66OZYqwoTfN0&google_cver=1&google_push=ASkJ3FZmLS0uv2YHt5jk6bYOSUY4xY3zXR8FDcius1_DO4dbF8xzf-CftK6g_4P5l-XLREWM9dKhk5fT59tMlN4i588kZScaHCwm

Request Chain 138

https://a.tribalfusion.com/i.match?p=b6&u=CAESELM4SPW1fmL5SITUOoWNdWU&google_cver=1&google_push=ASkJ3FbBkMe57vmUElMfhKP0wJ9v9O_ywjGmLG1Z9W0X855rjvEMuziS4cGMwdSapWzd4CgIANatf84v-bOkg9gW5gKPE2j9qX3nww&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DASkJ3FbBkMe57vmUElMfhKP0wJ9v9O_ywjGmLG1Z9W0X855rjvEMuziS4cGMwdSapWzd4CgIANatf84v-bOkg9gW5gKPE2j9qX3nww%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESELM4SPW1fmL5SITUOoWNdWU&google_cver=1&google_push=ASkJ3FbBkMe57vmUElMfhKP0wJ9v9O_ywjGmLG1Z9W0X855rjvEMuziS4cGMwdSapWzd4CgIANatf84v-bOkg9gW5gKPE2j9qX3nww&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DASkJ3FbBkMe57vmUElMfhKP0wJ9v9O_ywjGmLG1Z9W0X855rjvEMuziS4cGMwdSapWzd4CgIANatf84v-bOkg9gW5gKPE2j9qX3nww%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 139

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEIxqbOVz2pbFcpMHOqqov_M&google_cver=1&google_push=ASkJ3FaxGZq3AVscDJLv1YEfDMIwdTeDEpi9tN0LHVtZxtoWlYr2MmZQFRPhttmNrboikkWN-iQB_4JJkleokccjJlGzmtTLfQH6 HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEIxqbOVz2pbFcpMHOqqov_M&google_cver=1&google_push=ASkJ3FaxGZq3AVscDJLv1YEfDMIwdTeDEpi9tN0LHVtZxtoWlYr2MmZQFRPhttmNrboikkWN-iQB_4JJkleokccjJlGzmtTLfQH6 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDY3NTg4Nzc0MzcxNDEyNTA5Ng&google_push=ASkJ3FaxGZq3AVscDJLv1YEfDMIwdTeDEpi9tN0LHVtZxtoWlYr2MmZQFRPhttmNrboikkWN-iQB_4JJkleokccjJlGzmtTLfQH6

Request Chain 140

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEK8GRXWWQ2NGMV0M4SZh7Ew&google_cver=1&google_push=ASkJ3FYecuQt_4ANQlHiRKHbNjBPLqTpQ8xgMHUj6Q5drk2_OnDzuvCb2WCXdz1Da3uKcjEt8fBKNvFCFtriXwAUt5p5hr6Rw_-fdw HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEK8GRXWWQ2NGMV0M4SZh7Ew&google_cver=1&google_push=ASkJ3FYecuQt_4ANQlHiRKHbNjBPLqTpQ8xgMHUj6Q5drk2_OnDzuvCb2WCXdz1Da3uKcjEt8fBKNvFCFtriXwAUt5p5hr6Rw_-fdw&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS01enIza2JsRTJ1R1pNVG5qVHV1M1VEQXQucHRUVGlMOH5B&google_push=ASkJ3FYecuQt_4ANQlHiRKHbNjBPLqTpQ8xgMHUj6Q5drk2_OnDzuvCb2WCXdz1Da3uKcjEt8fBKNvFCFtriXwAUt5p5hr6Rw_-fdw

Request Chain 141

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEFK5cGB_LRbwkMtjZxZC_vY&google_cver=1&google_push=ASkJ3FbJEiM0MfTy2GMaOJrwYbkN8MAAStpwoQm2iKmLNzf1ThCg6RV6_Trq8Mb3fL76ShE4Tcbxnbkez2yjgfbEiV3Vkyh6k1tn4Pg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=ASkJ3FbJEiM0MfTy2GMaOJrwYbkN8MAAStpwoQm2iKmLNzf1ThCg6RV6_Trq8Mb3fL76ShE4Tcbxnbkez2yjgfbEiV3Vkyh6k1tn4Pg HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 142

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEF_5uCXxoj0RjCjwhtJeQjk&google_cver=1&google_push=ASkJ3FbuJMPsf_W9-ESdohKkzBnhEZMEqY6zE-m6s466B1O6p9nMD47mYPV3apdg9zkKXbcH7ACQxyN_Wxk7ZApeSKFrweEQpmtxlSQ HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEF_5uCXxoj0RjCjwhtJeQjk&google_cver=1&google_push=ASkJ3FbuJMPsf_W9-ESdohKkzBnhEZMEqY6zE-m6s466B1O6p9nMD47mYPV3apdg9zkKXbcH7ACQxyN_Wxk7ZApeSKFrweEQpmtxlSQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=df64180a-bba0-469a-a817-e9611e62ab61&%%GOOGLE_PUSH_PAIR%%

Request Chain 153

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=24621300135258104444550012172020&t=htlp HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=24621300135258104444550012172020&actionid=981741&produktid=&dt_url=

Request Chain 155

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3308521129699.784 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CNTryuPP9_sCFUqPsgodLS0Kxg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3308521129699.784

Request Chain 157

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=24621300135258104444550012172020 HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=24621300135258104444550012172020 HTTP 302
https://ad-server.eu/wm/pb/native.png

Request Chain 210

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEEaJUQ9DXnZkN0l92vLu-ug&google_cver=1&google_push=ASkJ3Fayt999i8x6bhnM7fcct0XiEmI7TnTCTtvEqOrgd1B0T4EO5KZopRq9l9P2y87Q2lATxaUnqSsbE287s0MXUa4DAYFMfpk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzM1MTIxMzAwODA5Mzk3NTA1MQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEEaJUQ9DXnZkN0l92vLu-ug&google_cver=1

Request Chain 212

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEICRZ_8HoUPwRQ6ZnjqzOmI&google_cver=1&google_push=ASkJ3FZwQHaVBDry4lHVbdugxTvmL3wud5QTT73U6T8G7k85ZsKHXhxLT-ibGmohFa6f37ygw2beX-QhKiZBAonl_KnFQVOPxA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ASkJ3FZwQHaVBDry4lHVbdugxTvmL3wud5QTT73U6T8G7k85ZsKHXhxLT-ibGmohFa6f37ygw2beX-QhKiZBAonl_KnFQVOPxA

Request Chain 214

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEICG_Fi7pZGffXpUXObEpeQ&google_cver=1&google_push=ASkJ3FYBColrXj_jSxtTF16b_tpO1h9M8dt6IabaCV3AsJGABjWWLo7N2TttvTebQcJLWvRHl4ZeFzoH72HdNBzOwIw-HI42V_E HTTP 302
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=df64180a-bba0-469a-a817-e9611e62ab61&ssp=google&gdpr=&gdpr_consent=

Request Chain 215

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEP8ZeO461oVKgycUsebSvno&google_cver=1&google_push=ASkJ3FaQsMbN1GE8n1GIsqHVaarW-4y6ypoAo7TnTte9ZqaYm988plZ6pqTCIaZsWdy4ioWpk1sCuJfk9kd9HkhMLrsK4YB-Zo8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ASkJ3FaQsMbN1GE8n1GIsqHVaarW-4y6ypoAo7TnTte9ZqaYm988plZ6pqTCIaZsWdy4ioWpk1sCuJfk9kd9HkhMLrsK4YB-Zo8

Request Chain 216

https://match.360yield.com/match/ebda?google_gid=CAESEAtiKu5ADtMCbKVYjgBqA6c&google_cver=1&google_push=ASkJ3FbdFhpwWRyXWIK5MEnZdwnKIEVdqs2R61eXEIqUImSyMWW5Ur1E6MclEVj5VoChG3UKrc1Dc51GLGmPVkOhfNKzGCcUDhk HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEAtiKu5ADtMCbKVYjgBqA6c&google_cver=1&google_push=ASkJ3FbdFhpwWRyXWIK5MEnZdwnKIEVdqs2R61eXEIqUImSyMWW5Ur1E6MclEVj5VoChG3UKrc1Dc51GLGmPVkOhfNKzGCcUDhk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=2aZTHm50RUK2m9wvxRNcEw&google_push=ASkJ3FbdFhpwWRyXWIK5MEnZdwnKIEVdqs2R61eXEIqUImSyMWW5Ur1E6MclEVj5VoChG3UKrc1Dc51GLGmPVkOhfNKzGCcUDhk

229 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request sam-harris-is-he-a-neocon Show response
www.ora.tv/rubinreport/2015/9/10/ 40 KB
9 KB 601ms
521ms Document
text/html 18.155.145.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 18.155.145.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-145-112.ham50.r.cloudfront.net
Software: Apache/2.4.7 (Ubuntu) / PHP/5.5.9-1ubuntu4.16
Resource Hash: 72d58897da96326647b8ea155b28cb074f0078e73462cefd279027e84f4b5f4a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 0
Cache-Control: max-age=600
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 8925
Content-Type: text/html; charset=utf-8
Date: Tue, 13 Dec 2022 22:34:32 GMT
Server: Apache/2.4.7 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 8fd479f9732c98acd630e18c99fdcc6c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: IQbpx_Cion-sh6vVYHnjXpU8pZCbbHPFvLRAIYjC3pgu_jJkzEaBFA==
X-Amz-Cf-Pop: HAM50-P1
X-Cache: Miss from cloudfront
X-Powered-By: PHP/5.5.9-1ubuntu4.16
X-Varnish: 572040280

GET
H/1.1 200
OK video.min.css
www.ora.tv/c/ 86 KB
16 KB 43ms
42ms Stylesheet
text/css 18.155.145.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://www.ora.tv/c/video.min.css?1512403
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 18.155.145.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-145-112.ham50.r.cloudfront.net
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 6cb3a813a1403ed8d2ee47437f5283fbac930591f8eceb75e0ea8667ef28d1f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:17:29 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 8fd479f9732c98acd630e18c99fdcc6c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: HAM50-P1
Age: 72141
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 16135
Last-Modified: Mon, 04 Dec 2017 16:08:53 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "15624-55f85ef4627e9-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
X-Varnish: 1644120139
Accept-Ranges: bytes
X-Amz-Cf-Id: gN3C0304DRnHjVNcZ6RO6t6la2rQ-kOVG6UcBTCwSJWyE0TsPigkiQ==

GET
H/1.1 200
OK jquery-1.10.1.min.js Show response
f.ora.tv/j/ 91 KB
33 KB 107ms
23ms Script
application/x-javascript 13.32.27.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://f.ora.tv/j/jquery-1.10.1.min.js
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 13.32.27.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-92.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4837f7e1f1565ff667528cd75c41f401e07e229de1bd1b232f0a7a40d4c46f79

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sat, 12 Nov 2022 00:48:28 GMT
Content-Encoding: gzip
Via: 1.1 3298c44116035984c2fac24b89183c4e.cloudfront.net (CloudFront)
Last-Modified: Wed, 15 Jul 2015 15:40:41 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-C2
Age: 2755742
ETag: W/"33d85132f0154466fc017dd05111873d"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Cache-Control: max-age=31536000
Connection: keep-alive
X-Amz-Cf-Id: pCCRffrBZbg7JaG-dCxCr2pE_MBRX-GLd2WTc6heWeMKz7BS5G8v3g==

GET
H/1.1 200
OK 4240803-Thumbminus-0.png
vidthm.ora.tv/assets/prod/resize/fixed/220/125/ 51 KB
51 KB 268ms
186ms Image
image/png 65.9.86.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://vidthm.ora.tv/assets/prod/resize/fixed/220/125/4240803-Thumbminus-0.png
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 65.9.86.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-86-5.ams1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: da7b7bc5f87ab8b1e6e0793e1a81744bfd32669d73d139ad0b80097845994352

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:17:30 GMT
Via: 1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
Last-Modified: Fri, 11 Sep 2015 19:17:30 GMT
Server: AmazonS3
X-Amz-Cf-Pop: AMS1-C1
ETag: "9854ba6feb07eb3a968c0e08fe131e0d"
X-Cache: Miss from cloudfront
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: keep-alive
Content-Length: 52157
X-Amz-Cf-Id: F3Lf4skrvjOlB9BabqOF8SRZfi58pwvg51x5wBoWVBhvA4I3gejvpw==

GET
H/1.1 200
OK video.min.js Show response
www.ora.tv/j/videojs-5.12.6/ 265 KB
60 KB 90ms
90ms Script
application/javascript 18.155.145.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://www.ora.tv/j/videojs-5.12.6/video.min.js
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 18.155.145.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-145-112.ham50.r.cloudfront.net
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 405b2b455c576adcea0dd9f57d96744c6c62b03cb0b1c34ee7402e08987ffd8d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 06:04:40 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 8fd479f9732c98acd630e18c99fdcc6c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: HAM50-P1
Age: 58222
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 60598
Last-Modified: Thu, 13 Jul 2017 13:19:40 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "4220d-55432c9012940-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
X-Varnish: 1644136637
Accept-Ranges: bytes
X-Amz-Cf-Id: W6Zl39KYu75FW-aQ0oqYlZlEAiKk4xGGkGNWDbvOx_I0OobO6EFSZA==

GET
H/1.1 200
OK videojs-contrib-hls.min.js Show response
www.ora.tv/j/videojs-plugins/videojs-contrib-hls/ 227 KB
57 KB 70ms
45ms Script
application/javascript 18.155.145.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://www.ora.tv/j/videojs-plugins/videojs-contrib-hls/videojs-contrib-hls.min.js
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 18.155.145.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-145-112.ham50.r.cloudfront.net
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 3487cafe27a950f360e33c9ec751744d2074fde95cf190252d08c34f9a3cc79e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 02:32:10 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 e3435d60cd338994e4187428e5fd4e42.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: HAM50-P1
Age: 72140
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 58207
Last-Modified: Tue, 07 Aug 2018 17:14:02 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "38b15-572db8539c6fe-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
X-Varnish: 572002808
Accept-Ranges: bytes
X-Amz-Cf-Id: fQf81H9iviPnvP5T5rfALeRxcsNbpVdvf6xj5zSARyKjdHss_N9uPA==

GET
H/1.1 200
OK embedvjs.css
www.ora.tv/c/ 54 KB
16 KB 101ms
75ms Stylesheet
text/css 18.155.145.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://www.ora.tv/c/embedvjs.css?1467838
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 18.155.145.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-145-112.ham50.r.cloudfront.net
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 00f96203d01ea632eca619dd7e1ee873b55c6655684e9133e70d999c2af9c193

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:17:29 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 af209935e4592b541002ca7e51382b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: HAM50-P1
Age: 72883
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 15618
Last-Modified: Mon, 04 Dec 2017 16:08:53 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "d643-55f85ef4627e9-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
X-Varnish: 1644038128
Accept-Ranges: bytes
X-Amz-Cf-Id: SU2moo2qS7rxScqcpvFUAgml8WA-hQ6cqVzaONn2kAvXFL5ejZg39A==

GET
H/1.1 200
OK 4222468-Screen%20Shot%202015-09-10%20at%2012.07.29%20PM-0.jpg
vidthm.ora.tv/assets/prod/resize/fixed/640/359/ 27 KB
27 KB 260ms
194ms Image
image/jpeg 65.9.86.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://vidthm.ora.tv/assets/prod/resize/fixed/640/359/4222468-Screen%20Shot%202015-09-10%20at%2012.07.29%20PM-0.jpg
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 65.9.86.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-86-5.ams1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b28c6ee467baedabbf24b0f469f95743bbb12fd474c3736a877afae54c4e02b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:17:30 GMT
Via: 1.1 3108b3c3c306768051fa0658c0445308.cloudfront.net (CloudFront)
Last-Modified: Thu, 10 Sep 2015 22:53:17 GMT
Server: AmazonS3
X-Amz-Cf-Pop: AMS1-C1
ETag: "a2b1023d20d512dbeac491f5f00e1f5b"
X-Cache: Miss from cloudfront
Content-Type: image/jpeg
Cache-Control: max-age=5184000
Connection: keep-alive
Content-Length: 27239
X-Amz-Cf-Id: hs4bmxnV8uRm21FH3qRXibjidHenMPuF9BJLMadbbmrBVAAEZ5rPjg==

GET
H/1.1 200
OK ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 372 KB
125 KB 54ms
27ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon

Protocol

HTTP/1.1

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b0e18d026f801cfbb4fdf886e99a811a4befbeb289daf315a8d30c963242943

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:17:29 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="ads-doubleclick-instream-static"
Vary: Accept-Encoding
Report-To: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
Content-Type: text/javascript
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Cross-Origin-Resource-Policy: cross-origin
Accept-Ranges: bytes
Content-Length: 126857
X-XSS-Protection: 0
Expires: Tue, 13 Dec 2022 22:17:29 GMT

GET
H2 200 videojs.ima.css
googleads.github.io/videojs-ima/dist/ 4 KB
2 KB 76ms
21ms Stylesheet
text/css 2606:50c0:8002::153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://googleads.github.io/videojs-ima/dist/videojs.ima.css
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: ee5efed459c124675f1a2445a7e0b1f57b9a4f75ef1d59f914348a69c23ef487

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-fastly-request-id: 2f8a32ce0a3ef1b595acf9e71c1831b22eaa3c2b
date: Tue, 13 Dec 2022 22:17:29 GMT
content-encoding: gzip
via: 1.1 varnish
x-cache-hits: 14
age: 497
x-cache: HIT
x-proxy-cache: MISS
content-length: 1300
x-served-by: cache-hhn-etou8220053-HHN
last-modified: Wed, 08 Jun 2022 15:35:36 GMT
server: GitHub.com
x-github-request-id: F526:6874:4E8730:69C29C:63914E2A
x-timer: S1670969850.696599,VS0,VE1
etag: W/"62a0c1c8-eda"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600
permissions-policy: interest-cohort=()
accept-ranges: bytes
expires: Thu, 08 Dec 2022 02:48:34 GMT

GET
H/1.1 200
OK frontend-video.js Show response
www.ora.tv/j/ 38 KB
11 KB 71ms
43ms Script
application/javascript 18.155.145.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://www.ora.tv/j/frontend-video.js
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 18.155.145.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-145-112.ham50.r.cloudfront.net
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 20aaa6614d06134d7591aa2383bdca5edb20a3ed495497ea3651f1a494ee7831

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 04:52:37 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 dd12c43e042b1fcbbd98a32b172d2eaa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: HAM50-P1
Age: 62544
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 10157
Last-Modified: Wed, 16 Jan 2019 18:37:11 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "9731-57f9790e2d054-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
X-Varnish: 1644311639
Accept-Ranges: bytes
X-Amz-Cf-Id: qcZDhO71ogVecCq4cf27d-CgD88BVlpWFd27sW1_kPqQmTNi284sIA==

GET
H/1.1 200
OK 4222308-Screen%20Shot%202015-09-10%20at%2012.06.20%20PM-0.jpg
vidthm.ora.tv/assets/prod/resize/fixed/220/125/ 7 KB
7 KB 245ms
187ms Image
image/jpeg 65.9.86.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://vidthm.ora.tv/assets/prod/resize/fixed/220/125/4222308-Screen%20Shot%202015-09-10%20at%2012.06.20%20PM-0.jpg
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 65.9.86.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-86-5.ams1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ce0adf6504510adf49fa7a4e3164e2d79b1e1a56ec02cfd57e6c2f0461d20551

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:17:30 GMT
Via: 1.1 362b298821815168614ba932732916ea.cloudfront.net (CloudFront)
Last-Modified: Thu, 10 Sep 2015 21:46:47 GMT
Server: AmazonS3
X-Amz-Cf-Pop: AMS1-C1
ETag: "9c870d2b3f889082bd76348d07917792"
X-Cache: Miss from cloudfront
Content-Type: image/jpeg
Cache-Control: max-age=5184000
Connection: keep-alive
Content-Length: 6904
X-Amz-Cf-Id: QNRslZeBKSqqT8bbND_u9BWeRb2k2bLqnuiuSm8c7b_EBj5koHtvvA==

GET
H/1.1 200
OK 4222465-Screen%20Shot%202015-09-10%20at%2012.06.32%20PM-0.jpg
vidthm.ora.tv/assets/prod/resize/fixed/220/125/ 7 KB
7 KB 245ms
213ms Image
image/jpeg 65.9.86.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://vidthm.ora.tv/assets/prod/resize/fixed/220/125/4222465-Screen%20Shot%202015-09-10%20at%2012.06.32%20PM-0.jpg
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 65.9.86.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-86-5.ams1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 850f66d94a5162ad781b72ed71386193ea86e2898682bc6ad9d110d7e187643c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:17:30 GMT
Via: 1.1 e10153740ff95eb4d0c9f3172baeb43e.cloudfront.net (CloudFront)
Last-Modified: Thu, 10 Sep 2015 21:52:04 GMT
Server: AmazonS3
X-Amz-Cf-Pop: AMS1-C1
ETag: "d7c7613d3dd443cefaa5fcc0c5c5104f"
X-Cache: Miss from cloudfront
Content-Type: image/jpeg
Cache-Control: max-age=5184000
Connection: keep-alive
Content-Length: 6995
X-Amz-Cf-Id: Y9ZBVHSFh-bQkJ3YQNNzTCj2jstTbypgaAZHaueBQGRJdo-8q97tLA==

GET
H/1.1 200
OK 4222466-Screen%20Shot%202015-09-10%20at%2012.06.46%20PM-0.jpg
vidthm.ora.tv/assets/prod/resize/fixed/220/125/ 7 KB
7 KB 221ms
191ms Image
image/jpeg 65.9.86.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://vidthm.ora.tv/assets/prod/resize/fixed/220/125/4222466-Screen%20Shot%202015-09-10%20at%2012.06.46%20PM-0.jpg
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 65.9.86.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-86-5.ams1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4eff405245db0e4b150323f604daaaad63c99bcfc13ba29866a1d7d8adcccb03

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:17:30 GMT
Via: 1.1 254622ebfed5feb6e2d8380b3f9c4c10.cloudfront.net (CloudFront)
Last-Modified: Thu, 10 Sep 2015 22:07:37 GMT
Server: AmazonS3
X-Amz-Cf-Pop: AMS1-C1
ETag: "b0c81f1b75f9571ecf8a2f1fdf368125"
X-Cache: Miss from cloudfront
Content-Type: image/jpeg
Cache-Control: max-age=5184000
Connection: keep-alive
Content-Length: 7197
X-Amz-Cf-Id: uh4-_zZVxPKpr-f49pYoaHevaJLTDKqzr-J2OmuffcPU4-iAeWfM4w==

GET
H/1.1 200
OK 4327638-Screen%20Shot%202015-09-15%20at%201.30.05%20PM-0.png
vidthm.ora.tv/assets/prod/resize/fixed/220/125/ 45 KB
46 KB 251ms
222ms Image
image/png 65.9.86.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://vidthm.ora.tv/assets/prod/resize/fixed/220/125/4327638-Screen%20Shot%202015-09-15%20at%201.30.05%20PM-0.png
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 65.9.86.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-86-5.ams1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 75a8105d1bc65535d5dc1066c3dce6446b4e99a7004fce48b8194be59338e43b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:17:30 GMT
Via: 1.1 e13e8f228afcbd0862f27c6ebd714878.cloudfront.net (CloudFront)
Last-Modified: Tue, 15 Sep 2015 17:44:35 GMT
Server: AmazonS3
X-Amz-Cf-Pop: AMS1-C1
ETag: "f72a30b81965c74d63bf93c048a1e0ed"
X-Cache: Miss from cloudfront
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: keep-alive
Content-Length: 46401
X-Amz-Cf-Id: xxjAo8g2luxWEbFbuwPStWnrbKwZMGHlg0E41z6WJHBaRIg3hTIgkw==

GET
H/1.1 200
OK 4209602-00130-0.jpg
vidthm.ora.tv/assets/prod/resize/fixed/220/125/ 7 KB
8 KB 313ms
260ms Image
image/jpeg 65.9.86.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://vidthm.ora.tv/assets/prod/resize/fixed/220/125/4209602-00130-0.jpg
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 65.9.86.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-86-5.ams1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c24dbcb8caeb05d455b29c4d1d63eb7d4775e4d4a4cb911f1d1fff6965cd8828

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:17:31 GMT
Via: 1.1 254622ebfed5feb6e2d8380b3f9c4c10.cloudfront.net (CloudFront)
Last-Modified: Fri, 11 Sep 2015 16:13:23 GMT
Server: AmazonS3
X-Amz-Cf-Pop: AMS1-C1
ETag: "4e78b4e458e04efaea0e148abe27479c"
X-Cache: Miss from cloudfront
Content-Type: image/jpeg
Cache-Control: max-age=5184000
Connection: keep-alive
Content-Length: 7430
X-Amz-Cf-Id: K5TO6rXU3T_KNmbn-_tWmbz3S15d2DGc6tNH1CP3hAsNEWa_KZySYw==

GET
H/1.1 200
OK 4212218-Screen%20Shot%202015-09-09%20at%2012.38.06%20PM-0.jpg
vidthm.ora.tv/assets/prod/resize/fixed/220/125/ 6 KB
7 KB 272ms
214ms Image
image/jpeg 65.9.86.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://vidthm.ora.tv/assets/prod/resize/fixed/220/125/4212218-Screen%20Shot%202015-09-09%20at%2012.38.06%20PM-0.jpg
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 65.9.86.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-86-5.ams1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 29ad139c99d5132a207a3c646521a6d0ffc25de6c3f39cb43fe69212bc55888c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:17:30 GMT
Via: 1.1 e10153740ff95eb4d0c9f3172baeb43e.cloudfront.net (CloudFront)
Last-Modified: Wed, 09 Sep 2015 22:53:52 GMT
Server: AmazonS3
X-Amz-Cf-Pop: AMS1-C1
ETag: "27882f97af45e1d3a97587d308a3a6ac"
X-Cache: Miss from cloudfront
Content-Type: image/jpeg
Cache-Control: max-age=5184000
Connection: keep-alive
Content-Length: 6336
X-Amz-Cf-Id: eWMzQdOmmASKgD_9kCeXhecX8V162afKKUZct-nHMEs8mBmPEvHI2g==

GET
H/1.1 200
OK 4184782-Screen%20Shot%202015-08-31%20at%204.56.20%20PM-0.jpg
vidthm.ora.tv/assets/prod/resize/fixed/220/125/ 8 KB
9 KB 443ms
410ms Image
image/jpeg 65.9.86.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://vidthm.ora.tv/assets/prod/resize/fixed/220/125/4184782-Screen%20Shot%202015-08-31%20at%204.56.20%20PM-0.jpg
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 65.9.86.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-86-5.ams1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fd01ee472919780b85c1aacf1e440a4b9085e85ca25e1120bac7e5d01cd8c284

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:17:30 GMT
Via: 1.1 362b298821815168614ba932732916ea.cloudfront.net (CloudFront)
Last-Modified: Tue, 01 Sep 2015 18:09:45 GMT
Server: AmazonS3
X-Amz-Cf-Pop: AMS1-C1
ETag: "4f28cd733ebf9a4c47e3beca46f3df5c"
X-Cache: Miss from cloudfront
Content-Type: image/jpeg
Cache-Control: max-age=5184000
Connection: keep-alive
Content-Length: 8457
X-Amz-Cf-Id: TVFdsMe3ywro9UeWKUI5r15KEv69FVsZGAy9BefvRFCgxZIAzWlt2Q==

GET
H/1.1 200
OK 4184845-Bill-Maher-Islam-Controversy-Continues-0.jpg
vidthm.ora.tv/assets/prod/resize/fixed/220/125/ 3 KB
4 KB 181ms
180ms Image
image/jpeg 65.9.86.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://vidthm.ora.tv/assets/prod/resize/fixed/220/125/4184845-Bill-Maher-Islam-Controversy-Continues-0.jpg
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 65.9.86.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-86-5.ams1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2ff4b3b99c81c015d9ad571eadee9f39f4bb963d0991daaa9e94f827b8a6d583

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:17:30 GMT
Via: 1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
Last-Modified: Tue, 01 Sep 2015 17:52:06 GMT
Server: AmazonS3
X-Amz-Cf-Pop: AMS1-C1
ETag: "38884e3885e8f755614469eaf45b6072"
X-Cache: Miss from cloudfront
Content-Type: image/jpeg
Cache-Control: max-age=5184000
Connection: keep-alive
Content-Length: 3302
X-Amz-Cf-Id: twc7IvY6BATcXSF8CqCt_4dKCfLeEdv31eoWSTNICch-P3gKRjc1fw==

GET
H/1.1 200
OK 4184844-maxresdefault%20(1)-0.jpg
vidthm.ora.tv/assets/prod/resize/fixed/220/125/ 1 KB
2 KB 164ms
163ms Image
image/jpeg 65.9.86.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://vidthm.ora.tv/assets/prod/resize/fixed/220/125/4184844-maxresdefault%20(1)-0.jpg
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 65.9.86.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-86-5.ams1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 55d54b1ce1eba2dceab63829aac86cf24a6d263275597d09c4f2c8d1f5ac355a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:17:31 GMT
Via: 1.1 3108b3c3c306768051fa0658c0445308.cloudfront.net (CloudFront)
Last-Modified: Wed, 09 Sep 2015 22:45:47 GMT
Server: AmazonS3
X-Amz-Cf-Pop: AMS1-C1
ETag: "80fffac7a2a125132d69d044224a8fef"
X-Cache: Miss from cloudfront
Content-Type: image/jpeg
Cache-Control: max-age=5184000
Connection: keep-alive
Content-Length: 1139
X-Amz-Cf-Id: qfOAbvZ4I3fHIwpR0hC-q97JXV9HYeU8pKmT9u0R7nra-qC40hhUKw==

GET
H/1.1 200
OK 4184781-Smart-People-Do-More-Drugs-and-Have-More-Sex-0.jpg
vidthm.ora.tv/assets/prod/resize/fixed/220/125/ 5 KB
5 KB 193ms
193ms Image
image/jpeg 65.9.86.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://vidthm.ora.tv/assets/prod/resize/fixed/220/125/4184781-Smart-People-Do-More-Drugs-and-Have-More-Sex-0.jpg
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 65.9.86.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-86-5.ams1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e0053e0644d72a914a2080f4181a733e5132eaf0e0a6182e9296ebb451e481a7

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:17:31 GMT
Via: 1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
Last-Modified: Wed, 09 Sep 2015 22:45:48 GMT
Server: AmazonS3
X-Amz-Cf-Pop: AMS1-C1
ETag: "7c66e35837deb8138aac286b336db386"
X-Cache: Miss from cloudfront
Content-Type: image/jpeg
Cache-Control: max-age=5184000
Connection: keep-alive
Content-Length: 5126
X-Amz-Cf-Id: unCmib6Dt6voFVjuczgEIItGKcRFRt3ye8fl0iqXDGZFYyZFBn1cZg==

GET
H/1.1 200
OK video.min.js Show response
www.ora.tv/j/ 137 KB
47 KB 65ms
37ms Script
application/javascript 18.155.145.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://www.ora.tv/j/video.min.js
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 18.155.145.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-145-112.ham50.r.cloudfront.net
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 789b81e10e551110463194a326acb475f36f8dc91f54805bdd65578a5915242f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 09:46:15 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 eabf0052502240e2b09c2e962490cabc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: HAM50-P1
Age: 46096
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 47683
Last-Modified: Fri, 08 Apr 2016 18:50:50 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "22572-52ffdac7d5c48-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
X-Varnish: 572016667
Accept-Ranges: bytes
X-Amz-Cf-Id: VaRVGmOEhTw05z9qM-RyH0BMqmsrFFUeahJ8jiuozj9J5JhRaUpueA==

GET
H/1.1 200
OK adframe.js Show response
f.ora.tv/j/ 45 B
556 B 24ms
22ms Script
application/x-javascript 13.32.27.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://f.ora.tv/j/adframe.js
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 13.32.27.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-92.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 80cb3a4556ef5d23c8a9a6dec4a3acb4b09bec49648beff0cdd404ea196b8db6

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Mon, 28 Nov 2022 06:13:51 GMT
Via: 1.1 3298c44116035984c2fac24b89183c4e.cloudfront.net (CloudFront)
Last-Modified: Wed, 15 Jul 2015 16:34:54 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-C2
Age: 1353819
ETag: "f1fe568463056dac924afcbd8c191603"
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 45
X-Amz-Cf-Id: 68k_sFoEoE3u2QBQIrg7Ip7s4e9asUiF0THZyd4JUiRXSqZGRiMI5Q==

GET livefyre.js
zor.livefyre.com/wjs/v3.0/javascripts/ 0
0

GET
H/1.1 200
OK museosans_300-webfont.woff
f.ora.tv/f/ 22 KB
22 KB 44ms
23ms Font
application/octet-stream 13.32.27.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://f.ora.tv/f/museosans_300-webfont.woff
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/c/video.min.css?1512403
Protocol: HTTP/1.1
Server: 13.32.27.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-92.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e96b51df5ab99b1420b4b08a4caf701309889a0350da45f01a07e187e6a0c992

Request headers

Referer: http://www.ora.tv/
Origin: http://www.ora.tv
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 04 Dec 2022 09:51:16 GMT
Via: 1.1 c1e2423613b2dcb4230386a2b285734e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-C2
Age: 822374
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 22016
Last-Modified: Tue, 23 Sep 2014 16:30:30 GMT
Server: AmazonS3
ETag: "c6b982cef0aae15f29fb8169dff22ca2"
Access-Control-Max-Age: 2592000
Access-Control-Allow-Methods: GET
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Date, ETag, Connection
Cache-Control: max-age=5184000
Vary: Origin
Accept-Ranges: bytes
X-Amz-Cf-Id: zJ8BtYvQ6DIZ6_RFgoKhdbD7MyW1BajFQe9e_FvMuncyiKslRD6z3g==

GET
H/1.1 200
OK icomoon.woff
www.ora.tv/f/ 5 KB
6 KB 39ms
27ms Font
application/x-font-woff 18.155.145.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://www.ora.tv/f/icomoon.woff?bi8jff
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/c/video.min.css?1512403
Protocol: HTTP/1.1
Server: 18.155.145.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-145-112.ham50.r.cloudfront.net
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 82d5a27f1f0446d6550deca88a0349cc8adb7e6833743eb2d881d8bc7b3b02f9

Request headers

Referer: http://www.ora.tv/c/video.min.css?1512403
Origin: http://www.ora.tv
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 22:32:37 GMT
Via: 1.1 varnish, 1.1 8fd479f9732c98acd630e18c99fdcc6c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: HAM50-P1
Age: 430951
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 5560
Last-Modified: Fri, 06 Mar 2015 16:53:37 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "15b8-510a1869b6938"
Vary: Accept-Encoding
Content-Type: application/x-font-woff
Access-Control-Allow-Origin: *
X-Varnish: 1643923385 1642187208
Cache-Control: max-age=2592000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: OeYJBJrAMoPB-dQnqvLVWoUZd-1Y5RTavl6or4myNYlsOZvXjvsblQ==
Expires: Sat, 07 Jan 2023 22:32:33 GMT

GET
H/1.1 200
OK museosans_500_italic-webfont.woff
f.ora.tv/f/ 23 KB
23 KB 46ms
25ms Font
application/octet-stream 13.32.27.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://f.ora.tv/f/museosans_500_italic-webfont.woff
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/c/video.min.css?1512403
Protocol: HTTP/1.1
Server: 13.32.27.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-92.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 11d179a4923073609d394e915906718dd7b6989993897fbf8f1840787daf16a0

Request headers

Referer: http://www.ora.tv/
Origin: http://www.ora.tv
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 04 Dec 2022 09:51:16 GMT
Via: 1.1 747e99d9d8c5e29fdc713cf866bc3f82.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-C2
Age: 822374
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 23060
Last-Modified: Mon, 25 Jan 2016 16:54:39 GMT
Server: AmazonS3
ETag: "ed7ab3a1417fbf34c0d89f648daaa471"
Access-Control-Max-Age: 2592000
Access-Control-Allow-Methods: GET
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Date, ETag, Connection
Cache-Control: max-age=5184000
Vary: Origin
Accept-Ranges: bytes
X-Amz-Cf-Id: NQJgUt8IUPilUSYcMZ0dTQf1Fi-AYDFywEsyMAxuut0SH_1ucRTNPQ==

GET
H2 200 Pa2oqpBUv2tw02qrcNIwKxtk4IStuS02QVlrDW00PP6xN00.m3u8 Show response
stream.mux.com/ 3 KB
2 KB 344ms
271ms XHR
application/x-mpegurl 2606:4700:4400::ac40:991c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stream.mux.com/Pa2oqpBUv2tw02qrcNIwKxtk4IStuS02QVlrDW00PP6xN00.m3u8
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/j/videojs-5.12.6/video.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd549b3f9abbc86cec4c754597bdea86023cdb98640af2f3f2441770068fe271

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:30 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
x-cf-ray: 779211f9ee63bbec
x-cdn: cloudflare;mbgDfn9iMWQcAucVAGgFK008ahHG2ddl1F44nqaNJWq00IbeRncDfefM6R7ZGGC02X01WZUAHqaZnus
x-litix-view-session-id: mbgDfn9iMWQcAucVAGgFK008ahHG2ddl1F44nqaNJWq00IbeRncDfefM6R7ZGGC02X01WZUAHqaZnus
server: cloudflare
vary: Accept-Encoding
content-type: application/x-mpegURL
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
x-cdn-version: 1669306814-88810-7cccefa104
grpc-metadata-content-type: application/grpc
cf-ray: 779211f9ee63bbec-FRA
x-origin-version: 1670959246-91067-da69567504

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a39d9acefe24437ed2d4031241c6a1e19751f7e2010681b9320dd2264d27ef54

Request headers

Referer: http://www.ora.tv/
Origin: http://www.ora.tv
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H/1.1 200
OK bridge3.549.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 0187 693 KB
223 KB 21ms
21ms Document
text/html 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://imasdk.googleapis.com/js/core/bridge3.549.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: http://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95b968e13d205a7842b355f9bd82f9f64f6f272ff0810734c49d2bb89d64a336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.ora.tv/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Age: 33813
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Content-Length: 227324
Content-Type: text/html
Cross-Origin-Opener-Policy: same-origin; report-to="ads-doubleclick-instream-static"
Cross-Origin-Resource-Policy: cross-origin
Date: Tue, 13 Dec 2022 12:53:56 GMT
Expires: Wed, 13 Dec 2023 12:53:56 GMT
Last-Modified: Fri, 09 Dec 2022 15:29:50 GMT
Report-To: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
Server: sffe
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 0

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ 44 KB
17 KB 93ms
34ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: http://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 13 Dec 2022 22:17:29 GMT

GET
H/1.1 200
OK volume-01.svg
www.ora.tv/i/ 2 KB
2 KB 27ms
27ms Image
image/svg+xml 18.155.145.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.ora.tv/i/volume-01.svg
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/c/video.min.css?1512403
Protocol: HTTP/1.1
Server: 18.155.145.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-145-112.ham50.r.cloudfront.net
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 80f9742e3255eb307c532e82bfe2aa2a902d29f2dbbad815c1ffc5dfd4d9d2e6

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/c/video.min.css?1512403
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Thu, 24 Nov 2022 05:40:50 GMT
Via: 1.1 varnish, 1.1 eabf0052502240e2b09c2e962490cabc.cloudfront.net (CloudFront)
Content-Encoding: gzip
X-Amz-Cf-Pop: HAM50-P1
Age: 1702390
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Wed, 30 Mar 2016 17:18:31 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: W/"666-52f4755c4bc68"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
X-Varnish: 570774390
Cache-Control: max-age=2592000, public
X-Amz-Cf-Id: SuStc1Bj05JFoqwtc0y73Cr7V_UD8zZgP6uTEtsKbqQ2DeUxrhZvUA==
Expires: Sat, 24 Dec 2022 05:40:50 GMT

GET
H/1.1 200
OK baltoweb-bold.woff
f.ora.tv/f/ 70 KB
71 KB 25ms
25ms Font
application/octet-stream 13.32.27.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://f.ora.tv/f/baltoweb-bold.woff
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/c/video.min.css?1512403
Protocol: HTTP/1.1
Server: 13.32.27.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-92.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8915d420f8c21346686d84f8b3bebf30fe5fccd912e67b1b933fa0beb6bdcd7e

Request headers

Referer: http://www.ora.tv/
Origin: http://www.ora.tv
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 27 Nov 2022 06:48:43 GMT
Via: 1.1 747e99d9d8c5e29fdc713cf866bc3f82.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-C2
Age: 1438127
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 72105
Last-Modified: Tue, 23 Sep 2014 16:24:35 GMT
Server: AmazonS3
ETag: "a79e0199de039707599b2a3476d6ec2e"
Access-Control-Max-Age: 2592000
Access-Control-Allow-Methods: GET
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Date, ETag, Connection
Cache-Control: max-age=5184000
Vary: Origin
Accept-Ranges: bytes
X-Amz-Cf-Id: _10tDEWYkzhKjoTqwBYH7OmW343bT2XwWWbhUrEb0xum4FRA1GX5vw==

GET
H/1.1 200
OK museosans_300_italic-webfont.woff
f.ora.tv/f/ 22 KB
23 KB 23ms
23ms Font
application/octet-stream 13.32.27.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://f.ora.tv/f/museosans_300_italic-webfont.woff
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/c/video.min.css?1512403
Protocol: HTTP/1.1
Server: 13.32.27.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-92.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d782327330ae7c2b84c66df60267c736ceba2073d9e0707f651a1622d7e8cf8a

Request headers

Referer: http://www.ora.tv/
Origin: http://www.ora.tv
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 29 Nov 2022 03:00:11 GMT
Via: 1.1 c1e2423613b2dcb4230386a2b285734e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-C2
Age: 1279039
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 22648
Last-Modified: Tue, 23 Sep 2014 16:27:43 GMT
Server: AmazonS3
ETag: "2cb419a559160c6ac7d3a0770e7753bf"
Access-Control-Max-Age: 2592000
Access-Control-Allow-Methods: GET
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Date, ETag, Connection
Cache-Control: max-age=5184000
Vary: Origin
Accept-Ranges: bytes
X-Amz-Cf-Id: aH1smw0UtdeAe2qT6VayeSl01WTfNdXBm69sut5KTscuPs5EInHLog==

GET
H/1.1 200
OK museosans_500-webfont.woff
f.ora.tv/f/ 22 KB
23 KB 47ms
24ms Font
application/octet-stream 13.32.27.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://f.ora.tv/f/museosans_500-webfont.woff
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/c/video.min.css?1512403
Protocol: HTTP/1.1
Server: 13.32.27.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-92.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ac000bc22e9f0a4ff8e7e5ce5edf4603136802ab2b43e8c58f08d95e4b67c85b

Request headers

Referer: http://www.ora.tv/
Origin: http://www.ora.tv
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 15 Nov 2022 02:05:58 GMT
Via: 1.1 f891d17fa862cc74a05434e03fa58dca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-C2
Age: 2491892
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 22412
Last-Modified: Tue, 23 Sep 2014 16:27:01 GMT
Server: AmazonS3
ETag: "eedd3127092942f693db4be8424777d8"
Access-Control-Max-Age: 2592000
Access-Control-Allow-Methods: GET
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Date, ETag, Connection
Cache-Control: max-age=5184000
Vary: Origin
Accept-Ranges: bytes
X-Amz-Cf-Id: tuDEMjmJyRfELdgYUDuyhZRjJQErziOFLaTE8h8y2O037jCM504VvA==

GET
BLOB 200
OK eb6ac428-a319-4a63-8506-0aeccf601cde
http://www.ora.tv/ 227 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:http://www.ora.tv/eb6ac428-a319-4a63-8506-0aeccf601cde
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45ea89bc74dcfb3e40f64c34f18209cf9be72ecca8fd30cccc20ab9d9a6e454b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Length: 232486
Content-Type: text/javascript

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 82ms
31ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.ora.tv

Requested by

Host: imasdk.googleapis.com
URL: http://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2

200

analytics.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/analytics.js
https://www.google-analytics.com/analytics.js

49 KB
20 KB

96ms
21ms

Script
text/javascript

2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon

Protocol

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 13 Dec 2022 21:24:37 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 3173
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Tue, 13 Dec 2022 23:24:37 GMT

Redirect headers

Location: https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H/1.1 200
OK sp.js Show response
f.ora.tv/j/ 73 KB
26 KB 24ms
23ms Script
application/x-javascript 13.32.27.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://f.ora.tv/j/sp.js
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 13.32.27.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-92.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1c49efe51010670d2ca776aa2d44e4d73317740ab9ada4a359258fb1c9cb7a52

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 15 Nov 2022 05:04:19 GMT
Content-Encoding: gzip
Via: 1.1 3298c44116035984c2fac24b89183c4e.cloudfront.net (CloudFront)
Last-Modified: Tue, 22 Mar 2016 18:06:53 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-C2
Age: 2481191
ETag: W/"147b727f66aae551f003aa17587cf494"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Cache-Control: max-age=2962000
Connection: keep-alive
X-Amz-Cf-Id: _6zl4QJhakbSYGC_ZeLh9OtUJuYqrQbhPuLS1KA3YPFRthaxQcHsuw==

GET
H/1.1 200
OK quant.js Show response
edge.quantserve.com/ 25 KB
10 KB 97ms
45ms Script
application/javascript 2620:116:800d:21:7eb1:3826:be7e:d981
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://edge.quantserve.com/quant.js
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 10c055e552cd4e8121eded0e5227a20534bfc3484aacecd99b553c069a332f53

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:17:29 GMT
Content-Encoding: gzip
Etag: "KvGSi9leJgKNKEGESzHjYw=="
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: private, max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Expires: Tue, 20 Dec 2022 22:17:29 GMT

GET
H/1.1 200
OK gpt.js Show response
www.googletagservices.com/tag/js/ 80 KB
28 KB 59ms
30ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon

Protocol

HTTP/1.1

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f880d114c4d238a7bb326aa51af982643dc3f6a80b29d46f2bb5560ef4d0596

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:17:29 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: sffe
ETag: "1421 / 16 of 1000 / last-modified: 1670587517"
Vary: Accept-Encoding
Report-To: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
Content-Type: text/javascript
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
Content-Length: 27536
X-XSS-Protection: 0
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="ads-gpt-scs"
Expires: Tue, 13 Dec 2022 22:17:29 GMT

GET
H2

200

rules-p-z5kYUhc0JkypP.js Show response
rules.quantcount.com/
Redirect Chain

http://rules.quantcount.com/rules-p-z5kYUhc0JkypP.js
https://rules.quantcount.com/rules-p-z5kYUhc0JkypP.js

2 B
352 B

68ms
24ms

Script
application/javascript

2600:9000:2057:f000:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-z5kYUhc0JkypP.js
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: H2
Server: 2600:9000:2057:f000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 21:43:17 GMT
via: 1.1 1277de71b2472d19ca0bfc510db9ec54.cloudfront.net (CloudFront)
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 2052
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
content-length: 2
x-amz-cf-id: olYnYK9b2IJ0ZKy4aapoi1wkL7piaiRqQgv0k1FJWM44lr0qtuYIEw==

Redirect headers

Date: Tue, 13 Dec 2022 22:17:30 GMT
Via: 1.1 7ed7afde326861e358c3c83359e99894.cloudfront.net (CloudFront)
Server: CloudFront
X-Amz-Cf-Pop: FRA6-C1
X-Cache: Redirect from cloudfront
Content-Type: text/html
Location: https://rules.quantcount.com/rules-p-z5kYUhc0JkypP.js
Connection: keep-alive
Content-Length: 167
X-Amz-Cf-Id: TKlqpr5pfoMkDjjaH5gcshh6uT5yNRA8kGVb8uDAd104OIRlUN4uOA==

GET
H/1.1 200
OK i
user.ora.tv/ 43 B
365 B 253ms
115ms Image
image/gif 54.225.192.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://user.ora.tv/i?stm=1670969850051&e=pv&url=http%3A%2F%2Fwww.ora.tv%2Frubinreport%2F2015%2F9%2F10%2Fsam-harris-is-he-a-neocon&page=Sam%20Harris%3A%20Is%20He%20a%20Neocon%3F%20-%20The%20Rubin%20Report%3A%20Ora.tv&tv=js-2.6.0&tna=cf&aid=oratv&p=web&tz=UTC&lang=en-US&cs=UTF-8&f_pdf=1&f_qt=0&f_realp=0&f_wma=0&f_dir=0&f_fla=0&f_java=0&f_gears=0&f_ag=0&res=1600x1200&cd=24&cookie=1&eid=97c5a45b-643a-42c4-8e0f-d8386c82bbca&dtm=1670969850051&vp=1600x1200&ds=1600x2119&vid=1&sid=fcd84caf-a08c-4516-89b9-ca3d0c2d93ad&duid=796943ba-779c-4a9b-b234-5838944041e9&fp=2294459535
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: HTTP/1.1
Server: 54.225.192.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-225-192-210.compute-1.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Date: Tue, 13 Dec 2022 22:17:29 GMT
Server: Apache-Coyote/1.1
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 pubads_impl_2022120501.js Show response
securepubads.g.doubleclick.net/gpt/ 380 KB
129 KB 70ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Requested by

Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e288c4dc57f72a69a497baef524f41c57e1c6a414b09a5bde22cd5b2f1b7cdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:01:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 947
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131905
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 09:36:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 13 Dec 2023 22:01:43 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 89 B
707 B 103ms
54ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.ora.tv

Requested by

Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6aec18c3078ae109f4742c7698275f570f047120c7879d81bc44ac0c86084185

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 72
x-xss-protection: 0
expires: Tue, 13 Dec 2022 22:17:30 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 0187 156 B
849 B 244ms
176ms XHR
text/xml 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?sz=640x480&iu=%2F323841319%2Frubinreport%2FPreroll&mpt=videojs-ima&ciu_szs&gdfp_req=1&env=vp&output=xml_vast4&unviewed_position_start=1&url=http%3A%2F%2Fwww.ora.tv%2Frubinreport%2F2015%2F9%2F10%2Fsam-harris-is-he-a-neocon&description_url=http%3A%2F%2Fwww.ora.tv%2Frubinreport%2F2015%2F9%2F10%2Fsam-harris-is-he-a-neocon&correlator=3807935368928168&eid=44748969%2C44752657%2C44765701&sdkv=h.3.549.0&sdki=445&scor=3584670281153459&adk=631649177&osd=2&frm=0&sdr=1&afvsz=450x50%2C468x60%2C480x70%2C728x90&ged=ve4_td1_tt0_pd1_la1000_er0.0.0.0_vi0.0.1200.1600_vp0_eb16491&vpa=auto&vis=1&hl=en&is_amp=0&u_so=l&ctv=0&mpv=0.2.0&ptt=20&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.549.0&media_url=blob%3Ahttp%253a%2F%2Fwww.ora.tv%2F00c65974-a902-48e1-b259-ffe8327f3256&sid=62E1AC20-5A1F-4B08-B5AA-44D609960732&nel=0&top=http%3A%2F%2Fwww.ora.tv%2Frubinreport%2F2015%2F9%2F10%2Fsam-harris-is-he-a-neocon&loc=http%3A%2F%2Fwww.ora.tv%2Frubinreport%2F2015%2F9%2F10%2Fsam-harris-is-he-a-neocon&dlt=1670969849479&idt=505&dt=1670969850080&cookie_enabled=1

Requested by

Host: imasdk.googleapis.com
URL: http://imasdk.googleapis.com/js/core/bridge3.549.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:30 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: http://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
435 B 86ms
29ms XHR
text/plain 2a00:1450:400c:c07::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-32528428-1&cid=859120219.1670969850&jid=952727103&gjid=245007000&_gid=1404241583.1670969850&_u=IGBAgEABAAAAAEAAI~&z=1337883379

Requested by

Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.ora.tv/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 13 Dec 2022 22:17:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://www.ora.tv
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/collect?v=1&_v=j98&a=2048476980&t=pageview&_s=1&dl=http%3A%2F%2Fwww.ora.tv%2Frubinreport%2F2015%2F9%2F10%2Fsam-harris-is-he-a-neocon&ul=en-us&de=UTF-8&dt=Sam%20Harri...
https://www.google-analytics.com/collect?v=1&_v=j98&a=2048476980&t=pageview&_s=1&dl=http%3A%2F%2Fwww.ora.tv%2Frubinreport%2F2015%2F9%2F10%2Fsam-harris-is-he-a-neocon&ul=en-us&de=UTF-8&dt=Sam%20Harr...

35 B
194 B

22ms
22ms

Image
image/gif

2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=2048476980&t=pageview&_s=1&dl=http%3A%2F%2Fwww.ora.tv%2Frubinreport%2F2015%2F9%2F10%2Fsam-harris-is-he-a-neocon&ul=en-us&de=UTF-8&dt=Sam%20Harris%3A%20Is%20He%20a%20Neocon%3F%20-%20The%20Rubin%20Report%3A%20Ora.tv&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IGBAgEABAAAAAAAAI~&jid=952727103&gjid=245007000&cid=859120219.1670969850&tid=UA-32528428-1&_gid=1404241583.1670969850&z=621840491

Requested by

Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon

Protocol

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 02:42:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 70499
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://www.google-analytics.com/collect?v=1&_v=j98&a=2048476980&t=pageview&_s=1&dl=http%3A%2F%2Fwww.ora.tv%2Frubinreport%2F2015%2F9%2F10%2Fsam-harris-is-he-a-neocon&ul=en-us&de=UTF-8&dt=Sam%20Harris%3A%20Is%20He%20a%20Neocon%3F%20-%20The%20Rubin%20Report%3A%20Ora.tv&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IGBAgEABAAAAAAAAI~&jid=952727103&gjid=245007000&cid=859120219.1670969850&tid=UA-32528428-1&_gid=1404241583.1670969850&z=621840491
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H2 200 pixel;r=327000758;rf=0;a=p-z5kYUhc0JkypP;url=http%3A%2F%2Fwww.ora.tv%2Frubinreport%2F2015%2F9%2F10%2Fsam-harris-is-he-a-neocon;uht=2;fpan=1;fpa=P0-1800429432-1670969850040;pbc=;ns=0;ce=1;qjs=1;qv=b...
pixel.quantserve.com/ 35 B
372 B 65ms
23ms Image
image/gif 2620:116:800d:21:ef75:8280:f209:5ba1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=327000758;rf=0;a=p-z5kYUhc0JkypP;url=http%3A%2F%2Fwww.ora.tv%2Frubinreport%2F2015%2F9%2F10%2Fsam-harris-is-he-a-neocon;uht=2;fpan=1;fpa=P0-1800429432-1670969850040;pbc=;ns=0;ce=1;qjs=1;qv=b2bd41b7-20221206125257;cm=;gdpr=0;ref=;d=ora.tv;dst=0;et=1670969850165;tzo=0;ogl=site_name.Ora%20TV%2Ctype.website%2Ctitle.Sam%20Harris%3A%20Is%20He%20a%20Neocon%3F%2Cimage.http%3A%2F%2Fvidthm%252Eora%252Etv%2Fassets%2Fprod%2Fresize%2Ffixed%2F1200%2F674%2F4222468-Screen%2520Shot%25202%2Cdescription.Sam%20Harris%20talks%20to%20Dave%20Rubin%20about%20neoconservativism%20%E2%80%94%20Watch%20now%20on%20Ora%252ETV%2Curl.http%3A%2F%2Fwww%252Eora%252Etv%2Frubinreport%2F2015%2F9%2F10%2Fsam-harris-is-he-a-neocon;ses=0ff6b7b5-e690-4c5a-8df7-7a3a10a6a728

Requested by

Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:ef75:8280:f209:5ba1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:30 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 rendition.m3u8 Show response
manifest-gce-us-east4-production.fastly.mux.com/LmWry7FJghdWL1rRDCIsfyD8OoOx3Fem3bvGIMr5BzigyLfBbruwg7f6eFglW67Z3ieFFF72JfRwAdfaEKQbCB6jGpMFXJkrp8501ysOvhq4/ 31 KB
7 KB 221ms
151ms XHR
application/x-mpegurl 2a04:4e42:200::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://manifest-gce-us-east4-production.fastly.mux.com/LmWry7FJghdWL1rRDCIsfyD8OoOx3Fem3bvGIMr5BzigyLfBbruwg7f6eFglW67Z3ieFFF72JfRwAdfaEKQbCB6jGpMFXJkrp8501ysOvhq4/rendition.m3u8?cdn=fastly&expires=1671573600&resolution=1280x720&skid=default&signature=NjNhMjMwNjBfNTY2YTI1MjI4MzE0NmQ2NDBiYmY4ZWQ1NzYxYjk4ZDBjMDRjNjgyOTY1Zjg0ZWJjNDI2YTRhODZjZTI0YjgwNA==&vsid=mbgDfn9iMWQcAucVAGgFK008ahHG2ddl1F44nqaNJWq00IbeRncDfefM6R7ZGGC02X01WZUAHqaZnus
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/j/videojs-5.12.6/video.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:200::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca3b4646ae81db463b3afc9e2897af42768d774a3182ae095ce470764760f82e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:30 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
x-cdn: fastly;mbgDfn9iMWQcAucVAGgFK008ahHG2ddl1F44nqaNJWq00IbeRncDfefM6R7ZGGC02X01WZUAHqaZnus
age: 0
x-cache: MISS, MISS
grpc-metadata-content-type: application/grpc
content-length: 6217
x-request-id: 547c04ba-2791-4fe8-96c1-c17b9541612d
x-served-by: cache-iad-kjyo7100143-IAD, cache-hhn-etou8220071-HHN
x-litix-view-session-id: mbgDfn9iMWQcAucVAGgFK008ahHG2ddl1F44nqaNJWq00IbeRncDfefM6R7ZGGC02X01WZUAHqaZnus
x-timer: S1670969850.253927,VS0,VE131
vary: Accept-Encoding
content-type: application/x-mpegURL
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
x-cdn-version: 1669306923-88811-4dad23c3c6
accept-ranges: bytes
x-origin-version: 1670959246-91067-da69567504
x-cache-hits: 0, 0

GET
H2

200

sdk.js Show response
connect.facebook.net/en_US/
Redirect Chain

http://connect.facebook.net/en_US/sdk.js
https://connect.facebook.net/en_US/sdk.js

3 KB
2 KB

70ms
20ms

Script
application/x-javascript

2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon

Protocol

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0e9d4ff8ad5bf23a28982488885677132a188171f7c4d9e60b811d5834b87219

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 13 Dec 2022 22:17:30 GMT
content-md5: rN6IWpWgOeogrRZ5iYk7QA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: kMbrQjs/PfUKKEO0rNby87H07eL8gkzvPFNdHqdq7+SNFWoCLLnCVbQh1kfg0ldJK7fYnJHpOnpOoiMH2X6M8w==
x-fb-trip-id: 686109401
x-fb-content-md5: 3e98a77ed1ddff1b1cec873d2a46bdec
cross-origin-opener-policy: same-origin-allow-popups
etag: "75e02c5bb079ee4a77bf37bba4750339"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 13 Dec 2022 22:17:58 GMT

Redirect headers

Location: https://connect.facebook.net/en_US/sdk.js
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H/1.1 200
OK rubinreport Show response
www.ora.tv/json/getpartnerfeed/show/ 17 KB
6 KB 227ms
227ms XHR
application/json 18.155.145.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://www.ora.tv/json/getpartnerfeed/show/rubinreport
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/j/video.min.js
Protocol: HTTP/1.1
Server: 18.155.145.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-145-112.ham50.r.cloudfront.net
Software: Apache/2.4.7 (Ubuntu) / PHP/5.5.9-1ubuntu4.16
Resource Hash: c6bafc5eb5ac96a08638f4759d23fa0a1c42d223d0f6df7c4066faab3c80ddbf

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:15:02 GMT
Via: 1.1 varnish, 1.1 eabf0052502240e2b09c2e962490cabc.cloudfront.net (CloudFront)
Content-Encoding: gzip
X-Amz-Cf-Pop: HAM50-P1
Age: 0
X-Powered-By: PHP/5.5.9-1ubuntu4.16
Transfer-Encoding: chunked
X-Cache: Miss from cloudfront
Connection: keep-alive
Server: Apache/2.4.7 (Ubuntu)
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
X-Varnish: 1644344102 1644344101
Cache-Control: max-age=600
X-Amz-Cf-Id: ExaAX_n1hSLMfA_ohOIdQk7HUk7i9jCG-XAdsVXFK70taFKXC8Myfw==

GET
H2 200 0.ts Show response
chunk-gce-us-east4-production.fastly.mux.com/v1/chunk/dcKO2ScpNx0211B87M4wSsY3w2X68xeofBjlmb6lcSKXWhK00cTpiaKsJLYD5cDecbRidhsERcmc00pcgLKJe9h01UcRrL018NsK0002fS00kz2Mthw/ 1 MB
1 MB 224ms
198ms XHR
video/mp2t 2a04:4e42:200::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://chunk-gce-us-east4-production.fastly.mux.com/v1/chunk/dcKO2ScpNx0211B87M4wSsY3w2X68xeofBjlmb6lcSKXWhK00cTpiaKsJLYD5cDecbRidhsERcmc00pcgLKJe9h01UcRrL018NsK0002fS00kz2Mthw/0.ts?resolution=1280x720&skid=default&signature=NjNhMjMwNjBfODBjNzU4YzMxOTFmM2NhMzJlMWM5YmJjOGEzMDY3ZTlhOWNmNDE3MmNlMWFiMjQ0MTc4MDgyNGU1YWYxZGRhMg==
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/j/videojs-5.12.6/video.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:200::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3909f1871df93d0c7e74127004e4fb1b95dc8b91694fc46e65e809966f7b644b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:30 GMT
via: 1.1 varnish, 1.1 varnish
x-cdn: fastly
age: 0
x-cache: MISS, MISS
grpc-metadata-x-origin-fetch-action: S1670969850,hit
grpc-metadata-content-type: application/grpc
x-request-id: 00f1f1ad-23c8-4076-8770-c12ae4de4765
x-served-by: cache-iad-kjyo7100127-IAD, cache-hhn-etou8220071-HHN
grpc-metadata-x-origin-fetch-type: gcs
last-modified: Wed, 21 Oct 2020 21:36:01 GMT
x-timer: S1670969851.555783,VS0,VE178
etag: "6ec9685b4783144c40f73d181cff59a2"
content-type: video/MP2T
access-control-allow-origin: *
access-control-expose-headers: X-Cache,X-Cache-Hits,X-Served-By,X-CDN,Accept-Ranges,Content-Length,Content-Range
cache-control: max-age=86400
x-cdn-version: 1669306923-88811-4dad23c3c6
accept-ranges: bytes
x-origin-version: 1670959246-91067-da69567504
x-cache-hits: 0, 0

GET
BLOB 200
OK f3417edd-d814-4e4c-8429-01cb2f6fe3e7
http://www.ora.tv/ 227 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:http://www.ora.tv/f3417edd-d814-4e4c-8429-01cb2f6fe3e7
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1897e2ea8c3d199b6ffc72f1ec42b8c77f5792ce2d9866d32422bbfbf7a7b0de

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Length: 232602
Content-Type: text/javascript

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 306 KB
86 KB 46ms
22ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=b2476d8d60aa9c0200a9d0f1602fddb3

Requested by

Host: connect.facebook.net
URL: http://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

af467b26b82932f41147d0d1c8d4ee2466e64e706589e229e6c6687a5e677f7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: http://www.ora.tv/
Origin: http://www.ora.tv
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 13 Dec 2022 22:17:30 GMT
content-md5: 1DrZyFrJ4CYYq+Jsm6lPAg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88459
x-fb-rlafr: 0
x-fb-debug: yvd5iP2uWWTKcw313tu0xdYBUKR7lKTeepgGafvMv+bX9Q4DAbmybLXjLk1M4/TUxr1z+8kBngpxIPvQvLgE/g==
x-fb-content-md5: 0a5b777f5e55457043c69087010a7ebb
cross-origin-opener-policy: same-origin-allow-popups
etag: "059110c8922cdf00bb72291db16b35a4"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
priority: u=3,i
expires: Wed, 13 Dec 2023 19:15:23 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 94ms
32ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.ora.tv

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 77ms
32ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.ora.tv

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 83 KB
24 KB 317ms
274ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2464354816450154&correlator=2977286099655338&eid=31071093%2C31065517&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fifs&iu_parts=8749%2COraTV%2C728x90_ATF%2C728x90_BTF&enc_prev_ius=%2F0%2F1%2C%2F0%2F1%2F2%2C%2F0%2F1%2F3&prev_iu_szs=300x250%2C728x90%2C728x90&ifi=1&adks=1681286034%2C192040561%2C122329433&sfv=1-0-40&prev_scp=zone%3Drubinreport%7Czone%3Drubinreport%7Czone%3Drubinreport&sc=0&cookie_enabled=1&abxe=1&dt=1670969850716&lmt=1670969850&dlt=1670969849479&idt=722&adxs=1249%2C235%2C250&adys=102%2C100%2C1166&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0&ucis=1%7C2%7C3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&bc=23&nvt=1&url=http%3A%2F%2Fwww.ora.tv%2Frubinreport%2F2015%2F9%2F10%2Fsam-harris-is-he-a-neocon&frm=20&vis=1&psz=320x31%7C748x33%7C748x31&msz=318x0%7C746x0%7C746x0&fws=4%2C4%2C4&ohw=320%2C748%2C748&ga_vid=859120219.1670969850&ga_sid=1670969851&ga_hid=2048476980&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e54fc4ab28bbb02e1045c8ea0f9e9dd4db3a38258cb3dc3fb280cb66175515ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24535
x-xss-protection: 0
google-lineitem-id: -1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www.ora.tv
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 129ms
71ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

edeef5a69881e01e4351143760ffdd6f89bdc14d7db0486e2c54e656007055d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11174
x-xss-protection: 0

GET
H2 200 container.html Show response
16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0AE3 6 KB
3 KB 128ms
33ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.ora.tv/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 13 Dec 2022 22:17:30 GMT
expires: Wed, 13 Dec 2023 22:17:30 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 comments.php
web.facebook.com/v2.3/plugins/ Frame 3EAD 0
0 128ms
47ms Document
text/html 2a03:2880:f045:12:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://web.facebook.com/v2.3/plugins/comments.php?app_id=403196106449180&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3cd2b2d3e612f%26domain%3Dwww.ora.tv%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fwww.ora.tv%252Ff248fa870c3496c%26relation%3Dparent.parent&color_scheme=light&container_width=870&height=100&href=http%3A%2F%2Fwww.ora.tv%2Frubinreport%2F2015%2F9%2F10%2Fsam-harris-is-he-a-neocon&locale=en_US&numposts=5&sdk=joey&version=v2.3&width=

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=b2476d8d60aa9c0200a9d0f1602fddb3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f045:12:face:b00c:0:2 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: http://www.ora.tv/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://web.facebook.com/csp/reporting/?minimize=0;
content-type: text/html;charset=utf-8
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 13 Dec 2022 22:17:30 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/web.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-content-type-options: nosniff
x-fb-debug: ytljFJ9FYsWUKXjfgWy6ncflHinjWxfmPOQKM7hreEp5CBz5F7CO/y6Maq3W2+ZwrQmZaY9iUFnyAeM35kpCpw==
x-frame-options: DENY
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 104ms
39ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 13 Dec 2022 22:17:30 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 4EA6 13 KB
5 KB 64ms
20ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.ora.tv/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 339
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 13 Dec 2022 22:11:52 GMT
expires: Wed, 13 Dec 2023 22:11:52 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 68D1 783 B
1 KB 83ms
32ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

989b6916016875cd3b26e3c66d1269a9a68d3370f82264dc0ace40cb71eb56a2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-03giE7-nr-dqlPwpHLImiA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.ora.tv/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 511
content-security-policy: script-src 'report-sample' 'nonce-03giE7-nr-dqlPwpHLImiA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 13 Dec 2022 22:17:31 GMT
expires: Tue, 13 Dec 2022 22:17:31 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 container.html Show response
16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame AF14 6 KB
3 KB 68ms
23ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.ora.tv/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 13 Dec 2022 22:17:30 GMT
expires: Wed, 13 Dec 2023 22:17:30 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1884 6 KB
3 KB 49ms
23ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.ora.tv/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 13 Dec 2022 22:17:30 GMT
expires: Wed, 13 Dec 2023 22:17:30 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame FF74 6 KB
3 KB 43ms
21ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.ora.tv/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 13 Dec 2022 22:17:30 GMT
expires: Wed, 13 Dec 2023 22:17:30 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 68D1 0
0 100ms
55ms Image
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022120501&jk=2464354816450154&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H3 200 Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js Show response
pagead2.googlesyndication.com/bg/ Frame 4EA6 36 KB
16 KB 65ms
22ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

264edf8b1a4e2c1a8fb3c2e5d422381c5ca291ea2697b51bfd8da36697b977fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 17:06:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18682
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15923
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 13 Dec 2023 17:06:09 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 195F 624 B
307 B 58ms
57ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXkLRozDLasm3slIODm3_ptUAKDrndPrqs__7sK0L3TwXlDwZ6AvEbKnU9Lgjt-5mdzy9cT4JN5AhobaxBYXsdVfDwVzplMIvOzPux_iEEcRwpMoGpLRA7d8S7Kl7pEruQOe5e7rwOxH0Dsd8KeE_hM985EATZT8sjGhsr0IuPEPyIhIJw

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 13 Dec 2022 22:17:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame FF74 15 KB
11 KB 56ms
56ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BlzeVFm1l1iWQAR4q-ioXQYjVRlDv2LAq5K9cTtWt7yslMc62Dgmw986AEWecieaKPxSZGH5E7oLOn9hFTZDFFuJjbz8QRiJIfyl4JYG49i_mSUyYeTQyaj5bTd3ht1exfhsBaX8AtFpwiREVLAbqEo3MxKvEVCYxC3fsexdblyiKwRwA&cry=1&dbm_d=AKAmf-ASJrsImI_4YqQGQimAp6_BBDrnTFXoXx4saACEWfSA13fEi5hVB82_GLM3mgCUGdqATqPQ6FFG6Fb74CEf1ztfOr94OFvrbLJKGFRqSv9orntns9DX5LRq5Hc2RfpVdlchjErCXtEURuBiwvfLc_JOZ1C6RZjuG9Wpo50f9R5Hv4xKyAPyZp3HVd1JxwBHuZUqF9IR6MX1-aR32vsqTqFoycDWMmoWEp9VJPy2T7DNOzK0WZQAK7hqABR3GosOLj7THi0mdJXpLHP3iYn0y8rmtAxWEr7EOnDO6G_5FYcAi66mHxXl4bNkkhQhG7A21r7X48a2x34YPv3E2PDwPMtUqEQ-CivKEDNgeqeYZYkzC376bEDWDLU5lm-O1JZApelFl7kdWoqPL-07X5Kw6rOcZpH4p9aQzn0PVTASm7xQlG-v4sGs0j_vtEh86tMnkAtFusAYn7kLMZX3lDH0wjx1wcr78oQaKjoXU5xuKn9gIueiGOl_Z4ZvweQahxXQNNY6UlXJw5s_QquPkMQagjEi2G9UchFsnhEV-GaVV53irdNQcjgqhkSbetpPBe3RFlDZQ5XcaCarnEAa1nVxv_2d97UsBpcVCHdPC4z9BXYmYKI9xnZ8N4eZtc69BfayBXc3ZuJw5aYlD1Y_zrN2sTqsvNsAm5gmXkMs1wfCa6Aj_Lh9rsb07JGiwIngXVXV5BuNWcqFlQnObXYWmz7IPxk5a0uydJWH_aEE5pkAjoopyz0idgWc8zLu1UPMyIdGnDnZlUVYgmzxOyYWMz7w7Dqs_z1-3shMX3L6tYKl180ttl71txvh6ABgGwSpQhuqP7LEw1RhKiOwbEM2NEl66otG8wYtuAdFkibq3i3w7T_esVYDBGmxmT900XKYSTXLaxeyZxcnXXFXxq9JfzYYzZ0ZlwtxwpLjZJAwTE8ak_zkwmmgmCESzv_F3V8po2uy09-P-NbzoLxQCf9Cfww2H3QnesogR-_NAi2UjMIixSHLHRClvE9KB27NRUZuUwZl5Z96-PlSAeedcxastRaESH3GdEN5BWXviyAjSqQCZRDqWkaYQT1BAEd4ivCZEHE8kDneh6hjNYT4YaS2T8y16_Jeapun1TUTP0iFaAejmO0x1p3-nVy2VDorU2UINzNTshKB-OODHfq3UH_7_Amey4NrIfl1m5xOAmMhvAAHCJ7w3PxdajdtCm70L7iF46nEMby55H3LCuWxX1OsHpp70TS8rw0usKI57mVWG16Hk4HID1Nhb8sAIw1Rjpz-ApJATV_cVZ46FDxH8RFcY61LzbYhqPmCWNPXGCNSTJtKPcbc6YiFkaITXyQCM-zmHK8P8xEUhIxoR6Q5ko5cMnPYJ_V7YQAGJYR5UnFQcMwGRddZZ6JEVuSCQ54O4c1Kkjeh6id8uBCHgxaFMb_EiHChDMK_Kaa0bb_HVNkmRIXYkmUO_z2PlKZ68TzC-zLCJ-hZA7JlrPIHKJKjeAy_YMnoXrE3tAANslA0UwS2ikyuPZ5_F9RfXB8BLnItaLejmLyWMb78nzOyprE4_nBa3OOqOpopPA9BushNxdtodC0o6YUJHmwjXMf-L4l9G2UHD5fzoVxijwZ8Jcndw28SLHMsOGSvMMyw9SPdDkngWH2s3OT3cF7q45kP-S5miNyIqCK9TSXwojVMJlFDh9gaZ-ox5IjIPtNq01d453r1qJ5C6kG75kVvrGIaV29KMsRREl749n64noZ3pw8tZPrE801MgCxky8g6bgFYMdNdn4S-FsfBmh6-MPWsAV2zLhqwluhnncTgUAuFlHMIOW7m1RDM4mfdVJs4raLXgHe8gY-oq7FCX-x46DJ1Ar-Wi9NjOW-aOENu_AgtUjfJEUTf9FjH7w1LxfHgC9bW1fBsVpMW_9gvKQqnJXOfOPiE5hQZK3zfnC_E9etWvcdZsScMcwPvMJVRUZZgzL_0q-0fXFHYXmftTQliYzjGSxRSxrdM00nqC66L79gfkvuQcDBcu81dH_mch7cSuOVbH1hJmMsC9JcfAIehfAmeixrvQrcSE-SspGq0SBQYSYqyGrhMlUrv1tPCmfpMCyPRO-dbTe2_LVZ94wpgxaic6b35Wu8dCncvtnixbtBpSNkCbaP4YjCHqZ_DrW7p5gGYDzEyNS0aFVvVOhsKRqG_xtj7AiWIqCsNFWdlyKQMmMyyYKNnvhdjNbDVcqNTBJMR7q637nI9iIcu-A2CNlQbG55vCgQvl8B-uyN11k-FpyYYUQbaRDCHmUSoEogstrElS5E5q16INgNqhKNvd4MX3utwk9mxdn_1oQWmO2SCO9I6l_y7K3xvRb0zhrIHKhEdjsDYlGv3ZygZ9Hij6vT0y_Q1TUDsQZK3X1IGj_SBGhmlVhTOJahzqeasjwEbwgDksM5HCLjfYv11HtoTOyOdMc01GpO5cUKsyP9W-1l4Gl1lHiCSiHMWv5EvRcARQys2syERjQ1ED2FIPM-YZYnynvGG_oKGQU1z-fg1guJ9ONs_GVjG8JLL8AQS6nNee0VM3gFy_x7YaKXEqrUtnvhXFT_WLHliAxqA2nG6fDHfRgUOdRZAq0KWHrymXztbgGc9zLBOSSlky-4dlvUMWUco805SDJybnx34ZFVtmgfXRu7iWHDMfN6fI30Xr7DBajidNy_SOAU7MSE9hBW1v_c2bOshGImXqu6DVxajVDyjNw0vyUeCWvARJk-tKZdILgfUh9D_7zz6SO743-dZc-9WeYvf9UJYAbHxWSQx5wdIKfaKvjlRcIYA87Y84KrrBDQZtHKcPlW6RRczveQA3Bt_XMCvRsE2cL6cf6ut2ZzunHg6uzNqvAOlsjBlq_iHS8Nqr_2aRtg8a-UFFu8KKjzE8prqezST3hJgslga1hMrBpnbVdZzgCcp_GTWDqLj1KmY3FKXnAwbtE9RL-KRLWmFansdNvqt0obxutoBoLeRG3_Ji6Dva5DZ1sIMqyWYFa5l-59fEbEX7fwJzvVrL5Hg1je0pRqcjisxnCRfMI6eZuSC1d87ysk8FN44-I0hxiFPVVhZ6ttLC4I8mjDJfQSsBVUBsqyiPalcjLEBpm5aqmisH7tWN0y5pOwpZm1dP5pIANzMl58au8WUpFLHbwpU8ksZCgRtnkM2kndfs4QmPyPbbCac5lgXkeIsH8-fyxlJqy7rS1OU9I8l69o-GOuZrMFTSQCOMDzQRw3QTyl1NkGw6fyIE9hE1VLpgatVuKSEDSaMDGrM_f4EqXXSGDjU5mA6_EEnlugI_IpBuOlLwaw4BGwg5GWKQ1mNx7X_Gj8E_HSx71Nko9lQwCrlD3iazpuVPMY3xrMq9ndgMRPkYCDBJ6A87oV2jBBnyK4FMmFRVxFl3hrZVx1inqpxFm4iWFhxnvdRUG1K1AF1PuBOHGNzJJCdCpgFFf04Cmy_85sg7b1OPvgvXEZNqVUkiUbW9vOlhWRwph9aBlgVnhHPvP-WO3ptsbFl7bYD_N_SUGxjPTehhcrC6zUHx4W3QpSpKFdH5SgAqMv6rHdcWyeO-Iww5K75M7fnRSMNrCiFng&cid=CAQSOwDq26N9fR5gNoEm_MCintaSIrLqxQTYc3pcil_ueG22KqtwrzyaQ6QtBDOif0j-NPVf16b81cjyTnGVGAEgEw&rfl=1%2Chttp%253A%252F%252Fwww.ora.tv%252F%240

Requested by

Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

10116b5152a0fb2b2c5f06e82f00159a61c790f3a620a113c42869d76b1fd5d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11336
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame FF74 42 B
63 B 56ms
56ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BVwUjqgS_v_V648v-nZOVW-Ur5bw__wjwi9Mwzg_br44VX7XVHR8jmtfo85K5xe3dWKYYJqaeZBRv_evbPAHDjxlg5AEXzU7-sh8bvBuWhpAlP7uI

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame FF74 3 KB
1 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/window_focus_fy2021.js

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 21:50:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1648
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Dec 2022 21:50:03 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame FF74 18 KB
7 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 17:06:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18682
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Dec 2022 17:06:09 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame FF74 0
0 78ms
31ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRCRgOscRDQUQ6QU4YKstw858MbdQ-hWvywG8MBiAufaf8haeKl8cY3aYFkUZhZYTItYJTK6pKmeOaMs4VZx7_yRb5-7A
Requested by: Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FF74 153 KB
47 KB 89ms
35ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 13 Dec 2022 22:17:31 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/ Frame FF74 23 KB
9 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/abg_lite_fy2021.js

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 17:06:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18682
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Dec 2022 17:06:09 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2F4B 624 B
285 B 60ms
58ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmw9gIQ_bPr_AEY14H1uwEwAQ&v=APEucNWY5mpt85397rIhnj78KLQJw15xzTBsaFRRGadr40BmJwKHCSOyiH2k2hV9FVWRIWlyuDpLeVIAwigcGdm4hYxVF5qWzuEAff8GeWjo988G5Bgou8twp-hBLX3ALQar6ZIE5-AACzGDI4WvCXxBjErsooMG7THJlXQ0-u2arbKBcnDWXxg

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 13 Dec 2022 22:17:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame AF14 83 KB
34 KB 60ms
59ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C8fJtPxnULedBbyLH_HIiGhhpg9ehkAvjtJRl9MZ-SyW19avpxzYWERIde4zB-p0IfoX4sdfeOUHhF6PcP_Szy2T2Afd3KtzFEg-klOtzdvOsVBPkAr3ngKxTPiLXWGTUmaNpKFJN0Q7blAWA51orRdkmhO9ieQA8qomyXrZ-4mnZcbAk&cry=1&dbm_d=AKAmf-BhvAwvClhk-xL008COwh9W3IaNAhzJcVOHXdI8xogUQ6jCrK7Q7SE8JZOKWpku8AMtqnc-Kiq5jJNpbw_XFAD0gwqSzu0Y_dQcYuW-umyH1_b7tW5RomeHivtwItAbplnoDKpHUTqRBNzyzm18MQsbJIjmK_QeiOugIuRW3HuTW8WNvinCwd4ZcNtFwRb9ikHIBZe955XU_ZIrJMoSdI1biaKjUyfalC23CwGajrqPlAmYy0ZJ8DftYEVC-bEr5otLllKeOd3BQEEjyT5AXsbiILDuID084wUX5hmtevhwn9-Iha3CevK8XF8aum-vVCFPeCDDKENMVEwT-h3asTI0mv0YnEt98WEUy64gECK0VchvLHUmi3uVyGFJJgme2BMDQEOE901z0J0KOpyHhWiMTNnPy3vu2WotP1LDeziZqYvoN_IfbEqvq9aj_VUcfiToXpkDiiPq8ebFiHH652h1ccYM4VwCcO9uD5DebAj-6DAVs9ZHvC8WDOyO9QZ8HxD4LHT-jCBg7kOzLsDz_P3T-Zzv5pzKmvbnYQo-rrU8PVRbFtjf4eQI7rfwYXGS8L-vHubbYZTdQ1eferMWxPqBxLk2fGjCxa2ut3zwClHJhEpDr_kOKN0C6ZNWbMXonwLPupB9hrIVxJ8Ei7b6Y9cnATgWAxXLzsWnkINwPD-cpSI8NAjpgKlOdpCJrzEc_gWutoCNWQPPKcygFe_S6EXdd_9whU1a7U9u5e8wUYdB1hkD7mZZMLFGX3bjGSGFZBEKGjOMJ9KgDUKAVSZzpuFO_9scYob6ttc751mv0OkCNNHC0ukanyLrU4rbIHOOYKvVhaq_SP22vz2_Fi1z47paQtsWDWBD86qQ2fvTwwXqPgWtiJ7eiILs384mJxkO8cxIotWpAI1EMFLy2XAxPZWj2pgYBuEMEoqJez6jfZOu2fOx6fjVk5Cu0-k-v8AWuR5o4Pzh6WmYv4MyHO20uizp5B6M4z8-azNrh06yuHmd8ZIeXh_NvBpUQ7jMvsBCHMR4ylolbdk2lyFYefo68re6LfeolSvGBI5oFiZSWfDxj5V1bMsOFxeaXMdFc9GXBFRmmk8GgsoPzznDXaJ7qtPLBdfgY5g7-zdJeUADOwo0QoCELCNpiFuxqxIbYy5H-uzc0hkiQAIHw1IC7NWZQrqRUUh4r_3Bc8HL_sR_bJh7IG3O9YO1oxJGJxUGODXT0eWkIOXawOChux5r-wotfWoYME-J2SX4hpbNUP2dndRL5kQFhvaYDqUXKXF97vc--Zicyc_Nb2jWzutpkUVnufhI5SgBDgr9Q1tWK8FVd6qqdr4hvtu_6PLn2wc7hJHBzeS2Re1j1vqWs8hdXFPXM9YAE8yKQGz2HPvLd8U-fge8i9DW3JRSlAfPDQ8U3PGnMZR59v8FPGyrCSFQe5wuorwbDd6hWakKm9Zc2yVwT2IGtN0mYuRjefOoo3bTs7dFRiQZUWO53deXi6lVh-bL5qo5B4x38vF0C2o1Er85AnlK81gHm5duqWWyWPHm2MpAkFeeWfVWy4ooZJ_zufBOgSX7zmucFl7Ik_NXUla4vTVBYQgkjlkkqmIYcl9vZQU7JBzOfa82Goi_POMtkK-_Lo_3r7TeTS0pCohUd4dwsI-xGw7USSVVX91v_Xy_migeSLuGT5PY10dAGvp4-NjnCUvKRbWnWq2i_ekKorHs1K_vUc-m8ZtNnCJtJBDFcCCW_ygFPLp-cvXw-e7Nl3UotcOqQDY-iOnqAgJPBCy4Wyl3QOkaSJ0dc8EPubm_U36Iiqm0b-QpzrsAw23ynonKIUfNS7-I_PIanuibe1rsy4Nv64mszniiy_EeJN1TrBOP1shN2DLSmopZhgiupp2Vx3kZ5WvrQ9SBkm9D_RynQVBHWfhkOrl_5u0K7Yj9Al_gThTh6xxL5pUlWdk7ukli0B7gvEpRHem5ULvEjztSTLx_6TY8M-Sb16-wrSvpiACMTe4U-ZN_QQXtXSippeWJaGTls3rKe62ggNwS3MAyyBBYxFTYS7lWJfLkVzo7N7JxYF86_HwxTwEkzeW4j2J7UpPM4MqntocxPlDgHH5XxP8GrTAZzsQz8AFEoOoOqjLk5kK_FEYGkEQRYfU-dnY8-sFzZZpO_q-_r1yZQ8FzaC5H5iucaCuoGxep-rYlAnkQE0ZG0IQRhcmJKDaHrECiCKJTncyRX8BPC8HuYh9Rx7KtAKO5kpbu7tsN0Mj2dT9ym4BaJQgXqw8sGp8oOPV_x1fhYoSDEYh6eLlnnTXPLva31REwuqDAuGXJsUayQNWqKjGMWCa7oCimgJY6kQX-rOqzdpy42Jgx7l83hzNT3vqu1ZXxbY0_48GuI-VWuYBa0GBFzfb-5WDTUFYe1azevdK4CHhQQujdcwywPH5aGDj7ctueXs0dlxus8LE3BDWg5Q3T2x1zjh55TkRszULsyfd6QJA9W6a0xurEXSWDb9Bfd_qkXCmLt_4VU6N6qtBhtoe3o1WbpEoTPVDRvnNgh3uRYslpy-rTh4SsQzaKP3mNOoYUT5vTO3F6ImiT4-ZcBtrKxprY5hjpJErIWKGrnfTO78DKE-nR6zcPd5uz8iujhPavNPGtIEzfIvtCpBkB8tnSi_Zmd4xeUXLxjJigoRmrCEWgivECmqpwMwEW9Lba3Tyz32iW2O1JtanwyJ5tqpjPap-_yLRDmI_yFXYCY5ZOBkzcFb9xzzOyxNDY9ioWb8sfnfyChSy_Wf66KnCnM7GCsRu6Hpe9wZ7Ls9oNfA7IJTgZsSod1fnFSaRAcx7oWj51TMRezAlwpGJmVO5RKnkHSYASRQ3A4ywihUShje3Kp7kMDhxqI7BoA2gHe6rsLmMwlmDi2iMIQElO5e6fUOzuMOW3YZJrGUtUalHXAGsND5dkR_g70N1z8Bi6e2Dw7sULT8nff-Juw5T0Z9-3RaRDAAPoCF4DKZqKdrSWHZJPJgxLV8Njus59uWhUk_jMjcbY9M_2eb6PtLJP_wvs85Rv2FbEbzw2WOSDR1jv0ecV1_V8yob-2JNPIzDWAylz3ti1Rx8yQGbESzxkEKvPxoKL2SyMCoAyMSQBSjVRbDSwY6XNrzKUQTZtnDqHmuEGUYhuh-hCzkVJeZ2R-95W2yBUjY6KUpGRVdMlVkqQqQL3z_nmhpIVJArH5FebMTWn2gbuRrdc8UrTi_mtNvDo5aaRaR71M8qqVb6YVehtX_e_CETaJ0xsbCipQ6vYNzLs5BlqhpxK2gFGKfAKF_7yWUimF8xKhLMa-_22_KgRQn7llc3xqFM2sHKgOJmoCt7hkdHplyvW-CttHGQLgVp7kj7I63_o8CG9l7GM99-l4SdrWueXxRlrd7vjwSQOLwb-1L-QpnYSaNc-Ph2i-BE6eso1Q9Ix_AtKKgcgNpDDkwFvAbcTtBj215AqSph8I6EgBg92kcDpkhHYk82MHmFLlEZHRgtb6DRYRkOmncUddS_G34BklSJlQA4Ml5eTFPs46pWhuh1KJmhyLuYJCrZ8Y0copYYqMtYFPJ_I1btva309iJ9OYqWyQXT0i9UD_sraAl8TZ2sauwME9pdrXDrtCBvvtRa2hrg3lvz2TwujpkKm0v-dOuYf-vekxgQbVSube9zdnQgx_ER5HEyRY5FBFyM-L_ccK6bJ4OtBiUAXTCJP71j5etfv4fGBz5I0G3prPJXleM9cqahPooSkqzxOiPtGC81-8iJxiSbsNeM7ZU7VCPZgMFoUvjdI2yGNuW3bZ3wlH9c&cid=CAQSOwDq26N9fR5gNoEm_MCintaSIrLqxQTYc3pcil_ueG22KqtwrzyaQ6QtBDOif0j-NPVf16b81cjyTnGVGAEgEw&rfl=1%2Chttp%253A%252F%252Fwww.ora.tv%252F%240

Requested by

Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a92ad207efd5118d1881e530c392c3067a62b8d105ddd1e4d2e423d457a58375

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34972
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame AF14 42 B
63 B 56ms
55ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DZ7ncdy4KpMLUhWHbcyhKBCAHtsWHUM2yVilYkZnOt0BAQrQxlqT6ntBinn6H_hcLPfBtAIeHfoW2krxQIqKgQSRIbBMW154vravWzbf10lLKrkmE

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame AF14 3 KB
1 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/window_focus_fy2021.js

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 21:50:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1648
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Dec 2022 21:50:03 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame AF14 18 KB
7 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 17:06:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18682
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Dec 2022 17:06:09 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame AF14 0
0 75ms
32ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTMZAA-OXLhDYDESg8C-UicyH2wjNemyk9kqWtZ760rpfDzQWIblFi520nbpIt1SOHIeRfonFolCqqbnMJ5WqLnFqFQRA
Requested by: Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AF14 153 KB
47 KB 116ms
66ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 13 Dec 2022 22:17:31 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/ Frame AF14 23 KB
9 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/abg_lite_fy2021.js

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 17:06:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18682
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Dec 2022 17:06:09 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6C07 624 B
285 B 58ms
57ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmw9gIQ_bPr_AEY14H1uwEwAQ&v=APEucNUnKVHOH5CC2xJQFWuT-LUIUm-k3gYTZ0AFGlvmV_IwU1_Is4KEOZL7dur13fI3JICDug9GRzXiEf3B2eq-8cv8ySbdS_6F7SviSs-E6M03eHujkIZGQwvk-9A1GhFpTAxmOeg0iCnNhEyCXEXPnZjcGEKUHPQHesUs8ErvEO_zuR6aHQs

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 13 Dec 2022 22:17:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 1884 83 KB
34 KB 71ms
69ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C3tiF_yl7sFpe8pLNWRKLwON9xShBY2-pCFwZk4MQ1uo1BbZCTFxTfv6DIJ3U5oSivq7k87T-wmhFQXqfsnBGJMVaO4vXWutjchSsfLOYu1BQO9UZK6UCIuGIfGLei6FrlmVJu3kPFhDRYoGooVTPvwXQGytivbCoAYKEW0te27wQK3B4&cry=1&dbm_d=AKAmf-CxyDZ1x9GXHXAeDw-ORX7F3YijYffq4mZiafIG1QXqYWDPz7sYFdWbLYelgeqfW0AZTGx2PFPJ65-q66O0b6QDBHCj2Edjcllp0dZ1LkvGVL4yqSbw4QJBhbghmNhWQu63TPusWWn_AkZRLCoOzE8m9JP_3NtCo4dXvbpoh8lVy7-xcLt_Gfi-f_zZnVH22TFldTJWzR0ru8GW-T1wlpPy4cFHN3vHm1YYRXnOUyfVX3NkdQViORHU9YoT4v8X8XSZkldFT76v9E4YdB4blW_DfDPx2IOv86M2iHCMFp5-KbRXRo_FJMCAV1cFqBIOQSbjpVt49rzlAXTvFlx0iGBXRWJZaCZtl4vjSFxQGIuU6ZkIh7UbZxlGjd3RDjdQMHaL2ducNY3s1PDqLab81NXPx3wcbmiSQeyZO9JcqRJNIOc6nAZ9CxE8dq-vyTFQQgBDgOgB_xk141N7Fql92dcDSKaB9V74TAGO9JjHZVmlIGDzB2BLZUnoOBlOfSud7bGYbkiy1Md-BRxSfnluwBPM4H3FK6Hgbp5ntKTjEI2HbM-nBM_T08cIgynvY2r0tcQHmv98gw1wICTa2KYKkKOPkAHHRpsC9lh4Y_3LdLd6aBB03l50jN58yVcLuSVzhohFlR_rjlROZdAKf_Ngos1Zt9vc6vrhebi8oMpwnX204k-roJsJ0VaZVq32JfsmSIKqfCi-XPH2gQsibCEmJi01vSjxYqXLk1_e2dIfAf8ttMiKNc46hgQD0s2hyY4Bo7VQvyAVfl2Hx1H3QaqMPg9w_78qUOgPjiqgrqZ6X-drzs08o9I8A4AwnskCgPpti5Y961voeCaE9hSSCIG2gsIdd3NmAfYjhQtfhkv0kqDotNNkBOAAEPuSvke7LVZhYQ777_ACu6Yc6_F2KcApYknvqTQyp3t5ZQCqEGeL-2VNooqE5C6R2UdR8sGB_s843dy5wuf2jW9r2Ewqxz1yhY6lSA2AONJcYeny_Grysq2bhqCnw2G5OgR8OuXVF5VifUwvUfC0z_Tz5-mKh2gYsbR3_hv06s-qIPLO-UkawXK9wGJEM1BAswkowHa_jsoqWk0aM3TxFnworHaf2emTb2TC-Fw8T2Yo1ZgLLOLxabI0s0tx-jw3JbaW9ndnNILYb3VfVsV8eYEiD6WJyouqlN1ogvAdak39ArbUIQH1gi8izNe1EXTl1MCV1yonFeyzgbbwPGEMPVI3olGY2_JRWEnfVLtpGIcdZSoRQIOUWbgXqScilgClXV0GZoEkkz_SRp8M5RfWZd7X327dZW1zbFOEjxxIiclMWPs5Cy9INFaslVko2hN-r6eluIlbGbyiwhAKWdy6na-l_2QTihiAsBmLHfbYyng8PSCtH9SoFuPZHCYlJWMkxiv8sKulg-1VYIWtk6cSEkIclJ0K_6PNENW5Jzv_pkxkEjwJZtXWbzvvymzUraV0aS9l0I_A37itkoX49U-wF4uVeU3XaVoXTed8cXEZRDNfooEbDPf3krAQ-bHs2f1cf8DyKJgfg9aDApcyDvbclmgdO-7pNHDI4FYZq-XY2s9LtYNq3WiFntuBqTT_wrrsFjkE9Rkd0b-Vk_WfxFbpcpsQiisjr7MYxKm2dROw3gZBC76QGZS8RrN65JNJbgdu6JQBAtUroqCpzXQMoZbQeFq_c9sdqvVihkWEsf_kwFSOid-ZoGRalbc9VT6sY5ezcBvr2CSHMB1IsH4qo7mwfgSdG0CUouBbC6453tSpplP1VTi7XWed2Q9gv5Vj9PCMh-hVDed4Fgn11zmXDiobFpSC-NDPqqbhUsDnTjDNtRMrtrrrPnFykHeeHBaAneNScqudLVoxH6qK4mfA46pp0LvM03d6-ptC7vic0MMJT8oYmzmPLcYOD9bZolXHtUTOHnkwh6PcEwtB04o1toAaidgPV31AeBr9yaiKOIwEa6lZYIv8dZQce16pV_tsTwvWuGCIViIUnKrPcUAJdUzqDpOKi1vDISt-yTJG-rQCPVpsMCXhbYxJ3QtnKNK1eVQxPS8pdMMceDc-FbAgdghr3x2u21K7kwBGD-spjbmMZttwbJzE1JQf2simELeA5m88fE7tEQ7Co9QZgAUCkbaA3en9jI33V6hv-eqvrV5k8PVI-BghJYx_inl39foICFDkEfSp8bPDc3cQfVkJ8TunAr5Os2PtE8pXYGiwxeVrzZzy49RrAhxm1IaKD2DiHTgYG0j3j1Qzf8enOsB2MHYQxry8b6sGVpF7Mjn9TZsCeGMloGMHh2MLsT7QkJD-p4h3F637PbIknnSh6UzsxQ0yMlQpfvABvdofYvk5XVUqIyJJznj25pKqCp4k9s75VLZ5k-lltlyRGZQnuhwIyaHM4uJPu3_5_qmT8RSiQOxYz5Afd7mR0mFXdpzpDqVQ1qC5U1gBLvLiMmEC9cEmlYFyStA7QPKn2wWFPo-dnLVJuzuL16t1092eBj_i90vrjVU2w-bjHuqYG2oEO7l2OL3kcaijNwAPig9hs7Q8QuOzRPsaPaB7WhwsnAn_wGMM-B98kKFv1jYx9FcN06BZ2i6pEx456yEvpQXryC6M0M4YX_PN5LdJkBejltKjrDPhfy96ZRhJHwXTjROgpNd2vbn3DFsuY8Vn9KHLCsXs3j6zzWvxq7MwLxCPgDKJtcBkTmOckcAiFT9AieYamWbPl7j13-t6sgXlCZ4bRysIhnIIP-FgtTciiSTf6dYevqaj330NVZAQhX0ZONHmUFyVGBq9Y8Ikns_1efD4HdEdnqFIRJNii51jMVeJvU6WOFRF-lMb44600zKnOFIxDTr5evBayowJLVNRxOM2qQrmyQb9Gv2d7qcB6t2FZKaj8XUG4rd-OwCp_wLrxCDQpq-VMxtNRKTQp6AAlJGvtbrTRl3zUMntnAVFyeGl82KDDFE7xm7sXpMSMnJASbmm1tFdqjgLEftuqtpsl7227tFBq5JlhwTrb58N4a3iVmXXC69hKoT7IcLH7EqK2HH0TAxgks5Q2m1kpK27b3OTOwlCpqLjFDWMDK59fATu2fYOI4V5NQXTmWXGPq0iWwe3afOaHTKdslIBJNRfXO4vJTU3NzpRZYfsWChgAYRoFri8Iq5OCJJijb79WVFWiwBYgTifLo2rRUb6Am1--zcCTz9nbTIPmCiIe6_eAjjBFGYqdnHuxEccXWjobY9WFUMXvNvN32tbczar1GPm8n3MKO6cBZN727WSpRU5rKru7DJSDLuv4l86jIjNP3L9hvGS8X5gz18HcXzeywtGAisyqjr4LG1jDf64miV3KEP01DRR7QGF0lJ6JMcC6FHUe5bz1-U1rqOZ6fgxVDtRo2d5gZLPsPnmrDdn7rJuFzvOIG-puG0x2Hw67dY9NDLa07v0WKSUiS8smozY_8iXu2gi7GP0voHJXdxdcH5tVUFx-0_q0hs0cYSf77_CsDrlGICRgFGoUl4QEfmbF6FjEBPyVSsiv5jHyEyX9O6CVldUR2tENL_H78XepNLR3ePF61Lrz-HDzi0N0T54oxECRDinidkwdTcIxMFFC3TQ1dDGUurO8YDVQivFHoSA5pZKkKtNitmai9ChSo2GnFADgVLBmP6EZ4NUS59n1FHRSMWcUqNcK2nVc4hRckAWe0q4ASLFtvAS0PeAtm3c27m5Qsv1RUHT4KnW5kIlSmVTCh-pYXB6qQs1SoJYxckBhBaWmbxg2dXeelJbArN-O-0GRm_fkm9kzRR2xPjqagwnayNvJwiJOQ9k1eA&cid=CAQSOwDq26N9fR5gNoEm_MCintaSIrLqxQTYc3pcil_ueG22KqtwrzyaQ6QtBDOif0j-NPVf16b81cjyTnGVGAEgEw&rfl=1%2Chttp%253A%252F%252Fwww.ora.tv%252F%240

Requested by

Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

76e1c1c18b6b76f35ea3a4cbe5d0bdea8ab3c9279ebdfe98a912b886c8446111

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34861
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1884 42 B
63 B 57ms
56ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DGVwU-D8VYUwKVwSsB1l-7r5loEZbe9kzlR-z87t1k9kUPpKcbVOEiWCtn8ZFi9FTdVqFYFseIu2QSsrQ4_txupZ7ArVrQWkbh1bUlzVRxEYrbKtY

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 1884 3 KB
1 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/window_focus_fy2021.js

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 21:50:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1648
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Dec 2022 21:50:03 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 1884 18 KB
7 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 17:06:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18682
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Dec 2022 17:06:09 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 1884 0
0 69ms
29ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRgO8efGP36Ba_FJihbfuSzWRqMuudQEQ0ujvjUTQ40XOFCIK93e3yCAww-1JdFlvSRRusEUR8oKSwyEN9YbwWc3cK6jQ
Requested by: Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1884 153 KB
47 KB 117ms
71ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 13 Dec 2022 22:17:31 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/ Frame 1884 23 KB
9 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/abg_lite_fy2021.js

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 17:06:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18682
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Dec 2022 17:06:09 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame FF74 41 KB
15 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BlzeVFm1l1iWQAR4q-ioXQYjVRlDv2LAq5K9cTtWt7yslMc62Dgmw986AEWecieaKPxSZGH5E7oLOn9hFTZDFFuJjbz8QRiJIfyl4JYG49i_mSUyYeTQyaj5bTd3ht1exfhsBaX8AtFpwiREVLAbqEo3MxKvEVCYxC3fsexdblyiKwRwA&cry=1&dbm_d=AKAmf-ASJrsImI_4YqQGQimAp6_BBDrnTFXoXx4saACEWfSA13fEi5hVB82_GLM3mgCUGdqATqPQ6FFG6Fb74CEf1ztfOr94OFvrbLJKGFRqSv9orntns9DX5LRq5Hc2RfpVdlchjErCXtEURuBiwvfLc_JOZ1C6RZjuG9Wpo50f9R5Hv4xKyAPyZp3HVd1JxwBHuZUqF9IR6MX1-aR32vsqTqFoycDWMmoWEp9VJPy2T7DNOzK0WZQAK7hqABR3GosOLj7THi0mdJXpLHP3iYn0y8rmtAxWEr7EOnDO6G_5FYcAi66mHxXl4bNkkhQhG7A21r7X48a2x34YPv3E2PDwPMtUqEQ-CivKEDNgeqeYZYkzC376bEDWDLU5lm-O1JZApelFl7kdWoqPL-07X5Kw6rOcZpH4p9aQzn0PVTASm7xQlG-v4sGs0j_vtEh86tMnkAtFusAYn7kLMZX3lDH0wjx1wcr78oQaKjoXU5xuKn9gIueiGOl_Z4ZvweQahxXQNNY6UlXJw5s_QquPkMQagjEi2G9UchFsnhEV-GaVV53irdNQcjgqhkSbetpPBe3RFlDZQ5XcaCarnEAa1nVxv_2d97UsBpcVCHdPC4z9BXYmYKI9xnZ8N4eZtc69BfayBXc3ZuJw5aYlD1Y_zrN2sTqsvNsAm5gmXkMs1wfCa6Aj_Lh9rsb07JGiwIngXVXV5BuNWcqFlQnObXYWmz7IPxk5a0uydJWH_aEE5pkAjoopyz0idgWc8zLu1UPMyIdGnDnZlUVYgmzxOyYWMz7w7Dqs_z1-3shMX3L6tYKl180ttl71txvh6ABgGwSpQhuqP7LEw1RhKiOwbEM2NEl66otG8wYtuAdFkibq3i3w7T_esVYDBGmxmT900XKYSTXLaxeyZxcnXXFXxq9JfzYYzZ0ZlwtxwpLjZJAwTE8ak_zkwmmgmCESzv_F3V8po2uy09-P-NbzoLxQCf9Cfww2H3QnesogR-_NAi2UjMIixSHLHRClvE9KB27NRUZuUwZl5Z96-PlSAeedcxastRaESH3GdEN5BWXviyAjSqQCZRDqWkaYQT1BAEd4ivCZEHE8kDneh6hjNYT4YaS2T8y16_Jeapun1TUTP0iFaAejmO0x1p3-nVy2VDorU2UINzNTshKB-OODHfq3UH_7_Amey4NrIfl1m5xOAmMhvAAHCJ7w3PxdajdtCm70L7iF46nEMby55H3LCuWxX1OsHpp70TS8rw0usKI57mVWG16Hk4HID1Nhb8sAIw1Rjpz-ApJATV_cVZ46FDxH8RFcY61LzbYhqPmCWNPXGCNSTJtKPcbc6YiFkaITXyQCM-zmHK8P8xEUhIxoR6Q5ko5cMnPYJ_V7YQAGJYR5UnFQcMwGRddZZ6JEVuSCQ54O4c1Kkjeh6id8uBCHgxaFMb_EiHChDMK_Kaa0bb_HVNkmRIXYkmUO_z2PlKZ68TzC-zLCJ-hZA7JlrPIHKJKjeAy_YMnoXrE3tAANslA0UwS2ikyuPZ5_F9RfXB8BLnItaLejmLyWMb78nzOyprE4_nBa3OOqOpopPA9BushNxdtodC0o6YUJHmwjXMf-L4l9G2UHD5fzoVxijwZ8Jcndw28SLHMsOGSvMMyw9SPdDkngWH2s3OT3cF7q45kP-S5miNyIqCK9TSXwojVMJlFDh9gaZ-ox5IjIPtNq01d453r1qJ5C6kG75kVvrGIaV29KMsRREl749n64noZ3pw8tZPrE801MgCxky8g6bgFYMdNdn4S-FsfBmh6-MPWsAV2zLhqwluhnncTgUAuFlHMIOW7m1RDM4mfdVJs4raLXgHe8gY-oq7FCX-x46DJ1Ar-Wi9NjOW-aOENu_AgtUjfJEUTf9FjH7w1LxfHgC9bW1fBsVpMW_9gvKQqnJXOfOPiE5hQZK3zfnC_E9etWvcdZsScMcwPvMJVRUZZgzL_0q-0fXFHYXmftTQliYzjGSxRSxrdM00nqC66L79gfkvuQcDBcu81dH_mch7cSuOVbH1hJmMsC9JcfAIehfAmeixrvQrcSE-SspGq0SBQYSYqyGrhMlUrv1tPCmfpMCyPRO-dbTe2_LVZ94wpgxaic6b35Wu8dCncvtnixbtBpSNkCbaP4YjCHqZ_DrW7p5gGYDzEyNS0aFVvVOhsKRqG_xtj7AiWIqCsNFWdlyKQMmMyyYKNnvhdjNbDVcqNTBJMR7q637nI9iIcu-A2CNlQbG55vCgQvl8B-uyN11k-FpyYYUQbaRDCHmUSoEogstrElS5E5q16INgNqhKNvd4MX3utwk9mxdn_1oQWmO2SCO9I6l_y7K3xvRb0zhrIHKhEdjsDYlGv3ZygZ9Hij6vT0y_Q1TUDsQZK3X1IGj_SBGhmlVhTOJahzqeasjwEbwgDksM5HCLjfYv11HtoTOyOdMc01GpO5cUKsyP9W-1l4Gl1lHiCSiHMWv5EvRcARQys2syERjQ1ED2FIPM-YZYnynvGG_oKGQU1z-fg1guJ9ONs_GVjG8JLL8AQS6nNee0VM3gFy_x7YaKXEqrUtnvhXFT_WLHliAxqA2nG6fDHfRgUOdRZAq0KWHrymXztbgGc9zLBOSSlky-4dlvUMWUco805SDJybnx34ZFVtmgfXRu7iWHDMfN6fI30Xr7DBajidNy_SOAU7MSE9hBW1v_c2bOshGImXqu6DVxajVDyjNw0vyUeCWvARJk-tKZdILgfUh9D_7zz6SO743-dZc-9WeYvf9UJYAbHxWSQx5wdIKfaKvjlRcIYA87Y84KrrBDQZtHKcPlW6RRczveQA3Bt_XMCvRsE2cL6cf6ut2ZzunHg6uzNqvAOlsjBlq_iHS8Nqr_2aRtg8a-UFFu8KKjzE8prqezST3hJgslga1hMrBpnbVdZzgCcp_GTWDqLj1KmY3FKXnAwbtE9RL-KRLWmFansdNvqt0obxutoBoLeRG3_Ji6Dva5DZ1sIMqyWYFa5l-59fEbEX7fwJzvVrL5Hg1je0pRqcjisxnCRfMI6eZuSC1d87ysk8FN44-I0hxiFPVVhZ6ttLC4I8mjDJfQSsBVUBsqyiPalcjLEBpm5aqmisH7tWN0y5pOwpZm1dP5pIANzMl58au8WUpFLHbwpU8ksZCgRtnkM2kndfs4QmPyPbbCac5lgXkeIsH8-fyxlJqy7rS1OU9I8l69o-GOuZrMFTSQCOMDzQRw3QTyl1NkGw6fyIE9hE1VLpgatVuKSEDSaMDGrM_f4EqXXSGDjU5mA6_EEnlugI_IpBuOlLwaw4BGwg5GWKQ1mNx7X_Gj8E_HSx71Nko9lQwCrlD3iazpuVPMY3xrMq9ndgMRPkYCDBJ6A87oV2jBBnyK4FMmFRVxFl3hrZVx1inqpxFm4iWFhxnvdRUG1K1AF1PuBOHGNzJJCdCpgFFf04Cmy_85sg7b1OPvgvXEZNqVUkiUbW9vOlhWRwph9aBlgVnhHPvP-WO3ptsbFl7bYD_N_SUGxjPTehhcrC6zUHx4W3QpSpKFdH5SgAqMv6rHdcWyeO-Iww5K75M7fnRSMNrCiFng&cid=CAQSOwDq26N9fR5gNoEm_MCintaSIrLqxQTYc3pcil_ueG22KqtwrzyaQ6QtBDOif0j-NPVf16b81cjyTnGVGAEgEw&rfl=1%2Chttp%253A%252F%252Fwww.ora.tv%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 12:48:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34141
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 13 Dec 2023 12:48:30 GMT

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame FF74 11 KB
4 KB 94ms
27ms Script
text/html 176.9.26.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCq_iA-vmYY5qDMojL3gOVxZXoDqblvaBphZWcp8kP8C4QASDNgtMgYJWCgICgB8gBCakCta-wpZ_QsT6oAwGqBIkCT9COjbwpsFC_5ZcvFr80Hi9DR0X_67bU3FUI8ZEexj0I0QgeofPWAvAVRMR6M942PUDFvPBwweXUWZnU6YEk-gnP_GvyPL1ksld3ikUg2cQBzEXVgNBHmJFiaAFhh0x1JlSYqYQDja9KNh-IxP98xxEEDyRbEXT46dBohHXth-4nQgNtA8pTdI2ZystEE_qcMfXPA8yi5UnEPysLUQ-QndgV1NjbCdZfzmaNogUajqe39z736soyG9KW1B0uIQK_BOdpJKE_fP8U0SD-jPfG44KSadWAGvxFY0RUClMjiXWQy3-ca40Tj7T3r4lNqNXpc1TcvVdk3yU4fCBbBHAweoCbLChHz23CNcAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSOwDq26N9fR5gNoEm_MCintaSIrLqxQTYc3pcil_ueG22KqtwrzyaQ6QtBDOif0j-NPVf16b81cjyTnGVGAEgEw%26sig%3DAOD64_3c083Qnpe6XVVKwVPr3vqNpsltOw%26client%3Dca-pub-8380580761190214%26dbm_c%3DAKAmf-CI2dSGB2CpyQJb0gvC2XofadrZDIpazueMzIEk3ioPNskAQInajRlOahdqQEJt3SHidSp5ZnQPvnk52fvx7lm5oMJscK8eDufaO9WJpPxl5kykADXDUuIgu_BkVVbOWEOIptWSEWeJDyGBkGuJ_bYhkoz9Vm9r7gchz1m_XrEriOUr7_g%26cry%3D1%26dbm_d%3DAKAmf-D8NUAfcMUoy4pGQvksNA5l8y0KxRDLR0MrlnoxY9auapGHYLDN1pmjfbCnz6lces0MvU5SDgvEuVTML0KWfcG1Jnyf9q04z9XIwDdiCe_59s8p5IFlAOH1Wvj9XMkMIoCQvpVaiV_LMU3Go6oHuktR5dGdwh72MO9G3xki_9R_jaDpLpMmeaCOkFcUpAsmM3UMBXUVsDMaZkHn9k0cdaWI5KXEIFBD2CfTc8Jdjmy8wmmBrw6RYOELcW9_UOUCTRqKZ67SxnzQyyVm0KkY2SKfRpUrj2AoqdmxAUpeEpRtZxfPsgslIHhBfBH4-SmG1XwBMg7xZxWtGNgMt8z4C0YPgj6kPVK7zq2HFjjKq6mJkyWGcUDjL7-lCZ5GPh08CLa-1Y-CZl5GjFNQ4caIg657enX-1HDkEeQfrFdHEfQ_9t1Q8NuNzv3iWDvEYjgPUrA6rNL27Mt7xaM0m4jjVcBqPAvQFOHLHKcoxiL7xGIukr0dqQtgBnR17a1Fb3Xlacp57o7SEUfg5yuruayTSQT56Y0Ktw5VL0Sy2IqOKvSsx9hCq_fvzPIRCFmUrko0jqgx_jJuodLQalXf68Ikbb82u4F4KA%26adurl%3D
Requested by: Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.9.26.250 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.26.9.176.clients.your-server.de
Software: Apache /
Resource Hash: 69be6c3160f6b7a9d56613353aceba770e015d76f6e52fe5b01b1a9e976cb8ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:17:31 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4138
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 195F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&C=1

43 B
894 B

22ms
22ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXkLRozDLasm3slIODm3_ptUAKDrndPrqs__7sK0L3TwXlDwZ6AvEbKnU9Lgjt-5mdzy9cT4JN5AhobaxBYXsdVfDwVzplMIvOzPux_iEEcRwpMoGpLRA7d8S7Kl7pEruQOe5e7rwOxH0Dsd8KeE_hM985EATZT8sjGhsr0IuPEPyIhIJw
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Dec 2022 22:17:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Tue, 13 Dec 2022 22:17:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 195F
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5j5.2psEOGc-VyNQy3X2QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&google_hm=2

43 B
894 B

22ms
22ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXkLRozDLasm3slIODm3_ptUAKDrndPrqs__7sK0L3TwXlDwZ6AvEbKnU9Lgjt-5mdzy9cT4JN5AhobaxBYXsdVfDwVzplMIvOzPux_iEEcRwpMoGpLRA7d8S7Kl7pEruQOe5e7rwOxH0Dsd8KeE_hM985EATZT8sjGhsr0IuPEPyIhIJw
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Dec 2022 22:17:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 195F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOBWAYYDiXKT7LU1-NivAfc&google_cver=1

43 B
1018 B

31ms
30ms

Image
image/gif

185.89.210.101
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOBWAYYDiXKT7LU1-NivAfc&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXkLRozDLasm3slIODm3_ptUAKDrndPrqs__7sK0L3TwXlDwZ6AvEbKnU9Lgjt-5mdzy9cT4JN5AhobaxBYXsdVfDwVzplMIvOzPux_iEEcRwpMoGpLRA7d8S7Kl7pEruQOe5e7rwOxH0Dsd8KeE_hM985EATZT8sjGhsr0IuPEPyIhIJw

Protocol

HTTP/1.1

Server

185.89.210.101 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Dec 2022 22:17:31 GMT
AN-X-Request-Uuid: 716bde29-39b6-480f-a320-8b6d3d90d398
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.114.218.20; 217.114.218.20; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOBWAYYDiXKT7LU1-NivAfc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 195F
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODM5NDQ3MjU0MjUzODQxMTAyMQ%3D%3D

170 B
188 B

76ms
33ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODM5NDQ3MjU0MjUzODQxMTAyMQ%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 13 Dec 2022 22:17:31 GMT
AN-X-Request-Uuid: e441396d-c01d-4ff1-9bf9-8b6edcf524f0
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODM5NDQ3MjU0MjUzODQxMTAyMQ%3D%3D
Connection: keep-alive
X-Proxy-Origin: 217.114.218.20; 217.114.218.20; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2F4B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&C=1

43 B
766 B

23ms
23ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmw9gIQ_bPr_AEY14H1uwEwAQ&v=APEucNWY5mpt85397rIhnj78KLQJw15xzTBsaFRRGadr40BmJwKHCSOyiH2k2hV9FVWRIWlyuDpLeVIAwigcGdm4hYxVF5qWzuEAff8GeWjo988G5Bgou8twp-hBLX3ALQar6ZIE5-AACzGDI4WvCXxBjErsooMG7THJlXQ0-u2arbKBcnDWXxg
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Dec 2022 22:17:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Tue, 13 Dec 2022 22:17:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2F4B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5j5.2psEOGc-VyNQy3X2QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&google_hm=2

43 B
766 B

23ms
23ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmw9gIQ_bPr_AEY14H1uwEwAQ&v=APEucNWY5mpt85397rIhnj78KLQJw15xzTBsaFRRGadr40BmJwKHCSOyiH2k2hV9FVWRIWlyuDpLeVIAwigcGdm4hYxVF5qWzuEAff8GeWjo988G5Bgou8twp-hBLX3ALQar6ZIE5-AACzGDI4WvCXxBjErsooMG7THJlXQ0-u2arbKBcnDWXxg
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Dec 2022 22:17:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 2F4B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOBWAYYDiXKT7LU1-NivAfc&google_cver=1

43 B
1018 B

31ms
30ms

Image
image/gif

185.89.210.101
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOBWAYYDiXKT7LU1-NivAfc&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmw9gIQ_bPr_AEY14H1uwEwAQ&v=APEucNWY5mpt85397rIhnj78KLQJw15xzTBsaFRRGadr40BmJwKHCSOyiH2k2hV9FVWRIWlyuDpLeVIAwigcGdm4hYxVF5qWzuEAff8GeWjo988G5Bgou8twp-hBLX3ALQar6ZIE5-AACzGDI4WvCXxBjErsooMG7THJlXQ0-u2arbKBcnDWXxg

Protocol

HTTP/1.1

Server

185.89.210.101 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Dec 2022 22:17:31 GMT
AN-X-Request-Uuid: 7bd19057-c5d4-4c84-bb9d-2b21fc539e17
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.114.218.20; 217.114.218.20; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOBWAYYDiXKT7LU1-NivAfc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2F4B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODM5NDQ3MjU0MjUzODQxMTAyMQ%3D%3D

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODM5NDQ3MjU0MjUzODQxMTAyMQ%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 13 Dec 2022 22:17:31 GMT
AN-X-Request-Uuid: a402ee3c-98c7-488d-9ec6-714e0f9a13e0
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODM5NDQ3MjU0MjUzODQxMTAyMQ%3D%3D
Connection: keep-alive
X-Proxy-Origin: 217.114.218.20; 217.114.218.20; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6C07
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&C=1

43 B
766 B

22ms
21ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmw9gIQ_bPr_AEY14H1uwEwAQ&v=APEucNUnKVHOH5CC2xJQFWuT-LUIUm-k3gYTZ0AFGlvmV_IwU1_Is4KEOZL7dur13fI3JICDug9GRzXiEf3B2eq-8cv8ySbdS_6F7SviSs-E6M03eHujkIZGQwvk-9A1GhFpTAxmOeg0iCnNhEyCXEXPnZjcGEKUHPQHesUs8ErvEO_zuR6aHQs
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Dec 2022 22:17:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Tue, 13 Dec 2022 22:17:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6C07
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5j5.2psEOGc-VyNQy3X2QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&google_hm=2

43 B
766 B

22ms
22ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmw9gIQ_bPr_AEY14H1uwEwAQ&v=APEucNUnKVHOH5CC2xJQFWuT-LUIUm-k3gYTZ0AFGlvmV_IwU1_Is4KEOZL7dur13fI3JICDug9GRzXiEf3B2eq-8cv8ySbdS_6F7SviSs-E6M03eHujkIZGQwvk-9A1GhFpTAxmOeg0iCnNhEyCXEXPnZjcGEKUHPQHesUs8ErvEO_zuR6aHQs
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Dec 2022 22:17:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAdpLu8K-cNVA8FOHP0JdnY&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 6C07
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOBWAYYDiXKT7LU1-NivAfc&google_cver=1

43 B
1018 B

63ms
29ms

Image
image/gif

185.89.210.101
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOBWAYYDiXKT7LU1-NivAfc&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmw9gIQ_bPr_AEY14H1uwEwAQ&v=APEucNUnKVHOH5CC2xJQFWuT-LUIUm-k3gYTZ0AFGlvmV_IwU1_Is4KEOZL7dur13fI3JICDug9GRzXiEf3B2eq-8cv8ySbdS_6F7SviSs-E6M03eHujkIZGQwvk-9A1GhFpTAxmOeg0iCnNhEyCXEXPnZjcGEKUHPQHesUs8ErvEO_zuR6aHQs

Protocol

HTTP/1.1

Server

185.89.210.101 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Dec 2022 22:17:31 GMT
AN-X-Request-Uuid: 3e7644bd-b475-4fec-8bc4-899bcb99de5d
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.114.218.20; 217.114.218.20; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOBWAYYDiXKT7LU1-NivAfc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6C07
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODM5NDQ3MjU0MjUzODQxMTAyMQ%3D%3D

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODM5NDQ3MjU0MjUzODQxMTAyMQ%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 13 Dec 2022 22:17:31 GMT
AN-X-Request-Uuid: 3e840179-ac1c-468c-92da-014df2fc03e2
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODM5NDQ3MjU0MjUzODQxMTAyMQ%3D%3D
Connection: keep-alive
X-Proxy-Origin: 217.114.218.20; 217.114.218.20; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 express_html_obb_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame AF14 119 KB
41 KB 82ms
21ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_276.js

Requested by

Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed44e345a8354731787a4fc575c66363aac13eebd6007b88aecd8a1deea341df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
Origin: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 08:47:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 48583
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42405
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 14 Dec 2022 08:47:48 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221207/r20110914/elements/html/ Frame AF14 8 KB
3 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221207/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C8fJtPxnULedBbyLH_HIiGhhpg9ehkAvjtJRl9MZ-SyW19avpxzYWERIde4zB-p0IfoX4sdfeOUHhF6PcP_Szy2T2Afd3KtzFEg-klOtzdvOsVBPkAr3ngKxTPiLXWGTUmaNpKFJN0Q7blAWA51orRdkmhO9ieQA8qomyXrZ-4mnZcbAk&cry=1&dbm_d=AKAmf-BhvAwvClhk-xL008COwh9W3IaNAhzJcVOHXdI8xogUQ6jCrK7Q7SE8JZOKWpku8AMtqnc-Kiq5jJNpbw_XFAD0gwqSzu0Y_dQcYuW-umyH1_b7tW5RomeHivtwItAbplnoDKpHUTqRBNzyzm18MQsbJIjmK_QeiOugIuRW3HuTW8WNvinCwd4ZcNtFwRb9ikHIBZe955XU_ZIrJMoSdI1biaKjUyfalC23CwGajrqPlAmYy0ZJ8DftYEVC-bEr5otLllKeOd3BQEEjyT5AXsbiILDuID084wUX5hmtevhwn9-Iha3CevK8XF8aum-vVCFPeCDDKENMVEwT-h3asTI0mv0YnEt98WEUy64gECK0VchvLHUmi3uVyGFJJgme2BMDQEOE901z0J0KOpyHhWiMTNnPy3vu2WotP1LDeziZqYvoN_IfbEqvq9aj_VUcfiToXpkDiiPq8ebFiHH652h1ccYM4VwCcO9uD5DebAj-6DAVs9ZHvC8WDOyO9QZ8HxD4LHT-jCBg7kOzLsDz_P3T-Zzv5pzKmvbnYQo-rrU8PVRbFtjf4eQI7rfwYXGS8L-vHubbYZTdQ1eferMWxPqBxLk2fGjCxa2ut3zwClHJhEpDr_kOKN0C6ZNWbMXonwLPupB9hrIVxJ8Ei7b6Y9cnATgWAxXLzsWnkINwPD-cpSI8NAjpgKlOdpCJrzEc_gWutoCNWQPPKcygFe_S6EXdd_9whU1a7U9u5e8wUYdB1hkD7mZZMLFGX3bjGSGFZBEKGjOMJ9KgDUKAVSZzpuFO_9scYob6ttc751mv0OkCNNHC0ukanyLrU4rbIHOOYKvVhaq_SP22vz2_Fi1z47paQtsWDWBD86qQ2fvTwwXqPgWtiJ7eiILs384mJxkO8cxIotWpAI1EMFLy2XAxPZWj2pgYBuEMEoqJez6jfZOu2fOx6fjVk5Cu0-k-v8AWuR5o4Pzh6WmYv4MyHO20uizp5B6M4z8-azNrh06yuHmd8ZIeXh_NvBpUQ7jMvsBCHMR4ylolbdk2lyFYefo68re6LfeolSvGBI5oFiZSWfDxj5V1bMsOFxeaXMdFc9GXBFRmmk8GgsoPzznDXaJ7qtPLBdfgY5g7-zdJeUADOwo0QoCELCNpiFuxqxIbYy5H-uzc0hkiQAIHw1IC7NWZQrqRUUh4r_3Bc8HL_sR_bJh7IG3O9YO1oxJGJxUGODXT0eWkIOXawOChux5r-wotfWoYME-J2SX4hpbNUP2dndRL5kQFhvaYDqUXKXF97vc--Zicyc_Nb2jWzutpkUVnufhI5SgBDgr9Q1tWK8FVd6qqdr4hvtu_6PLn2wc7hJHBzeS2Re1j1vqWs8hdXFPXM9YAE8yKQGz2HPvLd8U-fge8i9DW3JRSlAfPDQ8U3PGnMZR59v8FPGyrCSFQe5wuorwbDd6hWakKm9Zc2yVwT2IGtN0mYuRjefOoo3bTs7dFRiQZUWO53deXi6lVh-bL5qo5B4x38vF0C2o1Er85AnlK81gHm5duqWWyWPHm2MpAkFeeWfVWy4ooZJ_zufBOgSX7zmucFl7Ik_NXUla4vTVBYQgkjlkkqmIYcl9vZQU7JBzOfa82Goi_POMtkK-_Lo_3r7TeTS0pCohUd4dwsI-xGw7USSVVX91v_Xy_migeSLuGT5PY10dAGvp4-NjnCUvKRbWnWq2i_ekKorHs1K_vUc-m8ZtNnCJtJBDFcCCW_ygFPLp-cvXw-e7Nl3UotcOqQDY-iOnqAgJPBCy4Wyl3QOkaSJ0dc8EPubm_U36Iiqm0b-QpzrsAw23ynonKIUfNS7-I_PIanuibe1rsy4Nv64mszniiy_EeJN1TrBOP1shN2DLSmopZhgiupp2Vx3kZ5WvrQ9SBkm9D_RynQVBHWfhkOrl_5u0K7Yj9Al_gThTh6xxL5pUlWdk7ukli0B7gvEpRHem5ULvEjztSTLx_6TY8M-Sb16-wrSvpiACMTe4U-ZN_QQXtXSippeWJaGTls3rKe62ggNwS3MAyyBBYxFTYS7lWJfLkVzo7N7JxYF86_HwxTwEkzeW4j2J7UpPM4MqntocxPlDgHH5XxP8GrTAZzsQz8AFEoOoOqjLk5kK_FEYGkEQRYfU-dnY8-sFzZZpO_q-_r1yZQ8FzaC5H5iucaCuoGxep-rYlAnkQE0ZG0IQRhcmJKDaHrECiCKJTncyRX8BPC8HuYh9Rx7KtAKO5kpbu7tsN0Mj2dT9ym4BaJQgXqw8sGp8oOPV_x1fhYoSDEYh6eLlnnTXPLva31REwuqDAuGXJsUayQNWqKjGMWCa7oCimgJY6kQX-rOqzdpy42Jgx7l83hzNT3vqu1ZXxbY0_48GuI-VWuYBa0GBFzfb-5WDTUFYe1azevdK4CHhQQujdcwywPH5aGDj7ctueXs0dlxus8LE3BDWg5Q3T2x1zjh55TkRszULsyfd6QJA9W6a0xurEXSWDb9Bfd_qkXCmLt_4VU6N6qtBhtoe3o1WbpEoTPVDRvnNgh3uRYslpy-rTh4SsQzaKP3mNOoYUT5vTO3F6ImiT4-ZcBtrKxprY5hjpJErIWKGrnfTO78DKE-nR6zcPd5uz8iujhPavNPGtIEzfIvtCpBkB8tnSi_Zmd4xeUXLxjJigoRmrCEWgivECmqpwMwEW9Lba3Tyz32iW2O1JtanwyJ5tqpjPap-_yLRDmI_yFXYCY5ZOBkzcFb9xzzOyxNDY9ioWb8sfnfyChSy_Wf66KnCnM7GCsRu6Hpe9wZ7Ls9oNfA7IJTgZsSod1fnFSaRAcx7oWj51TMRezAlwpGJmVO5RKnkHSYASRQ3A4ywihUShje3Kp7kMDhxqI7BoA2gHe6rsLmMwlmDi2iMIQElO5e6fUOzuMOW3YZJrGUtUalHXAGsND5dkR_g70N1z8Bi6e2Dw7sULT8nff-Juw5T0Z9-3RaRDAAPoCF4DKZqKdrSWHZJPJgxLV8Njus59uWhUk_jMjcbY9M_2eb6PtLJP_wvs85Rv2FbEbzw2WOSDR1jv0ecV1_V8yob-2JNPIzDWAylz3ti1Rx8yQGbESzxkEKvPxoKL2SyMCoAyMSQBSjVRbDSwY6XNrzKUQTZtnDqHmuEGUYhuh-hCzkVJeZ2R-95W2yBUjY6KUpGRVdMlVkqQqQL3z_nmhpIVJArH5FebMTWn2gbuRrdc8UrTi_mtNvDo5aaRaR71M8qqVb6YVehtX_e_CETaJ0xsbCipQ6vYNzLs5BlqhpxK2gFGKfAKF_7yWUimF8xKhLMa-_22_KgRQn7llc3xqFM2sHKgOJmoCt7hkdHplyvW-CttHGQLgVp7kj7I63_o8CG9l7GM99-l4SdrWueXxRlrd7vjwSQOLwb-1L-QpnYSaNc-Ph2i-BE6eso1Q9Ix_AtKKgcgNpDDkwFvAbcTtBj215AqSph8I6EgBg92kcDpkhHYk82MHmFLlEZHRgtb6DRYRkOmncUddS_G34BklSJlQA4Ml5eTFPs46pWhuh1KJmhyLuYJCrZ8Y0copYYqMtYFPJ_I1btva309iJ9OYqWyQXT0i9UD_sraAl8TZ2sauwME9pdrXDrtCBvvtRa2hrg3lvz2TwujpkKm0v-dOuYf-vekxgQbVSube9zdnQgx_ER5HEyRY5FBFyM-L_ccK6bJ4OtBiUAXTCJP71j5etfv4fGBz5I0G3prPJXleM9cqahPooSkqzxOiPtGC81-8iJxiSbsNeM7ZU7VCPZgMFoUvjdI2yGNuW3bZ3wlH9c&cid=CAQSOwDq26N9fR5gNoEm_MCintaSIrLqxQTYc3pcil_ueG22KqtwrzyaQ6QtBDOif0j-NPVf16b81cjyTnGVGAEgEw&rfl=1%2Chttp%253A%252F%252Fwww.ora.tv%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 11:00:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40624
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Dec 2022 11:00:27 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221207/r20110914/ Frame AF14 30 KB
11 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221207/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 11:00:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40623
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11387
x-xss-protection: 0
server: cafe
etag: 8197878782792770439
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Dec 2022 11:00:28 GMT

GET
H3 200 express_html_obb_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 1884 119 KB
41 KB 76ms
25ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_276.js

Requested by

Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed44e345a8354731787a4fc575c66363aac13eebd6007b88aecd8a1deea341df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
Origin: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 08:47:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 48583
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42405
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 14 Dec 2022 08:47:48 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221207/r20110914/elements/html/ Frame 1884 8 KB
3 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221207/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C3tiF_yl7sFpe8pLNWRKLwON9xShBY2-pCFwZk4MQ1uo1BbZCTFxTfv6DIJ3U5oSivq7k87T-wmhFQXqfsnBGJMVaO4vXWutjchSsfLOYu1BQO9UZK6UCIuGIfGLei6FrlmVJu3kPFhDRYoGooVTPvwXQGytivbCoAYKEW0te27wQK3B4&cry=1&dbm_d=AKAmf-CxyDZ1x9GXHXAeDw-ORX7F3YijYffq4mZiafIG1QXqYWDPz7sYFdWbLYelgeqfW0AZTGx2PFPJ65-q66O0b6QDBHCj2Edjcllp0dZ1LkvGVL4yqSbw4QJBhbghmNhWQu63TPusWWn_AkZRLCoOzE8m9JP_3NtCo4dXvbpoh8lVy7-xcLt_Gfi-f_zZnVH22TFldTJWzR0ru8GW-T1wlpPy4cFHN3vHm1YYRXnOUyfVX3NkdQViORHU9YoT4v8X8XSZkldFT76v9E4YdB4blW_DfDPx2IOv86M2iHCMFp5-KbRXRo_FJMCAV1cFqBIOQSbjpVt49rzlAXTvFlx0iGBXRWJZaCZtl4vjSFxQGIuU6ZkIh7UbZxlGjd3RDjdQMHaL2ducNY3s1PDqLab81NXPx3wcbmiSQeyZO9JcqRJNIOc6nAZ9CxE8dq-vyTFQQgBDgOgB_xk141N7Fql92dcDSKaB9V74TAGO9JjHZVmlIGDzB2BLZUnoOBlOfSud7bGYbkiy1Md-BRxSfnluwBPM4H3FK6Hgbp5ntKTjEI2HbM-nBM_T08cIgynvY2r0tcQHmv98gw1wICTa2KYKkKOPkAHHRpsC9lh4Y_3LdLd6aBB03l50jN58yVcLuSVzhohFlR_rjlROZdAKf_Ngos1Zt9vc6vrhebi8oMpwnX204k-roJsJ0VaZVq32JfsmSIKqfCi-XPH2gQsibCEmJi01vSjxYqXLk1_e2dIfAf8ttMiKNc46hgQD0s2hyY4Bo7VQvyAVfl2Hx1H3QaqMPg9w_78qUOgPjiqgrqZ6X-drzs08o9I8A4AwnskCgPpti5Y961voeCaE9hSSCIG2gsIdd3NmAfYjhQtfhkv0kqDotNNkBOAAEPuSvke7LVZhYQ777_ACu6Yc6_F2KcApYknvqTQyp3t5ZQCqEGeL-2VNooqE5C6R2UdR8sGB_s843dy5wuf2jW9r2Ewqxz1yhY6lSA2AONJcYeny_Grysq2bhqCnw2G5OgR8OuXVF5VifUwvUfC0z_Tz5-mKh2gYsbR3_hv06s-qIPLO-UkawXK9wGJEM1BAswkowHa_jsoqWk0aM3TxFnworHaf2emTb2TC-Fw8T2Yo1ZgLLOLxabI0s0tx-jw3JbaW9ndnNILYb3VfVsV8eYEiD6WJyouqlN1ogvAdak39ArbUIQH1gi8izNe1EXTl1MCV1yonFeyzgbbwPGEMPVI3olGY2_JRWEnfVLtpGIcdZSoRQIOUWbgXqScilgClXV0GZoEkkz_SRp8M5RfWZd7X327dZW1zbFOEjxxIiclMWPs5Cy9INFaslVko2hN-r6eluIlbGbyiwhAKWdy6na-l_2QTihiAsBmLHfbYyng8PSCtH9SoFuPZHCYlJWMkxiv8sKulg-1VYIWtk6cSEkIclJ0K_6PNENW5Jzv_pkxkEjwJZtXWbzvvymzUraV0aS9l0I_A37itkoX49U-wF4uVeU3XaVoXTed8cXEZRDNfooEbDPf3krAQ-bHs2f1cf8DyKJgfg9aDApcyDvbclmgdO-7pNHDI4FYZq-XY2s9LtYNq3WiFntuBqTT_wrrsFjkE9Rkd0b-Vk_WfxFbpcpsQiisjr7MYxKm2dROw3gZBC76QGZS8RrN65JNJbgdu6JQBAtUroqCpzXQMoZbQeFq_c9sdqvVihkWEsf_kwFSOid-ZoGRalbc9VT6sY5ezcBvr2CSHMB1IsH4qo7mwfgSdG0CUouBbC6453tSpplP1VTi7XWed2Q9gv5Vj9PCMh-hVDed4Fgn11zmXDiobFpSC-NDPqqbhUsDnTjDNtRMrtrrrPnFykHeeHBaAneNScqudLVoxH6qK4mfA46pp0LvM03d6-ptC7vic0MMJT8oYmzmPLcYOD9bZolXHtUTOHnkwh6PcEwtB04o1toAaidgPV31AeBr9yaiKOIwEa6lZYIv8dZQce16pV_tsTwvWuGCIViIUnKrPcUAJdUzqDpOKi1vDISt-yTJG-rQCPVpsMCXhbYxJ3QtnKNK1eVQxPS8pdMMceDc-FbAgdghr3x2u21K7kwBGD-spjbmMZttwbJzE1JQf2simELeA5m88fE7tEQ7Co9QZgAUCkbaA3en9jI33V6hv-eqvrV5k8PVI-BghJYx_inl39foICFDkEfSp8bPDc3cQfVkJ8TunAr5Os2PtE8pXYGiwxeVrzZzy49RrAhxm1IaKD2DiHTgYG0j3j1Qzf8enOsB2MHYQxry8b6sGVpF7Mjn9TZsCeGMloGMHh2MLsT7QkJD-p4h3F637PbIknnSh6UzsxQ0yMlQpfvABvdofYvk5XVUqIyJJznj25pKqCp4k9s75VLZ5k-lltlyRGZQnuhwIyaHM4uJPu3_5_qmT8RSiQOxYz5Afd7mR0mFXdpzpDqVQ1qC5U1gBLvLiMmEC9cEmlYFyStA7QPKn2wWFPo-dnLVJuzuL16t1092eBj_i90vrjVU2w-bjHuqYG2oEO7l2OL3kcaijNwAPig9hs7Q8QuOzRPsaPaB7WhwsnAn_wGMM-B98kKFv1jYx9FcN06BZ2i6pEx456yEvpQXryC6M0M4YX_PN5LdJkBejltKjrDPhfy96ZRhJHwXTjROgpNd2vbn3DFsuY8Vn9KHLCsXs3j6zzWvxq7MwLxCPgDKJtcBkTmOckcAiFT9AieYamWbPl7j13-t6sgXlCZ4bRysIhnIIP-FgtTciiSTf6dYevqaj330NVZAQhX0ZONHmUFyVGBq9Y8Ikns_1efD4HdEdnqFIRJNii51jMVeJvU6WOFRF-lMb44600zKnOFIxDTr5evBayowJLVNRxOM2qQrmyQb9Gv2d7qcB6t2FZKaj8XUG4rd-OwCp_wLrxCDQpq-VMxtNRKTQp6AAlJGvtbrTRl3zUMntnAVFyeGl82KDDFE7xm7sXpMSMnJASbmm1tFdqjgLEftuqtpsl7227tFBq5JlhwTrb58N4a3iVmXXC69hKoT7IcLH7EqK2HH0TAxgks5Q2m1kpK27b3OTOwlCpqLjFDWMDK59fATu2fYOI4V5NQXTmWXGPq0iWwe3afOaHTKdslIBJNRfXO4vJTU3NzpRZYfsWChgAYRoFri8Iq5OCJJijb79WVFWiwBYgTifLo2rRUb6Am1--zcCTz9nbTIPmCiIe6_eAjjBFGYqdnHuxEccXWjobY9WFUMXvNvN32tbczar1GPm8n3MKO6cBZN727WSpRU5rKru7DJSDLuv4l86jIjNP3L9hvGS8X5gz18HcXzeywtGAisyqjr4LG1jDf64miV3KEP01DRR7QGF0lJ6JMcC6FHUe5bz1-U1rqOZ6fgxVDtRo2d5gZLPsPnmrDdn7rJuFzvOIG-puG0x2Hw67dY9NDLa07v0WKSUiS8smozY_8iXu2gi7GP0voHJXdxdcH5tVUFx-0_q0hs0cYSf77_CsDrlGICRgFGoUl4QEfmbF6FjEBPyVSsiv5jHyEyX9O6CVldUR2tENL_H78XepNLR3ePF61Lrz-HDzi0N0T54oxECRDinidkwdTcIxMFFC3TQ1dDGUurO8YDVQivFHoSA5pZKkKtNitmai9ChSo2GnFADgVLBmP6EZ4NUS59n1FHRSMWcUqNcK2nVc4hRckAWe0q4ASLFtvAS0PeAtm3c27m5Qsv1RUHT4KnW5kIlSmVTCh-pYXB6qQs1SoJYxckBhBaWmbxg2dXeelJbArN-O-0GRm_fkm9kzRR2xPjqagwnayNvJwiJOQ9k1eA&cid=CAQSOwDq26N9fR5gNoEm_MCintaSIrLqxQTYc3pcil_ueG22KqtwrzyaQ6QtBDOif0j-NPVf16b81cjyTnGVGAEgEw&rfl=1%2Chttp%253A%252F%252Fwww.ora.tv%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 11:00:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40624
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Dec 2022 11:00:27 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221207/r20110914/ Frame 1884 30 KB
11 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221207/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 11:00:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40623
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11387
x-xss-protection: 0
server: cafe
etag: 8197878782792770439
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Dec 2022 11:00:28 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C0CE 22 KB
8 KB 31ms
30ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 34103
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 13 Dec 2022 12:49:08 GMT
expires: Wed, 13 Dec 2023 12:49:08 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 4EA6 0
10 B 34ms
20ms Image
text/plain 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Be2Pcw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:31 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame AF14 41 KB
15 KB 29ms
20ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 12:48:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34141
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 13 Dec 2023 12:48:30 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 99D2 1 KB
643 B 23ms
22ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 40555
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 13 Dec 2022 11:01:36 GMT
etag: 48472445140208031
expires: Wed, 14 Dec 2022 11:01:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame AF14 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1904e5d9e8cda5e578667b1fdb9c614e33436019c092a22e4cc6765882d713c2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

request.php Show response
hal900020.redintelligence.net/ Frame FF74
Redirect Chain

https://hal900020.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=e81db74cf7&subid=&uid=6772183f1018fb71&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900020.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=e81db74cf7&subid=&uid=6772183f1018fb71&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

137ms
88ms

Script
application/x-javascript

178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900020.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=e81db74cf7&subid=&uid=6772183f1018fb71&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCq_iA-vmYY5qDMojL3gOVxZXoDqblvaBphZWcp8kP8C4QASDNgtMgYJWCgICgB8gBCakCta-wpZ_QsT6oAwGqBIkCT9COjbwpsFC_5ZcvFr80Hi9DR0X_67bU3FUI8ZEexj0I0QgeofPWAvAVRMR6M942PUDFvPBwweXUWZnU6YEk-gnP_GvyPL1ksld3ikUg2cQBzEXVgNBHmJFiaAFhh0x1JlSYqYQDja9KNh-IxP98xxEEDyRbEXT46dBohHXth-4nQgNtA8pTdI2ZystEE_qcMfXPA8yi5UnEPysLUQ-QndgV1NjbCdZfzmaNogUajqe39z736soyG9KW1B0uIQK_BOdpJKE_fP8U0SD-jPfG44KSadWAGvxFY0RUClMjiXWQy3-ca40Tj7T3r4lNqNXpc1TcvVdk3yU4fCBbBHAweoCbLChHz23CNcAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSOwDq26N9fR5gNoEm_MCintaSIrLqxQTYc3pcil_ueG22KqtwrzyaQ6QtBDOif0j-NPVf16b81cjyTnGVGAEgEw%26sig%3DAOD64_3c083Qnpe6XVVKwVPr3vqNpsltOw%26client%3Dca-pub-8380580761190214%26dbm_c%3DAKAmf-CI2dSGB2CpyQJb0gvC2XofadrZDIpazueMzIEk3ioPNskAQInajRlOahdqQEJt3SHidSp5ZnQPvnk52fvx7lm5oMJscK8eDufaO9WJpPxl5kykADXDUuIgu_BkVVbOWEOIptWSEWeJDyGBkGuJ_bYhkoz9Vm9r7gchz1m_XrEriOUr7_g%26cry%3D1%26dbm_d%3DAKAmf-D8NUAfcMUoy4pGQvksNA5l8y0KxRDLR0MrlnoxY9auapGHYLDN1pmjfbCnz6lces0MvU5SDgvEuVTML0KWfcG1Jnyf9q04z9XIwDdiCe_59s8p5IFlAOH1Wvj9XMkMIoCQvpVaiV_LMU3Go6oHuktR5dGdwh72MO9G3xki_9R_jaDpLpMmeaCOkFcUpAsmM3UMBXUVsDMaZkHn9k0cdaWI5KXEIFBD2CfTc8Jdjmy8wmmBrw6RYOELcW9_UOUCTRqKZ67SxnzQyyVm0KkY2SKfRpUrj2AoqdmxAUpeEpRtZxfPsgslIHhBfBH4-SmG1XwBMg7xZxWtGNgMt8z4C0YPgj6kPVK7zq2HFjjKq6mJkyWGcUDjL7-lCZ5GPh08CLa-1Y-CZl5GjFNQ4caIg657enX-1HDkEeQfrFdHEfQ_9t1Q8NuNzv3iWDvEYjgPUrA6rNL27Mt7xaM0m4jjVcBqPAvQFOHLHKcoxiL7xGIukr0dqQtgBnR17a1Fb3Xlacp57o7SEUfg5yuruayTSQT56Y0Ktw5VL0Sy2IqOKvSsx9hCq_fvzPIRCFmUrko0jqgx_jJuodLQalXf68Ikbb82u4F4KA%26adurl%3D&documentReferer=http%3A%2F%2Fwww.ora.tv%2F&ancestorOrigins=http%3A%2F%2Fwww.ora.tv&random=3966157455036&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: fbe3eaf8b91d44b9599f6b59bde0fd0163f648e70982d7f161813ba17f3acc19

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Dec 2022 22:17:31 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 24621300135258104444550012172020
Connection: close
Content-Length: 1310
Expires: Tue, 13 Dec 2022 22:17:31 +0100

Redirect headers

Pragma: no-cache
Date: Tue, 13 Dec 2022 22:17:31 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=e81db74cf7&subid=&uid=6772183f1018fb71&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCq_iA-vmYY5qDMojL3gOVxZXoDqblvaBphZWcp8kP8C4QASDNgtMgYJWCgICgB8gBCakCta-wpZ_QsT6oAwGqBIkCT9COjbwpsFC_5ZcvFr80Hi9DR0X_67bU3FUI8ZEexj0I0QgeofPWAvAVRMR6M942PUDFvPBwweXUWZnU6YEk-gnP_GvyPL1ksld3ikUg2cQBzEXVgNBHmJFiaAFhh0x1JlSYqYQDja9KNh-IxP98xxEEDyRbEXT46dBohHXth-4nQgNtA8pTdI2ZystEE_qcMfXPA8yi5UnEPysLUQ-QndgV1NjbCdZfzmaNogUajqe39z736soyG9KW1B0uIQK_BOdpJKE_fP8U0SD-jPfG44KSadWAGvxFY0RUClMjiXWQy3-ca40Tj7T3r4lNqNXpc1TcvVdk3yU4fCBbBHAweoCbLChHz23CNcAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSOwDq26N9fR5gNoEm_MCintaSIrLqxQTYc3pcil_ueG22KqtwrzyaQ6QtBDOif0j-NPVf16b81cjyTnGVGAEgEw%26sig%3DAOD64_3c083Qnpe6XVVKwVPr3vqNpsltOw%26client%3Dca-pub-8380580761190214%26dbm_c%3DAKAmf-CI2dSGB2CpyQJb0gvC2XofadrZDIpazueMzIEk3ioPNskAQInajRlOahdqQEJt3SHidSp5ZnQPvnk52fvx7lm5oMJscK8eDufaO9WJpPxl5kykADXDUuIgu_BkVVbOWEOIptWSEWeJDyGBkGuJ_bYhkoz9Vm9r7gchz1m_XrEriOUr7_g%26cry%3D1%26dbm_d%3DAKAmf-D8NUAfcMUoy4pGQvksNA5l8y0KxRDLR0MrlnoxY9auapGHYLDN1pmjfbCnz6lces0MvU5SDgvEuVTML0KWfcG1Jnyf9q04z9XIwDdiCe_59s8p5IFlAOH1Wvj9XMkMIoCQvpVaiV_LMU3Go6oHuktR5dGdwh72MO9G3xki_9R_jaDpLpMmeaCOkFcUpAsmM3UMBXUVsDMaZkHn9k0cdaWI5KXEIFBD2CfTc8Jdjmy8wmmBrw6RYOELcW9_UOUCTRqKZ67SxnzQyyVm0KkY2SKfRpUrj2AoqdmxAUpeEpRtZxfPsgslIHhBfBH4-SmG1XwBMg7xZxWtGNgMt8z4C0YPgj6kPVK7zq2HFjjKq6mJkyWGcUDjL7-lCZ5GPh08CLa-1Y-CZl5GjFNQ4caIg657enX-1HDkEeQfrFdHEfQ_9t1Q8NuNzv3iWDvEYjgPUrA6rNL27Mt7xaM0m4jjVcBqPAvQFOHLHKcoxiL7xGIukr0dqQtgBnR17a1Fb3Xlacp57o7SEUfg5yuruayTSQT56Y0Ktw5VL0Sy2IqOKvSsx9hCq_fvzPIRCFmUrko0jqgx_jJuodLQalXf68Ikbb82u4F4KA%26adurl%3D&documentReferer=http%3A%2F%2Fwww.ora.tv%2F&ancestorOrigins=http%3A%2F%2Fwww.ora.tv&random=3966157455036&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Tue, 13 Dec 2022 22:17:31 +0100

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1884 41 KB
15 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 12:48:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34141
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 13 Dec 2023 12:48:30 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame FA58 1 KB
643 B 22ms
21ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 40555
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 13 Dec 2022 11:01:36 GMT
etag: 48472445140208031
expires: Wed, 14 Dec 2022 11:01:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 1884 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ad72fe783ecfbdd82794599a626e8b1f7fccf5990eed2ad9a40801371dbfaa51

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 26C1 22 KB
8 KB 22ms
20ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 34103
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 13 Dec 2022 12:49:08 GMT
expires: Wed, 13 Dec 2023 12:49:08 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/4550933954932244480/ Frame C87E 196 KB
27 KB 63ms
20ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e83db047f5b908d27e6cbcd644a66728658f061946220731e1bfb7a786f1b59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 376156
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 27192
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:48:15 GMT
expires: Sat, 09 Dec 2023 13:48:15 GMT
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame AF14 0
0 137ms
65ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstJ2iDENd-HQ-IZuWBxLyei7jtZgBKtYVjzbs4RoqEWNFKvSe72ySdY34bnP7p6MAzGIeWbMRCXenu0x1Dv00t93yj2yftjTcwTjp2xG0NoofsDGFAjCxodDlujMWZZ27g4iTrP8h9tNjsx2s9ZUtG_ECQu9p1Of65myqzJMdJef2PWRezXxXb6fFnBxtYUleojMuY42JltTXVt4xM0Ir8YPJig5VA0urpclmE37cQP5s7yoQ9ZhQ1L_6eS1CBOot5EkwMslOalkXm0SSA4d7YGjQJVV8LaXBiUWBMDtg8cwljyHgB6z2XvwtLB8zHvSsccXxhWVFB7UHSmRgtSB04L7xLYTadLPf8TAqBCTdlRU5OJrftSiRp3gxJ9DnVgFO4HND31S4kXEFQ24LrBH1wj0CJDm8ndbrcrBN13WYodXj-9dbf4acdBuyN4iyZ_TGf3-o33lrC936-SAiIpCXk--4U6hJ6fuHDrY-sIaBrOIAXr9bWOZrFBE15TgIlgsmfNJu3_LaqyBsO4eyO9YyFVolDTBcNfJ83IuIpA8SI2bfmQMr1WziJV43UyxRLxyOnLsrBOsQVDg3QyH5q3LOhmFWzQ4vmIjERB2e0ChSbIlwgsaH37q-8OPCFXtyap5waUB5rj-eu0MY7MK6LfKweS397M8L_LXtGgjKJkBkYl1Nz_iSVAsaDQ24orZMl9qunoZDNzWa-YRu97_Qy74vz39zr1fiIrhf7sH31wEhYZayAS-8MSlutiXzvBFFKuxzm6yUT4vmnmomi9eUHvJ4mE-w9MkJ98UdwqM_UXzmr5vmWUx3loPWWvSCRzAMEc9L4e5joEH4htNCnVjV9Jh-Tfz9muzFb5s3ef8dhzzDvpyaUPfGoB-NuWasm-FbthGq2e5wUsJQMEJJBAh7qiKyFN33EMvugvehv8kS3tEKZiCuaWm3b2AiJfnsctw0r-mjqdh4nxCzeUW9PMVwHl1UeWbAY3r4JIpDMWIFOmnqLcSULxV-jONZuXpDagIqvlTxOXpnb2Z3rGlxaofKgRNVpn_tcZ44GbaSUZAt4-nPOSP23XJsslAR8A8pVVukCLP2brOZ8wIyftr6qyF2GDbjsO5NMZfiw9GBDxGY2XtyHT0XM7XkvHvrLUtwcTkQx1XeiuhvYsBdUCy7Pi3C3yEspbjvU0rD_Usq1ZwWlk9fNgZUy7NUlQ65TsuVEFxjniUcUh-7h3eJM1Xoy6EO1Xj3DB7QQqbDKGXYZKXqdUr1CSXinZ0cKRgl5wYgX1zZ4xo0kaZs9S0ew_EM9DA3FkGU-PHuYRVkjYgQhFO_v0ybwLkr641AcU9Gbjr85p884j2MGEk9odx7bw&sai=AMfl-YQ3wc31UuBR5QgcnonQSPE6r5xtD414Z34NZo2nEgh_jPOgaGCyu3dRQXFSTdj0k-mH1i6XYYKr-7R0GdMDpBiO6A6kGCGez2HN4pHOrhZb6vKyzr0SbB8EjWJC_cFGcYAMdIhKYryqekNN-IeolHJ20Y9i2HDEe-A7Faq_TIvgCPk7Rrt7MC_mXduRqz7O7xzHRBk3n9gH3IRgfasjQC-vNqBtGjUDXKvayH72YnpsphfV9ZKWfkZ4QCi5F07vLuwc7e3a5Zw&sig=Cg0ArKJSzKULFRVau9PJEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=210&cbvp=1&cstd=207&cisv=r20221207.95912&arae=0&ftch=1&adurl=

Requested by

Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 13 Dec 2022 22:17:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 13 Dec 2022 22:17:31 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/4550933954932244480/ Frame 6590 196 KB
27 KB 62ms
23ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e83db047f5b908d27e6cbcd644a66728658f061946220731e1bfb7a786f1b59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 376156
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 27192
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:48:15 GMT
expires: Sat, 09 Dec 2023 13:48:15 GMT
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1884 0
0 136ms
68ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsswISSB5nuKW_Yy8h63Ynnb_lQgZO7CL75pJ9niWWVpW_h9jg7yS98Txp5uinMajuQ7nZuVrsCW1sgFkh6OFJyuSh-U14ri5EfhR1M-jk_4ZC7mEWPs7z4kgw8NRm5MAUhrq_bH19ej4ac3f_MrRHRprgJTzUs6BN0OxTyJHjaOTInQoMD4t2BCwpnopnRJsogjXztz4W4cu66TaYFrRb_aBCPes7RHRIF4DlkAN7_CJuwWlkeNil0af2w_bT0EJh89YyNFpxCfw1fzymipu_r1qxziCaxjha8Y_VHx57LUdVMbnT_fiFxp1q-KYJDY4-zBZxOs7gCu636NFP7h3pxYZgbWFgl9DjTsQugm4BDiaLElyBnqFdSKe1zK5PHOfAANN9JxUTCEyZ9wlkdEXmD2S9DiIBeFXmyIU7DpRjS9TJmQrRAMoRGR78fENeOu7b6lgRpdUUMSvYJcAvjEPUWaQXPvB9gRSTx-GE9JGpke5tAyFdNUr2eKxrYzkmIG6ljrIQqAUyEYRPd0Sa7YbvpVdHxuJSSoxXZqUDMeKhRoWcVc4U6EMWaVWSu2MXkzXKPv29aifaG4oLH3p5e9jpz6H7BjmrtqGm9ELszk5NwHaJCJx090hInLqzV6kBwJs3Zrfn6ztC_9xeaZk3PAulDj66n7cw3xXAeJeaRxEVJ93PGLUVwEjNm92AQMxIdcP_bWVk6cJNzcBeVpAeK8UC4TuqbyG39XHygt0YUUVVMEfDLi9FUD_-JSWxMQ2FpFmcbzDD5aC3I-rII1dByuHfB5KZMdyREIteIwThWN7BpCmTJkRgTPxfnmGw2JrVuUqCIshxZf5iv5eGBPrH7-672Jz-f_8Dm1HgW2v4DPc481i_44xplMrumvP7XIGhcNuumRMiyuQihM8WpI9os7Wz5QJLzpOqel3J9y2p0t8OGuLcgNnY7Xv5S8kBhhrMhRrvmQXB31_xXZrzLShR0iL0taD_WyE04iaSMqlvlnOKUolVzKi3LlClY57_9kd3xwsvcW3Od7oJ83ItrSrfZKv3VFGQNVManS2lPbq8j-mEkbW2DaebQtIZ7WjJCNvSq4k4KbB9ESPXm_KP7rUZD8jlK4scBiBaIgRXw45cudlicjmDAqea6rjpdqv20A7vnDQIsrjrVOztxf00RvNdiYZ-HFPOO6tay0lb4KnFP4-uaaot4gP4WSyHkTYRioyZUeeU5NykA4L22Eal7fWHDFjDYv0AO58TXF2a9TUY4VLw2FUsidFjzs85NEy95B_YThF632zy5lp4iQuhJGpi2RVf8qIYYYnzbA1kfwtLbkSGU9AvSN3QPX45NkQlpelIhxr7jLdEat_xw&sai=AMfl-YRWjKJkFPCb_j9t4_vbBhMUgJ5pkAJo_BQ-Vn-FutJo6Rr6eQHkRebEgNtCsEtwzea46MT536XxnCc05wcwLEk8wZaLzOMIIPs_x5wWvL6bUALLIyFV88AU4piD4zPAOnF9rhVX0C7_U29rdb2UiPIt_MaIFoQGyZub-vJkZkgeCum1_nONNFzZRd9jhLcPAhndcxbqVocMn3lfWiS3lvYj8JFvKktzabIVibemIk25mQtudzqiwypykSpyWk7Az6t9pKBG5Ok&sig=Cg0ArKJSzMoUEyBampuGEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=204&cbvp=1&cstd=202&cisv=r20221207.58601&arae=0&ftch=1&adurl=

Requested by

Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 13 Dec 2022 22:17:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 13 Dec 2022 22:17:31 GMT

GET
H3 200 Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js Show response
pagead2.googlesyndication.com/bg/ Frame C0CE 36 KB
16 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

264edf8b1a4e2c1a8fb3c2e5d422381c5ca291ea2697b51bfd8da36697b977fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 17:06:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18682
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15923
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 13 Dec 2023 17:06:09 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 99D2
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEEaJUQ9DXnZkN0l92vLu-ug&google_cver=1&google_push=ASkJ3FY_das2KnUdIYNL71xnjTpvcjNkg2SaRqF7-DWLvSSaseLb_AnYHTV8eDcORJFHRUJPrItWAX6-YtdV7vcFntuUzsPz7XBW
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzM1MTIxMzAwODA5Mzk3NTA1MQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEEaJUQ9DXnZkN0l92vLu-ug&google_cver=1

43 B
398 B

160ms
25ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEEaJUQ9DXnZkN0l92vLu-ug&google_cver=1
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEEaJUQ9DXnZkN0l92vLu-ug&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 99D2
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESENCf8QjPaShPdyL6nZhA8D8&google_cver=1&google_push=ASkJ3FbYgGyVUWj0nTOH-FPPZDD8pO7r43kv_q3tLOvy5Gmn3jH1I53uAuRt_n3XSDcMD0UO2O4TP5-zjGWXkk...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE3Njc2MDg2MjY2MjUyMzAyNA%3D%3D&google_push=ASkJ3FbYgGyVUWj0nTOH-FPPZDD8pO7r43kv_q3tLOvy5Gmn3jH1I53uAuRt_n3XSDcMD0UO2O4TP5-zjGWXkkJzkW...

170 B
188 B

31ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE3Njc2MDg2MjY2MjUyMzAyNA%3D%3D&google_push=ASkJ3FbYgGyVUWj0nTOH-FPPZDD8pO7r43kv_q3tLOvy5Gmn3jH1I53uAuRt_n3XSDcMD0UO2O4TP5-zjGWXkkJzkWAdOxkGL9q8

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE3Njc2MDg2MjY2MjUyMzAyNA%3D%3D&google_push=ASkJ3FbYgGyVUWj0nTOH-FPPZDD8pO7r43kv_q3tLOvy5Gmn3jH1I53uAuRt_n3XSDcMD0UO2O4TP5-zjGWXkkJzkWAdOxkGL9q8
Date: Tue, 13 Dec 2022 22:17:31 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 99D2
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEK4BWl-J-NzXRIuU-3cBeXE&google_cver=1&google_push=ASkJ3FYI8dnwjh5y7hdDMB82ds9uVWnd8aqhWQeKSRJJcIXxkoVbKVhKXFX2YLTAdEBYJ0fv7JV4WsHQ8azNXuhN5Xp7XQ_...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ASkJ3FYI8dnwjh5y7hdDMB82ds9uVWnd8aqhWQeKSRJJcIXxkoVbKVhKXFX2YLTAdEBYJ0fv7JV4WsHQ8azNXuhN5Xp7XQ_AxMG_&google_hm=eS0yUmFIYXlwRTJwSDBNZE...

170 B
188 B

34ms
33ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ASkJ3FYI8dnwjh5y7hdDMB82ds9uVWnd8aqhWQeKSRJJcIXxkoVbKVhKXFX2YLTAdEBYJ0fv7JV4WsHQ8azNXuhN5Xp7XQ_AxMG_&google_hm=eS0yUmFIYXlwRTJwSDBNZEFpdXRzWlNNbDhWMWRubFpocn5B

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 13 Dec 2022 22:17:31 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ASkJ3FYI8dnwjh5y7hdDMB82ds9uVWnd8aqhWQeKSRJJcIXxkoVbKVhKXFX2YLTAdEBYJ0fv7JV4WsHQ8azNXuhN5Xp7XQ_AxMG_&google_hm=eS0yUmFIYXlwRTJwSDBNZEFpdXRzWlNNbDhWMWRubFpocn5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 99D2
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESECKil6GhrvWCWqXqFldgjgk&google_cver=1&google_push=ASkJ3FZfQPfPxfny9m2nKThJ4YAQ0QxlsApQx92BYWxKT6lQrVGY3BcGx89coaHDkS0df5Y--Js5IT_Ect995UAxC0f3Aic...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESECKil6GhrvWCWqXqFldgjgk&google_cver=1&google_push=ASkJ3FZfQPfPxfny9m2nKThJ4YAQ0QxlsApQx92BYWxKT6lQrVGY3BcGx89coaHDkS0df5Y--Js5IT_Ect995UAxC0f3A...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ASkJ3FZfQPfPxfny9m2nKThJ4YAQ0QxlsApQx92BYWxKT6lQrVGY3BcGx89coaHDkS0df5Y--Js5IT_Ect995UAxC0f3AicrFhw_

170 B
188 B

54ms
54ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ASkJ3FZfQPfPxfny9m2nKThJ4YAQ0QxlsApQx92BYWxKT6lQrVGY3BcGx89coaHDkS0df5Y--Js5IT_Ect995UAxC0f3AicrFhw_

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ASkJ3FZfQPfPxfny9m2nKThJ4YAQ0QxlsApQx92BYWxKT6lQrVGY3BcGx89coaHDkS0df5Y--Js5IT_Ect995UAxC0f3AicrFhw_
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 dds
rtb.openx.net/sync/ Frame 99D2 43 B
351 B 97ms
29ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEPeOqfeyRW6pJRKWkkRzaes&google_cver=1&google_push=ASkJ3FbV99G5HCcQdNdGTLBHfBm4Fe2TV7g3vdTIFH8vuXME6CBzyBGBHmUPsHF7L_mXFNYjqeW8sV8bC9iGy6hQrKvRqjpQAUK4
Requested by: Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:30 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: mudkhas9hm3gh7bfhchd71bdi66o3rjs

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 99D2
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEP8ZeO461oVKgycUsebSvno&google_cver=1&google_push=ASkJ3FZRtwp0BP_G-3THjMz3s0PUAObdvrf0hHE2MmlcKIkljmg12uoXSbcii3XgudJj3-b_ZHoQz-7brjQgxdCb...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ASkJ3FZRtwp0BP_G-3THjMz3s0PUAObdvrf0hHE2MmlcKIkljmg12uoXSbcii3XgudJj3-b_ZHoQz-7brjQgxdCbpAQM6X7PYO33

170 B
188 B

32ms
32ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ASkJ3FZRtwp0BP_G-3THjMz3s0PUAObdvrf0hHE2MmlcKIkljmg12uoXSbcii3XgudJj3-b_ZHoQz-7brjQgxdCbpAQM6X7PYO33

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 13 Dec 2022 22:17:31 GMT
via: 1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P5
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ASkJ3FZRtwp0BP_G-3THjMz3s0PUAObdvrf0hHE2MmlcKIkljmg12uoXSbcii3XgudJj3-b_ZHoQz-7brjQgxdCbpAQM6X7PYO33
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: WZghdk9KJ-qvH0e1sc2THlSiXnpdZ93kf8p2YQgfupNJ0j3QdC9XIg==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 99D2
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEP...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=ASkJ3FYnZxnBqD0VC_XaS3ihEliT-z-mK9DoO61oO-200LwsjXAHKacgnuJ62S7IQUj8LpFxdNPU-8PBMZJqU1zop5cY3CN_Tqd4&redir=https%3A%2F%2Fcm.g.doubl...
https://sync.targeting.unrulymedia.com/csync/RX-9c207172-b093-4340-8049-412b960a1ac0-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DASkJ3FYnZxnBqD0VC_XaS3ihE...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ASkJ3FYnZxnBqD0VC_XaS3ihEliT-z-mK9DoO61oO-200LwsjXAHKacgnuJ62S7IQUj8LpFxdNPU-8PBMZJqU1zop5cY3CN_Tqd4&google_hm=A5wgcXKwk0NAgElBK5YKGsA

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ASkJ3FYnZxnBqD0VC_XaS3ihEliT-z-mK9DoO61oO-200LwsjXAHKacgnuJ62S7IQUj8LpFxdNPU-8PBMZJqU1zop5cY3CN_Tqd4&google_hm=A5wgcXKwk0NAgElBK5YKGsA

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ASkJ3FYnZxnBqD0VC_XaS3ihEliT-z-mK9DoO61oO-200LwsjXAHKacgnuJ62S7IQUj8LpFxdNPU-8PBMZJqU1zop5cY3CN_Tqd4&google_hm=A5wgcXKwk0NAgElBK5YKGsA
date: Tue, 13 Dec 2022 22:17:31 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX9c207172b09343408049412b960a1ac0003
content-type: text/html

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 99D2 0
12 B 28ms
28ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KUC3lDAAAh7Nh5IJ7nAdJbp6qmLU6ALcFQ7DOK-KMv8WYTiXLToaM0e5ApEG8LTvjC8lvH

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 1449 22 KB
8 KB 21ms
20ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 34103
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 13 Dec 2022 12:49:08 GMT
expires: Wed, 13 Dec 2023 12:49:08 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame FA58 0
104 B 209ms
79ms Image
text/plain 2a02:fa8:8806:13::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEDGiKLfi2iuFM4xySotAwLY&google_cver=1&google_push=ASkJ3FbqtQ4g9cWPvhzNzWcMiVs8Hiya3-EIcNzKgDDkyz2UMWNC_FA_xKuKMOXJwe5kAj6-45donhhUCPmPr4d92Cfj0BU5l9xELA
Requested by: Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FA58
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEC33zE2TQGs66OZYqwoTfN0&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEC33zE2TQGs66OZYqwoTfN0&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=U3U5VG9CU1QxUDVkQUQ1&google_gid=CAESEC33zE2TQGs66OZYqwoTfN0&google_cver=1&google_push=ASkJ3FZmLS0uv2YHt5jk6bYOSUY4xY3zXR8FDcius1_DO4d...

170 B
188 B

33ms
33ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=U3U5VG9CU1QxUDVkQUQ1&google_gid=CAESEC33zE2TQGs66OZYqwoTfN0&google_cver=1&google_push=ASkJ3FZmLS0uv2YHt5jk6bYOSUY4xY3zXR8FDcius1_DO4dbF8xzf-CftK6g_4P5l-XLREWM9dKhk5fT59tMlN4i588kZScaHCwm

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 13 Dec 2022 22:17:30 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/595ea14#595ea1444a96c0bdac4aa333a73d7028cf966fc7 i-00370ec4fddf661ef@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=U3U5VG9CU1QxUDVkQUQ1&google_gid=CAESEC33zE2TQGs66OZYqwoTfN0&google_cver=1&google_push=ASkJ3FZmLS0uv2YHt5jk6bYOSUY4xY3zXR8FDcius1_DO4dbF8xzf-CftK6g_4P5l-XLREWM9dKhk5fT59tMlN4i588kZScaHCwm
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame FA58
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESELM4SPW1fmL5SITUOoWNdWU&google_cver=1&google_push=ASkJ3FbBkMe57vmUElMfhKP0wJ9v9O_ywjGmLG1Z9W0X855rjvEMuziS4cGMwdSapWzd4CgIANatf84v-bOkg9gW5gKPE2j9qX3nw...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESELM4SPW1fmL5SITUOoWNdWU&google_cver=1&google_push=ASkJ3FbBkMe57vmUElMfhKP0wJ9v9O_ywjGmLG1Z9W0X855rjvEMuziS4cGMwdSapWzd4CgIANatf84v-bOkg9gW5gKPE2j9qX3...

43 B
414 B

199ms
186ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESELM4SPW1fmL5SITUOoWNdWU&google_cver=1&google_push=ASkJ3FbBkMe57vmUElMfhKP0wJ9v9O_ywjGmLG1Z9W0X855rjvEMuziS4cGMwdSapWzd4CgIANatf84v-bOkg9gW5gKPE2j9qX3nww&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DASkJ3FbBkMe57vmUElMfhKP0wJ9v9O_ywjGmLG1Z9W0X855rjvEMuziS4cGMwdSapWzd4CgIANatf84v-bOkg9gW5gKPE2j9qX3nww%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 77921205fee09bbe-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 1424
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESELM4SPW1fmL5SITUOoWNdWU&google_cver=1&google_push=ASkJ3FbBkMe57vmUElMfhKP0wJ9v9O_ywjGmLG1Z9W0X855rjvEMuziS4cGMwdSapWzd4CgIANatf84v-bOkg9gW5gKPE2j9qX3nww&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DASkJ3FbBkMe57vmUElMfhKP0wJ9v9O_ywjGmLG1Z9W0X855rjvEMuziS4cGMwdSapWzd4CgIANatf84v-bOkg9gW5gKPE2j9qX3nww%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 779212045b659bbe-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FA58
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEIxqbOVz2pbFcpMHOqqov_M&google_cver=1&google_push=ASkJ3FaxGZq3AVscDJLv1YEfDMIwdTeDEpi9tN0LHVtZxtoWlYr2MmZQFRPhttmNrboikkWN-iQB_4JJ...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEIxqbOVz2pbFcpMHOqqov_M&google_cver=1&google_push=ASkJ3FaxGZq3AVscDJLv1YEfDMIwdTeDEpi9tN0LHVtZxtoWlYr2MmZQFRPhttmNrboikkWN-iQ...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDY3NTg4Nzc0MzcxNDEyNTA5Ng&google_push=ASkJ3FaxGZq3AVscDJLv1YEfDMIwdTeDEpi9tN0LHVtZxtoWlYr2MmZQFRPhttmNrboikkWN-iQB_4...

170 B
188 B

37ms
36ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDY3NTg4Nzc0MzcxNDEyNTA5Ng&google_push=ASkJ3FaxGZq3AVscDJLv1YEfDMIwdTeDEpi9tN0LHVtZxtoWlYr2MmZQFRPhttmNrboikkWN-iQB_4JJkleokccjJlGzmtTLfQH6

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDY3NTg4Nzc0MzcxNDEyNTA5Ng&google_push=ASkJ3FaxGZq3AVscDJLv1YEfDMIwdTeDEpi9tN0LHVtZxtoWlYr2MmZQFRPhttmNrboikkWN-iQB_4JJkleokccjJlGzmtTLfQH6
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FA58
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEK8GRXWWQ2NGMV0M4SZh7Ew&google_cver=1&google_push=ASkJ3FYecuQt_4ANQlHiRKHbNjBPLqTpQ8xgMHUj6Q5drk2_OnDzuvCb2WCXdz1Da3uKcjEt8f...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEK8GRXWWQ2NGMV0M4SZh7Ew&google_cver=1&google_push=ASkJ3FYecuQt_4ANQlHiRKHbNjBPLqTpQ8xgMHUj6Q5drk2_OnDzuvCb2WCXdz1Da3uKcjEt8f...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS01enIza2JsRTJ1R1pNVG5qVHV1M1VEQXQucHRUVGlMOH5B&google_push=ASkJ3FYecuQt_4ANQlHiRKHbNjBPLqTpQ8xgMHUj6Q5drk2_OnDzuvCb2...

170 B
188 B

33ms
33ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS01enIza2JsRTJ1R1pNVG5qVHV1M1VEQXQucHRUVGlMOH5B&google_push=ASkJ3FYecuQt_4ANQlHiRKHbNjBPLqTpQ8xgMHUj6Q5drk2_OnDzuvCb2WCXdz1Da3uKcjEt8fBKNvFCFtriXwAUt5p5hr6Rw_-fdw

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS01enIza2JsRTJ1R1pNVG5qVHV1M1VEQXQucHRUVGlMOH5B&google_push=ASkJ3FYecuQt_4ANQlHiRKHbNjBPLqTpQ8xgMHUj6Q5drk2_OnDzuvCb2WCXdz1Da3uKcjEt8fBKNvFCFtriXwAUt5p5hr6Rw_-fdw
date: Tue, 13 Dec 2022 22:17:31 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

report
sync.teads.tv/um/ Frame FA58
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEFK5cGB_LRbwkMtjZxZC_vY&...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=ASkJ3FbJEiM0MfTy2GMaOJrwYbkN8MAAStpwoQm2iKmLNzf1ThCg6RV6_Trq8Mb3fL76ShE4Tcbxnbkez2yjgfbEiV3Vkyh6k1tn4Pg
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
172 B

51ms
50ms

Image
image/gif

184.31.88.106
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Protocol: H2
Server: 184.31.88.106 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-88-106.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

expires: Tue, 13 Dec 2022 22:17:31 GMT
pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FA58
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEF_5uCXxo...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEF_...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=df64180a-bba0-469a-a817-e9611e62ab61&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

74ms
72ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=df64180a-bba0-469a-a817-e9611e62ab61&%%GOOGLE_PUSH_PAIR%%

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=df64180a-bba0-469a-a817-e9611e62ab61&%%GOOGLE_PUSH_PAIR%%
date: Tue, 13 Dec 2022 22:17:31 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame FA58 0
12 B 29ms
27ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L1GtNjDilYURlnpxbGIWjIbfkFT0UNxjVHLn7_tUY6Z4hPalpG7yn6zdKbE57ouvhymPGwijrR

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js Show response
pagead2.googlesyndication.com/bg/ Frame 26C1 36 KB
16 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

264edf8b1a4e2c1a8fb3c2e5d422381c5ca291ea2697b51bfd8da36697b977fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 17:06:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18682
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15923
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 13 Dec 2023 17:06:09 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 6590 29 KB
10 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 11:55:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37331
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 14 Dec 2022 11:55:20 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame C87E 29 KB
10 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 11:55:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37331
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 14 Dec 2022 11:55:20 GMT

GET
H3 200 Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js Show response
pagead2.googlesyndication.com/bg/ Frame 1449 36 KB
16 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

264edf8b1a4e2c1a8fb3c2e5d422381c5ca291ea2697b51bfd8da36697b977fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 17:06:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18682
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15923
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 13 Dec 2023 17:06:09 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1884 0
0 105ms
59ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsswISSB5nuKW_Yy8h63Ynnb_lQgZO7CL75pJ9niWWVpW_h9jg7yS98Txp5uinMajuQ7nZuVrsCW1sgFkh6OFJyuSh-U14ri5EfhR1M-jk_4ZC7mEWPs7z4kgw8NRm5MAUhrq_bH19ej4ac3f_MrRHRprgJTzUs6BN0OxTyJHjaOTInQoMD4t2BCwpnopnRJsogjXztz4W4cu66TaYFrRb_aBCPes7RHRIF4DlkAN7_CJuwWlkeNil0af2w_bT0EJh89YyNFpxCfw1fzymipu_r1qxziCaxjha8Y_VHx57LUdVMbnT_fiFxp1q-KYJDY4-zBZxOs7gCu636NFP7h3pxYZgbWFgl9DjTsQugm4BDiaLElyBnqFdSKe1zK5PHOfAANN9JxUTCEyZ9wlkdEXmD2S9DiIBeFXmyIU7DpRjS9TJmQrRAMoRGR78fENeOu7b6lgRpdUUMSvYJcAvjEPUWaQXPvB9gRSTx-GE9JGpke5tAyFdNUr2eKxrYzkmIG6ljrIQqAUyEYRPd0Sa7YbvpVdHxuJSSoxXZqUDMeKhRoWcVc4U6EMWaVWSu2MXkzXKPv29aifaG4oLH3p5e9jpz6H7BjmrtqGm9ELszk5NwHaJCJx090hInLqzV6kBwJs3Zrfn6ztC_9xeaZk3PAulDj66n7cw3xXAeJeaRxEVJ93PGLUVwEjNm92AQMxIdcP_bWVk6cJNzcBeVpAeK8UC4TuqbyG39XHygt0YUUVVMEfDLi9FUD_-JSWxMQ2FpFmcbzDD5aC3I-rII1dByuHfB5KZMdyREIteIwThWN7BpCmTJkRgTPxfnmGw2JrVuUqCIshxZf5iv5eGBPrH7-672Jz-f_8Dm1HgW2v4DPc481i_44xplMrumvP7XIGhcNuumRMiyuQihM8WpI9os7Wz5QJLzpOqel3J9y2p0t8OGuLcgNnY7Xv5S8kBhhrMhRrvmQXB31_xXZrzLShR0iL0taD_WyE04iaSMqlvlnOKUolVzKi3LlClY57_9kd3xwsvcW3Od7oJ83ItrSrfZKv3VFGQNVManS2lPbq8j-mEkbW2DaebQtIZ7WjJCNvSq4k4KbB9ESPXm_KP7rUZD8jlK4scBiBaIgRXw45cudlicjmDAqea6rjpdqv20A7vnDQIsrjrVOztxf00RvNdiYZ-HFPOO6tay0lb4KnFP4-uaaot4gP4WSyHkTYRioyZUeeU5NykA4L22Eal7fWHDFjDYv0AO58TXF2a9TUY4VLw2FUsidFjzs85NEy95B_YThF632zy5lp4iQuhJGpi2RVf8qIYYYnzbA1kfwtLbkSGU9AvSN3QPX45NkQlpelIhxr7jLdEat_xw&sai=AMfl-YRWjKJkFPCb_j9t4_vbBhMUgJ5pkAJo_BQ-Vn-FutJo6Rr6eQHkRebEgNtCsEtwzea46MT536XxnCc05wcwLEk8wZaLzOMIIPs_x5wWvL6bUALLIyFV88AU4piD4zPAOnF9rhVX0C7_U29rdb2UiPIt_MaIFoQGyZub-vJkZkgeCum1_nONNFzZRd9jhLcPAhndcxbqVocMn3lfWiS3lvYj8JFvKktzabIVibemIk25mQtudzqiwypykSpyWk7Az6t9pKBG5Ok&sig=Cg0ArKJSzMoUEyBampuGEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=395&vt=11&dtpt=191&dett=3&cstd=202&cisv=r20221207.58601&arae=0&ftch=1&adurl=

Requested by

Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 13 Dec 2022 22:17:31 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1884 7 KB
6 KB 110ms
63ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=latest&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d618eba40ee607b9e578a26ce40ed15bdde07dc9c350aabe529094c2dcf0f31a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5646
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame AF14 0
0 96ms
59ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstJ2iDENd-HQ-IZuWBxLyei7jtZgBKtYVjzbs4RoqEWNFKvSe72ySdY34bnP7p6MAzGIeWbMRCXenu0x1Dv00t93yj2yftjTcwTjp2xG0NoofsDGFAjCxodDlujMWZZ27g4iTrP8h9tNjsx2s9ZUtG_ECQu9p1Of65myqzJMdJef2PWRezXxXb6fFnBxtYUleojMuY42JltTXVt4xM0Ir8YPJig5VA0urpclmE37cQP5s7yoQ9ZhQ1L_6eS1CBOot5EkwMslOalkXm0SSA4d7YGjQJVV8LaXBiUWBMDtg8cwljyHgB6z2XvwtLB8zHvSsccXxhWVFB7UHSmRgtSB04L7xLYTadLPf8TAqBCTdlRU5OJrftSiRp3gxJ9DnVgFO4HND31S4kXEFQ24LrBH1wj0CJDm8ndbrcrBN13WYodXj-9dbf4acdBuyN4iyZ_TGf3-o33lrC936-SAiIpCXk--4U6hJ6fuHDrY-sIaBrOIAXr9bWOZrFBE15TgIlgsmfNJu3_LaqyBsO4eyO9YyFVolDTBcNfJ83IuIpA8SI2bfmQMr1WziJV43UyxRLxyOnLsrBOsQVDg3QyH5q3LOhmFWzQ4vmIjERB2e0ChSbIlwgsaH37q-8OPCFXtyap5waUB5rj-eu0MY7MK6LfKweS397M8L_LXtGgjKJkBkYl1Nz_iSVAsaDQ24orZMl9qunoZDNzWa-YRu97_Qy74vz39zr1fiIrhf7sH31wEhYZayAS-8MSlutiXzvBFFKuxzm6yUT4vmnmomi9eUHvJ4mE-w9MkJ98UdwqM_UXzmr5vmWUx3loPWWvSCRzAMEc9L4e5joEH4htNCnVjV9Jh-Tfz9muzFb5s3ef8dhzzDvpyaUPfGoB-NuWasm-FbthGq2e5wUsJQMEJJBAh7qiKyFN33EMvugvehv8kS3tEKZiCuaWm3b2AiJfnsctw0r-mjqdh4nxCzeUW9PMVwHl1UeWbAY3r4JIpDMWIFOmnqLcSULxV-jONZuXpDagIqvlTxOXpnb2Z3rGlxaofKgRNVpn_tcZ44GbaSUZAt4-nPOSP23XJsslAR8A8pVVukCLP2brOZ8wIyftr6qyF2GDbjsO5NMZfiw9GBDxGY2XtyHT0XM7XkvHvrLUtwcTkQx1XeiuhvYsBdUCy7Pi3C3yEspbjvU0rD_Usq1ZwWlk9fNgZUy7NUlQ65TsuVEFxjniUcUh-7h3eJM1Xoy6EO1Xj3DB7QQqbDKGXYZKXqdUr1CSXinZ0cKRgl5wYgX1zZ4xo0kaZs9S0ew_EM9DA3FkGU-PHuYRVkjYgQhFO_v0ybwLkr641AcU9Gbjr85p884j2MGEk9odx7bw&sai=AMfl-YQ3wc31UuBR5QgcnonQSPE6r5xtD414Z34NZo2nEgh_jPOgaGCyu3dRQXFSTdj0k-mH1i6XYYKr-7R0GdMDpBiO6A6kGCGez2HN4pHOrhZb6vKyzr0SbB8EjWJC_cFGcYAMdIhKYryqekNN-IeolHJ20Y9i2HDEe-A7Faq_TIvgCPk7Rrt7MC_mXduRqz7O7xzHRBk3n9gH3IRgfasjQC-vNqBtGjUDXKvayH72YnpsphfV9ZKWfkZ4QCi5F07vLuwc7e3a5Zw&sig=Cg0ArKJSzKULFRVau9PJEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=413&vt=11&dtpt=203&dett=3&cstd=207&cisv=r20221207.95912&arae=0&ftch=1&adurl=

Requested by

Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 13 Dec 2022 22:17:31 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame AF14 7 KB
6 KB 104ms
63ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=latest&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f31f2f0ec2aa3deed28c867df75bfb2ae10d53525cd23485af58ccd07da3b3a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5734
x-xss-protection: 0

GET
H2 200 / Show response
adv.office-partner.de/ Frame 0365 930 B
931 B 113ms
19ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900020.redintelligence.net
URL: https://hal900020.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=e81db74cf7&subid=&uid=6772183f1018fb71&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCq_iA-vmYY5qDMojL3gOVxZXoDqblvaBphZWcp8kP8C4QASDNgtMgYJWCgICgB8gBCakCta-wpZ_QsT6oAwGqBIkCT9COjbwpsFC_5ZcvFr80Hi9DR0X_67bU3FUI8ZEexj0I0QgeofPWAvAVRMR6M942PUDFvPBwweXUWZnU6YEk-gnP_GvyPL1ksld3ikUg2cQBzEXVgNBHmJFiaAFhh0x1JlSYqYQDja9KNh-IxP98xxEEDyRbEXT46dBohHXth-4nQgNtA8pTdI2ZystEE_qcMfXPA8yi5UnEPysLUQ-QndgV1NjbCdZfzmaNogUajqe39z736soyG9KW1B0uIQK_BOdpJKE_fP8U0SD-jPfG44KSadWAGvxFY0RUClMjiXWQy3-ca40Tj7T3r4lNqNXpc1TcvVdk3yU4fCBbBHAweoCbLChHz23CNcAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSOwDq26N9fR5gNoEm_MCintaSIrLqxQTYc3pcil_ueG22KqtwrzyaQ6QtBDOif0j-NPVf16b81cjyTnGVGAEgEw%26sig%3DAOD64_3c083Qnpe6XVVKwVPr3vqNpsltOw%26client%3Dca-pub-8380580761190214%26dbm_c%3DAKAmf-CI2dSGB2CpyQJb0gvC2XofadrZDIpazueMzIEk3ioPNskAQInajRlOahdqQEJt3SHidSp5ZnQPvnk52fvx7lm5oMJscK8eDufaO9WJpPxl5kykADXDUuIgu_BkVVbOWEOIptWSEWeJDyGBkGuJ_bYhkoz9Vm9r7gchz1m_XrEriOUr7_g%26cry%3D1%26dbm_d%3DAKAmf-D8NUAfcMUoy4pGQvksNA5l8y0KxRDLR0MrlnoxY9auapGHYLDN1pmjfbCnz6lces0MvU5SDgvEuVTML0KWfcG1Jnyf9q04z9XIwDdiCe_59s8p5IFlAOH1Wvj9XMkMIoCQvpVaiV_LMU3Go6oHuktR5dGdwh72MO9G3xki_9R_jaDpLpMmeaCOkFcUpAsmM3UMBXUVsDMaZkHn9k0cdaWI5KXEIFBD2CfTc8Jdjmy8wmmBrw6RYOELcW9_UOUCTRqKZ67SxnzQyyVm0KkY2SKfRpUrj2AoqdmxAUpeEpRtZxfPsgslIHhBfBH4-SmG1XwBMg7xZxWtGNgMt8z4C0YPgj6kPVK7zq2HFjjKq6mJkyWGcUDjL7-lCZ5GPh08CLa-1Y-CZl5GjFNQ4caIg657enX-1HDkEeQfrFdHEfQ_9t1Q8NuNzv3iWDvEYjgPUrA6rNL27Mt7xaM0m4jjVcBqPAvQFOHLHKcoxiL7xGIukr0dqQtgBnR17a1Fb3Xlacp57o7SEUfg5yuruayTSQT56Y0Ktw5VL0Sy2IqOKvSsx9hCq_fvzPIRCFmUrko0jqgx_jJuodLQalXf68Ikbb82u4F4KA%26adurl%3D&documentReferer=http%3A%2F%2Fwww.ora.tv%2F&ancestorOrigins=http%3A%2F%2Fwww.ora.tv&random=3966157455036&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Tue, 13 Dec 2022 22:17:31 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Tue, 20 Dec 2022 22:17:31 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame A992
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=24621300135258104444550012172020&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=24621300135258104444550012172020&actionid=981741&produktid=&dt_url=

0
607 B

103ms
36ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=24621300135258104444550012172020&actionid=981741&produktid=&dt_url=

Requested by

Host: hal900020.redintelligence.net
URL: https://hal900020.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=e81db74cf7&subid=&uid=6772183f1018fb71&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCq_iA-vmYY5qDMojL3gOVxZXoDqblvaBphZWcp8kP8C4QASDNgtMgYJWCgICgB8gBCakCta-wpZ_QsT6oAwGqBIkCT9COjbwpsFC_5ZcvFr80Hi9DR0X_67bU3FUI8ZEexj0I0QgeofPWAvAVRMR6M942PUDFvPBwweXUWZnU6YEk-gnP_GvyPL1ksld3ikUg2cQBzEXVgNBHmJFiaAFhh0x1JlSYqYQDja9KNh-IxP98xxEEDyRbEXT46dBohHXth-4nQgNtA8pTdI2ZystEE_qcMfXPA8yi5UnEPysLUQ-QndgV1NjbCdZfzmaNogUajqe39z736soyG9KW1B0uIQK_BOdpJKE_fP8U0SD-jPfG44KSadWAGvxFY0RUClMjiXWQy3-ca40Tj7T3r4lNqNXpc1TcvVdk3yU4fCBbBHAweoCbLChHz23CNcAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSOwDq26N9fR5gNoEm_MCintaSIrLqxQTYc3pcil_ueG22KqtwrzyaQ6QtBDOif0j-NPVf16b81cjyTnGVGAEgEw%26sig%3DAOD64_3c083Qnpe6XVVKwVPr3vqNpsltOw%26client%3Dca-pub-8380580761190214%26dbm_c%3DAKAmf-CI2dSGB2CpyQJb0gvC2XofadrZDIpazueMzIEk3ioPNskAQInajRlOahdqQEJt3SHidSp5ZnQPvnk52fvx7lm5oMJscK8eDufaO9WJpPxl5kykADXDUuIgu_BkVVbOWEOIptWSEWeJDyGBkGuJ_bYhkoz9Vm9r7gchz1m_XrEriOUr7_g%26cry%3D1%26dbm_d%3DAKAmf-D8NUAfcMUoy4pGQvksNA5l8y0KxRDLR0MrlnoxY9auapGHYLDN1pmjfbCnz6lces0MvU5SDgvEuVTML0KWfcG1Jnyf9q04z9XIwDdiCe_59s8p5IFlAOH1Wvj9XMkMIoCQvpVaiV_LMU3Go6oHuktR5dGdwh72MO9G3xki_9R_jaDpLpMmeaCOkFcUpAsmM3UMBXUVsDMaZkHn9k0cdaWI5KXEIFBD2CfTc8Jdjmy8wmmBrw6RYOELcW9_UOUCTRqKZ67SxnzQyyVm0KkY2SKfRpUrj2AoqdmxAUpeEpRtZxfPsgslIHhBfBH4-SmG1XwBMg7xZxWtGNgMt8z4C0YPgj6kPVK7zq2HFjjKq6mJkyWGcUDjL7-lCZ5GPh08CLa-1Y-CZl5GjFNQ4caIg657enX-1HDkEeQfrFdHEfQ_9t1Q8NuNzv3iWDvEYjgPUrA6rNL27Mt7xaM0m4jjVcBqPAvQFOHLHKcoxiL7xGIukr0dqQtgBnR17a1Fb3Xlacp57o7SEUfg5yuruayTSQT56Y0Ktw5VL0Sy2IqOKvSsx9hCq_fvzPIRCFmUrko0jqgx_jJuodLQalXf68Ikbb82u4F4KA%26adurl%3D&documentReferer=http%3A%2F%2Fwww.ora.tv%2F&ancestorOrigins=http%3A%2F%2Fwww.ora.tv&random=3966157455036&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 13 Dec 2022 22:17:32 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Tue, 13 Dec 2022 11:17:32 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

Content-Length: 0
Content-Type: application/javascript
Date: Tue, 13 Dec 2022 22:17:31 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=24621300135258104444550012172020&actionid=981741&produktid=&dt_url=
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40028
X-IPLB-Request-ID: D972DA14:E280_91EFC182:01BB_6398F9FB_6C95ABD:4673

GET
H2 200 link.html Show response
track.webgains.com/ Frame FF74 2 KB
2 KB 179ms
70ms Script
text/html 18.133.151.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=24621300135258104444550012172020&nw=1
Requested by: Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.133.151.109 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-133-151-109.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 327b58308878cbc3f139cc35ec77b20312e430e7391365c8c001d925191bd03b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:31 GMT
last-modified: Tue, 13 Dec 2022 22:17:31 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Tue, 13 Dec 2022 22:18:31 GMT

GET
H3

200

activityi;dc_pre=CNTryuPP9_sCFUqPsgodLS0Kxg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3308521129699.784 Show response
8019191.fls.doubleclick.net/ Frame 08AB
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3308521129699.784?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CNTryuPP9_sCFUqPsgodLS0Kxg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3308521129699.784?

391 B
241 B

104ms
64ms

Document
text/html

142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CNTryuPP9_sCFUqPsgodLS0Kxg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3308521129699.784?

Requested by

Host: www.ora.tv
URL: http://www.ora.tv/rubinreport/2015/9/10/sam-harris-is-he-a-neocon

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f6.1e100.net

Software

cafe /

Resource Hash

5187620d7567c6ee59c305b4ee668c43e2afa0264d96c1ff9cee441d07d5d93f

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: br
content-length: 218
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 13 Dec 2022 22:17:31 GMT
expires: Tue, 13 Dec 2022 22:17:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 13 Dec 2022 22:17:31 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CNTryuPP9_sCFUqPsgodLS0Kxg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3308521129699.784?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900020.redintelligence.net/ Frame 5FBA 7 KB
2 KB 80ms
25ms Document
text/html 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900020.redintelligence.net/request_content.php?s=24621300135258104444550012172020&a=3bac2f09
Requested by: Host: hal900020.redintelligence.net
URL: https://hal900020.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=e81db74cf7&subid=&uid=6772183f1018fb71&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCq_iA-vmYY5qDMojL3gOVxZXoDqblvaBphZWcp8kP8C4QASDNgtMgYJWCgICgB8gBCakCta-wpZ_QsT6oAwGqBIkCT9COjbwpsFC_5ZcvFr80Hi9DR0X_67bU3FUI8ZEexj0I0QgeofPWAvAVRMR6M942PUDFvPBwweXUWZnU6YEk-gnP_GvyPL1ksld3ikUg2cQBzEXVgNBHmJFiaAFhh0x1JlSYqYQDja9KNh-IxP98xxEEDyRbEXT46dBohHXth-4nQgNtA8pTdI2ZystEE_qcMfXPA8yi5UnEPysLUQ-QndgV1NjbCdZfzmaNogUajqe39z736soyG9KW1B0uIQK_BOdpJKE_fP8U0SD-jPfG44KSadWAGvxFY0RUClMjiXWQy3-ca40Tj7T3r4lNqNXpc1TcvVdk3yU4fCBbBHAweoCbLChHz23CNcAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSOwDq26N9fR5gNoEm_MCintaSIrLqxQTYc3pcil_ueG22KqtwrzyaQ6QtBDOif0j-NPVf16b81cjyTnGVGAEgEw%26sig%3DAOD64_3c083Qnpe6XVVKwVPr3vqNpsltOw%26client%3Dca-pub-8380580761190214%26dbm_c%3DAKAmf-CI2dSGB2CpyQJb0gvC2XofadrZDIpazueMzIEk3ioPNskAQInajRlOahdqQEJt3SHidSp5ZnQPvnk52fvx7lm5oMJscK8eDufaO9WJpPxl5kykADXDUuIgu_BkVVbOWEOIptWSEWeJDyGBkGuJ_bYhkoz9Vm9r7gchz1m_XrEriOUr7_g%26cry%3D1%26dbm_d%3DAKAmf-D8NUAfcMUoy4pGQvksNA5l8y0KxRDLR0MrlnoxY9auapGHYLDN1pmjfbCnz6lces0MvU5SDgvEuVTML0KWfcG1Jnyf9q04z9XIwDdiCe_59s8p5IFlAOH1Wvj9XMkMIoCQvpVaiV_LMU3Go6oHuktR5dGdwh72MO9G3xki_9R_jaDpLpMmeaCOkFcUpAsmM3UMBXUVsDMaZkHn9k0cdaWI5KXEIFBD2CfTc8Jdjmy8wmmBrw6RYOELcW9_UOUCTRqKZ67SxnzQyyVm0KkY2SKfRpUrj2AoqdmxAUpeEpRtZxfPsgslIHhBfBH4-SmG1XwBMg7xZxWtGNgMt8z4C0YPgj6kPVK7zq2HFjjKq6mJkyWGcUDjL7-lCZ5GPh08CLa-1Y-CZl5GjFNQ4caIg657enX-1HDkEeQfrFdHEfQ_9t1Q8NuNzv3iWDvEYjgPUrA6rNL27Mt7xaM0m4jjVcBqPAvQFOHLHKcoxiL7xGIukr0dqQtgBnR17a1Fb3Xlacp57o7SEUfg5yuruayTSQT56Y0Ktw5VL0Sy2IqOKvSsx9hCq_fvzPIRCFmUrko0jqgx_jJuodLQalXf68Ikbb82u4F4KA%26adurl%3D&documentReferer=http%3A%2F%2Fwww.ora.tv%2F&ancestorOrigins=http%3A%2F%2Fwww.ora.tv&random=3966157455036&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: dfb1203e2b90d7b8509dc298ecd4001e3f056557ee964c03013207526a52713f

Request headers

Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2059
Content-Type: text/html; charset=utf-8
Date: Tue, 13 Dec 2022 22:17:31 GMT
Expires: Tue, 13 Dec 2022 22:17:31 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame FF74
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=24621300135258104444550012172020
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=24621300135258104444550012172020
https://ad-server.eu/wm/pb/native.png

68 B
312 B

240ms
44ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:20:50 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Tue, 13 Dec 2022 22:17:31 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: D972DA14:E28A_91EFC182:01BB_6398F9FB_6C95AC1:4673
X-IPLB-Instance: 40028
Content-Type: application/go
Location: https://ad-server.eu/wm/pb/native.png
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame FF74 43 B
704 B 196ms
70ms Image
image/gif 184.24.12.207
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2874697&v=22610&q=408799&r=296283&pref1=24621300135258104444550012172020&pv=1

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.24.12.207 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-12-207.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Dec 2022 22:17:31 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 200 gfm_logo_st_.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame 6590 5 KB
5 KB 26ms
23ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/gfm_logo_st_.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

01470731bb779c4034127b5f1aa322e2f40dcbec05deae81d32050ce2ade3042

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 18:53:30 GMT
x-content-type-options: nosniff
age: 530641
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5365
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 18:53:30 GMT

GET
H3 200 020.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame 6590 6 KB
6 KB 27ms
24ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/020.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df866570450a3f82bf7b6ca44bf61f53f98688dc23b5d0dd1ec82a2789b244a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 12:09:15 GMT
x-content-type-options: nosniff
age: 36496
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6428
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 12:09:15 GMT

GET
H3 200 019.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame 6590 6 KB
6 KB 65ms
61ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/019.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e414b602ba303adb8956cc673b9644f28d82b2a2f55f5553cae386bd384ce2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 20:42:23 GMT
x-content-type-options: nosniff
age: 5708
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6424
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 20:42:23 GMT

GET
H3 200 018.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame 6590 8 KB
8 KB 61ms
58ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/018.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf5cb64e3e210508151a0c776ad80e36a84b183f7327962650b2b3d072f01375

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 20:42:23 GMT
x-content-type-options: nosniff
age: 5708
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7894
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 20:42:23 GMT

GET
H3 200 017.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame 6590 9 KB
9 KB 51ms
47ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/017.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3e1439a00ea92885f7c270adec9b574cd194e88c311b8e20a6b664d6c1f7767

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 04:44:20 GMT
x-content-type-options: nosniff
age: 581591
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8906
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 04:44:20 GMT

GET
H3 200 016.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame 6590 5 KB
5 KB 62ms
59ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/016.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50d12b68b5d1b7710c75351f06ca2395d759873e3c21154ef74bc7792a09b27e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 19:00:47 GMT
x-content-type-options: nosniff
age: 530204
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5052
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 19:00:47 GMT

GET
H3 200 015.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame 6590 6 KB
6 KB 62ms
58ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/015.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

701bd818d578e319ba4026629ed09fb3cb12213bd2060716be8a79988d255822

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 20:42:23 GMT
x-content-type-options: nosniff
age: 5708
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6014
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 20:42:23 GMT

GET
H3 200 014.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame 6590 4 KB
4 KB 50ms
47ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/014.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad345c4dc19acc3847ce67e8ff2fb2a28c1d6915649571707b4d9c35060f78c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 04:11:44 GMT
x-content-type-options: nosniff
age: 324347
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4076
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 10 Dec 2023 04:11:44 GMT

GET
H3 200 013.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame 6590 8 KB
8 KB 50ms
46ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/013.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aab0e12caa48fffa7e90cf517db4b75d9986b24b6bcbabb27d657d79e5555688

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 04:44:20 GMT
x-content-type-options: nosniff
age: 581591
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7962
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 04:44:20 GMT

GET
H3 200 012.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame 6590 7 KB
7 KB 66ms
62ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/012.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

611bf8c01073c2d5803ced5986e6cc706deaa80b897a6cc6b60d1242585c9223

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 20:42:23 GMT
x-content-type-options: nosniff
age: 5708
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7317
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 20:42:23 GMT

GET
H3 200 011.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame 6590 7 KB
7 KB 62ms
59ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/011.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b51dbf86a17f7d2f2a669805bff48a8fe61320e904e8b758ebfef66a2319dfff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 07:16:17 GMT
x-content-type-options: nosniff
age: 54074
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7019
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 07:16:17 GMT

GET
H3 200 010.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame 6590 5 KB
5 KB 64ms
61ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/010.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd71a52e2493f784b17e8fcc5d250d28a590c851c6399ec49e2022c357f6eb27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 04:11:44 GMT
x-content-type-options: nosniff
age: 324347
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4838
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 10 Dec 2023 04:11:44 GMT

GET
H3 200 009.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame 6590 10 KB
10 KB 62ms
59ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/009.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6a0a1052507da3e010b9ba03a4ce8884f96e4676c11f8567c3a6ba14ad0ee13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 11:42:27 GMT
x-content-type-options: nosniff
age: 383704
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9823
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Dec 2023 11:42:27 GMT

GET
H3 200 008.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame 6590 8 KB
8 KB 66ms
63ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/008.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac66d6838b453a19c347779984a0c513ad08be8b31ed70407ae9b0ae903af7be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 12:03:11 GMT
x-content-type-options: nosniff
age: 468860
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8377
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Dec 2023 12:03:11 GMT

GET
H3 200 007.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame 6590 5 KB
5 KB 72ms
69ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/007.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e3f28f70175c2fdb3fe27720b51fb6121cba4204d0faeefa2921b2c8dc1075d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 20:42:23 GMT
x-content-type-options: nosniff
age: 5708
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5447
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 20:42:23 GMT

GET
H3 200 006.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame 6590 8 KB
8 KB 71ms
68ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/006.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8c3d954ddc0e205d052ce2237f8651099a540b58a1b7583edc397e699b19b5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 17:18:48 GMT
x-content-type-options: nosniff
age: 363523
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7980
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Dec 2023 17:18:48 GMT

GET
H3 200 005.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame 6590 9 KB
9 KB 66ms
63ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/005.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dc1755fa21db07b9a03bd2b92deabad9fae832df0b9c445300a33bfe1547ebe7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 20:08:55 GMT
x-content-type-options: nosniff
age: 7716
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9684
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 20:08:55 GMT

GET
H3 200 004.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame 6590 8 KB
8 KB 73ms
70ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/004.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae410b42d80cc88198c95ba3b8bf1efce4909d4345d750af1f11a93fd2719874

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 04:11:44 GMT
x-content-type-options: nosniff
age: 324347
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8201
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 10 Dec 2023 04:11:44 GMT

GET
H3 200 003.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame 6590 9 KB
9 KB 74ms
71ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/003.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c01ee3fd9b61da2152a80e590ebe902318b87f6b22a938f470471f3747349b62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 07:16:17 GMT
x-content-type-options: nosniff
age: 54074
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8886
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 07:16:17 GMT

GET
H3 200 002.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame 6590 10 KB
10 KB 71ms
69ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/002.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6571c6d9766f45ec66306165fcf650f70d84b555900f56fb0a8222be597a348

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 20:42:23 GMT
x-content-type-options: nosniff
age: 5708
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10243
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 20:42:23 GMT

GET
H3 200 001.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame 6590 8 KB
8 KB 75ms
73ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/001.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

143e82c7d07494e4466e118b72d428f33cd3742bb16c7fe32133d52f560541dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 01:30:17 GMT
x-content-type-options: nosniff
age: 334034
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7763
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 10 Dec 2023 01:30:17 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 32C3 1 KB
643 B 21ms
21ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 40555
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 13 Dec 2022 11:01:36 GMT
etag: 48472445140208031
expires: Wed, 14 Dec 2022 11:01:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame FF74 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 62356d68391522460d32629d55c07d907ddb7718b04ccb0b8005e19290764f7d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 gfm_logo_st_.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame C87E 5 KB
5 KB 33ms
20ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/gfm_logo_st_.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

01470731bb779c4034127b5f1aa322e2f40dcbec05deae81d32050ce2ade3042

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 18:53:30 GMT
x-content-type-options: nosniff
age: 530641
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5365
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 18:53:30 GMT

GET
H3 200 020.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame C87E 6 KB
6 KB 34ms
20ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/020.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df866570450a3f82bf7b6ca44bf61f53f98688dc23b5d0dd1ec82a2789b244a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 12:09:15 GMT
x-content-type-options: nosniff
age: 36496
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6428
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 12:09:15 GMT

GET
H3 200 019.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame C87E 6 KB
6 KB 34ms
21ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/019.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e414b602ba303adb8956cc673b9644f28d82b2a2f55f5553cae386bd384ce2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 20:42:23 GMT
x-content-type-options: nosniff
age: 5708
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6424
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 20:42:23 GMT

GET
H3 200 018.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame C87E 8 KB
8 KB 36ms
23ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/018.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf5cb64e3e210508151a0c776ad80e36a84b183f7327962650b2b3d072f01375

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 20:42:23 GMT
x-content-type-options: nosniff
age: 5708
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7894
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 20:42:23 GMT

GET
H3 200 017.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame C87E 9 KB
9 KB 36ms
23ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/017.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3e1439a00ea92885f7c270adec9b574cd194e88c311b8e20a6b664d6c1f7767

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 04:44:20 GMT
x-content-type-options: nosniff
age: 581591
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8906
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 04:44:20 GMT

GET
H3 200 016.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame C87E 5 KB
5 KB 37ms
24ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/016.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50d12b68b5d1b7710c75351f06ca2395d759873e3c21154ef74bc7792a09b27e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 19:00:47 GMT
x-content-type-options: nosniff
age: 530204
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5052
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 19:00:47 GMT

GET
H3 200 015.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame C87E 6 KB
6 KB 38ms
25ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/015.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

701bd818d578e319ba4026629ed09fb3cb12213bd2060716be8a79988d255822

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 20:42:23 GMT
x-content-type-options: nosniff
age: 5708
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6014
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 20:42:23 GMT

GET
H3 200 014.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame C87E 4 KB
4 KB 39ms
26ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/014.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad345c4dc19acc3847ce67e8ff2fb2a28c1d6915649571707b4d9c35060f78c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 04:11:44 GMT
x-content-type-options: nosniff
age: 324347
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4076
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 10 Dec 2023 04:11:44 GMT

GET
H3 200 013.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame C87E 8 KB
8 KB 39ms
26ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/013.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aab0e12caa48fffa7e90cf517db4b75d9986b24b6bcbabb27d657d79e5555688

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 04:44:20 GMT
x-content-type-options: nosniff
age: 581591
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7962
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 04:44:20 GMT

GET
H3 200 012.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame C87E 7 KB
7 KB 40ms
27ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/012.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

611bf8c01073c2d5803ced5986e6cc706deaa80b897a6cc6b60d1242585c9223

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 20:42:23 GMT
x-content-type-options: nosniff
age: 5708
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7317
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 20:42:23 GMT

GET
H3 200 011.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame C87E 7 KB
7 KB 40ms
27ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/011.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b51dbf86a17f7d2f2a669805bff48a8fe61320e904e8b758ebfef66a2319dfff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 07:16:17 GMT
x-content-type-options: nosniff
age: 54074
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7019
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 07:16:17 GMT

GET
H3 200 010.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame C87E 5 KB
5 KB 40ms
28ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/010.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd71a52e2493f784b17e8fcc5d250d28a590c851c6399ec49e2022c357f6eb27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 04:11:44 GMT
x-content-type-options: nosniff
age: 324347
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4838
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 10 Dec 2023 04:11:44 GMT

GET
H3 200 009.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame C87E 10 KB
10 KB 40ms
27ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/009.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6a0a1052507da3e010b9ba03a4ce8884f96e4676c11f8567c3a6ba14ad0ee13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 11:42:27 GMT
x-content-type-options: nosniff
age: 383704
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9823
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Dec 2023 11:42:27 GMT

GET
H3 200 008.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame C87E 8 KB
8 KB 40ms
27ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/008.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac66d6838b453a19c347779984a0c513ad08be8b31ed70407ae9b0ae903af7be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 12:03:11 GMT
x-content-type-options: nosniff
age: 468860
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8377
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Dec 2023 12:03:11 GMT

GET
H3 200 007.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame C87E 5 KB
5 KB 41ms
28ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/007.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e3f28f70175c2fdb3fe27720b51fb6121cba4204d0faeefa2921b2c8dc1075d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 20:42:23 GMT
x-content-type-options: nosniff
age: 5708
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5447
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 20:42:23 GMT

GET
H3 200 006.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame C87E 8 KB
8 KB 41ms
29ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/006.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8c3d954ddc0e205d052ce2237f8651099a540b58a1b7583edc397e699b19b5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 17:18:48 GMT
x-content-type-options: nosniff
age: 363523
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7980
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Dec 2023 17:18:48 GMT

GET
H3 200 005.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame C87E 9 KB
9 KB 42ms
30ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/005.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dc1755fa21db07b9a03bd2b92deabad9fae832df0b9c445300a33bfe1547ebe7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 20:08:55 GMT
x-content-type-options: nosniff
age: 7716
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9684
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 20:08:55 GMT

GET
H3 200 004.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame C87E 8 KB
8 KB 43ms
31ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/004.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae410b42d80cc88198c95ba3b8bf1efce4909d4345d750af1f11a93fd2719874

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 04:11:44 GMT
x-content-type-options: nosniff
age: 324347
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8201
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 10 Dec 2023 04:11:44 GMT

GET
H3 200 003.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame C87E 9 KB
9 KB 44ms
31ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/003.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c01ee3fd9b61da2152a80e590ebe902318b87f6b22a938f470471f3747349b62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 07:16:17 GMT
x-content-type-options: nosniff
age: 54074
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8886
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 07:16:17 GMT

GET
H3 200 002.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame C87E 10 KB
10 KB 43ms
31ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/002.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6571c6d9766f45ec66306165fcf650f70d84b555900f56fb0a8222be597a348

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 20:42:23 GMT
x-content-type-options: nosniff
age: 5708
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10243
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 20:42:23 GMT

GET
H3 200 001.png
s0.2mdn.net/sadbundle/4550933954932244480/ Frame C87E 8 KB
8 KB 44ms
32ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4550933954932244480/001.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

143e82c7d07494e4466e118b72d428f33cd3742bb16c7fe32133d52f560541dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4550933954932244480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 01:30:17 GMT
x-content-type-options: nosniff
age: 334034
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7763
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 12:35:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 10 Dec 2023 01:30:17 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1884 17 KB
6 KB 45ms
35ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 13 Dec 2022 22:17:31 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame AF14 17 KB
6 KB 53ms
44ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 13 Dec 2022 22:17:31 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 5FBA 1 KB
921 B 82ms
31ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900020.redintelligence.net
URL: https://hal900020.redintelligence.net/request_content.php?s=24621300135258104444550012172020&a=3bac2f09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7f24d5e431e274a8d8c196752f7ab87ff9c636de1a7bc3d9c44729c1a87570a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900020.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 13 Dec 2022 22:17:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 13 Dec 2022 22:09:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 13 Dec 2022 22:17:31 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 5FBA 9 KB
9 KB 82ms
29ms Image
image/png 176.9.26.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/627x627_Office-Partner.jpg
Requested by: Host: hal900020.redintelligence.net
URL: https://hal900020.redintelligence.net/request_content.php?s=24621300135258104444550012172020&a=3bac2f09
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.9.26.250 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.26.9.176.clients.your-server.de
Software: Apache /
Resource Hash: 00c2e342c091f508c43832ac947b205c370bbd6ebe89cc11865b6f92ffa80e6e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900020.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:17:31 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9286
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 5FBA 9 KB
9 KB 79ms
27ms Image
image/png 176.9.26.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_627x627.jpg
Requested by: Host: hal900020.redintelligence.net
URL: https://hal900020.redintelligence.net/request_content.php?s=24621300135258104444550012172020&a=3bac2f09
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.9.26.250 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.26.9.176.clients.your-server.de
Software: Apache /
Resource Hash: dc25fcfa907ee559c70696770e40dd6c5e4032083c5ec31adfc97d471fbff071

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900020.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:17:31 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9361
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 5FBA 10 KB
10 KB 85ms
28ms Image
image/png 176.9.26.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/59171/creativesup/vega-627x627.jpg
Requested by: Host: hal900020.redintelligence.net
URL: https://hal900020.redintelligence.net/request_content.php?s=24621300135258104444550012172020&a=3bac2f09
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.9.26.250 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.26.9.176.clients.your-server.de
Software: Apache /
Resource Hash: dd23832280d9c28f94bfff5131eec221a7c983feff755626ee4d75113e08004b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900020.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:17:31 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9752
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C0CE 0
20 B 59ms
58ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BQOBk-_mYY7OcCqSM7_UPzsW3wAUAAAAAOAHgBAI&bg=!MjGlMXXNAAYgquz3AKo7ACkAdvg8Wk1gv6OMzuQ65R6BkzlsJ3J3khuX2o3ZW-w4Sw-uKwUj5b2_dwIAAAEWUgAAAANoAQeZAyM8vcoe6AZ81NGY-Ev4m1tLYl6z4C4RAWfW61-E0GPfhG6ex5sPG70uU3k87x4Ln3wrGk3oaIWhwnDPpb6zmr9-fZB1loIerQo7014vlhpdJwN0StgH1jhVUAMWv0kGy24VkoJ8YRYtiTJpViwuykNF14NU0zsa0pJrimkdqm7EQF7bS8ACfu1ZzLwn_zpWsHR6TNXrNqfvAQkPxwgBP9QpCbBe-AoKcwLDEvQMm1XvYZ4lX-szBBkQoqWFGDuI3na0ffP0hw-I2Bx-MOenMfICueHdSmrvtIvIPnf064bmBWdl6ZHxgo0JVOKtp3l0bAHIZeeZm6NO471c9wtrPcFDYEVvtkhxNyN2kDjpZAqRf9-Qgn15-1V072TVCu6M5NRTLxSEQYjI-kEJVFFKWnmKaMkycxGlPAdXJLeg0aglz_sQXALieJZNBUL0xjJfPsszasRGPHSQuvgywBdGOkq6gY6HN39dqPV82wPaFOqGEmZRIMoKT78ftqQ6U5U0mXuUJ2z8dtBqEnJ_BvmCyC147iOPdHXQ_tGpOsx5zGfeTUwThh_kgFntZEPorlfsMOex4ZS9ry9TkahPkG5w5jMs5FtTb0LrhjNJwnX4vx9frtzvmxUUaBgeaWqmJR2uVXp15RI3WBgCiOUc8iHntQGESRlybh70FO1GfqCjwyLDLUFWPbaNsbslAMd6_vSEYDd-PRnRgeSjcWW6yQT-VOIP9UNM0y_TEhJ8yzOS5Op3bI0J7Re6ZmxQ2GFKY44Hxq-phEQ4MUQEU5vNfh4-hSTlXVj6yCxhoybhGUnJbH_L_WyuRELj0eN-siSu5Jzk0a-z8Bz2EDBoN8XJYcMtssnfrocSutgi1b1ki-MsBsArqlcr86sb9ze1Rhoew3kMPnF8htFaY9JpnLvFTQ5TaBk7wd1ezREij7aWzXiU1PWD_jkEvz2FYYSc8t_sUopGRZkv9pK_H3sNV6reMejp9pXM2Z9o7X4DY36CKIWNUBnaLR0Ab0wpvJ0UIGwtg1YjRElZ5YTt5rj7rN4o15fqYt_UlJwCafnNuO5rvZn9TRsH8grBfA

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 32C3
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEEaJUQ9DXnZkN0l92vLu-ug&google_cver=1&google_push=ASkJ3Fayt999i8x6bhnM7fcct0XiEmI7TnTCTtvEqOrgd1B0T4EO5KZopRq9l9P2y87Q2lATxaUnqSsbE287s0MXUa4DAYFMfpk
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzM1MTIxMzAwODA5Mzk3NTA1MQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEEaJUQ9DXnZkN0l92vLu-ug&google_cver=1

43 B
398 B

27ms
26ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEEaJUQ9DXnZkN0l92vLu-ug&google_cver=1
Requested by: Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEEaJUQ9DXnZkN0l92vLu-ug&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 32C3 0
103 B 42ms
40ms Image
text/plain 2a02:fa8:8806:13::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEDGiKLfi2iuFM4xySotAwLY&google_cver=1&google_push=ASkJ3FY2lWsGQyHZTEIWBk2F75pcRnRn8WTYxIHldtzUc1alSKqrmaKCAJE_XPw7yZTxRi6HRUIciIUAkZ_KnFfLCiH3nomUm38
Requested by: Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 32C3
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEICRZ_8HoUPwRQ6ZnjqzOmI&google_cver=1&google_push=ASkJ3FZwQHaVBDry4lHVbdugxTvmL3wud5QTT73U6T8G7k85ZsKHXhxLT-ibGmohFa6f37ygw2beX-QhKiZBAonl...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ASkJ3FZwQHaVBDry4lHVbdugxTvmL3wud5QTT73U6T8G7k85ZsKHXhxLT-ibGmohFa6f37ygw2beX-QhKiZBAonl_KnFQVOPxA

170 B
188 B

31ms
31ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ASkJ3FZwQHaVBDry4lHVbdugxTvmL3wud5QTT73U6T8G7k85ZsKHXhxLT-ibGmohFa6f37ygw2beX-QhKiZBAonl_KnFQVOPxA

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 13 Dec 2022 22:17:32 GMT
Server: MT3 180 1fd3e2d master hkg-pixel-x25 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ASkJ3FZwQHaVBDry4lHVbdugxTvmL3wud5QTT73U6T8G7k85ZsKHXhxLT-ibGmohFa6f37ygw2beX-QhKiZBAonl_KnFQVOPxA
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 13 Dec 2022 22:17:31 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 32C3 0
174 B 92ms
30ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEMHzb5GTJMletcOzWE69btw&google_cver=1&google_push=ASkJ3FY9zjsMS1IuuiCP-AKfKavBGkFU3fZNBelmupspVaGRTEWcaRI_oCFCK3kB2cFX1R63qlLV1_eZLDFRSFLGjqy0ZwBqSoY
Requested by: Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:31 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2

200

sync
odr.mookie1.com/t/v2/ Frame 32C3
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEICG_Fi7pZGffXpUXObEpeQ&google_cver=1&google_push=ASkJ3FYBColrXj_jSxtTF16b_tpO1h9M8dt6IabaCV3AsJGABjWWLo7N2TttvTebQcJLWvRHl4ZeFzoH72HdNBzOwIw-...
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=df64180a-bba0-469a-a817-e9611e62ab61&ssp=google&gdpr=&gdpr_consent=

43 B
356 B

95ms
28ms

Image
image/gif

34.98.67.61
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=df64180a-bba0-469a-a817-e9611e62ab61&ssp=google&gdpr=&gdpr_consent=
Requested by: Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 34.98.67.61 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:32 GMT
via: 1.1 google
server: Apache
content-type: image/gif;charset=UTF-8
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: //odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=df64180a-bba0-469a-a817-e9611e62ab61&ssp=google&gdpr=&gdpr_consent=
date: Tue, 13 Dec 2022 22:17:31 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 32C3
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEP8ZeO461oVKgycUsebSvno&google_cver=1&google_push=ASkJ3FaQsMbN1GE8n1GIsqHVaarW-4y6ypoAo7TnTte9ZqaYm988plZ6pqTCIaZsWdy4ioWpk1sCuJfk9kd9HkhM...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ASkJ3FaQsMbN1GE8n1GIsqHVaarW-4y6ypoAo7TnTte9ZqaYm988plZ6pqTCIaZsWdy4ioWpk1sCuJfk9kd9HkhMLrsK4YB-Zo8

170 B
188 B

31ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ASkJ3FaQsMbN1GE8n1GIsqHVaarW-4y6ypoAo7TnTte9ZqaYm988plZ6pqTCIaZsWdy4ioWpk1sCuJfk9kd9HkhMLrsK4YB-Zo8

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 13 Dec 2022 22:17:31 GMT
via: 1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P5
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ASkJ3FaQsMbN1GE8n1GIsqHVaarW-4y6ypoAo7TnTte9ZqaYm988plZ6pqTCIaZsWdy4ioWpk1sCuJfk9kd9HkhMLrsK4YB-Zo8
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: UXOxF-fVk6nUrYSpuYSHOFPHSMS2LnEYDL_-hsngoBTXbb4qoy1xuw==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 32C3
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEAtiKu5ADtMCbKVYjgBqA6c&google_cver=1&google_push=ASkJ3FbdFhpwWRyXWIK5MEnZdwnKIEVdqs2R61eXEIqUImSyMWW5Ur1E6MclEVj5VoChG3UKrc1Dc51GLGmPVkOhfNKzGC...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEAtiKu5ADtMCbKVYjgBqA6c&google_cver=1&google_push=ASkJ3FbdFhpwWRyXWIK5MEnZdwnKIEVdqs2R61eXEIqUImSyMWW5Ur1E6MclEVj5VoChG3UKrc1Dc51GLGmPVkOh...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=2aZTHm50RUK2m9wvxRNcEw&google_push=ASkJ3FbdFhpwWRyXWIK5MEnZdwnKIEVdqs2R61eXEIqUImSyMWW5Ur1E6MclEVj5VoChG3UKrc1Dc51GLGmPVkO...

170 B
188 B

31ms
31ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=2aZTHm50RUK2m9wvxRNcEw&google_push=ASkJ3FbdFhpwWRyXWIK5MEnZdwnKIEVdqs2R61eXEIqUImSyMWW5Ur1E6MclEVj5VoChG3UKrc1Dc51GLGmPVkOhfNKzGCcUDhk

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=2aZTHm50RUK2m9wvxRNcEw&google_push=ASkJ3FbdFhpwWRyXWIK5MEnZdwnKIEVdqs2R61eXEIqUImSyMWW5Ur1E6MclEVj5VoChG3UKrc1Dc51GLGmPVkOhfNKzGCcUDhk
access-control-allow-origin: *
date: Tue, 13 Dec 2022 22:17:32 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 32C3 0
12 B 29ms
28ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J0ZpOlXJNoxCH0cYZcZedd9Edv_u73oIdS12X4dINaHuKm9tSmqJzVaPWR1PjnJzYSZnJs

Requested by

Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:31 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 0365 102 KB
40 KB 84ms
33ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

61a7318b6c29bf3f5e5615f6d74c53908ca81b0d0bd0781521630bea77a03def

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:17:31 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40298
x-xss-protection: 0
last-modified: Tue, 13 Dec 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 13 Dec 2022 22:17:31 GMT

GET
H3 200 Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js Show response
pagead2.googlesyndication.com/bg/ Frame 3A5A 36 KB
16 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

264edf8b1a4e2c1a8fb3c2e5d422381c5ca291ea2697b51bfd8da36697b977fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 17:06:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18682
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15923
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 13 Dec 2023 17:06:09 GMT

GET
H3 200 Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js Show response
pagead2.googlesyndication.com/bg/ Frame CEF3 36 KB
16 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

264edf8b1a4e2c1a8fb3c2e5d422381c5ca291ea2697b51bfd8da36697b977fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 17:06:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18682
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15923
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 13 Dec 2023 17:06:09 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame FF74 85 KB
31 KB 122ms
29ms Script
application/javascript 108.157.4.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=24621300135258104444550012172020&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-50.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f031d0330fa0902ad02a7158a8b4aa01cefacc0f4743ab7b78f4ed517723d130

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 10:53:09 GMT
content-encoding: gzip
via: 1.1 ba922c695b86542cbfc03c782d8776d4.cloudfront.net (CloudFront)
last-modified: Fri, 09 Dec 2022 10:53:01 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P2
age: 48444
etag: W/"0d5045593d14c9612a5d5576928a5209"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: S_6x9epBV18bf2J6KZ7J6wNJtqmlDRyofhcf3KHhxbjgdpoGNyEZhw==

GET
H2 200 1x1.png
cdn.track.production.webgains.team/7121/ Frame FF74 3 KB
3 KB 89ms
22ms Image
image/png 13.225.78.118
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.png?Expires=1670970151&Signature=UH2E5D~TvO7oTeJYI3mVpum-pSDXoJ0rtCBQJdTgPIwdzpY7Ab~BjROfs99ZJHnv184AKuOVBUbMvVvRX6Yw8Z-1Ey9sPqf9tpU3oWh-~8UAXvXXs-aLBTF1KpGTyzQvCqO9U4t2CUi3lG2atvCsCpweuVY5ufDm5Pl3RLwpn4VIVw9yxk~K~lVHMy44YojMjBuYN506eDVR5kf7ZyzXgoXj5TFxml36nPNK5IcGJcPw3QacE-3bmxwUT075goZuHHmObfB3tArGeO8YB43pZ9e-tIvK2386Eg~02mSxp-fySPMyh~qwb10OjVEb6Szx27DIx4wPNmIN7l4~NaTNfA__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: 16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
URL: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-118.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-amz-version-id: null
date: Tue, 13 Dec 2022 06:05:57 GMT
via: 1.1 90cf045072373c2c671297de3161846e.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
age: 58296
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: U4vF3Zd9kMPOet7MzK-E7Gzk-eACoLoK4c23-wD6pZ0Q9JlVbzR6hA==

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 26C1 0
20 B 60ms
60ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B1BCR-_mYY8jACpSorATYypC4CQAAAAA4AeAEAg&bg=!PD-lP3vNAAYgquz3AKo7ACkAdvg8WoymHQROTc_LlFh6ncfHubmAiB21IdbMcxerfleOf4-Xs2z5xQIAAAE5UgAAAAJoAQeZAy_axfTwMSVk3ax1aCMWE4fdswP3POslq2FHJLiwvYrZIG20yh_mNz74J9Qv3jmx9QZfDYdHzIOD_CT4Ne5FzxrcqPRzR_Ab6SBPYLcPbjW6XMpnGGzrCduyueMjKXHW7J9DIUWZ3fMhdFQ3TncsZJOHZW6V4IAzijfd8GTUwE-QOiuG_3R-wFj5vJrncsnVVY1NNj4xDxuAY7kRuOJBP35GI_gXRbtks_Ad3Ct2BShu8BQlBr1ZSatDVxJ9hBxCz-SBzJKeXfDG2UxtovLNscU1Ggy6L1KT0HvdYeONZuLUY0a23wAeIi9Jzg7f36S7x2XGT43VoiAPpcjR03KSZ6AX6CFJOGwDxt2R27fs5xwJ1CMXeYsJTc4CI1J25q8fQitgJ1qMNqUO-1pS4ODpUpSDPzxKxIb_1EPrVtvmi6Eu8E7e9fsuR8NYNuEUueK1r3FB3Rd8PYPljq50_eNCBxQkgvwiiKNSw4b-iBAOIzF5ER3QGevptn8o2AZ-FJoz3nRsBP5nz-Nxr24KtC7xHufrpTL-3MVIkjE6iup8ryP2BkyyNSLaPT82NhEv6v6c1Ust4dHXN8MHHPKxMFvz_DHoZ4TBkHqsVNSJtgp2QTQg9IAPXGYgM31Ig9EAmNNFV31_0xvimex9gXb0u7ppvQL5osnC5C0v9Jd0xZUbUOD6xZM-RQ-UeWr3mCmESLXOQVXHrHJEeVg8srg8SDJJhwlLQbu5-63L-0eCtg-Vi4PAyu8DyKlvmPc1qI3sXDisivTMzo5FqCu7riXQcKye_6119_Wwwwq_4-QtIi6_8JsOFN83-pwmNb0jGaJiWzjyoemp9tn-0ZCshLpYuaF83XGVP8c0SwsIzK1JgnIRkOZnZRAVhR8MenXmPqG9mrVMY5gNapYKMf6LVqHmE75nSoetkCPC_nbL_VZ9RP3hFTvHbOvs_RqVRlXgEAs6S0GKNcIv8IrbfaY4l1Id1zQgbq3fkjD0aV_5vIRfO-W1t7A77Aw5pBZKkU9wn4I1ZWCQoPmDoJd_LGGF4We7N0KqWdHNiWenZywfxg9tCmrs_qucxwc1l99iu5PrIvD3PMWtfA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900020.redintelligence.net/ Frame 5FBA 0
150 B 76ms
28ms Script
text/html 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900020.redintelligence.net/viewability?s=24621300135258104444550012172020&a=f9fe5fb6&vb=m
Requested by: Host: hal900020.redintelligence.net
URL: https://hal900020.redintelligence.net/request_content.php?s=24621300135258104444550012172020&a=3bac2f09
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900020.redintelligence.net/request_content.php?s=24621300135258104444550012172020&a=3bac2f09
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Tue, 13 Dec 2022 22:17:31 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 dc_pre=CNTryuPP9_sCFUqPsgodLS0Kxg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3308521129699.784
adservice.google.com/ddm/fls/z/ Frame 08AB 42 B
63 B 58ms
58ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CNTryuPP9_sCFUqPsgodLS0Kxg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3308521129699.784

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CNTryuPP9_sCFUqPsgodLS0Kxg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3308521129699.784?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1449 0
20 B 59ms
59ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BXcgR-_mYY-OxC4qr3wPK-6_wCAAAAAA4AeAEAg&bg=!Dg2lDUnNAAYgquz3AKo7ACkAdvg8WsGVd0Kcb5yX9MZShsCspi_B1pQmQlHTAGDaFL-0WY4q5GqeWAIAAAEsUgAAAAJoAQeZAxanpaw8LlxOO2gUMai0O2lzBk2UdVHVsKjLArmxWM29v8oE-mNVlfEuM2IlFNerArSzRZ-NrUfc3y5l42_q7qLpPJQrUYVhACyFXYS9GALOlp3bbxpZ8SLpXdL5mLiBOL_WylSt7o2HRCyT-sJT0xQDcHEtqLDsAMOIi_aIsAjNrEsNwExR0-2IfC2W47NfoqRa7JLuRc16dggdIzf0JMEzoBqJL3HDHwwx44dTKCVwDdQfE4Iv8RcUpLRLZgI8KL-KjNEK0lm1J7KG3LsaqB4syCmOxwYFXHgyj-4c3fr6sYOPSI3YQWJrWFLn466ZzWb_29cClmcUpfxJPaLuSh_kUi1iEOF1EWuSA1oK1vAJ-Dk6IgkYXsnX1as8SVXBiDRTCuQdFc7nWAC69JAxy5vyxTrnBIEziD8Cl9IrhB7XZ3MXW7pZuPaAZA-AJjIuaWZ63AULcliJewu_11_vs0M4LU3Vz_hGllmiJiRtwScEXN6R78EpmchjHr4XG4oQWMCXhDDRUO2DuyUx4y-Fd3FV__FNJ3QBEjAFDLVQCCsRakWnnmkEhcUoqjne8YDa_9pR9cMb-ZcQqDy-8tP1KSVAthPTVIYxIMGsVXM-SJH4OQdauq5fzEz4A98cInp9DbJcX5yRMzc16Z8hpixSW614koUH4AT0tDvX4cvmb4hD0c4sinntvCg_1ctaYuNFWt3QMkwwaO34Vvd14RcaMm1sSAnkKlncLIulu_Td3uDnho-fidLfxcTraTTFfx_whJYtoq-4rVtU8WIV1DtNEpUJMS3N6yOlJmYw9Vo1jkEeboLR7d-zLO9PGEylOWh1yVXXk-7YZc4Tf8I1h8XMU1LBK3W8VJYIPIRZnZJIMJXLFsJvBVJEDuy2nRYrJqhmDcmSIEZh9UJujCCP2rGrrLR2cjkWcDW1fRkjyGSOmkeCiHDzN3MccId0YdmNd6to8La91zLiGKnmiqyBH_vR7CrWTgvVwrBZBDU6r69mH3zLV2hH1NO-uhpXE4rK6OEb8ulSWDv-Zh1VLFoLRPdMy9s5WXg8A7GI

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 59ms
58ms Image
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022120501&jk=2464354816450154&bg=!6Oul66_NAAYgquz3AKo7ACkAdvg8WnU1PrNe9Z0hJdPQ9x-9EbsK3DvObMNapTuB14ti90HO67CXPQIAAADoUgAAAAJoAQeZAt3o9OpDfuLH-mgHqO4os3c4DhNSQad2bkyJR3TH6aOysc8solKYLy5vOwox6iePlCtK50bvRc6Q7yBeADmoQuMi5jP1awa2eLQc0MrCtu998oX7xgyNqRGlEUj8Ik4SF8gIa_YSUlSHLUzu7M7rSbb5P_NaUgVD4gakkSpTE3AVITuZwSnATjZqjyZ6yLaXLX743_cmWHPBn_jM_PJ9hnQITSCwnhOg6WYPsFp5vTzc59BhxvKHLLs760-8WRUjBuYJRoQJWvMLalm1wgtyEPfGtUc_bJGlmJiLDqJVR9F8V5q0El1U7BxWO27FR1ZIb8wR1rLtkciVNnR9oJ2id1sxMPR98w5zWED_Yr_taenGeMLlhIu2k6K9nuPdLemb5QEN6uUfJE-56aI3VnaXwNJZgFQ-SBQB_rd8qxw96gBVfm5ZtNdbCYyEn_SKkWnJq8PjT1hZAJWStRh_fACVErlDCj7i_Zfm0ECQ6bsTsYOUM1l2ft3OmgqOsPKUn1K1Bei3V5ybKBxROTYlwzsrBmCkuwsAyLIdpMft9rs0s9SS-l4WM61nXANZ2gKl980kHZ9PKuKwGdOpOXIeY--QTVN0J_fnHpkMXCpg5jl5DYxlHjb3medmqFxAXZiwnIEGYoRy_w8hNqbmP9jPVrvSEBVzy_wVkKqcxb6kWvi_6hdKsHNbCqWZ5ekCa5WG7MsuNQbmEm9n_YPYNx2mWuziawhMa-GWB-fSeGVVAwF4GK5X0Mp1LZcHxuvx9qZzAfs13RHh7KueWIIC3JY7qpcqxYcXWQ_wda9QfFk3KwlU31hChP7jL-mjAHPm2k7klks0bRih6gQmZE1RtRgo2Vhxd-k_wtI_EOxqTc7_3JqEcPc4e7F5gtqDipESeDYhmWY1vIntGXI3nECa87okOD-ELvvIYHvGj7Jbkp9LsixX2STPECDBHNZA9RJMnCX9iBRV7nPmyr-VxLaPOKn0H7np
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ora.tv/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame AF14 42 B
64 B 66ms
65ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv8ML_eRoFJpG1A4imJEBPVx8bEo4xRu1WrhGVtNZgiW01VRwoZW8gwS1XgnRth0OGQo8OuPx8nWYbpG4IjcEhiG0hUksLsAyrgfWTFG3hgBlR6haWIiXdWeJ4EPiiHLaqUuvbVDw&sai=AMfl-YSclNaPVgF_yl8iNNrZRCC-05Qgp7_HFVpm6lDxlo8USljzjsNbsTVZ17-0pnJ0QyeKF7wpF2BZJeWINy69rSa4W-RLuhnKEP3QhZBpZFUGuU59C50rkAbLbNTXyA&sig=Cg0ArKJSzGWmPVvGYljREAE&cid=CAQSOwDq26N9fR5gNoEm_MCintaSIrLqxQTYc3pcil_ueG22KqtwrzyaQ6QtBDOif0j-NPVf16b81cjyTnGVGAEgEw&id=lidar2&mcvt=1000&p=102,1258,352,1558&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1681286034&rs=4&la=0&cr=0&vs=4&r=v&rst=1670969851058&rpt=334&isd=0&lsd=0&met=ce&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1884 42 B
64 B 62ms
61ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvTgnOEOW7uibWtg8T9RZ7ycv2eE3ZKXV8DAgM6-ABwtkoRkvcJruZlW3CYmVTIfXlfU5OBGV07rpZiQyofI618FYfARZ70jrOjrWcQPUwgcoY9ygy9pVQKYp4Uix00AxuCerkB0w&sai=AMfl-YRV_8yC93mg9vXzRRpUYp7g2LquXh1UzS0KYNEp0GUV3CaEDCHE3HndiQVGuGzVaweCH4sgzbxv2wZAh1m0v2kXOylSwxstKC4SzdlgoTsP1EYtX_T6KUKCdHtWJQ&sig=Cg0ArKJSzGASadiqgxPDEAE&cid=CAQSOwDq26N9fR5gNoEm_MCintaSIrLqxQTYc3pcil_ueG22KqtwrzyaQ6QtBDOif0j-NPVf16b81cjyTnGVGAEgEw&id=lidar2&mcvt=1000&p=100,244,190,972&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=192040561&rs=4&la=0&cr=0&vs=4&r=v&rst=1670969851077&rpt=362&isd=0&lsd=0&met=ce&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 22:17:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame FF74 16 B
232 B 78ms
78ms Fetch
application/json 18.170.123.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.170.123.253 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-170-123-253.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/7.4.26

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 13 Dec 2022 22:17:33 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.26
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 138ms
34ms Preflight 18.170.123.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.170.123.253 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-170-123-253.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Tue, 13 Dec 2022 22:17:32 GMT
server: nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: zor.livefyre.com
URL: http://zor.livefyre.com/wjs/v3.0/javascripts/livefyre.js

Verdicts & Comments Add Verdict or Comment

99 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

44 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.ora.tv/	1970-01-20 08:52:41	Name: ora_referrer Value: organic
.ora.tv/	1970-01-20 08:09:31	Name: _sp_ses.6a0e Value: *
.ora.tv/	1970-01-20 17:45:29	Name: _sp_id.6a0e Value: 796943ba-779c-4a9b-b234-5838944041e9.1670969850.1.1670969850.1670969850.fcd84caf-a08c-4516-89b9-ca3d0c2d93ad
.ora.tv/	1970-01-20 17:45:29	Name: _ga Value: GA1.2.859120219.1670969850
.ora.tv/	1970-01-20 08:10:56	Name: _gid Value: GA1.2.1404241583.1670969850
.ora.tv/	1970-01-20 08:09:29	Name: _gat Value: 1
.quantserve.com/	1970-01-20 17:39:44	Name: mc Value: 6398f9fa-3593a-e279a-2dd90
.ora.tv/	1970-01-20 17:33:58	Name: __qca Value: P0-1800429432-1670969850040
user.ora.tv/	1970-01-20 16:55:05	Name: sp Value: 562cfa5b-4450-4f2f-a1de-ac747e240add
.doubleclick.net/	1970-01-20 17:31:05	Name: IDE Value: AHWqTUl6hZuuRLISptw2z7WKneVo1ulZFNF0S-pXMmA_ZNmqYUDG3Wst2cXt0nukozg
.ora.tv/	1970-01-20 17:31:05	Name: __gads Value: ID=6bc59754d65869f1:T=1670969850:S=ALNI_MZ-99he0aU-Bd450IMoSCx1zotfWw
.ora.tv/	1970-01-20 17:31:05	Name: __gpi Value: UID=00000b91d99428bc:T=1670969850:RT=1670969850:S=ALNI_Mbs-oIBSBiaM73t-4q3kFIN6GpL8g
.adnxs.com/	1970-01-20 10:19:05	Name: uuid2 Value: 8394472542538411021
.adnxs.com/	1970-01-20 10:19:05	Name: anj Value: dTM7k!M41.D>6NRF']wIg2In?vA4#@!]tbPl1M>e)ZlrFUfJ+tGXxpW?s0ANYjB@UKHRj-[4lE%Exr17_KBvXS9@eA3If)y3KL9D3I?+m:5M_^
.casalemedia.com/	1970-01-20 16:55:05	Name: CMID Value: Y5j5.2psEOGc-VyNQy3X2QAA
.casalemedia.com/	1970-01-20 10:19:05	Name: CMPS Value: 2211
.casalemedia.com/	1970-01-20 10:19:05	Name: CMPRO Value: 2211
.redintelligence.net/	1970-01-20 10:19:05	Name: 8lcfmzhxc8d6_uid Value: 8706e56d48e20609
.casalemedia.com/	1970-01-20 10:19:05	Name: CMTS Value: 5229
.adfarm1.adition.com/	1970-01-20 10:19:05	Name: UserID1 Value: 7176760862662523024
.turn.com/	1970-01-20 12:28:41	Name: uid Value: 3351213008093975051
.w55c.net/	1970-01-20 17:39:44	Name: wfivefivec Value: Su9ToBST1P5dAD5
.adform.net/	1970-01-20 08:54:08	Name: C Value: 1
.1rx.io/	1970-01-20 16:55:05	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-9c207172-b093-4340-8049-412b960a1ac0-003%22%7D
.de17a.com/	1970-01-20 16:47:53	Name: guid Value: 1.8371922363345542877
.bidswitch.net/	1970-01-20 16:55:05	Name: tuuid Value: df64180a-bba0-469a-a817-e9611e62ab61
.bidswitch.net/	1970-01-20 16:55:05	Name: c Value: 1670969851
.bidswitch.net/	1970-01-20 16:55:05	Name: tuuid_lu Value: 1670969851
.yahoo.com/	1970-01-20 16:55:27	Name: A3 Value: d=AQABBPv5mGMCEKKHwFC1Ch1I8l49EPDz-3oFEgEBAQFLmmOiYwAAAAAA_eMAAA&S=AQAAAjZrmwFtjbmR5vPQdpkmFLE
.w55c.net/	1970-01-20 08:52:41	Name: matchgoogle Value: 5
.adform.net/	1970-01-20 09:35:53	Name: uid Value: 4675887743714125096
.analytics.yahoo.com/	1970-01-20 16:55:05	Name: IDSYNC Value: 18yx~28ty
.bidswitch.net/	1970-01-20 08:09:30	Name: google_push Value: ASkJ3FYBColrXj_jSxtTF16b_tpO1h9M8dt6IabaCV3AsJGABjWWLo7N2TttvTebQcJLWvRHl4ZeFzoH72HdNBzOwIw-HI42V_E
.awin1.com/	1970-01-20 08:12:22	Name: awpv22610 Value: 296283\|1670969851\|f0039ab1-7b33-11ed-bfbc-22342ff4a6f7
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 408799:2874697
.blismedia.com/	1970-01-20 16:55:09	Name: b Value: 6398F9FBCAD3658D583F5E22BLIS
.targeting.unrulymedia.com/	1970-01-20 16:55:05	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-9c207172-b093-4340-8049-412b960a1ac0-003%22%7D
.tribalfusion.com/	1970-01-20 10:19:05	Name: ANON_ID Value: a8nseFw5EGjAaINQeEcLfJmTM1RZaSX9woRGtMrUUUdi0ZaIs5OX2FDxoPq9ONXZc83qPuiaxNoF0SZcY040Vdwb
pb.media01.eu/	1970-01-20 17:45:29	Name: DTU Value: A75E102574EBBA6CEEC70BF9071CCF3F
.office-partner.de/	1970-01-20 17:45:29	Name: source Value: {"webgains_webgains":{"timestamp":1670969852042,"clickCookie":false}}
.360yield.com/	1970-01-20 10:19:05	Name: tuuid Value: d9a6531e-6e74-4542-b69b-dc2fc5135c13
.360yield.com/	1970-01-20 10:19:05	Name: tuuid_lu Value: 1670969852
.mathtag.com/	1970-01-20 17:35:25	Name: uuid Value: 79446398-f9fc-4e00-a17a-09af29bb87c3
.mathtag.com/	1970-01-20 08:52:41	Name: mt_mop Value: 4:1670969852

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: http://imasdk.googleapis.com/js/core/bridge3.549.0_en.html#goog_2100315041 Message: The Cross-Origin-Opener-Policy header has been ignored, because the URL's origin was untrustworthy. It was defined either in the final response or a redirect. Please deliver the response using the HTTPS protocol. You can also use the 'localhost' origin instead. See https://www.w3.org/TR/powerful-features/#potentially-trustworthy-origin and https://html.spec.whatwg.org/#the-cross-origin-opener-policy-header.
network	error	URL: http://zor.livefyre.com/wjs/v3.0/javascripts/livefyre.js Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://web.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

16bc53cc9af0372283a32c4376d87f4e.safeframe.googlesyndication.com
8019191.fls.doubleclick.net
a.tribalfusion.com
ad-server.eu
ad.turn.com
adservice.google.com
adservice.google.de
adv.office-partner.de
analytics.webgains.io
api.webgains.io
c1.adform.net
cdn.track.production.webgains.team
chunk-gce-us-east4-production.fastly.mux.com
cm.g.doubleclick.net
connect.facebook.net
d5p.de17a.com
dclk-match.dotomi.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
edge.quantserve.com
f.ora.tv
fonts.googleapis.com
googleads.g.doubleclick.net
googleads.github.io
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900020.redintelligence.net
ib.adnxs.com
imasdk.googleapis.com
manifest-gce-us-east4-production.fastly.mux.com
match.360yield.com
medialead.de
odr.mookie1.com
pagead2.googlesyndication.com
pb.media01.eu
pixel.quantserve.com
pm.w55c.net
pr-bh.ybp.yahoo.com
pubads.g.doubleclick.net
pv.medialead.de
r.turn.com
rtb.openx.net
rules.quantcount.com
s.ad.smaato.net
s.tribalfusion.com
s0.2mdn.net
securepubads.g.doubleclick.net
stats.g.doubleclick.net
stream.mux.com
sync.1rx.io
sync.mathtag.com
sync.targeting.unrulymedia.com
sync.teads.tv
tpc.googlesyndication.com
tr.blismedia.com
track.webgains.com
ups.analytics.yahoo.com
user.ora.tv
vidthm.ora.tv
web.facebook.com
www.awin1.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.ora.tv
x.bidswitch.net
zor.livefyre.com
zor.livefyre.com
103.229.206.240
108.157.4.50
13.225.78.118
13.32.27.92
142.250.186.102
142.250.186.98
145.239.193.130
172.217.23.98
176.34.141.217
176.9.26.250
178.63.52.121
18.133.151.109
18.155.145.112
18.156.0.31
18.170.123.253
184.24.12.207
184.31.88.106
185.80.39.216
185.89.210.101
2001:678:cb4:bbbb::11
213.155.156.169
213.19.147.44
2600:9000:2057:f000:6:44e3:f8c0:93a1
2600:9000:223f:aa00:1b:5138:8a40:93a1
2606:4700:4400::ac40:991c
2606:4700::6812:18ad
2606:50c0:8002::153
2620:116:800d:21:7eb1:3826:be7e:d981
2620:116:800d:21:ef75:8280:f209:5ba1
2a00:1450:4001:801::2002
2a00:1450:4001:803::2002
2a00:1450:4001:809::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2004
2a00:1450:4001:80f::200e
2a00:1450:4001:810::200a
2a00:1450:4001:811::2001
2a00:1450:4001:828::2008
2a00:1450:4001:829::2001
2a00:1450:4001:82a::2006
2a00:1450:4001:82b::200a
2a00:1450:4001:830::2002
2a00:1450:4001:831::2002
2a00:1450:400c:c07::9a
2a02:fa8:8806:13::1370
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f045:12:face:b00c:0:2
2a04:4e42:200::729
2a05:d018:d29:3601:a6b1:a514:8d07:4a
2a0b:4d07:101::1
3.124.135.253
3.68.131.166
34.96.105.8
34.98.67.61
35.227.252.103
37.157.6.233
54.225.192.210
54.76.176.197
65.9.86.5
85.114.159.93
88.198.250.30
94.23.99.218
000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c
00c2e342c091f508c43832ac947b205c370bbd6ebe89cc11865b6f92ffa80e6e
00f96203d01ea632eca619dd7e1ee873b55c6655684e9133e70d999c2af9c193
01470731bb779c4034127b5f1aa322e2f40dcbec05deae81d32050ce2ade3042
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e9d4ff8ad5bf23a28982488885677132a188171f7c4d9e60b811d5834b87219
10116b5152a0fb2b2c5f06e82f00159a61c790f3a620a113c42869d76b1fd5d4
10c055e552cd4e8121eded0e5227a20534bfc3484aacecd99b553c069a332f53
11d179a4923073609d394e915906718dd7b6989993897fbf8f1840787daf16a0
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
143e82c7d07494e4466e118b72d428f33cd3742bb16c7fe32133d52f560541dc
1897e2ea8c3d199b6ffc72f1ec42b8c77f5792ce2d9866d32422bbfbf7a7b0de
1904e5d9e8cda5e578667b1fdb9c614e33436019c092a22e4cc6765882d713c2
196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e
1c49efe51010670d2ca776aa2d44e4d73317740ab9ada4a359258fb1c9cb7a52
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
1e288c4dc57f72a69a497baef524f41c57e1c6a414b09a5bde22cd5b2f1b7cdf
20aaa6614d06134d7591aa2383bdca5edb20a3ed495497ea3651f1a494ee7831
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
264edf8b1a4e2c1a8fb3c2e5d422381c5ca291ea2697b51bfd8da36697b977fa
29ad139c99d5132a207a3c646521a6d0ffc25de6c3f39cb43fe69212bc55888c
2b0e18d026f801cfbb4fdf886e99a811a4befbeb289daf315a8d30c963242943
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ff4b3b99c81c015d9ad571eadee9f39f4bb963d0991daaa9e94f827b8a6d583
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
327b58308878cbc3f139cc35ec77b20312e430e7391365c8c001d925191bd03b
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
3487cafe27a950f360e33c9ec751744d2074fde95cf190252d08c34f9a3cc79e
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
3909f1871df93d0c7e74127004e4fb1b95dc8b91694fc46e65e809966f7b644b
3e414b602ba303adb8956cc673b9644f28d82b2a2f55f5553cae386bd384ce2b
405b2b455c576adcea0dd9f57d96744c6c62b03cb0b1c34ee7402e08987ffd8d
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45ea89bc74dcfb3e40f64c34f18209cf9be72ecca8fd30cccc20ab9d9a6e454b
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4837f7e1f1565ff667528cd75c41f401e07e229de1bd1b232f0a7a40d4c46f79
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4eff405245db0e4b150323f604daaaad63c99bcfc13ba29866a1d7d8adcccb03
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50d12b68b5d1b7710c75351f06ca2395d759873e3c21154ef74bc7792a09b27e
5187620d7567c6ee59c305b4ee668c43e2afa0264d96c1ff9cee441d07d5d93f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55d54b1ce1eba2dceab63829aac86cf24a6d263275597d09c4f2c8d1f5ac355a
611bf8c01073c2d5803ced5986e6cc706deaa80b897a6cc6b60d1242585c9223
61a7318b6c29bf3f5e5615f6d74c53908ca81b0d0bd0781521630bea77a03def
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62356d68391522460d32629d55c07d907ddb7718b04ccb0b8005e19290764f7d
69be6c3160f6b7a9d56613353aceba770e015d76f6e52fe5b01b1a9e976cb8ba
6aec18c3078ae109f4742c7698275f570f047120c7879d81bc44ac0c86084185
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6cb3a813a1403ed8d2ee47437f5283fbac930591f8eceb75e0ea8667ef28d1f6
6e3f28f70175c2fdb3fe27720b51fb6121cba4204d0faeefa2921b2c8dc1075d
701bd818d578e319ba4026629ed09fb3cb12213bd2060716be8a79988d255822
72d58897da96326647b8ea155b28cb074f0078e73462cefd279027e84f4b5f4a
75a8105d1bc65535d5dc1066c3dce6446b4e99a7004fce48b8194be59338e43b
76e1c1c18b6b76f35ea3a4cbe5d0bdea8ab3c9279ebdfe98a912b886c8446111
789b81e10e551110463194a326acb475f36f8dc91f54805bdd65578a5915242f
7f24d5e431e274a8d8c196752f7ab87ff9c636de1a7bc3d9c44729c1a87570a2
80cb3a4556ef5d23c8a9a6dec4a3acb4b09bec49648beff0cdd404ea196b8db6
80f9742e3255eb307c532e82bfe2aa2a902d29f2dbbad815c1ffc5dfd4d9d2e6
82d5a27f1f0446d6550deca88a0349cc8adb7e6833743eb2d881d8bc7b3b02f9
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
850f66d94a5162ad781b72ed71386193ea86e2898682bc6ad9d110d7e187643c
86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a
8915d420f8c21346686d84f8b3bebf30fe5fccd912e67b1b933fa0beb6bdcd7e
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
8e83db047f5b908d27e6cbcd644a66728658f061946220731e1bfb7a786f1b59
8f880d114c4d238a7bb326aa51af982643dc3f6a80b29d46f2bb5560ef4d0596
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20
95b968e13d205a7842b355f9bd82f9f64f6f272ff0810734c49d2bb89d64a336
989b6916016875cd3b26e3c66d1269a9a68d3370f82264dc0ace40cb71eb56a2
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a39d9acefe24437ed2d4031241c6a1e19751f7e2010681b9320dd2264d27ef54
a3e1439a00ea92885f7c270adec9b574cd194e88c311b8e20a6b664d6c1f7767
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6571c6d9766f45ec66306165fcf650f70d84b555900f56fb0a8222be597a348
a92ad207efd5118d1881e530c392c3067a62b8d105ddd1e4d2e423d457a58375
aab0e12caa48fffa7e90cf517db4b75d9986b24b6bcbabb27d657d79e5555688
ac000bc22e9f0a4ff8e7e5ce5edf4603136802ab2b43e8c58f08d95e4b67c85b
ac66d6838b453a19c347779984a0c513ad08be8b31ed70407ae9b0ae903af7be
ad345c4dc19acc3847ce67e8ff2fb2a28c1d6915649571707b4d9c35060f78c3
ad72fe783ecfbdd82794599a626e8b1f7fccf5990eed2ad9a40801371dbfaa51
ae410b42d80cc88198c95ba3b8bf1efce4909d4345d750af1f11a93fd2719874
af467b26b82932f41147d0d1c8d4ee2466e64e706589e229e6c6687a5e677f7b
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b28c6ee467baedabbf24b0f469f95743bbb12fd474c3736a877afae54c4e02b0
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b51dbf86a17f7d2f2a669805bff48a8fe61320e904e8b758ebfef66a2319dfff
bd549b3f9abbc86cec4c754597bdea86023cdb98640af2f3f2441770068fe271
bf5cb64e3e210508151a0c776ad80e36a84b183f7327962650b2b3d072f01375
c01ee3fd9b61da2152a80e590ebe902318b87f6b22a938f470471f3747349b62
c24dbcb8caeb05d455b29c4d1d63eb7d4775e4d4a4cb911f1d1fff6965cd8828
c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8
c6bafc5eb5ac96a08638f4759d23fa0a1c42d223d0f6df7c4066faab3c80ddbf
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca3b4646ae81db463b3afc9e2897af42768d774a3182ae095ce470764760f82e
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
ce0adf6504510adf49fa7a4e3164e2d79b1e1a56ec02cfd57e6c2f0461d20551
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d618eba40ee607b9e578a26ce40ed15bdde07dc9c350aabe529094c2dcf0f31a
d782327330ae7c2b84c66df60267c736ceba2073d9e0707f651a1622d7e8cf8a
d8c3d954ddc0e205d052ce2237f8651099a540b58a1b7583edc397e699b19b5f
da7b7bc5f87ab8b1e6e0793e1a81744bfd32669d73d139ad0b80097845994352
dc1755fa21db07b9a03bd2b92deabad9fae832df0b9c445300a33bfe1547ebe7
dc25fcfa907ee559c70696770e40dd6c5e4032083c5ec31adfc97d471fbff071
dd23832280d9c28f94bfff5131eec221a7c983feff755626ee4d75113e08004b
df866570450a3f82bf7b6ca44bf61f53f98688dc23b5d0dd1ec82a2789b244a5
dfb1203e2b90d7b8509dc298ecd4001e3f056557ee964c03013207526a52713f
e0053e0644d72a914a2080f4181a733e5132eaf0e0a6182e9296ebb451e481a7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e54fc4ab28bbb02e1045c8ea0f9e9dd4db3a38258cb3dc3fb280cb66175515ee
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e6a0a1052507da3e010b9ba03a4ce8884f96e4676c11f8567c3a6ba14ad0ee13
e96b51df5ab99b1420b4b08a4caf701309889a0350da45f01a07e187e6a0c992
ed44e345a8354731787a4fc575c66363aac13eebd6007b88aecd8a1deea341df
edeef5a69881e01e4351143760ffdd6f89bdc14d7db0486e2c54e656007055d7
ee5efed459c124675f1a2445a7e0b1f57b9a4f75ef1d59f914348a69c23ef487
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f031d0330fa0902ad02a7158a8b4aa01cefacc0f4743ab7b78f4ed517723d130
f31f2f0ec2aa3deed28c867df75bfb2ae10d53525cd23485af58ccd07da3b3a4
fbe3eaf8b91d44b9599f6b59bde0fd0163f648e70982d7f161813ba17f3acc19
fd01ee472919780b85c1aacf1e440a4b9085e85ca25e1120bac7e5d01cd8c284
fd71a52e2493f784b17e8fcc5d250d28a590c851c6399ec49e2022c357f6eb27

www.ora.tv Open in urlscan Pro 18.155.145.112 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

229 Requests

68 %HTTPS

47 %IPv6

46 Domains

68 Subdomains

50 IPs

12 Countries

3700 kBTransfer

7778 kBSize

44 Cookies

7 Outgoing links

Redirected requests

229 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.ora.tv Open in urlscan Pro
18.155.145.112 Public Scan

Screenshot
Live screenshot

Full Image

229
Requests

68 %
HTTPS

47 %
IPv6

46
Domains

68
Subdomains

50
IPs

12
Countries

3700 kB
Transfer

7778 kB
Size

44
Cookies

229 HTTP transactions
4 data transactions