blip.fm Open in urlscan Pro
54.163.233.121 Public Scan

URL:
https://blip.fm/pastabrick6
Submission: On June 30 via manual (June 30th 2021, 6:20:42 pm UTC) from CA

Summary HTTP 193 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 51 IPs in 8 countries across 34 domains to perform 193 HTTP transactions. The main IP is 54.163.233.121, located in United States and belongs to AMAZON-AES, US. The main domain is blip.fm.
TLS certificate: Issued by R3 on June 1st 2021. Valid for: 3 months.

This is the only time blip.fm was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
19	54.163.233.121 54.163.233.121	14618 (AMAZON-AES) (AMAZON-AES)
7	13.224.194.70 13.224.194.70	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
3	2a04:4e42:f::760 2a04:4e42:f::760	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	52.219.98.130 52.219.98.130	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:7::... 2606:4700:7::a29f:9804	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
3	65.9.86.127 65.9.86.127	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c08::9a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
2	2600:9000:210... 2600:9000:2104:e200:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
8	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
1 8	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2006	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
2	2a04:4e42:3::485 2a04:4e42:3::485	54113 (FASTLY) (FASTLY)
2	184.30.24.121 184.30.24.121	16625 (AKAMAI-AS) (AKAMAI-AS)
3	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	2.18.235.40 2.18.235.40	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:1901:0:5... 2600:1901:0:524d::	15169 (GOOGLE) (GOOGLE)
18	2600:1901:1:c... 2600:1901:1:c36::	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2004	15169 (GOOGLE) (GOOGLE)
6 8	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
3 7	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
3 5	185.33.221.53 185.33.221.53	29990 (ASN-APPNEX) (ASN-APPNEX)
8	78.46.111.106 78.46.111.106	24940 (HETZNER-AS) (HETZNER-AS)
1 5	46.4.10.49 46.4.10.49	24940 (HETZNER-AS) (HETZNER-AS)
1 5	138.201.220.30 138.201.220.30	24940 (HETZNER-AS) (HETZNER-AS)
4 4	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
2	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
2	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
10	46.236.13.147 46.236.13.147	24931 (DEDIPOWER) (DEDIPOWER)
2 4	142.250.185.102 142.250.185.102	15169 (GOOGLE) (GOOGLE)
2	54.76.176.197 54.76.176.197	16509 (AMAZON-02) (AMAZON-02)
1 1	94.23.99.218 94.23.99.218	16276 (OVH) (OVH)
2	2a00:1450:400... 2a00:1450:4001:812::2008	15169 (GOOGLE) (GOOGLE)
2	65.9.77.19 65.9.77.19	16509 (AMAZON-02) (AMAZON-02)
4	81.29.72.47 81.29.72.47	24931 (DEDIPOWER) (DEDIPOWER)
8	34.249.16.73 34.249.16.73	16509 (AMAZON-02) (AMAZON-02)
193	51

19 54.163.233.121 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-163-233-121.compute-1.amazonaws.com

blip.fm	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 13.224.194.70 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-70.fra2.r.cloudfront.net

d1uswytv6491xe.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:4e42:f::760 (United States)

ASN54113 (FASTLY, US)

sdk.scdn.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.219.98.130 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-r-w.us-east-2.amazonaws.com

empowerlocal-plugin-js.s3.us-east-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:7::a29f:9804 (United States)

ASN13335 (CLOUDFLARENET, US)

miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.9.86.127 (United States)

ASN16509 (AMAZON-02, US)

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2104:e200:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:3::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.30.24.121 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-24-121.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.40 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:524d:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

apresolve.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2600:1901:1:c36:: (United States)

ASN15169 (GOOGLE, US)

api.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 216.58.212.130 (Mountain View, United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2.18.234.21 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.33.221.53 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 78.46.111.106 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.106.111.46.78.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 46.4.10.49 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.49.10.4.46.clients.your-server.de

hal90001.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 138.201.220.30 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)

hal900016.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 145.239.193.130 (France) 4 redirects

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.198.250.30 (Bad Schwalbach, Germany)

ASN24940 (HETZNER-AS, DE)

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 46.236.13.147 (United Kingdom)

ASN24931 (DEDIPOWER, GB)
PTR: 46-236-13-147.servers.dedipower.net

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.102 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.76.176.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

ad-server.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.23.99.218 (France) 1 redirects

ASN16276 (OVH, FR)

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.77.19 (United States)

ASN16509 (AMAZON-02, US)

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 81.29.72.47 (Brixton, United Kingdom)

ASN24931 (DEDIPOWER, GB)
PTR: 81-29-72-47.servers.dedipower.net

diapi.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.249.16.73 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	googlesyndication.com 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	124 KB
23	doubleclick.net 9 redirects stats.g.doubleclick.net googleads.g.doubleclick.net static.doubleclick.net securepubads.g.doubleclick.net cm.g.doubleclick.net 5994599.fls.doubleclick.net	220 KB
19	spotify.com apresolve.spotify.com api.spotify.com	2 KB
19	blip.fm blip.fm	708 KB
18	redintelligence.net 2 redirects hal9000.redintelligence.net hal90001.redintelligence.net hal900016.redintelligence.net	117 KB
14	webgains.com track.webgains.com diapi.webgains.com	59 KB
10	webgains.io analytics.webgains.io api.webgains.io	120 KB
10	youtube.com www.youtube.com	684 KB
7	casalemedia.com 3 redirects dsum-sec.casalemedia.com	7 KB
7	cloudfront.net d1uswytv6491xe.cloudfront.net	18 KB
5	medialead.de 5 redirects pv.medialead.de medialead.de	4 KB
5	adnxs.com 3 redirects ib.adnxs.com	5 KB
5	gstatic.com fonts.gstatic.com www.gstatic.com	68 KB
4	google.com adservice.google.com www.google.com	2 KB
4	googletagservices.com www.googletagservices.com	127 KB
4	googleapis.com ajax.googleapis.com fonts.googleapis.com	32 KB
3	google.de adservice.google.de	798 B
3	amazon-adsystem.com c.amazon-adsystem.com	36 KB
3	google-analytics.com 1 redirects ssl.google-analytics.com www.google-analytics.com	36 KB
3	quantserve.com secure.quantserve.com pixel.quantserve.com	10 KB
3	scdn.co sdk.scdn.co	120 KB
2	googletagmanager.com www.googletagmanager.com	64 KB
2	ad-server.eu ad-server.eu	624 B
2	office-partner.de adv.office-partner.de	2 KB
2	media01.eu pb.media01.eu	688 B
2	jsdelivr.net cdn.jsdelivr.net	344 KB
2	quantcount.com rules.quantcount.com	873 B
2	amazonaws.com empowerlocal-plugin-js.s3.us-east-2.amazonaws.com	13 KB
1	addthisedge.com v1.addthisedge.com	325 B
1	moatads.com z.moatads.com	1 KB
1	addthis.com s7.addthis.com	114 KB
1	ampproject.org cdn.ampproject.org	21 KB
1	medium.com miro.medium.com	36 KB
1	cloudflare.com cdnjs.cloudflare.com	13 KB
193	34

	Domain	Requested by
19	blip.fm	blip.fm
18	api.spotify.com	sdk.scdn.co
13	pagead2.googlesyndication.com	securepubads.g.doubleclick.net 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
10	track.webgains.com	blip.fm 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com analytics.webgains.io
10	tpc.googlesyndication.com	securepubads.g.doubleclick.net 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
10	www.youtube.com	blip.fm www.youtube.com
8	api.webgains.io	analytics.webgains.io
8	hal9000.redintelligence.net	2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com hal90001.redintelligence.net hal900016.redintelligence.net
8	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
7	d1uswytv6491xe.cloudfront.net	blip.fm
6	googleads.g.doubleclick.net	1 redirects www.youtube.com 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com blip.fm
5	hal900016.redintelligence.net	1 redirects 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com hal900016.redintelligence.net
5	hal90001.redintelligence.net	1 redirects 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com hal90001.redintelligence.net
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	diapi.webgains.com	track.webgains.com
4	5994599.fls.doubleclick.net	2 redirects blip.fm
4	pv.medialead.de	4 redirects
4	www.googletagservices.com	empowerlocal-plugin-js.s3.us-east-2.amazonaws.com securepubads.g.doubleclick.net 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
4	fonts.gstatic.com	fonts.googleapis.com www.youtube.com
3	2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	adservice.google.com	securepubads.g.doubleclick.net 5994599.fls.doubleclick.net
3	adservice.google.de	securepubads.g.doubleclick.net adservice.google.com
3	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
3	c.amazon-adsystem.com	empowerlocal-plugin-js.s3.us-east-2.amazonaws.com c.amazon-adsystem.com
3	fonts.googleapis.com	blip.fm hal90001.redintelligence.net hal900016.redintelligence.net
3	sdk.scdn.co	blip.fm sdk.scdn.co
2	analytics.webgains.io	track.webgains.com
2	www.googletagmanager.com	adv.office-partner.de
2	ad-server.eu	2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
2	adv.office-partner.de	hal90001.redintelligence.net hal900016.redintelligence.net
2	pb.media01.eu	hal90001.redintelligence.net hal900016.redintelligence.net
2	cdn.jsdelivr.net	empowerlocal-plugin-js.s3.us-east-2.amazonaws.com
2	pixel.quantserve.com	blip.fm
2	rules.quantcount.com	secure.quantserve.com
2	ssl.google-analytics.com	1 redirects blip.fm
2	empowerlocal-plugin-js.s3.us-east-2.amazonaws.com	blip.fm
1	medialead.de	1 redirects
1	www.google.com	tpc.googlesyndication.com
1	apresolve.spotify.com	sdk.scdn.co
1	v1.addthisedge.com	s7.addthis.com
1	z.moatads.com	s7.addthis.com
1	www.google-analytics.com	sdk.scdn.co
1	s7.addthis.com	blip.fm
1	cdn.ampproject.org	empowerlocal-plugin-js.s3.us-east-2.amazonaws.com
1	www.gstatic.com	www.youtube.com
1	static.doubleclick.net	www.youtube.com
1	stats.g.doubleclick.net	blip.fm
1	secure.quantserve.com	blip.fm
1	miro.medium.com	blip.fm
1	cdnjs.cloudflare.com	blip.fm
1	ajax.googleapis.com	blip.fm
193	52

This site contains links to these domains. Also see Links.

Domain
thedolive.tv
blog.blip.fm

Subject Issuer	Validity	Valid
blip.fm R3	`2021-06-01` - `2021-08-30`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.scdn.co DigiCert SHA2 Secure Server CA	`2020-08-05` - `2021-09-01`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-10-21` - `2021-10-20`	a year	crt.sh
*.s3.us-east-2.amazonaws.com DigiCert Baltimore CA-2 G2	`2021-01-14` - `2022-01-18`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2021-05-06` - `2021-08-03`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-06-07` - `2021-08-30`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-04-30` - `2022-06-01`	a year	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-27`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-01-21` - `2022-01-25`	a year	crt.sh
*.spotify.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-03` - `2022-05-03`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
redintelligence.net R3	`2021-06-21` - `2021-09-19`	3 months	crt.sh
*.media01.eu RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-05-27` - `2022-05-27`	a year	crt.sh
adv.office-partner.de R3	`2021-05-11` - `2021-08-09`	3 months	crt.sh
*.webgains.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-20` - `2022-06-20`	a year	crt.sh
ad-server.eu R3	`2021-06-18` - `2021-09-16`	3 months	crt.sh
*.webgains.io Amazon	`2021-03-12` - `2022-04-10`	a year	crt.sh

This page contains 24 frames:

Primary Page: https://blip.fm/pastabrick6
Frame ID: 1B851E47F066CAE3D84F3186C37C3F7F
Requests: 63 HTTP requests in this frame

Frame: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1
Frame ID: BC5DBCD04C39C161B616CFF6C04689B5
Requests: 12 HTTP requests in this frame

Frame: https://sdk.scdn.co/embedded/index.html
Frame ID: C5042E30D0FEF137E6C45E62CC9DE0D7
Requests: 13 HTTP requests in this frame

Frame: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: BE3028C983D9F2D02EBDE643CD9DA2A0
Requests: 1 HTTP requests in this frame

Frame: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 20DC2E262117C53438FCB9AF99D4BF19
Requests: 23 HTTP requests in this frame

Frame: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 654CD96B82B706220BBC6410C2850DDD
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYncXFlQEwAQ&v=APEucNUmZWBc2xvcLqJ4y2tKxBclLhvd51BaqBT8oBo4UCweeR94beaevvdnV2BYBp4X9ij8SYWul0xkikN3KiWcBc9Lk3yZKp-ar7N-gmZHwGyU65IqXAQMhWQZz9--stU1Aefs6KK80CKaEnYr6AfS3JkW2H4xzjwba8yceqkbVGl2zyMwxhw
Frame ID: 56EA8E4D4CC07CF73A5E8ADF2C9B9591
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNWgEdMgvz86CKlRxfxAWMR0INhMTKe4sNxclo8ledoETMWgT7ZNCeU3IbqVpD-dEJPEpwtIHCYsu0rl7tI6rCort3hWkudHDh-m8mWq_zaTN8WDxZUVRVCAeWEwGBruD3WPGyxFDoQ40x4p0S9ll04e0UG2zTfYIzlPNJ4MG2q06TpuEVo
Frame ID: E701BB67D5FEED01A8E35E80F6D2C73D
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 2ECC6120FAB63C99030E2827080B11F2
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D91D13D8677F9E231E1DF80F53A0B209
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: DC11F027D8E5FFE8E1BE73FC4B98A534
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 3AEB7A952422C5210189A5E5F9ED0D03
Requests: 3 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=97682600134659400710632011641001&actionid=731824&produktid=businessgiro&dt_url=
Frame ID: 69E094A1A166298FE7425651D133D10E
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: E4F16984CDF92031407181B405E4994A
Requests: 2 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=COaS_7b8v_ECFZLn5god9-4Bcw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9175711665424.055
Frame ID: 48181690D123B5EAA17DA4DDB0D5D1A2
Requests: 1 HTTP requests in this frame

Frame: https://hal90001.redintelligence.net/request_content.php?s=97682600134659400710632011641001&a=d0756dd2
Frame ID: E445C8305267A4CEE1769C6621F21F60
Requests: 9 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=76269700203896600710612011641016&actionid=879111&produktid=ratenkredit&dt_url=
Frame ID: A8546AFA0A163B8EB18CDD4867545158
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: EB322FDAC304E079C55861D3A51C0156
Requests: 2 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CNyQ_7b8v_ECFYIcBgAdZlUGLA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876534480504.767
Frame ID: B14B625F31511006504ED44018E4D2F3
Requests: 1 HTTP requests in this frame

Frame: https://hal900016.redintelligence.net/request_content.php?s=76269700203896600710612011641016&a=666fdb4d
Frame ID: 9C02B961F59EA82B18A539E336464E7E
Requests: 7 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=COaS_7b8v_ECFZLn5god9-4Bcw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9175711665424.055;~oref=https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
Frame ID: D7CD22036B2FBB951EEE6CCA8D0C2529
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CNyQ_7b8v_ECFYIcBgAdZlUGLA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876534480504.767;~oref=https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
Frame ID: EFF387264F101541735D64480DC7B418
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=COaS_7b8v_ECFZLn5god9-4Bcw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9175711665424.055;~oref=https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
Frame ID: C508186FF586E4C87F5F5BFC6056EF23
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CNyQ_7b8v_ECFYIcBgAdZlUGLA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876534480504.767;~oref=https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
Frame ID: 7D6FAAD480025E9F4DF85EFF1FBEC27E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /php\/?([\d.]+)?/i

Red Hat (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Red Hat/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Handlebars (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /handlebars(?:\.runtime)?(?:-v([\d.]+?))?(?:\.min)?\.js/i

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /(?:\/([\d.]+))?\/vue(?:\.min)?\.js/i

AddThis (Widgets) Expand

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

193
Requests

99 %
HTTPS

58 %
IPv6

34
Domains

52
Subdomains

51
IPs

8
Countries

3093 kB
Transfer

8463 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://thedolive.tv/
Title: https://thedolive.tv/

Search URL Search Domain Scan URL

URL: http://blog.blip.fm/faq
Title: FAQ

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 27

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1891779968&utmhn=blip.fm&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Free%20Music%20%7C%20Listen%20to%20Music%20Online%20%7C%20pastabrick6%20-%20Blip.fm&utmhid=344223028&utmr=-&utmp=%2Fpastabrick6&utmht=1625077217789&utmac=UA-1449388-5&utmcc=__utma%3D171230451.884119326.1625077218.1625077218.1625077218.1%3B%2B__utmz%3D171230451.1625077218.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=605196045&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1449388-5&cid=884119326.1625077218&jid=605196045&_v=5.7.2&z=1891779968

Request Chain 49

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 99

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKogpW94jf9ehpFsXREJqlI&google_cver=1

Request Chain 100

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YNy144nidAQ-NXNBK1d9cwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENXlZrK4pY3TIgrpVgsbbCw&google_cver=1

Request Chain 101

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEK5x-fXJ2seFOu8QsV7uowE&google_cver=1

Request Chain 102

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk5MTMwNzYzNTYyNzY4MTQzMw%3D%3D

Request Chain 106

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENXlZrK4pY3TIgrpVgsbbCw&google_cver=1

Request Chain 107

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YNy144nidAQ-NXNBK1d9cwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENXlZrK4pY3TIgrpVgsbbCw&google_cver=1

Request Chain 108

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEKTyx9vsdOfbG15387h4TVA&google_cver=1

Request Chain 109

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk5MTMwNzYzNTYyNzY4MTQzMw%3D%3D

Request Chain 116

https://hal90001.redintelligence.net/request.php?zone=zy291edt4ui9&nw=20&renderingType=javascript&namespace=bc4eab0841&subid=&uid=f0d22b1fa77e97bb&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCptPU47XcYM3XB4_igQeWkpbgCbXN-YNXnNC5q-UM8C4QASC1y4pGYJXqqIKwB8gBCakCfm3Ytrrusz6oAwGqBMIBT9Co8ft-uXIfUsCK1HwBPeXoMTGdhO3a-CJ8Ev178hpoQQ-5F2ICzYI32cCavpLjzoYoX7TY1_t6LhDJuevi7si8ZGzmEy2PyBvCsVM5CGa9Zd2S2L50QhgvNqdyAbtyw9EuHSMKStaOiHFR4BypKPufykOpcOLFRySG8TwwXgf3IhXgJ6SOocJ8g5M_83hSYnyL9Pxeti1CahAmaZ0MeCSoYCEMyDnspIPXDS5KR0sG16PNA5NpYRXElD7KmemtRbTABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tODEwNTE5NTgwMzkxNDA2OYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRoXY7ppm-4bfyhkM-LxwNgj4-3dw%26sig%3DAOD64_0sxMIQYMC_x-3zMKzpwh5SWTaoDg%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-CDhT_-5-4RfoEz86RwgojXQV_bw5DXPRl3Nstwk1llQk6DJiFOJxOu7eHDgbf-0erYp5zVL7yViGCEuP3qm1tfVq3xNmo0KcwD9laiRU6Ruw_-cda0ICeW7xmA5JryrZTVYdmhZkYxvRgSzmtZ34MFJ4UrNg%26cry%3D1%26dbm_d%3DAKAmf-COzrGQN24TCTsWrGM6d5NTOxYefSzt3ZDs9XsPJaG_tF7pkKyD4xIrDjkBFenGhLO-LnWpdsKoW3mFzZG6c23O0EtBriygrLxuju2lfkdf4KHwHyWKHhL9M3JRX49w6hs9JBldYxnp-sonCgRw62fXNJgwG-050z69JA0ZQveO6sYgupT2ptf7SypBX43Lkxrf1xXrzSlgDGIkozMFviZ3UISooAAAnJv1QLQsWNfyCYVZWlGSfMM-xQH9COkagT0XsXkKt4JM2y6RLuy_WI2FeJ5I7jBPy07aX28QebeeHmQtLsx7ix97U07czP_hUSdb_HexEq6AEiiIoA4WdtSfeL-DM-Y4dkhEEuZ7zND8ucjPTHzvwdDZUM2vSqGqATJJg7cgK4Eabt4Fy3mR-2MNqsVWTvtg7XjlpwHJzAu3RYao0OYKiI6OkFJ_lFH5dIIa-U9h%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=3561920321195&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90001.redintelligence.net/request.php?zone=zy291edt4ui9&nw=20&renderingType=javascript&namespace=bc4eab0841&subid=&uid=f0d22b1fa77e97bb&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCptPU47XcYM3XB4_igQeWkpbgCbXN-YNXnNC5q-UM8C4QASC1y4pGYJXqqIKwB8gBCakCfm3Ytrrusz6oAwGqBMIBT9Co8ft-uXIfUsCK1HwBPeXoMTGdhO3a-CJ8Ev178hpoQQ-5F2ICzYI32cCavpLjzoYoX7TY1_t6LhDJuevi7si8ZGzmEy2PyBvCsVM5CGa9Zd2S2L50QhgvNqdyAbtyw9EuHSMKStaOiHFR4BypKPufykOpcOLFRySG8TwwXgf3IhXgJ6SOocJ8g5M_83hSYnyL9Pxeti1CahAmaZ0MeCSoYCEMyDnspIPXDS5KR0sG16PNA5NpYRXElD7KmemtRbTABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tODEwNTE5NTgwMzkxNDA2OYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRoXY7ppm-4bfyhkM-LxwNgj4-3dw%26sig%3DAOD64_0sxMIQYMC_x-3zMKzpwh5SWTaoDg%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-CDhT_-5-4RfoEz86RwgojXQV_bw5DXPRl3Nstwk1llQk6DJiFOJxOu7eHDgbf-0erYp5zVL7yViGCEuP3qm1tfVq3xNmo0KcwD9laiRU6Ruw_-cda0ICeW7xmA5JryrZTVYdmhZkYxvRgSzmtZ34MFJ4UrNg%26cry%3D1%26dbm_d%3DAKAmf-COzrGQN24TCTsWrGM6d5NTOxYefSzt3ZDs9XsPJaG_tF7pkKyD4xIrDjkBFenGhLO-LnWpdsKoW3mFzZG6c23O0EtBriygrLxuju2lfkdf4KHwHyWKHhL9M3JRX49w6hs9JBldYxnp-sonCgRw62fXNJgwG-050z69JA0ZQveO6sYgupT2ptf7SypBX43Lkxrf1xXrzSlgDGIkozMFviZ3UISooAAAnJv1QLQsWNfyCYVZWlGSfMM-xQH9COkagT0XsXkKt4JM2y6RLuy_WI2FeJ5I7jBPy07aX28QebeeHmQtLsx7ix97U07czP_hUSdb_HexEq6AEiiIoA4WdtSfeL-DM-Y4dkhEEuZ7zND8ucjPTHzvwdDZUM2vSqGqATJJg7cgK4Eabt4Fy3mR-2MNqsVWTvtg7XjlpwHJzAu3RYao0OYKiI6OkFJ_lFH5dIIa-U9h%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=3561920321195&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 119

https://hal900016.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=7818a6a347&subid=&uid=db506fc80cc1f3f8&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCtur547XcYM7XB4_igQeWkpbgCbXN-YNX_Ni5q-UM8C4QASC1y4pGYJXqqIKwB8gBCakCfm3Ytrrusz6oAwGqBMIBT9CHweRFsy_3kYZAnxWghWpepA2xBA2CwgVu_CzfHxVje6zqREMVnO_ToyqbjH-ClHEj8byJkKU9vLIhEyGmTLRC2rtj83p15vuhgwejuNpZNaRSMGYlV46aZ-uzZUJXbAkuKrik5nNam3npSOKzeavGDuYk4RY9ESQOT9tsEnlKJeVw_4g8tZn907n0GLMCs6dXD2CeOicVFlJ1eJkKNrR-7olBSeXbqoQbDZsN_MfxoYOtMGq5a7pXoew0uEUs_M_ABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tODEwNTE5NTgwMzkxNDA2OYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRol7sUNtLw9qT59t_ZEbMEXctoDw%26sig%3DAOD64_1V5Nf7EoSuFkA6qKPgcUH4vO1_Nw%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-BvRGeM3B6Vk4grQ0y0NPrvH4mPPhQ4Wq1hyZg5fTO1OAxEDwR78Q_9ER_Ewu_93h3EBLoD5sZ98yXyKcM9BRXJn6AH2Q0jlr_nM9pt-Wq9xicgPQpqv_3PeRnMeuVNiTBmfCg9UaH8OQJFlZjWRSA0WSrx-w%26cry%3D1%26dbm_d%3DAKAmf-CM9okD6QQvI0hJ8EU19Z0htUHQfWnisKrS0D6Yod9GrWb0kjve_GtDWpZ9PBNQ4SgRiGraldqxYVIxZifGmWIy4ocg0qzh4Vu3c1b1Yg1QfIpFruiVKKaRRk4Ls1SWhLGCa4Z0tzg8orVO3lAcsjq1WranYqXvjOxwr1R1TUQrRK4gD732cuQis9We2Qtwgn9hoee6bg3KQO4uTjVoRoFiiEAJJ3z7fL40B9lDZ0B1e6boho447j5v95-nY3aN8dsFmERJmrFV3ZAMWrKn6gS3-1ljO-AWIgju09yUN9jI_b4JjXDRUMltzBi1tybYlLsHriQla609KoHte2CMcbEZ6zPcgP6n3gMKwMPwF_mv_QOLaEwlqdLAOjkGkeloKzNSvKrQ7wQ_1CMZPqqBl0SPlDNQp5bb4DE7bndb3UcLFWhmz-l_4VkadmK5KB8N_ir4hXf4%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=841583525802&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900016.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=7818a6a347&subid=&uid=db506fc80cc1f3f8&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCtur547XcYM7XB4_igQeWkpbgCbXN-YNX_Ni5q-UM8C4QASC1y4pGYJXqqIKwB8gBCakCfm3Ytrrusz6oAwGqBMIBT9CHweRFsy_3kYZAnxWghWpepA2xBA2CwgVu_CzfHxVje6zqREMVnO_ToyqbjH-ClHEj8byJkKU9vLIhEyGmTLRC2rtj83p15vuhgwejuNpZNaRSMGYlV46aZ-uzZUJXbAkuKrik5nNam3npSOKzeavGDuYk4RY9ESQOT9tsEnlKJeVw_4g8tZn907n0GLMCs6dXD2CeOicVFlJ1eJkKNrR-7olBSeXbqoQbDZsN_MfxoYOtMGq5a7pXoew0uEUs_M_ABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tODEwNTE5NTgwMzkxNDA2OYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRol7sUNtLw9qT59t_ZEbMEXctoDw%26sig%3DAOD64_1V5Nf7EoSuFkA6qKPgcUH4vO1_Nw%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-BvRGeM3B6Vk4grQ0y0NPrvH4mPPhQ4Wq1hyZg5fTO1OAxEDwR78Q_9ER_Ewu_93h3EBLoD5sZ98yXyKcM9BRXJn6AH2Q0jlr_nM9pt-Wq9xicgPQpqv_3PeRnMeuVNiTBmfCg9UaH8OQJFlZjWRSA0WSrx-w%26cry%3D1%26dbm_d%3DAKAmf-CM9okD6QQvI0hJ8EU19Z0htUHQfWnisKrS0D6Yod9GrWb0kjve_GtDWpZ9PBNQ4SgRiGraldqxYVIxZifGmWIy4ocg0qzh4Vu3c1b1Yg1QfIpFruiVKKaRRk4Ls1SWhLGCa4Z0tzg8orVO3lAcsjq1WranYqXvjOxwr1R1TUQrRK4gD732cuQis9We2Qtwgn9hoee6bg3KQO4uTjVoRoFiiEAJJ3z7fL40B9lDZ0B1e6boho447j5v95-nY3aN8dsFmERJmrFV3ZAMWrKn6gS3-1ljO-AWIgju09yUN9jI_b4JjXDRUMltzBi1tybYlLsHriQla609KoHte2CMcbEZ6zPcgP6n3gMKwMPwF_mv_QOLaEwlqdLAOjkGkeloKzNSvKrQ7wQ_1CMZPqqBl0SPlDNQp5bb4DE7bndb3UcLFWhmz-l_4VkadmK5KB8N_ir4hXf4%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=841583525802&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 121

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=97682600134659400710632011641001&t=htlp HTTP 301
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=97682600134659400710632011641001&actionid=731824&produktid=businessgiro&dt_url=

Request Chain 125

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9175711665424.055 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=COaS_7b8v_ECFZLn5god9-4Bcw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9175711665424.055

Request Chain 127

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=97682600134659400710632011641001 HTTP 301
https://ad-server.eu/wm/pb/native.png

Request Chain 129

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=76269700203896600710612011641016&t=htlp HTTP 301
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=76269700203896600710612011641016&actionid=879111&produktid=ratenkredit&dt_url=

Request Chain 133

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876534480504.767 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CNyQ_7b8v_ECFYIcBgAdZlUGLA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876534480504.767

Request Chain 135

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=76269700203896600710612011641016 HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=76269700203896600710612011641016 HTTP 301
https://ad-server.eu/wm/pb/native.png

193 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request pastabrick6 Show response
blip.fm/ 25 KB
7 KB 448ms
161ms Document
text/html 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 / PHP/7.0.19
Resource Hash: c6316846b9bd6c2893d7cad544c23901a4785599d36576d0ab02bd84d853eed8

Request headers

Host: blip.fm
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:19:47 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
X-Powered-By: PHP/7.0.19
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK base.css
blip.fm/_/css/ 79 KB
17 KB 134ms
103ms Stylesheet
text/css 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blip.fm/_/css/base.css
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: a74acb7a696191bfe5e2819a4bac32c071a0302e63413044e4f6b4e396d5e6d5

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://blip.fm/pastabrick6
Connection: keep-alive
Referer: https://blip.fm/pastabrick6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:19:47 GMT
Content-Encoding: gzip
Last-Modified: Sun, 27 Jun 2021 15:31:03 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "13d7f-5c5c10f809bc0-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 17047

GET
H/1.1 200
OK newdesign.css
blip.fm/_/css/ 25 KB
5 KB 230ms
95ms Stylesheet
text/css 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blip.fm/_/css/newdesign.css
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: ad6c03b014c238c864d168340a81b0249fb963c060c336b5a85868da5efd6a3f

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://blip.fm/pastabrick6
Connection: keep-alive
Referer: https://blip.fm/pastabrick6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:19:47 GMT
Content-Encoding: gzip
Last-Modified: Sun, 27 Jun 2021 15:30:13 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "65d4-5c5c10c85ab40-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 4922

GET
H/1.1 200
OK profile.26.css.cgz
d1uswytv6491xe.cloudfront.net/css/ 3 KB
1 KB 79ms
46ms Stylesheet
text/css 13.224.194.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1uswytv6491xe.cloudfront.net/css/profile.26.css.cgz
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.194.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-194-70.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ae6e79fcd093e4a8968d1ebc25b12f74f12503794384e0de7598761261c01f70

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 13 Feb 2021 02:48:49 GMT
Content-Encoding: gzip
Age: 11892689
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 974
Last-Modified: Thu, 04 Apr 2019 15:07:15 GMT
Server: AmazonS3
ETag: "cafbaa2c66e5af33d2a50ac7c913fc60"
Content-Type: text/css
Via: 1.1 7a3193ebce69450274ae629ce856b09d.cloudfront.net (CloudFront)
Cache-Control: max-age=315360000
X-Amz-Cf-Pop: FRA2-C1
Accept-Ranges: bytes
X-Amz-Cf-Id: gqQL9wLfap1xx06W91WcOX0z_tGKTHaP9FxrcBPefGzFG5eZ3CrsxA==
Expires: Thu, 04 Apr 2024 15:07:14 GMT

GET
H/1.1 200
OK spotify.css
blip.fm/_/css/ 2 KB
1 KB 290ms
95ms Stylesheet
text/css 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blip.fm/_/css/spotify.css
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: d770749019637859894001e3ce01057cc47b89c89f5afe98f1c6d0aaf9a4648d

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://blip.fm/pastabrick6
Connection: keep-alive
Referer: https://blip.fm/pastabrick6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:19:47 GMT
Content-Encoding: gzip
Last-Modified: Mon, 19 Aug 2019 17:42:43 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "776-5907bddf8cac0-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 665

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ 86 KB
30 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

Requested by

Host: blip.fm
URL: https://blip.fm/pastabrick6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:13:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 409
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30774
x-xss-protection: 0
last-modified: Mon, 13 May 2019 14:37:17 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Jun 2022 18:13:28 GMT

GET
H/1.1 200
OK spotify-player.js Show response
sdk.scdn.co/ 21 KB
6 KB 79ms
22ms Script
application/javascript 2a04:4e42:f::760
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk.scdn.co/spotify-player.js
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:f::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: dec6a0b276c15b010acbbc7c201810712d7b9f7217308225174dfdeda5d4f6e0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:20:17 GMT
Content-Encoding: gzip
Last-Modified: Thu, 22 Apr 2021 09:44:32 GMT
Age: 1096170
ETag: "23130e8b4395801117e1675730d026b2"
X-Served-By: cache-ord1743-ORD, cache-lhr7354-LHR
X-Cache: MISS, HIT
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6204
X-Cache-Hits: 0, 5

GET
H/1.1 200
OK jquery.cookie.js Show response
blip.fm/_/js/ 3 KB
3 KB 289ms
95ms Script
application/javascript 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blip.fm/_/js/jquery.cookie.js
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://blip.fm/pastabrick6
Connection: keep-alive
Referer: https://blip.fm/pastabrick6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:19:47 GMT
Last-Modified: Mon, 06 Jan 2020 14:00:06 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "c31-59b79139da580"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 3121

GET
H2 200 handlebars.min.js Show response
cdnjs.cloudflare.com/ajax/libs/handlebars.js/2.0.0-alpha.1/ 47 KB
13 KB 25ms
23ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/handlebars.js/2.0.0-alpha.1/handlebars.min.js

Requested by

Host: blip.fm
URL: https://blip.fm/pastabrick6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

82e2d5fd2ae7a2dfb049133d30a1c14aa65ddacffd138a73921f2994766c3324

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:20:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 4135196
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 12647
cf-request-id: 0affbf8fdf00002c563e2f6000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:26 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e72-ba0e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=mRRilrZWrAVJsxik96g%2BhDtDyodk%2Fdsqvz0sN7SyCQrAWPyIjs%2BwTOajHTLaRAerD3%2BHJLJL2K2bkPbLe3Jg4yH%2FN6E7e%2BCmWWt3b6gC%2Bbx%2FplSSz62rlRT0FZTpOZa6vEobpt4D40CztiLRpg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6679685fc9a02c56-FRA
expires: Mon, 20 Jun 2022 18:20:17 GMT

GET
H/1.1 200
OK napster.min.js Show response
blip.fm/_/js/ 14 KB
15 KB 290ms
96ms Script
application/javascript 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blip.fm/_/js/napster.min.js
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: ff7bf0e46bc638dc36c28fd98b218a1983bc2badd30cbed318de10c270f66ec1

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://blip.fm/pastabrick6
Connection: keep-alive
Referer: https://blip.fm/pastabrick6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:19:47 GMT
Last-Modified: Mon, 06 Jan 2020 14:00:07 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "38da-59b7913ace7c0"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 14554

GET
H/1.1 200
OK spotify-api.js Show response
blip.fm/_/js/ 6 KB
6 KB 299ms
99ms Script
application/javascript 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blip.fm/_/js/spotify-api.js
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: 396e92552e8ff284f6e204090bc222578d5a1a6ec0f92ccf31ed5978606784b4

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://blip.fm/pastabrick6
Connection: keep-alive
Referer: https://blip.fm/pastabrick6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:19:47 GMT
Last-Modified: Thu, 09 Jan 2020 09:26:07 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "17f8-59bb1994c89c0"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 6136

GET
H/1.1 200
OK napster-api.js Show response
blip.fm/_/js/ 3 KB
3 KB 299ms
100ms Script
application/javascript 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blip.fm/_/js/napster-api.js
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: 5345a3bf0a85143d337b572e4cea04e8705eb606e47611d54a7c1e1f6242308a

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://blip.fm/pastabrick6
Connection: keep-alive
Referer: https://blip.fm/pastabrick6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:19:47 GMT
Last-Modified: Thu, 09 Jan 2020 09:23:24 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "c8f-59bb18f955b00"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 3215

GET
H/1.1 200
OK header.js Show response
empowerlocal-plugin-js.s3.us-east-2.amazonaws.com/ 8 KB
9 KB 494ms
132ms Script
application/javascript 52.219.98.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://empowerlocal-plugin-js.s3.us-east-2.amazonaws.com/header.js
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.219.98.130 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-r-w.us-east-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: e4a54349dc54879fad8d1567c0dbaad10d67553f8d1c190f3939e46b434c6e9a

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:20:18 GMT
Last-Modified: Wed, 10 Mar 2021 19:39:58 GMT
Server: AmazonS3
x-amz-request-id: 1FGWPVX4PNQNTV6D
ETag: "808b8d2713ae2c3bc82ca1d76dccbc08"
Content-Type: application/javascript
x-amz-version-id: F4VRdt3dlpkr8Avwt6TpU_eFaQI6ua_s
Accept-Ranges: bytes
Content-Length: 8674
x-amz-id-2: uUWWMOOX6hlXHjCH0K1OCpWNB9L8tCW/9Eof5OjX4r/1Z/TQtznSDKj0RVSH6viV9djhw9Xj9Qo=

GET
H/1.1 200
OK logo.png
blip.fm/images/ 9 KB
9 KB 110ms
108ms Image
image/png 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blip.fm/images/logo.png
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: 1feda3dc45dfdcb46ec8f8abdafc23f06d4e2d954a864ec9e9e61b857dc8d1e8

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blip.fm/pastabrick6
Connection: keep-alive
Referer: https://blip.fm/pastabrick6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:19:48 GMT
Last-Modified: Wed, 01 Jul 2020 13:08:01 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "22a3-5a960fb434e40"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 8867

GET
H/1.1 200
OK spinner.gif
d1uswytv6491xe.cloudfront.net/images/blip/ 847 B
1 KB 19ms
17ms Image
image/gif 13.224.194.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1uswytv6491xe.cloudfront.net/images/blip/spinner.gif
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.194.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-194-70.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 88c003ca3b8264aa64112d6c7ebe5a82011b6041c24460dbea7a31d3bfafee34

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 11 Jun 2021 14:52:20 GMT
Via: 1.1 7a3193ebce69450274ae629ce856b09d.cloudfront.net (CloudFront)
Connection: keep-alive
Last-Modified: Thu, 04 Apr 2019 15:03:35 GMT
Server: AmazonS3
Age: 1654078
ETag: "4b2f4d6259e452b9a0d2efbe25065b58"
X-Cache: Hit from cloudfront
Content-Type: image/gif
Cache-Control: max-age=315360000
X-Amz-Cf-Pop: FRA2-C1
Accept-Ranges: bytes
Content-Length: 847
X-Amz-Cf-Id: maLJtfqJruS5AXMQ_-itNmUk8Z2qW45ao7eep0jW3Y3l_OUOLwiOow==
Expires: Thu, 04 Apr 2024 15:03:33 GMT

GET
H/1.1 200
OK juicy-signup-small.png
d1uswytv6491xe.cloudfront.net/images/buttons/ 4 KB
4 KB 29ms
10ms Image
image/png 13.224.194.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1uswytv6491xe.cloudfront.net/images/buttons/juicy-signup-small.png
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.194.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-194-70.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 17c3bd5b578cb7f4fccd1ad422794185e0c96b0c68a60756f4b1a72b674972c8

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 13 Feb 2021 02:48:50 GMT
Via: 1.1 7a3193ebce69450274ae629ce856b09d.cloudfront.net (CloudFront)
Connection: keep-alive
Last-Modified: Thu, 04 Apr 2019 15:05:23 GMT
Server: AmazonS3
Age: 11892688
ETag: "a7a5b0521447b176ca08db741abbb305"
X-Cache: Hit from cloudfront
Content-Type: image/png
Cache-Control: max-age=315360000
X-Amz-Cf-Pop: FRA2-C1
Accept-Ranges: bytes
Content-Length: 3659
X-Amz-Cf-Id: OWn8DTEhI3FIEnfqucPbc1Tq2NxinAuv1IQe2gXzxUxr9fLQuBukPg==
Expires: Thu, 04 Apr 2024 15:05:21 GMT

GET
H/1.1 200
OK nousericon-l.gif
d1uswytv6491xe.cloudfront.net/images/ 6 KB
7 KB 32ms
10ms Image
image/gif 13.224.194.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1uswytv6491xe.cloudfront.net/images/nousericon-l.gif
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.194.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-194-70.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 35e9144015046c3d25f20ddbd1f3036306891c441a18343c1d1e2da6ff3c2bd1

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 29 Jan 2021 01:30:07 GMT
Via: 1.1 f797fc0ae68a3abc35e081e46174c9f2.cloudfront.net (CloudFront)
Connection: keep-alive
Last-Modified: Thu, 04 Apr 2019 15:03:48 GMT
Server: AmazonS3
Age: 13193411
ETag: "93ccd993bbfefbfa9709be27d9a0588b"
X-Cache: Hit from cloudfront
Content-Type: image/gif
Cache-Control: max-age=315360000
X-Amz-Cf-Pop: FRA2-C1
Accept-Ranges: bytes
Content-Length: 6443
X-Amz-Cf-Id: 93JAC97hGBQO4nuSBaP1gDzYEn1QK_67mNaZPWWGYk_ljLSUC0JDPg==
Expires: Thu, 04 Apr 2024 15:03:47 GMT

GET
H/1.1 200
OK co.png
d1uswytv6491xe.cloudfront.net/images/flags/ 383 B
935 B 59ms
35ms Image
image/png 13.224.194.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1uswytv6491xe.cloudfront.net/images/flags/co.png
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.194.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-194-70.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 41d6e3b9d0f24eed6d98bc3b748a97bc946b85e7edd2f17967026eb6406326fc

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 26 Jun 2021 20:43:55 GMT
Via: 1.1 172e63b20fb363ed969de28ae3937e21.cloudfront.net (CloudFront)
Connection: keep-alive
Last-Modified: Wed, 25 Aug 2010 17:45:19 GMT
Server: AmazonS3
Age: 336983
ETag: "a224f4d6ece8f7570d038e83191abd0e"
X-Cache: Hit from cloudfront
Content-Type: image/png; charset=binary
Cache-Control: max-age=315360000
X-Amz-Cf-Pop: FRA2-C1
Accept-Ranges: bytes
Content-Length: 383
X-Amz-Cf-Id: u5WsWfi97tf_kzFEZ81W-PZ1aLE7fI3NOyL42T3O8ClQwTCmsgW9Ew==
Expires: Tue, 25 Aug 2015 17:45:18 GMT

GET
H2 200 1*ptQRDWDlEblcDL734-y4Qw.png
miro.medium.com/max/1200/ 35 KB
36 KB 160ms
142ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1200/1*ptQRDWDlEblcDL734-y4Qw.png

Requested by

Host: blip.fm
URL: https://blip.fm/pastabrick6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10985b0138ee107431b8118e0d8b2efa14439caf69807bf0bde75c96c578f018

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:20:17 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 750
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 35996
cf-request-id: 0affbf91dd00001f559b181000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210524-162717-f383c62fea
accept-ranges: bytes
cf-ray: 66796862ff701f55-FRA
expires: Fri, 30 Jul 2021 18:20:17 GMT

GET
H/1.1 200
OK placeholder.svg
blip.fm/_/images/ 4 KB
5 KB 110ms
109ms Image
image/svg+xml 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blip.fm/_/images/placeholder.svg
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: c0e57c534e7fce5e66fb419c269b97d436385a2c69b9f508edf480ef60dedf91

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blip.fm/pastabrick6
Connection: keep-alive
Referer: https://blip.fm/pastabrick6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:19:48 GMT
Last-Modified: Wed, 15 Jul 2020 08:57:06 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "1194-5aa771bb17c80"
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 4500

GET
H/1.1 200
OK napster.jpg
blip.fm/_/images/napster/ 52 KB
52 KB 105ms
104ms Image
image/jpeg 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blip.fm/_/images/napster/napster.jpg
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: e6d76a2dedcc68e2317925b345474a47ee6294694ded93655ee3d69559a4a583

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blip.fm/pastabrick6
Connection: keep-alive
Referer: https://blip.fm/pastabrick6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:19:48 GMT
Last-Modified: Tue, 04 Aug 2020 05:09:47 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "ce4a-5ac0643925cc0"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 52810

GET
H/1.1 200
OK ads.js Show response
empowerlocal-plugin-js.s3.us-east-2.amazonaws.com/ 3 KB
4 KB 238ms
129ms Script
application/javascript 52.219.98.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://empowerlocal-plugin-js.s3.us-east-2.amazonaws.com/ads.js
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.219.98.130 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-r-w.us-east-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: b3d07bd62da73385f67aa7d09c598bade0243347339334c81763124a803dbaf7

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:20:18 GMT
Last-Modified: Fri, 26 Feb 2021 17:17:08 GMT
Server: AmazonS3
x-amz-request-id: 1FGPD1JSRF3Y8W9R
ETag: "22262cedaaaa5ff76bd686a64713f048"
Content-Type: application/javascript
x-amz-version-id: .L7dXL0GVzyECTjS7anJk4iGuUC1kqkM
Accept-Ranges: bytes
Content-Length: 3328
x-amz-id-2: 6jiX8hBd9yFVSdpqplyACLJD5CucOpoC5dZ8CocfYlQ9w2n4OmKS86+r7cLLoLWmAG3u7j6Rxck=

GET
H/1.1 200
OK base.js Show response
blip.fm/_/js/ 505 KB
506 KB 96ms
95ms Script
application/javascript 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blip.fm/_/js/base.js
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: 4b6a2b0fd27801f153917af3d6558094fd0e76f7e08e21e78b45b0343362d3d6

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://blip.fm/pastabrick6
Connection: keep-alive
Referer: https://blip.fm/pastabrick6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:19:48 GMT
Last-Modified: Tue, 09 Mar 2021 21:40:56 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "7e5cc-5bd2167c3aa00"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 517580

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
9 KB 26ms
9ms Script
application/javascript 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:20:17 GMT
content-encoding: gzip
etag: "WhyxmPkT7L77qVDcrjxwGw=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Wed, 07 Jul 2021 18:20:17 GMT

GET
H2 200 css2
fonts.googleapis.com/ 8 KB
801 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:wght@300;400;500;600;700&display=swap

Requested by

Host: blip.fm
URL: https://blip.fm/_/css/newdesign.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1e26892b2736c82171e10cf7325fdc8627423517c96f0e12877de14ed63e8b07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 17:35:21 GMT
server: ESF
date: Wed, 30 Jun 2021 18:20:17 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 30 Jun 2021 18:20:17 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: blip.fm
URL: https://blip.fm/pastabrick6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 188
date: Wed, 30 Jun 2021 18:17:09 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Wed, 30 Jun 2021 20:17:09 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 123 KB
33 KB 47ms
16ms Script
application/javascript 65.9.86.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: empowerlocal-plugin-js.s3.us-east-2.amazonaws.com
URL: https://empowerlocal-plugin-js.s3.us-east-2.amazonaws.com/header.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.86.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: 0f4b08d07ecca9f8fcaf108ea78bb163fc98cfc19a844bd0f87412ab34a41873

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 10:14:09 GMT
content-encoding: gzip
server: Server
age: 29168
etag: c457e964d47ff007ca9e04843536c474
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-version-id: SOzAdyP7.FQsxAjkeGom0RVGr_hQgEwt
x-amz-cf-id: iMTjjnAvrqNiVvkB8abvFQjqZKVkycSxNzhtc6N5QNWcqNS-EU6cAg==

GET
H2 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v15/ 19 KB
19 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@300;400;500;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4545eb1dec25fe868d19dc292d417d8a9e41c0276d75a4eaf524a9db21aa705a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://blip.fm
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 10:05:12 GMT
x-content-type-options: nosniff
age: 29705
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19480
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Jun 2022 10:05:12 GMT

GET
H2

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1891779968&utmhn=blip.fm&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Free%20Music...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1449388-5&cid=884119326.1625077218&jid=605196045&_v=5.7.2&z=1891779968

35 B
100 B

15ms
15ms

Image
image/gif

2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1449388-5&cid=884119326.1625077218&jid=605196045&_v=5.7.2&z=1891779968

Requested by

Host: blip.fm
URL: https://blip.fm/pastabrick6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 30 Jun 2021 18:20:17 GMT
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Jun 2021 18:20:17 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1449388-5&cid=884119326.1625077218&jid=605196045&_v=5.7.2&z=1891779968
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 368
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET config
c.amazon-adsystem.com/cdn/prod/ 0
0

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 46ms
16ms XHR
application/javascript 65.9.86.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.86.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: eEYYOb32LZFr6yGAi8hXG4401uAIPew2
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 32876
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 07 Apr 2021 05:49:36 GMT
server: AmazonS3
date: Wed, 30 Jun 2021 09:12:22 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 254622ebfed5feb6e2d8380b3f9c4c10.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: AMS1-C1
x-amz-cf-id: stkPkVUjEbLx2w65BDGcHBav-4hBv0pBVlZ9DAqiq6RWGXJOIEt9Bw==

GET
H/1.1 200
OK trackpopbg.png
blip.fm/images/ 400 B
732 B 103ms
102ms Image
image/png 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blip.fm/images/trackpopbg.png
Requested by: Host: blip.fm
URL: https://blip.fm/_/css/base.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: 51849fb8f2b161981d2a508c4e58503a0a752c6bbac592a742d92efdb1c378c6

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blip.fm/_/css/base.css
Cookie: __utma=171230451.884119326.1625077218.1625077218.1625077218.1; __utmc=171230451; __utmz=171230451.1625077218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=171230451.1.10.1625077218
Connection: keep-alive
Referer: https://blip.fm/_/css/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:19:48 GMT
Last-Modified: Tue, 04 Aug 2020 05:09:35 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "190-5ac0642db41c0"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 400

GET
H2 200 iframe_api Show response
www.youtube.com/ 980 B
823 B 22ms
22ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: blip.fm
URL: https://blip.fm/_/js/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d328e59e06cf56740aa92089470c256ed33b84ee20721b73a6d65f1b890fc49f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:20:18 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
cache-control: private, max-age=0
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000
content-type: text/javascript; charset=utf-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Wed, 30 Jun 2021 18:20:18 GMT

GET
H/1.1 200
OK loadPage Show response
blip.fm/ajax/ 18 B
414 B 180ms
180ms XHR
application/json 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blip.fm/ajax/loadPage?page=1&bliperId=2659800
Requested by: Host: blip.fm
URL: https://blip.fm/_/js/base.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 / PHP/7.0.19
Resource Hash: 67f2b0a60f37796c436ea0d9f947a22cb196312a87705d10069b65acc2993f01

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: empty
X-Requested-With: XMLHttpRequest
Cookie: __utma=171230451.884119326.1625077218.1625077218.1625077218.1; __utmc=171230451; __utmz=171230451.1625077218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=171230451.1.10.1625077218
Connection: keep-alive
X-Fuzz-Ajax: true
Referer: https://blip.fm/pastabrick6
Referer: https://blip.fm/pastabrick6
X-Requested-With: XMLHttpRequest
X-Fuzz-Ajax: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 18:19:48 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
X-Powered-By: PHP/7.0.19
Content-Type: application/json
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 18
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 rules-p-b0cBKofGeCYKg.js Show response
rules.quantcount.com/ 3 B
436 B 47ms
14ms Script
application/javascript 2600:9000:2104:e200:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-b0cBKofGeCYKg.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:e200:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 07:29:03 GMT
via: 1.1 a156165ae278c5ddd408f18e7181dccd.cloudfront.net (CloudFront)
age: 39076
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 20:48:31 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
x-amz-cf-id: BED0kTxOP8pO3iE2PNaep0NU-dvh4v_lO6Oe5bD0sBimCJxmGhLmfg==

GET
H2 200 rules-p-c4o3JsfzdTxY6.js Show response
rules.quantcount.com/ 3 B
437 B 47ms
15ms Script
application/javascript 2600:9000:2104:e200:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-c4o3JsfzdTxY6.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:e200:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 19:46:27 GMT
via: 1.1 a156165ae278c5ddd408f18e7181dccd.cloudfront.net (CloudFront)
age: 81232
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 20:53:31 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
x-amz-cf-id: 0eASc661FWR0ePJUj8-5H3VvPDRqXCWtfoflDCHR8XpqAT7d54uOjA==

GET
H/1.1 200
OK noticebg-black.png
blip.fm/images/ 2 KB
3 KB 100ms
98ms Image
image/png 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blip.fm/images/noticebg-black.png
Requested by: Host: blip.fm
URL: https://blip.fm/_/css/base.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: 3983c27985f9ae67aed69d7ca6a82a682a7095df30b8d8253014de0f4ee97427

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blip.fm/_/css/base.css
Cookie: __utma=171230451.884119326.1625077218.1625077218.1625077218.1; __utmc=171230451; __utmz=171230451.1625077218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=171230451.1.10.1625077218
Connection: keep-alive
Referer: https://blip.fm/_/css/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:19:48 GMT
Last-Modified: Tue, 04 Aug 2020 05:09:53 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "9d5-5ac0643edea40"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 2517

GET
H/1.1 200
OK dockbg.png
blip.fm/images/ 607 B
939 B 110ms
109ms Image
image/png 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blip.fm/images/dockbg.png
Requested by: Host: blip.fm
URL: https://blip.fm/_/css/base.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: c04e372715cffbc60a3f59d89c6ba50bb9f8adbc36c2e75cbd155f4ae1a911e8

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blip.fm/_/css/base.css
Cookie: __utma=171230451.884119326.1625077218.1625077218.1625077218.1; __utmc=171230451; __utmz=171230451.1625077218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=171230451.1.10.1625077218
Connection: keep-alive
Referer: https://blip.fm/_/css/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:19:48 GMT
Last-Modified: Tue, 04 Aug 2020 05:09:37 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "25f-5ac0642f9c640"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 607

GET
H/1.1 200
OK alert.png
blip.fm/images/icons/ 3 KB
4 KB 107ms
107ms Image
image/png 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blip.fm/images/icons/alert.png
Requested by: Host: blip.fm
URL: https://blip.fm/_/css/base.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: 4db8af548255ad1270380918e096b18fddd5b984f95fd4862f18575f8267162f

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blip.fm/_/css/base.css
Cookie: __utma=171230451.884119326.1625077218.1625077218.1625077218.1; __utmc=171230451; __utmz=171230451.1625077218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=171230451.1.10.1625077218
Connection: keep-alive
Referer: https://blip.fm/_/css/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:19:48 GMT
Last-Modified: Tue, 04 Aug 2020 05:09:49 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "d77-5ac0643b0e140"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 3447

GET
H/1.1 200
OK sprite-uber.png
blip.fm/images/blip/ 64 KB
65 KB 104ms
104ms Image
image/png 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blip.fm/images/blip/sprite-uber.png
Requested by: Host: blip.fm
URL: https://blip.fm/_/css/base.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: 9585f9660d61236506d8fe0d442168949a866c238ee7fe8c5f32b0aec2b29d71

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blip.fm/_/css/base.css
Cookie: __utma=171230451.884119326.1625077218.1625077218.1625077218.1; __utmc=171230451; __utmz=171230451.1625077218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=171230451.1.10.1625077218
Connection: keep-alive
Referer: https://blip.fm/_/css/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:19:48 GMT
Last-Modified: Tue, 04 Aug 2020 05:09:43 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "1015e-5ac06435553c0"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 65886

GET
H/1.1 200
OK dialogbg.png
blip.fm/images/ 6 KB
6 KB 104ms
104ms Image
image/png 54.163.233.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blip.fm/images/dialogbg.png
Requested by: Host: blip.fm
URL: https://blip.fm/_/css/base.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.233.121 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-233-121.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19 /
Resource Hash: 8389ab2ff25b494852f8aa7c6972c69140ffb4f74ad5fb5f030d6ed3a1160359

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blip.fm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blip.fm/_/css/base.css
Cookie: __utma=171230451.884119326.1625077218.1625077218.1625077218.1; __utmc=171230451; __utmz=171230451.1625077218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=171230451.1.10.1625077218
Connection: keep-alive
Referer: https://blip.fm/_/css/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:19:48 GMT
Last-Modified: Tue, 04 Aug 2020 05:09:44 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.0.19
ETag: "17ce-5ac0643649600"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 6094

GET
H3-29 200 www-widgetapi.js Show response
www.youtube.com/s/player/1a0ca43b/www-widgetapi.vflset/ 125 KB
42 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/1a0ca43b/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a17d4e558f6c423dff315fe4b14cf6b35bbb0a25e820ff5726bcd325cf0c4b5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:04:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 978
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42513
x-xss-protection: 0
last-modified: Mon, 28 Jun 2021 00:19:19 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 30 Jun 2022 18:04:00 GMT

GET
H3-29 200 / Show response
www.youtube.com/embed/ Frame BC5D 31 KB
10 KB 35ms
35ms Document
text/html 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/1a0ca43b/www-widgetapi.vflset/www-widgetapi.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7ae7715773eb9e65b5645c463396217b826fa0cc510400e414f21568a57481a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blip.fm/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: YSC=VWS8s_0nUkg; VISITOR_INFO1_LIVE=zeeY15iLjEA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blip.fm/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 30 Jun 2021 18:20:18 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: CONSENT=PENDING+763; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pixel;r=563382595;rf=0;a=p-b0cBKofGeCYKg;url=https%3A%2F%2Fblip.fm%2Fpastabrick6;uht=2;fpan=1;fpa=P0-1825609819-1625077218276;pbcn=u;pbc=;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=0;ref=;...
pixel.quantserve.com/ 35 B
371 B 12ms
10ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=563382595;rf=0;a=p-b0cBKofGeCYKg;url=https%3A%2F%2Fblip.fm%2Fpastabrick6;uht=2;fpan=1;fpa=P0-1825609819-1625077218276;pbcn=u;pbc=;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=0;ref=;d=blip.fm;je=0;sr=1600x1200x24;dst=1;et=1625077218275;tzo=-120;ogl=title.Blip%252Efm%20-%20Listen%20to%20free%20music%2Ctype.website%2Cimage.https%3A%2F%2Fd1uswytv6491xe%252Ecloudfront%252Enet%2Fimages%2Fblip%2FblipIcon%252Epng%2Curl.http%3A%2F%2Fblip%252Efm%2Csite_name.Blip%252Efm

Requested by

Host: blip.fm
URL: https://blip.fm/pastabrick6

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Jun 2021 18:20:18 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 pixel;r=883167475;rf=0;a=p-c4o3JsfzdTxY6;url=https%3A%2F%2Fblip.fm%2Fpastabrick6;uht=2;fpan=0;fpa=P0-1825609819-1625077218276;pbcn=u;pbc=;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=0;ref=;...
pixel.quantserve.com/ 35 B
371 B 11ms
10ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=883167475;rf=0;a=p-c4o3JsfzdTxY6;url=https%3A%2F%2Fblip.fm%2Fpastabrick6;uht=2;fpan=0;fpa=P0-1825609819-1625077218276;pbcn=u;pbc=;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=0;ref=;d=blip.fm;je=0;sr=1600x1200x24;dst=1;et=1625077218277;tzo=-120;ogl=title.Blip%252Efm%20-%20Listen%20to%20free%20music%2Ctype.website%2Cimage.https%3A%2F%2Fd1uswytv6491xe%252Ecloudfront%252Enet%2Fimages%2Fblip%2FblipIcon%252Epng%2Curl.http%3A%2F%2Fblip%252Efm%2Csite_name.Blip%252Efm

Requested by

Host: blip.fm
URL: https://blip.fm/pastabrick6

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Jun 2021 18:20:18 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29 200 www-player-webp.css
www.youtube.com/s/player/1a0ca43b/ Frame BC5D 324 KB
45 KB 6ms
6ms Stylesheet
text/css 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/1a0ca43b/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ab7813b063dff1c218123137182af775baab815a9a9950a3095e9913597d2df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 14:40:31 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 28 Jun 2021 00:19:19 GMT
server: sffe
age: 185987
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45795
x-xss-protection: 0
expires: Tue, 28 Jun 2022 14:40:31 GMT

GET
H3-29 200 www-embed-player.js Show response
www.youtube.com/s/player/1a0ca43b/www-embed-player.vflset/ Frame BC5D 193 KB
64 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/1a0ca43b/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2d83fb413d6990a7cee7e66140ccefe79ad15d28b56f4ba96e42de1e7351b3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 14:40:28 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 28 Jun 2021 00:19:19 GMT
server: sffe
age: 185990
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65186
x-xss-protection: 0
expires: Tue, 28 Jun 2022 14:40:28 GMT

GET
H3-29 200 base.js Show response
www.youtube.com/s/player/1a0ca43b/player_ias.vflset/en_US/ Frame BC5D 2 MB
485 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/1a0ca43b/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d975a9e858b8e9e5e002e83f34e7fa4662f5f12e17e4d30aac25abb063dc0e79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 14:40:31 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 28 Jun 2021 00:19:19 GMT
server: sffe
age: 185987
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 496661
x-xss-protection: 0
expires: Tue, 28 Jun 2022 14:40:31 GMT

GET
H3-29 200 fetch-polyfill.js Show response
www.youtube.com/s/player/1a0ca43b/fetch-polyfill.vflset/ Frame BC5D 8 KB
3 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/1a0ca43b/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 14:40:28 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 28 Jun 2021 00:19:19 GMT
server: sffe
age: 185990
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2830
x-xss-protection: 0
expires: Tue, 28 Jun 2022 14:40:28 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame BC5D 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.youtube.com
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 08:09:57 GMT
x-content-type-options: nosniff
age: 36621
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Jun 2022 08:09:57 GMT

GET
H3-29

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame BC5D
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

113 B
161 B

41ms
40ms

XHR
application/json

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cd0763d3b49747aaacedd4874ec5764c5ef26ad0733a6c14c8835893c699cc36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:20:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 30 Jun 2021 18:20:18 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame BC5D 29 B
91 B 6ms
5ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/1a0ca43b/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:17:21 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
age: 177
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
expires: Wed, 30 Jun 2021 18:32:21 GMT

GET
H3-29 200 remote.js Show response
www.youtube.com/s/player/1a0ca43b/player_ias.vflset/en_US/ Frame BC5D 93 KB
29 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/1a0ca43b/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/1a0ca43b/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0a33668aff9c9594385fb20caada686d5b769206a8b516d0e6410fce2e0258f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 14:40:32 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 28 Jun 2021 00:19:19 GMT
server: sffe
age: 185986
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29361
x-xss-protection: 0
expires: Tue, 28 Jun 2022 14:40:32 GMT

GET
H3-29 200 embed.js Show response
www.youtube.com/s/player/1a0ca43b/player_ias.vflset/en_US/ Frame BC5D 25 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/1a0ca43b/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/1a0ca43b/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1279be228b76650c906578a28262aee57088adace7ae847000d6210be757b928

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 14:48:32 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 28 Jun 2021 00:19:19 GMT
server: sffe
age: 185506
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7446
x-xss-protection: 0
expires: Tue, 28 Jun 2022 14:48:32 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame BC5D 4 KB
2 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/1a0ca43b/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:20:18 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
x-content-type-options: nosniff
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
expires: Wed, 30 Jun 2021 18:20:18 GMT

GET
H/1.1 200
OK index.html Show response
sdk.scdn.co/embedded/ Frame C504 569 B
776 B 22ms
22ms Document
text/html 2a04:4e42:f::760
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk.scdn.co/embedded/index.html
Requested by: Host: sdk.scdn.co
URL: https://sdk.scdn.co/spotify-player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:f::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 1fee0b34c67a3e22047b627896862289225552817e79f658ade465b28c7103e0

Request headers

Host: sdk.scdn.co
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://blip.fm/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blip.fm/

Response headers

Connection: keep-alive
Content-Length: 343
Last-Modified: Thu, 22 Apr 2021 09:44:36 GMT
ETag: "020a11e6234e4c90d39e37aa7af91eaf"
Content-Type: text/html
Content-Encoding: gzip
Accept-Ranges: bytes
Date: Wed, 30 Jun 2021 18:20:18 GMT
Age: 1356150
X-Served-By: cache-ord1740-ORD, cache-lhr7354-LHR
X-Cache: HIT, HIT
X-Cache-Hits: 1, 4
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 69 KB
24 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: empowerlocal-plugin-js.s3.us-east-2.amazonaws.com
URL: https://empowerlocal-plugin-js.s3.us-east-2.amazonaws.com/header.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a41a97e036c40bd6d31118912e9f1770032b5e649673e52a52b5f8079cae25be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:20:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "916 / 878 of 1000 / last-modified: 1625056878"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24319
x-xss-protection: 0
expires: Wed, 30 Jun 2021 18:20:18 GMT

GET
H2 200 amp-ad-0.1.js Show response
cdn.ampproject.org/v0/ 70 KB
21 KB 40ms
18ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-ad-0.1.js

Requested by

Host: empowerlocal-plugin-js.s3.us-east-2.amazonaws.com
URL: https://empowerlocal-plugin-js.s3.us-east-2.amazonaws.com/header.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

23e9af9dd850b89baa8d2da06ae1fb06103c5535e7956d3b1100016756cf13d3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20481
x-xss-protection: 0
server: sffe
date: Wed, 30 Jun 2021 18:20:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "6999d478f85923d3"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Jun 2021 18:20:18 GMT

GET
H2 200 vue.js Show response
cdn.jsdelivr.net/npm/vue@2.x/dist/ 336 KB
89 KB 14ms
11ms Script
application/javascript 2a04:4e42:3::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vue@2.x/dist/vue.js

Requested by

Host: empowerlocal-plugin-js.s3.us-east-2.amazonaws.com
URL: https://empowerlocal-plugin-js.s3.us-east-2.amazonaws.com/header.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:3::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

69b75483b270421e1a89426dd59387ba090772313561c3e9fa415396a78e8936

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 18458
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 90557
etag: W/"53fc9-Jp9Vk24Ybv0rJ6ZZ5HLpQ6vP7ig"
x-served-by: cache-fra19149-FRA
date: Wed, 30 Jun 2021 18:20:18 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 vuetify.js Show response
cdn.jsdelivr.net/npm/vuetify@2.x/dist/ 2 MB
255 KB 8ms
6ms Script
application/javascript 2a04:4e42:3::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vuetify@2.x/dist/vuetify.js

Requested by

Host: empowerlocal-plugin-js.s3.us-east-2.amazonaws.com
URL: https://empowerlocal-plugin-js.s3.us-east-2.amazonaws.com/header.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:3::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4c1c7ec93cf2e50e092a70c71a3c3c18da6e8030d1667dcf248ad9245f12a41f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 7385
x-jsd-version: 2.5.6
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 261053
etag: W/"189308-iYWwNT1sMfoRM83pSYUSbA7s5Cc"
x-served-by: cache-fra19149-FRA
x-jsd-version-type: version
date: Wed, 30 Jun 2021 18:20:18 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/250/ 353 KB
114 KB 31ms
11ms Script
application/javascript 184.30.24.121
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/250/addthis_widget.js?pub=Blip.fm

Requested by

Host: blip.fm
URL: https://blip.fm/_/js/base.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-121.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: "5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
date: Wed, 30 Jun 2021 18:20:18 GMT
x-host: s7.addthis.com
content-length: 116325

GET
H/1.1 200
OK QuickSignup.26.js.jgz Show response
d1uswytv6491xe.cloudfront.net/js/ 1 KB
1 KB 11ms
9ms Script
application/x-javascript 13.224.194.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1uswytv6491xe.cloudfront.net/js/QuickSignup.26.js.jgz
Requested by: Host: blip.fm
URL: https://blip.fm/_/js/base.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.194.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-194-70.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3c00d50d6046dfc2e2a7de2a5a177d35e11b708fe9fc93f966c0d28a304ab485

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 12 Feb 2021 03:39:52 GMT
Content-Encoding: gzip
Age: 11976027
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 742
Last-Modified: Thu, 04 Apr 2019 15:06:32 GMT
Server: AmazonS3
ETag: "7bc3abb8437d89e80c9407562df229a6"
Content-Type: application/x-javascript
Via: 1.1 172e63b20fb363ed969de28ae3937e21.cloudfront.net (CloudFront)
Cache-Control: max-age=315360000
X-Amz-Cf-Pop: FRA2-C1
Accept-Ranges: bytes
X-Amz-Cf-Id: j6jweiNA4Mmf__Fxsa0GZlhtAuL43Ny2SBIeBPzpn1estpAyzX02SQ==
Expires: Thu, 04 Apr 2024 15:06:30 GMT

GET
H/1.1 200
OK profile.26.js.jgz Show response
d1uswytv6491xe.cloudfront.net/js/ 4 KB
2 KB 30ms
28ms Script
application/x-javascript 13.224.194.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1uswytv6491xe.cloudfront.net/js/profile.26.js.jgz
Requested by: Host: blip.fm
URL: https://blip.fm/_/js/base.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.194.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-194-70.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4b6c4dd2186139cfe5da8627cbd85b7f54e8b4d84164a4f98af88427c6ebb5e0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 08 Feb 2021 03:04:01 GMT
Content-Encoding: gzip
Age: 12323778
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 1287
Last-Modified: Thu, 04 Apr 2019 15:06:42 GMT
Server: AmazonS3
ETag: "b3067d3023e15c0cfc5362eb35a1a08a"
Content-Type: application/x-javascript
Via: 1.1 f797fc0ae68a3abc35e081e46174c9f2.cloudfront.net (CloudFront)
Cache-Control: max-age=315360000
X-Amz-Cf-Pop: FRA2-C1
Accept-Ranges: bytes
X-Amz-Cf-Id: BnkjZLRHqhmvIw89ge_rpTckFXmgqqasRifmjyta0npeT61plie9UQ==
Expires: Thu, 04 Apr 2024 15:06:41 GMT

GET
H2 200 pubads_impl_2021062408.js Show response
securepubads.g.doubleclick.net/gpt/ 332 KB
116 KB 44ms
16ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

sffe /

Resource Hash

f852dfebba4af97add777a1d789b4739164d6cc93aa34db2c463141a5c3f4d09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:20:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 24 Jun 2021 17:13:33 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118414
x-xss-protection: 0
expires: Wed, 30 Jun 2021 18:20:18 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 26 B
699 B 44ms
17ms XHR
application/json 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=blip.fm

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

dae99faa031521260cbe94595aed271655e1be2dcf7ef00f9584e565de9e3e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 30 Jun 2021 18:20:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Wed, 30 Jun 2021 18:20:18 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame C504 48 KB
19 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 2913
date: Wed, 30 Jun 2021 17:31:45 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19661
expires: Wed, 30 Jun 2021 19:31:45 GMT

GET
H/1.1 200
OK index.js Show response
sdk.scdn.co/embedded/ Frame C504 461 KB
112 KB 23ms
21ms Script
application/javascript 2a04:4e42:f::760
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk.scdn.co/embedded/index.js
Requested by: Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:f::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3799840e4c9f8f842d29bd32da3ca39fc7cb1f5adf069126c37c996434f64e41

Request headers

Referer: https://sdk.scdn.co/embedded/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:20:18 GMT
Content-Encoding: gzip
Last-Modified: Thu, 22 Apr 2021 09:44:36 GMT
Age: 1013617
ETag: "06104d5845dc91facdae1d911c333d74"
X-Served-By: cache-ord1739-ORD, cache-lhr7354-LHR
X-Cache: HIT, HIT
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 114646
X-Cache-Hits: 1, 4

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 41ms
12ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/250/addthis_widget.js?pub=Blip.fm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:20:18 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: D5503D14AA2F06AA
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=64502
accept-ranges: bytes
content-length: 948
x-amz-id-2: JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/Blip.fm/ 166 B
325 B 170ms
168ms Script
application/javascript 184.30.24.121
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/Blip.fm/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/250/addthis_widget.js?pub=Blip.fm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-121.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 4cf8b4da854cac70fb514c2d255e93904353bda1fcc7229de2f59d5971d83028

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:20:18 GMT
content-encoding: gzip
etag: 659743217
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=56, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 154

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
364 B 69ms
69ms XHR
text/javascript 65.9.86.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fblip.fm%2Fpastabrick6&pid=EalpWturVeyMW&cb=0&ws=1600x1200&v=7.66.00&t=1000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_leaderboard%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_leaderboard%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_leaderboard%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_leaderboard%22%7D%2C%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_leaderboard%22%7D%2C%7B%22sd%22%3A%225%22%2C%22s%22%3A%5B%22300x600%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_halfpage%22%7D%2C%7B%22sd%22%3A%226%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_mediumrectangle%22%7D%2C%7B%22sd%22%3A%227%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_mediumrectangle%22%7D%2C%7B%22sd%22%3A%228%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_mediumrectangle%22%7D%2C%7B%22sd%22%3A%229%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_mediumrectangle%22%7D%2C%7B%22sd%22%3A%2210%22%2C%22s%22%3A%5B%22336x280%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_largerectangle%22%7D%2C%7B%22sd%22%3A%2211%22%2C%22s%22%3A%5B%22336x280%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_largerectangle%22%7D%2C%7B%22sd%22%3A%2212%22%2C%22s%22%3A%5B%22336x280%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_largerectangle%22%7D%2C%7B%22sd%22%3A%2213%22%2C%22s%22%3A%5B%22336x280%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_largerectangle%22%7D%2C%7B%22sd%22%3A%2214%22%2C%22s%22%3A%5B%22970x90%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_largeleaderboard%22%7D%2C%7B%22sd%22%3A%2215%22%2C%22s%22%3A%5B%22160x600%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_skyscraper%22%7D%2C%7B%22sd%22%3A%2216%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_anchor%22%7D%2C%7B%22sd%22%3A%2217%22%2C%22s%22%3A%5B%22970x250%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_superleaderboard%22%7D%2C%7B%22sd%22%3A%2218%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F12230023%2Fel_blip_leaderboardtop%22%7D%5D&cfgv=0&pubid=434bb5e4-3704-4b75-b36c-785a444462bd&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.86.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:20:18 GMT
via: 1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: AMS1-C1
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://blip.fm
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: i6UB-ar4gYHSwslQCn9BLh-pqSy-PglQYNF1x_mPA7fq254-wBLLog==

GET
H2 200 / Show response
apresolve.spotify.com/ Frame C504 205 B
226 B 31ms
14ms Fetch
application/json 2600:1901:0:524d::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://apresolve.spotify.com/?type=dealer&type=spclient
Requested by: Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:524d:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: f78d09fc4727cc1fc4f7e9e4cd3e49ba64e314bbbe1375634174bf22af3f2a07

Request headers

Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:20:18 GMT
content-encoding: gzip
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=0
alt-svc: clear
content-length: 98
via: 1.1 google

GET
H2 401 check_scope Show response
api.spotify.com/v1/melody/v1/ Frame C504 77 B
247 B 18ms
18ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

863e7d2c37417b268dcfbeb4430cccad660050490c6d66f2d657370df21c5b06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

authorization: Bearer undefined
Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
www-authenticate: Bearer realm="spotify", error="invalid_token", error_description="Invalid access token"
server: envoy
access-control-allow-origin: *
date: Wed, 30 Jun 2021 18:20:18 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
via: HTTP/2 edgeproxy, 1.1 google
access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
alt-svc: clear
content-length: 92
x-content-type-options: nosniff

OPTIONS
H2 200 check_scope
api.spotify.com/v1/melody/v1/ Frame 0
0 30ms
15ms Preflight 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Protocol

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://sdk.scdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-length: 0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 30 Jun 2021 18:20:18 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 18ms
17ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=blip.fm

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 30 Jun 2021 18:20:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 16ms
15ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=blip.fm

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 30 Jun 2021 18:20:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 259 KB
74 KB 720ms
719ms XHR
text/plain 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2733353406244623&correlator=898832259023360&output=ldjh&impl=fifs&eid=31060839%2C31061421&vrg=2021062408&ptt=17&sc=1&sfv=1-0-38&ecs=20210630&iu_parts=12230023%2Cel_blip_leaderboard%2Cel_blip_halfpage%2Cel_blip_mediumrectangle%2Cel_blip_largerectangle%2Cel_blip_largeleaderboard%2Cel_blip_skyscraper%2Cel_blip_anchor%2Cel_blip_superleaderboard%2Cel_blip_leaderboardtop&enc_prev_ius=%2F0%2F1%2C%2F0%2F1%2C%2F0%2F1%2C%2F0%2F1%2C%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F3%2C%2F0%2F3%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F4%2C%2F0%2F4%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8%2C%2F0%2F9&prev_iu_szs=728x90%2C728x90%2C728x90%2C728x90%2C728x90%2C300x600%2C300x250%2C300x250%2C300x250%2C300x250%2C336x280%2C336x280%2C336x280%2C336x280%2C970x90%2C160x600%2C728x90%2C970x250%2C728x90&prev_scp=amznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2&eri=1&cust_params=amznbid%3D0%26amznp%3D0&cookie_enabled=1&bc=31&arp=1&abxe=1&lmt=1625077219&dt=1625077219004&dlt=1625077217237&idt=1651&frm=20&biw=1600&bih=1200&oid=3&adxs=-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C280%2C-9%2C436%2C-9%2C-9&adys=-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C689%2C-9%2C1110%2C-9%2C-9&adks=617433239%2C617433238%2C617433233%2C617433232%2C617433235%2C4165216314%2C3598324391%2C3598324388%2C3598324389%2C3598324394%2C1974185959%2C1974185958%2C1974185957%2C1974185956%2C3076314635%2C2382161721%2C3224969948%2C553478435%2C982267445&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca%7Cb%7Cc%7Cd%7Ce%7Cf%7Cg%7Ch%7Ci%7Cj&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fblip.fm%2Fpastabrick6&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C1040x0%7C0x-1%7C1600x-1%7C0x-1%7C0x-1&msz=0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C1040x0%7C0x-1%7C1600x-1%7C0x-1%7C0x-1&ga_vid=1223923510.1625077219&ga_sid=1625077219&ga_hid=344223028&ga_fc=false&fws=2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C4%2C2%2C516%2C2%2C2&ohw=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C1040%2C0%2C1040%2C0%2C0&btvi=-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C0%7C-1%7C0%7C-1%7C-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

535c476ba5e9e1ab4f2f1667a0415e148f5f8f44a5957c2e78cc705bf406d389

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:20:19 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 75982
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-2,-1,-1,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-2,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://blip.fm
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BE30 6 KB
3 KB 48ms
14ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blip.fm/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blip.fm/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 30 Jun 2021 18:20:19 GMT
expires: Thu, 30 Jun 2022 18:20:19 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 401 check_scope Show response
api.spotify.com/v1/melody/v1/ Frame C504 77 B
162 B 20ms
18ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

863e7d2c37417b268dcfbeb4430cccad660050490c6d66f2d657370df21c5b06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

authorization: Bearer undefined
Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
www-authenticate: Bearer realm="spotify", error="invalid_token", error_description="Invalid access token"
server: envoy
access-control-allow-origin: *
date: Wed, 30 Jun 2021 18:20:19 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
via: HTTP/2 edgeproxy, 1.1 google
access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
alt-svc: clear
content-length: 92
x-content-type-options: nosniff

OPTIONS
H2 200 check_scope
api.spotify.com/v1/melody/v1/ Frame 0
0 15ms
15ms Preflight 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Protocol

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://sdk.scdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-length: 0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 30 Jun 2021 18:20:19 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

GET
H3-29 200 container.html Show response
2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 20DC 6 KB
3 KB 21ms
7ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blip.fm/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blip.fm/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 30 Jun 2021 18:20:19 GMT
expires: Thu, 30 Jun 2022 18:20:19 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 654C 6 KB
3 KB 18ms
8ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blip.fm/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blip.fm/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 30 Jun 2021 18:20:19 GMT
expires: Thu, 30 Jun 2022 18:20:19 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29d592e34e3d2c8ca0c55ceafd75940de79cdb6381d8ceb372d226e7820e7220

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:20:19 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1624879999447392"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27719
x-xss-protection: 0
expires: Wed, 30 Jun 2021 18:20:19 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 18ms
18ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021062408&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e28463622bc695d9d5b808ef0c18b6237b829a42a3f5301c8e1766c1191571c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 30 Jun 2021 18:20:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7949
x-xss-protection: 0

GET
H2 401 check_scope Show response
api.spotify.com/v1/melody/v1/ Frame C504 77 B
162 B 16ms
16ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

863e7d2c37417b268dcfbeb4430cccad660050490c6d66f2d657370df21c5b06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

authorization: Bearer undefined
Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
www-authenticate: Bearer realm="spotify", error="invalid_token", error_description="Invalid access token"
server: envoy
access-control-allow-origin: *
date: Wed, 30 Jun 2021 18:20:19 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
via: HTTP/2 edgeproxy, 1.1 google
access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
alt-svc: clear
content-length: 92
x-content-type-options: nosniff

OPTIONS
H2 200 check_scope
api.spotify.com/v1/melody/v1/ Frame 0
0 18ms
18ms Preflight 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Protocol

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://sdk.scdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-length: 0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 30 Jun 2021 18:20:19 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:20:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Wed, 30 Jun 2021 18:20:19 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 56EA 624 B
589 B 17ms
16ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYncXFlQEwAQ&v=APEucNUmZWBc2xvcLqJ4y2tKxBclLhvd51BaqBT8oBo4UCweeR94beaevvdnV2BYBp4X9ij8SYWul0xkikN3KiWcBc9Lk3yZKp-ar7N-gmZHwGyU65IqXAQMhWQZz9--stU1Aefs6KK80CKaEnYr6AfS3JkW2H4xzjwba8yceqkbVGl2zyMwxhw

Requested by

Host: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
URL: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CN-KGhCn9EsYncXFlQEwAQ&v=APEucNUmZWBc2xvcLqJ4y2tKxBclLhvd51BaqBT8oBo4UCweeR94beaevvdnV2BYBp4X9ij8SYWul0xkikN3KiWcBc9Lk3yZKp-ar7N-gmZHwGyU65IqXAQMhWQZz9--stU1Aefs6KK80CKaEnYr6AfS3JkW2H4xzjwba8yceqkbVGl2zyMwxhw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 30 Jun 2021 18:20:19 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUl9is1pSc68ylavHpiF2aWVh50U-rpG3cMgwuNsT5QK-i7vmbwgr1Obm8ee; expires=Mon, 25-Jul-2022 18:20:19 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 30 Jun 2021 18:20:19 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 20DC 24 KB
12 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D4gs99iVprt4KMo2FjrjKUURSQGMq9BKcKdfXrHJ78L6bzB1qgW24ftl-eYVu-ZjnPn-Y39GiIjcRT3Q3_d35FhES5GHaFKUpcVa1_k1AobKRx3c6-TfJ0AcjIBflRE0kpg8HfeVfd3tnIXQcyN_gR_9wevw&cry=1&dbm_d=AKAmf-CiOUchERDKp-AK5He-bYQsaF3-LWhFmhr231uqNO6K5kCjTKJtFHiC1fdLqjVz9CAIHWAR0wTWRZEc6Pcy8jHEIysmmxOw8c-Sr_DOoCxZ-FcSosNpsUEKRgvImtXRjhgG_oylX0us9u95W2P2YEKYrdw1Xofo3rCnbJrcMMC-j0oHkQyjHlgwu2l1s_rgRebXCI7YgbICVgmwxzFo_suQ0GG67KbZZNZnqS6rHZpcJC2CVgw5l7h8gjQxBqQhdrVZxXyN6MdTLOpYnt6DYB1XP8v3i7kpelZH1qam-xEM1XBySjWbl1KqkZE4fFtSSJ3bhM8tnEsWE-SmFqKM8Ntc9jpaCWaogwyvRyCp2CJsFOkxaewl2hilmhtnDzgpEkzXj1OGDayqUigIY-RgZCksvyqRouYW-8DFR_4SclA1n_r4ZlV-3RoQ8_zDFVMo7zuvyau9NTLb2MGQ3shV-WPVUUwX5fQCk4cqLTQLw8WXd6f8YuLK8khYOGFUUIdL9BfBmWuFDwrcqhK9L6KFCfjBnLeviJN5MDKKlWHcSUV1wb2Il43RODP3G_dmHj09N-Bj4NG_HnLwvAjxKtCe9GJ__vznWwyVUatnV39uNxyZXHP1mB6ifoICD6C4AoTGiUhhVw-ChSiFgcCpJqpAa12lCgUR9iiG7h2AsA1OqdVzMrCv8Am7G7JIr0loUlKu2RXT__EH_e5s3q6xD5_82q1H3yoOTx9pIKDRrHTDSUp2muaSl3kBq9K1W6871I5BXfRL4utfZSK2ErqQug1UPyHhGklh35n6Ij2yQa1lvA7zJLZcdoBoTmljcmzdACc37ujPRETQSLEZ3C0WBu1slQWUfyYdDm6MHEP8FO_1XLP6BjN5nYze5RKANa7UefJXVyLiHwWdih66xuXhexzGlN7IXYw9GGw_E8SmOO_dmlNm_DMguS3bi5NfST_VYLkMn-RMwJO49CQwWKv_FJVer8zVwWIrQAO7wy7hlWDEudXhsyulSQpIw_J3Y1ccTIKa1KqfqgAmdS6NPNarLQLu67eFbXWO6oMs-ZuilLNa8dhP914SZMGi9mHD58tGatPANcWxUte-_9g8x8GtPFfhKvgVD5n6SOAwYRa0SeGcO3EHPhfMzj7zEbs7yallQcbCoupCupJyWEFlUvInfqorao07uQ9BTTwOQrWE8UBk_UBtf2YqSamIMS_IeylKK8H9GtTLMkIPKT5GNMnOexhtseg7aL-9IlqJS2TG1bibcaxs1_7GHwJbr2C3nEVewKZRBp9wA2SnogtBhOz8G7wFvVjediqlS0gVkcwfTIv-b5lifzCTSOhQpQEX5JOs4SuzAJZzYNrx6HP6J6ayXc8BqB3tZfChFWKNUihd8PuKexiBKRnM7SnK3Yub1gIYSx0JzTCz7hbGXpOP-eB1SNkU9vDOQ4qEBtqFY9RIYgpRQ23pg74g7OuRJD4ElGZ4-oYoJGfgW1Tb73_Q7i7X_m8DxEU6BpfPdFhbxfiutuBtwS3AKxyG3prCSt0sxO3oP1yC3guJZsMs_WI6wMhnjBo7NWmU2Qa_F6xqIVHVg7B3oseJLhXDnUbk5gqJtV8MAN69rLaz9z3-k-mDD0U2DtKVXgY9YVx9z-zSodOmWlEsGo5Nei4rbmXxI2xyyLUJPakA61hmxboJupco0yLurQtoVCnABFKZE1C2fg1u3LYuvKSltAlm5cChYiv6VFBiv7zd8OtO2BfFm6wj2y_9ZjAkW59K5b7hROlfLNb5Cukm1S3mDiQZnA9vWBl1XERe_BJ41LnkEIKl4fdrtCE2QYFaS03bLpZb67WwKHUps3xppU7OKXynXTafwCMQwsfF9QCRQHI5msiKS6lmiSZ3TJ_W_Dau-ClE0PesYNgvklW4fXjz8n0v2Ed3hZjZZh17KjKdLGUPg-YzBFSBn2N5_oIoAFi2FzRlH6lxRjBI9GiOVRphPJCkyYNK2J9y5XYbLTE43lm_AJJmn1J4AbIA3_NC2EgoRtiL0Io0wIhkJHXmEI8Tm-utW7LJDugLTtvp5E3RPOg1TQtflCtRCgU01E7vTu_-7uAqfymUAILlX6eLJEVd_2JOpK9KQvLgr2yqIv5Cbn6XQ3sbHKPxu7yvMLwAIHbRNSOu2_n4fpeyXHphDck9yROLeicp_u9VWQeyEc3Fi7tDpUgwL_u13iGlkkfUmxMYS_nm7hJuqIt5Q_Ta185BwnXUI8CdkmVlglkfrIL6bh9q1dpPOPqSDAHbZ9JMD919-vTXHoVN5uc8j9PCswMbOZDkmBfNMp_kdEpWd-x67maR7Ue_QfRv-N84RSanVFK3Dfdn5ZqW76dNYeFYWWApjADonenRcrkPzdwiwKaMJMI7--IkBigcS1h4VeJoiDlodbU1Oq7s8NL4ePDzhcdlv5J7QOSviGIi7xlAIL0W-ipUAwpKFaWTqTWjd2Wq2MRek-QfQqaVaJUTAPZZJwYN8m7xLJ-oF_1E2KDWI4wwIjO5GajLoDiJLEKaIMI3Kh79-53tUEyZeeUYzCMA8sYEAvOs5M_EVYFHOAj0Z96F9de9uDQjFe5o2NcGJ6GHWde4fFoArwe6w42SQZuhG6-CEYKgW77G2g7sZP8XC6rqSUZVgVbesYVAir3Z30ZTAnWzILSGgFl7oXF6wf0jjZ-cz6Jyj2bU0OH8Wda9rGfXayS46EybWAfTj_ZojOnDTEIdfFzEIYoMmat25XMDqChHcgsYRYO6RIZGzvHzDAboqsIc9zC3o1AEYodu_IALWbt5H9Q_wCzCgOVqUj752SJcig60WSwGGcGzW_ClkeR7qLOasCOud-tvmDZH8MRMzodjmqHOUUhC_W29_lKM0rVvfXvQAJlx_M6gYmD_BWrKZMlXcHRaowyb2lrYSVCTo3Q1swOdVbgZrkGLd4fbKwdP3gCIWpPnnVrrIRiL9KX6XuzsSxOC0VV6ippLodJFFphrDKMM4mgXdlumVaZtAdPaXZUmogNdjeoIpBeIjJZd3CMFvwubc2clMHbdWKMp90kTJvWvXnb37ZypixHn8ou5EYUpmVzl-5kDnwc91cBfMlOn6ZcX&cid=CAASFeRoXY7ppm-4bfyhkM-LxwNgj4-3dw&rfl=1%2Chttps%253A%252F%252Fblip.fm%252F%240

Requested by

Host: blip.fm
URL: https://blip.fm/pastabrick6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

29fbcd298fc07c75ac9e05bb8e7d3697374acf0485061bb8364695c4e1082de6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Jun 2021 18:20:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12309
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 20DC 42 B
63 B 50ms
46ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ABQXPJVd4f1fbPl7tpajEvQ2kCgc8NFaw99ZSM6RW47jdosxW2keQP0fqbrl_hPmfoJb9mQPqq32PhmwF88feQ4ik75FRiimE97cbikBMIXwEMdNE

Requested by

Host: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
URL: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Jun 2021 18:20:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/ Frame 20DC 3 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/window_focus_fy2019.js

Requested by

Host: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
URL: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:20:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Jul 2021 18:20:11 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 20DC 125 KB
38 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
URL: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2f5a99d439c1d7bc8cd4e02f39d77d0dab1eba4e1fae40d3fc5d06ac3aaf1ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:20:19 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1624879993577808"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38803
x-xss-protection: 0
expires: Wed, 30 Jun 2021 18:20:19 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/ Frame 20DC 14 KB
6 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
URL: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a029ad1de22249db15e4a05e5e168cf70b256ce05cdef7f7e7927c2df030f57b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:19:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6207
x-xss-protection: 0
server: cafe
etag: 17140096307539089235
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Jul 2021 18:19:49 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame E701 624 B
559 B 21ms
18ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNWgEdMgvz86CKlRxfxAWMR0INhMTKe4sNxclo8ledoETMWgT7ZNCeU3IbqVpD-dEJPEpwtIHCYsu0rl7tI6rCort3hWkudHDh-m8mWq_zaTN8WDxZUVRVCAeWEwGBruD3WPGyxFDoQ40x4p0S9ll04e0UG2zTfYIzlPNJ4MG2q06TpuEVo

Requested by

Host: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
URL: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNWgEdMgvz86CKlRxfxAWMR0INhMTKe4sNxclo8ledoETMWgT7ZNCeU3IbqVpD-dEJPEpwtIHCYsu0rl7tI6rCort3hWkudHDh-m8mWq_zaTN8WDxZUVRVCAeWEwGBruD3WPGyxFDoQ40x4p0S9ll04e0UG2zTfYIzlPNJ4MG2q06TpuEVo
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 30 Jun 2021 18:20:19 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUnpvcaMoTnYkJWNFBbneAA6WwFrpHTtmPTCuhseNZF7AliTMSMxYP0Jm-_c; expires=Mon, 25-Jul-2022 18:20:19 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 30 Jun 2021 18:20:19 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 654C 24 KB
12 KB 40ms
38ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AydGvXQeVOYHxYEnvU4UXakE9qbJNUY1iIDbXMxWscp2vGCA2iOpRE5r-nVj5qasK4ImE5fAPsi5OJZDTzNRubxhnjMCEWjlN932_Oqe_hilfE_LYAk5FdOxPFYahKZINhp_YzW1UNIuSSnNlFSTo6LBc9XQ&cry=1&dbm_d=AKAmf-BopWAJLraYknlpF5plTqTExTmOhrF8AEh4nojHNdZPzWURlnJ8xpflRi2yRc0TpFq0e8UcnuOgxT2W57YplztoOZscw19gPFhSgpvEFlOxBF9E5erI-yi2ieQnvS30bLMy_tdO2zfb5kx5tHrR-_XRLHAsg_6tH-WurgnBCuDPLgOzSseDMm6eA4l5mozuQeyxxtNfeKGStfRVIA4j6Pskx5sFHEzcdVSPPms7yYZ12B_dGnfrPOtjB-Ni_SU9WZOPdKpruUVdREZ3QgYDFVmqIDaalrkK9minhorG0QWtmFEDcH_LjTQFeOILd9QS6GSQ8Wx3yd8sG0rWqm_9if9dbtfIlHcupyMA-exNhcWhdigYnGWq_6RO9n1ANYNlFx7m-Uderm1PwhyMrejH7fGj1F60vR1EUsttRaLgJm8PwUgRYyM86TnRnMXLrQcikOCN0uhxelXff0b2-NY3h-_OT5ymEO6gLx4MgoU-TmY0j-dz3Z1Qas8KZLhWNuwbJJpLO6El9CvfownUix7_UkgL7GnTkUMzr28ZU_7oYEjEkzTXqO5FJKSPVYIoBz0JsD2z8Uyx_BQMXmwIDLyrTJ9x2QfbpMiL8-whSndafyj2r0oe3DwjmJPd1JIc_6d6QFo4c5AzCHoolno2bxYxlWcdsC1FB55JU5DLLSmAvxnB-uNCEomr2ZcoNXN1wyql8F8QwrikFn3cmg5xUnsSlEL2tuxFSkWh-RpVJ-d5PRPrOCn84cd8JSMRI6EcUM0xrq0Zjl7PXFGGBt85J6FC057WJB-gH4kLthY5Boy6TmUOeagRqNiZB1xiEJPc_wyl6dVdc3UwO_ZijLpP0wVT9QuiQkid0npZlzHq30OLglYXlzfRCLuJK7bAp8Pf6Vc_4QhbDSvmn31c0OHsS_N2xhE5wQk7fparGWqdMYcjDnVNo5jGsTe0Qem73-eAXy3ATIOkYbJTuxVJbTX6aY47g1bEYMpzjfbpLouQ5WqOlGmm40vbTBU5xsYM6jpuYNeiTIfJqCyjEdh9WyIo6sYff152r-wPpfeLqs44RLi5mcvmJ-OJo87UD8KXVkonrahSk8pivqYYkWVmJqugfTVgVndwOa_ZIvWmzsDx5eavJvZfhAv2Y11ATjgVT8bKdU9jbH2fxFQHxnMP4FOefxVBKWnSUfhYFG6yBxt03vDCED1zlKaT0rEVO2NvlENBkoFzbQhTa17Vc2wcp1CAZAdbWwi9mO9MVJ03z-rdLGVIGw495CUp80Mkg-24zvIdxRNt3NgfFFAgN6TjjG9aP_QqTTa4_B_I1MVvs-vHJU3gOkGZFPsdBriuaWYS8u_gh5OmBGd8_sLHs6RfdhAE87avoK_iNOHgFRMGfcN9TquoodmhzPmKmVGOOBKbO6DJvQASHVlruFwqej-4YMK0_Ark04MrYbXKKNMtj4F2-4E1gyTMvRp1aDk1W-vFfzLvNUmivm2ZsEhllc4BgS4rsaXjt2Qfs6fINaqdaK8-ewPE3q3oEW12xpFOqz5OpEao0bHc2hyrkrUPUQrSa1U8229xaoFpuT_SimgzhX-p-CGlaP87dU1-n7TN9jW6IrZkj9nZA1CLdoLJrDnL4SlbUZ-g_Bt7ZVcPYm8JHMsF0t5zIIW88GvTamghuik-uxmY2rmbSm5bjnHNMBwrI0eZeMvqRFVbuWWmss0lDMwf4LFu24TniqIXRLkrtaDpfkI1hP-S5S5Bn6T18XvxCG9Nb5eOk6p84Ai1kSRvL0XEdgfNdrSDihpMSDeLdYDfDCdoNpVU9KXPnj2XDIUW0YRCXC9azrozznSY4oTjYzlXtl_8hLJ_UVci4A6YqwxoOjR54JOL9AVshTMOcmzDMpkX7Eow410j5LwllRo7yXZq8DDkOH5w3tUPjYKFvxkQ_L8g1YqfeOtGCc6fh1mX5tBFl_L9OkppEvooC_RVP_FAqKjONyc3HuXjC9fOjf92No3StNX8kRx_ZEdGnCSM0HPYunw67LPoNUAOJM_rsrtz0hd7vQoN-2hL6mBqpNBKK59UO2thH0L0cekqB6dcCLnm6geJU3AXi5apzjKYTncLGIhWNs6UHQIyZSMXvWCpT7pnyScHGIILrjXxlDxZ7_AEGkQRJi4Tn5WXgNZS2_B65naaaSVlR6mfQc1RokvXQEosF7YKj_L4ze1hxA67h_8APtdbK-HelIeted4922dzlKyOTnhco5YG0cjb8vyQhHFC5BzmoM4DU3AS0knyhUQQIVa5mbQgHY0-ZqRk5pKtZwWVIT7gjq463vSlk5SJQwiCsOkx-uWpi4ujiAvpXPKorKOwwhBhLON0-xP93BzfekBIx-kpziKrc8--ciN2GaDBVpKac2yDPCurkxUAMN9a2i3GL7VX-_5uhRVsNe3d60-RiTuUxFc8H6G3SExadEn_n0jOEETciEfkdL9aH5FT39cWpVJyZ7aavNqfC7kzqY-zDwmZL-5dyezmMsufUx2i4Kb-T1N6i2Z_NHCKoqyZFWca6GQNsXIXkPb-3wNhp6JDCDk6h2bIWV4Jw8xmlrYEUwXSSOx0xvUvuS0H2Vk3DdtdL98K2Zq1d-uP2kMenDS_Lke-qN--8CEKNdY1gtidm50Ck_mRYyg6zR2KTRO-JzjG7mDIcKVv8VTanrqT-7nQB6A9L7p58gghiEiOWZ7iJzZj8nwNzV4kQeJBaoTV9qOD3wYTj_Jc54X7eAqj_aV8zbCHfEbggCga9GCFQCqJ_ml8Uzy5-R_Qk98mMbNOa6cXf0eWDGFh3X_7wgcCUaT9h-nFD1-gqslJUTx4hfUG2npk-Aww9yJ7m9V0s12DHoXlpdMnqc_a4nUSMPirCmzSYt5mweEmF5ZEXcgFqf9G8fc8HN2stCzLpa6qfHuwrX8vFvkQPHW9pERceb9YHPI1xMXn0PBOS3k1-qPyyJAr9n0qKA5xk3lhshHwRAVL9sMjx_bAYy6IeJ782O4-A3GGb2VvDtRMGL2jBGEOsDvJYvOsAkq4z21zT3ycUfk3kBsHnPLGrho8xrQwFS0l5mMG-MXE5VZ-uYTgaZRL63ilL3Xj7MAnUpYA&cid=CAASFeRol7sUNtLw9qT59t_ZEbMEXctoDw&rfl=1%2Chttps%253A%252F%252Fblip.fm%252F%240

Requested by

Host: blip.fm
URL: https://blip.fm/pastabrick6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3debfa0aadc0f7951dbf335ad2cc96b5ed01567d09b5f7d991471a9ada6c7516

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Jun 2021 18:20:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12254
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 654C 42 B
63 B 40ms
38ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D6MJmV9wzVmxCKaDd5dt2O4TOS47dmbH_xRbt1x5wBd2XsUkhV4hVKkAWTDZRVdO7mWziGFBj-IrTa4Wmyy4Wv63qHg9TlqSavbrJ_q8uUprOBH44

Requested by

Host: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
URL: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Jun 2021 18:20:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/ Frame 654C 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/window_focus_fy2019.js

Requested by

Host: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
URL: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:20:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Jul 2021 18:20:11 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 654C 125 KB
38 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
URL: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2f5a99d439c1d7bc8cd4e02f39d77d0dab1eba4e1fae40d3fc5d06ac3aaf1ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:20:19 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1624879993577808"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38803
x-xss-protection: 0
expires: Wed, 30 Jun 2021 18:20:19 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/ Frame 654C 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210624/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
URL: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a029ad1de22249db15e4a05e5e168cf70b256ce05cdef7f7e7927c2df030f57b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:19:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6207
x-xss-protection: 0
server: cafe
etag: 17140096307539089235
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Jul 2021 18:19:49 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 2ECC 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blip.fm/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blip.fm/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Wed, 30 Jun 2021 18:12:15 GMT
expires: Thu, 30 Jun 2022 18:12:15 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 484
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D91D 783 B
763 B 16ms
15ms Document
text/html 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7152e4a01105884c7ff4422626f35c48c86614b31b35eab17c48ed35c21ee50a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-EnlFyMN0k7y1E38XKuBGJQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blip.fm/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blip.fm/

Response headers

expires: Wed, 30 Jun 2021 18:20:19 GMT
date: Wed, 30 Jun 2021 18:20:19 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-EnlFyMN0k7y1E38XKuBGJQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 56EA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKogpW94jf9ehpFsXREJqlI&google_cver=1

43 B
1014 B

22ms
21ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKogpW94jf9ehpFsXREJqlI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYncXFlQEwAQ&v=APEucNUmZWBc2xvcLqJ4y2tKxBclLhvd51BaqBT8oBo4UCweeR94beaevvdnV2BYBp4X9ij8SYWul0xkikN3KiWcBc9Lk3yZKp-ar7N-gmZHwGyU65IqXAQMhWQZz9--stU1Aefs6KK80CKaEnYr6AfS3JkW2H4xzjwba8yceqkbVGl2zyMwxhw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 18:20:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 30 Jun 2021 18:20:19 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Jun 2021 18:20:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKogpW94jf9ehpFsXREJqlI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 56EA
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YNy144nidAQ-NXNBK1d9cwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENXlZrK4pY3TIgrpVgsbbCw&google_cver=1

43 B
894 B

18ms
18ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENXlZrK4pY3TIgrpVgsbbCw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYncXFlQEwAQ&v=APEucNUmZWBc2xvcLqJ4y2tKxBclLhvd51BaqBT8oBo4UCweeR94beaevvdnV2BYBp4X9ij8SYWul0xkikN3KiWcBc9Lk3yZKp-ar7N-gmZHwGyU65IqXAQMhWQZz9--stU1Aefs6KK80CKaEnYr6AfS3JkW2H4xzjwba8yceqkbVGl2zyMwxhw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 18:20:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 30 Jun 2021 18:20:19 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Jun 2021 18:20:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENXlZrK4pY3TIgrpVgsbbCw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 56EA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEK5x-fXJ2seFOu8QsV7uowE&google_cver=1

43 B
1006 B

56ms
45ms

Image
image/gif

185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEK5x-fXJ2seFOu8QsV7uowE&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYncXFlQEwAQ&v=APEucNUmZWBc2xvcLqJ4y2tKxBclLhvd51BaqBT8oBo4UCweeR94beaevvdnV2BYBp4X9ij8SYWul0xkikN3KiWcBc9Lk3yZKp-ar7N-gmZHwGyU65IqXAQMhWQZz9--stU1Aefs6KK80CKaEnYr6AfS3JkW2H4xzjwba8yceqkbVGl2zyMwxhw

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 18:20:19 GMT
X-Proxy-Origin: 195.181.174.89; 195.181.174.89; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: c42cdb07-3cff-4564-8895-8937b645ab8c
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Jun 2021 18:20:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEK5x-fXJ2seFOu8QsV7uowE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 56EA
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk5MTMwNzYzNTYyNzY4MTQzMw%3D%3D

170 B
188 B

17ms
17ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk5MTMwNzYzNTYyNzY4MTQzMw%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Jun 2021 18:20:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 18:20:19 GMT
X-Proxy-Origin: 195.181.174.89; 195.181.174.89; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: d21d9ae6-2d9d-435e-b353-0beb005dbfb1
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk5MTMwNzYzNTYyNzY4MTQzMw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210624/r20110914/ Frame 20DC 22 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210624/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D4gs99iVprt4KMo2FjrjKUURSQGMq9BKcKdfXrHJ78L6bzB1qgW24ftl-eYVu-ZjnPn-Y39GiIjcRT3Q3_d35FhES5GHaFKUpcVa1_k1AobKRx3c6-TfJ0AcjIBflRE0kpg8HfeVfd3tnIXQcyN_gR_9wevw&cry=1&dbm_d=AKAmf-CiOUchERDKp-AK5He-bYQsaF3-LWhFmhr231uqNO6K5kCjTKJtFHiC1fdLqjVz9CAIHWAR0wTWRZEc6Pcy8jHEIysmmxOw8c-Sr_DOoCxZ-FcSosNpsUEKRgvImtXRjhgG_oylX0us9u95W2P2YEKYrdw1Xofo3rCnbJrcMMC-j0oHkQyjHlgwu2l1s_rgRebXCI7YgbICVgmwxzFo_suQ0GG67KbZZNZnqS6rHZpcJC2CVgw5l7h8gjQxBqQhdrVZxXyN6MdTLOpYnt6DYB1XP8v3i7kpelZH1qam-xEM1XBySjWbl1KqkZE4fFtSSJ3bhM8tnEsWE-SmFqKM8Ntc9jpaCWaogwyvRyCp2CJsFOkxaewl2hilmhtnDzgpEkzXj1OGDayqUigIY-RgZCksvyqRouYW-8DFR_4SclA1n_r4ZlV-3RoQ8_zDFVMo7zuvyau9NTLb2MGQ3shV-WPVUUwX5fQCk4cqLTQLw8WXd6f8YuLK8khYOGFUUIdL9BfBmWuFDwrcqhK9L6KFCfjBnLeviJN5MDKKlWHcSUV1wb2Il43RODP3G_dmHj09N-Bj4NG_HnLwvAjxKtCe9GJ__vznWwyVUatnV39uNxyZXHP1mB6ifoICD6C4AoTGiUhhVw-ChSiFgcCpJqpAa12lCgUR9iiG7h2AsA1OqdVzMrCv8Am7G7JIr0loUlKu2RXT__EH_e5s3q6xD5_82q1H3yoOTx9pIKDRrHTDSUp2muaSl3kBq9K1W6871I5BXfRL4utfZSK2ErqQug1UPyHhGklh35n6Ij2yQa1lvA7zJLZcdoBoTmljcmzdACc37ujPRETQSLEZ3C0WBu1slQWUfyYdDm6MHEP8FO_1XLP6BjN5nYze5RKANa7UefJXVyLiHwWdih66xuXhexzGlN7IXYw9GGw_E8SmOO_dmlNm_DMguS3bi5NfST_VYLkMn-RMwJO49CQwWKv_FJVer8zVwWIrQAO7wy7hlWDEudXhsyulSQpIw_J3Y1ccTIKa1KqfqgAmdS6NPNarLQLu67eFbXWO6oMs-ZuilLNa8dhP914SZMGi9mHD58tGatPANcWxUte-_9g8x8GtPFfhKvgVD5n6SOAwYRa0SeGcO3EHPhfMzj7zEbs7yallQcbCoupCupJyWEFlUvInfqorao07uQ9BTTwOQrWE8UBk_UBtf2YqSamIMS_IeylKK8H9GtTLMkIPKT5GNMnOexhtseg7aL-9IlqJS2TG1bibcaxs1_7GHwJbr2C3nEVewKZRBp9wA2SnogtBhOz8G7wFvVjediqlS0gVkcwfTIv-b5lifzCTSOhQpQEX5JOs4SuzAJZzYNrx6HP6J6ayXc8BqB3tZfChFWKNUihd8PuKexiBKRnM7SnK3Yub1gIYSx0JzTCz7hbGXpOP-eB1SNkU9vDOQ4qEBtqFY9RIYgpRQ23pg74g7OuRJD4ElGZ4-oYoJGfgW1Tb73_Q7i7X_m8DxEU6BpfPdFhbxfiutuBtwS3AKxyG3prCSt0sxO3oP1yC3guJZsMs_WI6wMhnjBo7NWmU2Qa_F6xqIVHVg7B3oseJLhXDnUbk5gqJtV8MAN69rLaz9z3-k-mDD0U2DtKVXgY9YVx9z-zSodOmWlEsGo5Nei4rbmXxI2xyyLUJPakA61hmxboJupco0yLurQtoVCnABFKZE1C2fg1u3LYuvKSltAlm5cChYiv6VFBiv7zd8OtO2BfFm6wj2y_9ZjAkW59K5b7hROlfLNb5Cukm1S3mDiQZnA9vWBl1XERe_BJ41LnkEIKl4fdrtCE2QYFaS03bLpZb67WwKHUps3xppU7OKXynXTafwCMQwsfF9QCRQHI5msiKS6lmiSZ3TJ_W_Dau-ClE0PesYNgvklW4fXjz8n0v2Ed3hZjZZh17KjKdLGUPg-YzBFSBn2N5_oIoAFi2FzRlH6lxRjBI9GiOVRphPJCkyYNK2J9y5XYbLTE43lm_AJJmn1J4AbIA3_NC2EgoRtiL0Io0wIhkJHXmEI8Tm-utW7LJDugLTtvp5E3RPOg1TQtflCtRCgU01E7vTu_-7uAqfymUAILlX6eLJEVd_2JOpK9KQvLgr2yqIv5Cbn6XQ3sbHKPxu7yvMLwAIHbRNSOu2_n4fpeyXHphDck9yROLeicp_u9VWQeyEc3Fi7tDpUgwL_u13iGlkkfUmxMYS_nm7hJuqIt5Q_Ta185BwnXUI8CdkmVlglkfrIL6bh9q1dpPOPqSDAHbZ9JMD919-vTXHoVN5uc8j9PCswMbOZDkmBfNMp_kdEpWd-x67maR7Ue_QfRv-N84RSanVFK3Dfdn5ZqW76dNYeFYWWApjADonenRcrkPzdwiwKaMJMI7--IkBigcS1h4VeJoiDlodbU1Oq7s8NL4ePDzhcdlv5J7QOSviGIi7xlAIL0W-ipUAwpKFaWTqTWjd2Wq2MRek-QfQqaVaJUTAPZZJwYN8m7xLJ-oF_1E2KDWI4wwIjO5GajLoDiJLEKaIMI3Kh79-53tUEyZeeUYzCMA8sYEAvOs5M_EVYFHOAj0Z96F9de9uDQjFe5o2NcGJ6GHWde4fFoArwe6w42SQZuhG6-CEYKgW77G2g7sZP8XC6rqSUZVgVbesYVAir3Z30ZTAnWzILSGgFl7oXF6wf0jjZ-cz6Jyj2bU0OH8Wda9rGfXayS46EybWAfTj_ZojOnDTEIdfFzEIYoMmat25XMDqChHcgsYRYO6RIZGzvHzDAboqsIc9zC3o1AEYodu_IALWbt5H9Q_wCzCgOVqUj752SJcig60WSwGGcGzW_ClkeR7qLOasCOud-tvmDZH8MRMzodjmqHOUUhC_W29_lKM0rVvfXvQAJlx_M6gYmD_BWrKZMlXcHRaowyb2lrYSVCTo3Q1swOdVbgZrkGLd4fbKwdP3gCIWpPnnVrrIRiL9KX6XuzsSxOC0VV6ippLodJFFphrDKMM4mgXdlumVaZtAdPaXZUmogNdjeoIpBeIjJZd3CMFvwubc2clMHbdWKMp90kTJvWvXnb37ZypixHn8ou5EYUpmVzl-5kDnwc91cBfMlOn6ZcX&cid=CAASFeRoXY7ppm-4bfyhkM-LxwNgj4-3dw&rfl=1%2Chttps%253A%252F%252Fblip.fm%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

598a6c545ec2b27cf7388041cb424a0f4ecc1884dc06e37781b927fbd3cd58fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:16:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8676
x-xss-protection: 0
server: cafe
etag: 11618055936852703379
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Jul 2021 18:16:21 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 20DC 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:12:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 490
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Jun 2022 18:12:09 GMT

GET
H3-29 200 yXHsSCk3YzWUbRvqoZHyxkpI6JVLQi3qNywtkCkXe5s.js Show response
pagead2.googlesyndication.com/bg/ Frame 2ECC 14 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/yXHsSCk3YzWUbRvqoZHyxkpI6JVLQi3qNywtkCkXe5s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c971ec4829376335946d1beaa191f2c64a48e8954b422dea372c2d9029177b9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:01:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1128
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5747
x-xss-protection: 0
last-modified: Tue, 22 Jun 2021 16:28:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 30 Jun 2022 18:01:31 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E701
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENXlZrK4pY3TIgrpVgsbbCw&google_cver=1

43 B
894 B

27ms
25ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENXlZrK4pY3TIgrpVgsbbCw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNWgEdMgvz86CKlRxfxAWMR0INhMTKe4sNxclo8ledoETMWgT7ZNCeU3IbqVpD-dEJPEpwtIHCYsu0rl7tI6rCort3hWkudHDh-m8mWq_zaTN8WDxZUVRVCAeWEwGBruD3WPGyxFDoQ40x4p0S9ll04e0UG2zTfYIzlPNJ4MG2q06TpuEVo
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 18:20:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 30 Jun 2021 18:20:19 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Jun 2021 18:20:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENXlZrK4pY3TIgrpVgsbbCw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E701
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YNy144nidAQ-NXNBK1d9cwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENXlZrK4pY3TIgrpVgsbbCw&google_cver=1

43 B
1014 B

19ms
19ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENXlZrK4pY3TIgrpVgsbbCw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNWgEdMgvz86CKlRxfxAWMR0INhMTKe4sNxclo8ledoETMWgT7ZNCeU3IbqVpD-dEJPEpwtIHCYsu0rl7tI6rCort3hWkudHDh-m8mWq_zaTN8WDxZUVRVCAeWEwGBruD3WPGyxFDoQ40x4p0S9ll04e0UG2zTfYIzlPNJ4MG2q06TpuEVo
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 18:20:20 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 30 Jun 2021 18:20:20 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Jun 2021 18:20:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENXlZrK4pY3TIgrpVgsbbCw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame E701
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEKTyx9vsdOfbG15387h4TVA&google_cver=1

43 B
1006 B

63ms
57ms

Image
image/gif

185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEKTyx9vsdOfbG15387h4TVA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNWgEdMgvz86CKlRxfxAWMR0INhMTKe4sNxclo8ledoETMWgT7ZNCeU3IbqVpD-dEJPEpwtIHCYsu0rl7tI6rCort3hWkudHDh-m8mWq_zaTN8WDxZUVRVCAeWEwGBruD3WPGyxFDoQ40x4p0S9ll04e0UG2zTfYIzlPNJ4MG2q06TpuEVo

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 18:20:19 GMT
X-Proxy-Origin: 195.181.174.89; 195.181.174.89; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: f10faa2b-8813-4c2d-bca0-0ce7c62d8112
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Jun 2021 18:20:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEKTyx9vsdOfbG15387h4TVA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E701
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk5MTMwNzYzNTYyNzY4MTQzMw%3D%3D

170 B
188 B

19ms
18ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk5MTMwNzYzNTYyNzY4MTQzMw%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Jun 2021 18:20:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 18:20:19 GMT
X-Proxy-Origin: 195.181.174.89; 195.181.174.89; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 53c555f4-bef0-4145-8fb2-71d85dbc4312
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk5MTMwNzYzNTYyNzY4MTQzMw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210624/r20110914/ Frame 654C 22 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210624/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AydGvXQeVOYHxYEnvU4UXakE9qbJNUY1iIDbXMxWscp2vGCA2iOpRE5r-nVj5qasK4ImE5fAPsi5OJZDTzNRubxhnjMCEWjlN932_Oqe_hilfE_LYAk5FdOxPFYahKZINhp_YzW1UNIuSSnNlFSTo6LBc9XQ&cry=1&dbm_d=AKAmf-BopWAJLraYknlpF5plTqTExTmOhrF8AEh4nojHNdZPzWURlnJ8xpflRi2yRc0TpFq0e8UcnuOgxT2W57YplztoOZscw19gPFhSgpvEFlOxBF9E5erI-yi2ieQnvS30bLMy_tdO2zfb5kx5tHrR-_XRLHAsg_6tH-WurgnBCuDPLgOzSseDMm6eA4l5mozuQeyxxtNfeKGStfRVIA4j6Pskx5sFHEzcdVSPPms7yYZ12B_dGnfrPOtjB-Ni_SU9WZOPdKpruUVdREZ3QgYDFVmqIDaalrkK9minhorG0QWtmFEDcH_LjTQFeOILd9QS6GSQ8Wx3yd8sG0rWqm_9if9dbtfIlHcupyMA-exNhcWhdigYnGWq_6RO9n1ANYNlFx7m-Uderm1PwhyMrejH7fGj1F60vR1EUsttRaLgJm8PwUgRYyM86TnRnMXLrQcikOCN0uhxelXff0b2-NY3h-_OT5ymEO6gLx4MgoU-TmY0j-dz3Z1Qas8KZLhWNuwbJJpLO6El9CvfownUix7_UkgL7GnTkUMzr28ZU_7oYEjEkzTXqO5FJKSPVYIoBz0JsD2z8Uyx_BQMXmwIDLyrTJ9x2QfbpMiL8-whSndafyj2r0oe3DwjmJPd1JIc_6d6QFo4c5AzCHoolno2bxYxlWcdsC1FB55JU5DLLSmAvxnB-uNCEomr2ZcoNXN1wyql8F8QwrikFn3cmg5xUnsSlEL2tuxFSkWh-RpVJ-d5PRPrOCn84cd8JSMRI6EcUM0xrq0Zjl7PXFGGBt85J6FC057WJB-gH4kLthY5Boy6TmUOeagRqNiZB1xiEJPc_wyl6dVdc3UwO_ZijLpP0wVT9QuiQkid0npZlzHq30OLglYXlzfRCLuJK7bAp8Pf6Vc_4QhbDSvmn31c0OHsS_N2xhE5wQk7fparGWqdMYcjDnVNo5jGsTe0Qem73-eAXy3ATIOkYbJTuxVJbTX6aY47g1bEYMpzjfbpLouQ5WqOlGmm40vbTBU5xsYM6jpuYNeiTIfJqCyjEdh9WyIo6sYff152r-wPpfeLqs44RLi5mcvmJ-OJo87UD8KXVkonrahSk8pivqYYkWVmJqugfTVgVndwOa_ZIvWmzsDx5eavJvZfhAv2Y11ATjgVT8bKdU9jbH2fxFQHxnMP4FOefxVBKWnSUfhYFG6yBxt03vDCED1zlKaT0rEVO2NvlENBkoFzbQhTa17Vc2wcp1CAZAdbWwi9mO9MVJ03z-rdLGVIGw495CUp80Mkg-24zvIdxRNt3NgfFFAgN6TjjG9aP_QqTTa4_B_I1MVvs-vHJU3gOkGZFPsdBriuaWYS8u_gh5OmBGd8_sLHs6RfdhAE87avoK_iNOHgFRMGfcN9TquoodmhzPmKmVGOOBKbO6DJvQASHVlruFwqej-4YMK0_Ark04MrYbXKKNMtj4F2-4E1gyTMvRp1aDk1W-vFfzLvNUmivm2ZsEhllc4BgS4rsaXjt2Qfs6fINaqdaK8-ewPE3q3oEW12xpFOqz5OpEao0bHc2hyrkrUPUQrSa1U8229xaoFpuT_SimgzhX-p-CGlaP87dU1-n7TN9jW6IrZkj9nZA1CLdoLJrDnL4SlbUZ-g_Bt7ZVcPYm8JHMsF0t5zIIW88GvTamghuik-uxmY2rmbSm5bjnHNMBwrI0eZeMvqRFVbuWWmss0lDMwf4LFu24TniqIXRLkrtaDpfkI1hP-S5S5Bn6T18XvxCG9Nb5eOk6p84Ai1kSRvL0XEdgfNdrSDihpMSDeLdYDfDCdoNpVU9KXPnj2XDIUW0YRCXC9azrozznSY4oTjYzlXtl_8hLJ_UVci4A6YqwxoOjR54JOL9AVshTMOcmzDMpkX7Eow410j5LwllRo7yXZq8DDkOH5w3tUPjYKFvxkQ_L8g1YqfeOtGCc6fh1mX5tBFl_L9OkppEvooC_RVP_FAqKjONyc3HuXjC9fOjf92No3StNX8kRx_ZEdGnCSM0HPYunw67LPoNUAOJM_rsrtz0hd7vQoN-2hL6mBqpNBKK59UO2thH0L0cekqB6dcCLnm6geJU3AXi5apzjKYTncLGIhWNs6UHQIyZSMXvWCpT7pnyScHGIILrjXxlDxZ7_AEGkQRJi4Tn5WXgNZS2_B65naaaSVlR6mfQc1RokvXQEosF7YKj_L4ze1hxA67h_8APtdbK-HelIeted4922dzlKyOTnhco5YG0cjb8vyQhHFC5BzmoM4DU3AS0knyhUQQIVa5mbQgHY0-ZqRk5pKtZwWVIT7gjq463vSlk5SJQwiCsOkx-uWpi4ujiAvpXPKorKOwwhBhLON0-xP93BzfekBIx-kpziKrc8--ciN2GaDBVpKac2yDPCurkxUAMN9a2i3GL7VX-_5uhRVsNe3d60-RiTuUxFc8H6G3SExadEn_n0jOEETciEfkdL9aH5FT39cWpVJyZ7aavNqfC7kzqY-zDwmZL-5dyezmMsufUx2i4Kb-T1N6i2Z_NHCKoqyZFWca6GQNsXIXkPb-3wNhp6JDCDk6h2bIWV4Jw8xmlrYEUwXSSOx0xvUvuS0H2Vk3DdtdL98K2Zq1d-uP2kMenDS_Lke-qN--8CEKNdY1gtidm50Ck_mRYyg6zR2KTRO-JzjG7mDIcKVv8VTanrqT-7nQB6A9L7p58gghiEiOWZ7iJzZj8nwNzV4kQeJBaoTV9qOD3wYTj_Jc54X7eAqj_aV8zbCHfEbggCga9GCFQCqJ_ml8Uzy5-R_Qk98mMbNOa6cXf0eWDGFh3X_7wgcCUaT9h-nFD1-gqslJUTx4hfUG2npk-Aww9yJ7m9V0s12DHoXlpdMnqc_a4nUSMPirCmzSYt5mweEmF5ZEXcgFqf9G8fc8HN2stCzLpa6qfHuwrX8vFvkQPHW9pERceb9YHPI1xMXn0PBOS3k1-qPyyJAr9n0qKA5xk3lhshHwRAVL9sMjx_bAYy6IeJ782O4-A3GGb2VvDtRMGL2jBGEOsDvJYvOsAkq4z21zT3ycUfk3kBsHnPLGrho8xrQwFS0l5mMG-MXE5VZ-uYTgaZRL63ilL3Xj7MAnUpYA&cid=CAASFeRol7sUNtLw9qT59t_ZEbMEXctoDw&rfl=1%2Chttps%253A%252F%252Fblip.fm%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

598a6c545ec2b27cf7388041cb424a0f4ecc1884dc06e37781b927fbd3cd58fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:16:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8676
x-xss-protection: 0
server: cafe
etag: 11618055936852703379
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Jul 2021 18:16:21 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 654C 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:12:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 490
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Jun 2022 18:12:09 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame DC11 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 30 Jun 2021 18:12:10 GMT
expires: Thu, 30 Jun 2022 18:12:10 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 489
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK zy291edt4ui9 Show response
hal9000.redintelligence.net/zone/ Frame 20DC 11 KB
4 KB 47ms
13ms Script
text/html 78.46.111.106
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/zy291edt4ui9?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCptPU47XcYM3XB4_igQeWkpbgCbXN-YNXnNC5q-UM8C4QASC1y4pGYJXqqIKwB8gBCakCfm3Ytrrusz6oAwGqBMIBT9Co8ft-uXIfUsCK1HwBPeXoMTGdhO3a-CJ8Ev178hpoQQ-5F2ICzYI32cCavpLjzoYoX7TY1_t6LhDJuevi7si8ZGzmEy2PyBvCsVM5CGa9Zd2S2L50QhgvNqdyAbtyw9EuHSMKStaOiHFR4BypKPufykOpcOLFRySG8TwwXgf3IhXgJ6SOocJ8g5M_83hSYnyL9Pxeti1CahAmaZ0MeCSoYCEMyDnspIPXDS5KR0sG16PNA5NpYRXElD7KmemtRbTABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tODEwNTE5NTgwMzkxNDA2OYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRoXY7ppm-4bfyhkM-LxwNgj4-3dw%26sig%3DAOD64_0sxMIQYMC_x-3zMKzpwh5SWTaoDg%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-CDhT_-5-4RfoEz86RwgojXQV_bw5DXPRl3Nstwk1llQk6DJiFOJxOu7eHDgbf-0erYp5zVL7yViGCEuP3qm1tfVq3xNmo0KcwD9laiRU6Ruw_-cda0ICeW7xmA5JryrZTVYdmhZkYxvRgSzmtZ34MFJ4UrNg%26cry%3D1%26dbm_d%3DAKAmf-COzrGQN24TCTsWrGM6d5NTOxYefSzt3ZDs9XsPJaG_tF7pkKyD4xIrDjkBFenGhLO-LnWpdsKoW3mFzZG6c23O0EtBriygrLxuju2lfkdf4KHwHyWKHhL9M3JRX49w6hs9JBldYxnp-sonCgRw62fXNJgwG-050z69JA0ZQveO6sYgupT2ptf7SypBX43Lkxrf1xXrzSlgDGIkozMFviZ3UISooAAAnJv1QLQsWNfyCYVZWlGSfMM-xQH9COkagT0XsXkKt4JM2y6RLuy_WI2FeJ5I7jBPy07aX28QebeeHmQtLsx7ix97U07czP_hUSdb_HexEq6AEiiIoA4WdtSfeL-DM-Y4dkhEEuZ7zND8ucjPTHzvwdDZUM2vSqGqATJJg7cgK4Eabt4Fy3mR-2MNqsVWTvtg7XjlpwHJzAu3RYao0OYKiI6OkFJ_lFH5dIIa-U9h%26adurl%3D
Requested by: Host: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
URL: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.106.111.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 43fd3d250066576810ef71a65960f8c788f0b41ef832c92a58265290f3d87128

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:20:19 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3891
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3AEB 22 KB
8 KB 14ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 30 Jun 2021 18:12:10 GMT
expires: Thu, 30 Jun 2022 18:12:10 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 489
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK 4727t6qteyti Show response
hal9000.redintelligence.net/zone/ Frame 654C 11 KB
4 KB 43ms
17ms Script
text/html 78.46.111.106
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/4727t6qteyti?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCtur547XcYM7XB4_igQeWkpbgCbXN-YNX_Ni5q-UM8C4QASC1y4pGYJXqqIKwB8gBCakCfm3Ytrrusz6oAwGqBMIBT9CHweRFsy_3kYZAnxWghWpepA2xBA2CwgVu_CzfHxVje6zqREMVnO_ToyqbjH-ClHEj8byJkKU9vLIhEyGmTLRC2rtj83p15vuhgwejuNpZNaRSMGYlV46aZ-uzZUJXbAkuKrik5nNam3npSOKzeavGDuYk4RY9ESQOT9tsEnlKJeVw_4g8tZn907n0GLMCs6dXD2CeOicVFlJ1eJkKNrR-7olBSeXbqoQbDZsN_MfxoYOtMGq5a7pXoew0uEUs_M_ABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tODEwNTE5NTgwMzkxNDA2OYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRol7sUNtLw9qT59t_ZEbMEXctoDw%26sig%3DAOD64_1V5Nf7EoSuFkA6qKPgcUH4vO1_Nw%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-BvRGeM3B6Vk4grQ0y0NPrvH4mPPhQ4Wq1hyZg5fTO1OAxEDwR78Q_9ER_Ewu_93h3EBLoD5sZ98yXyKcM9BRXJn6AH2Q0jlr_nM9pt-Wq9xicgPQpqv_3PeRnMeuVNiTBmfCg9UaH8OQJFlZjWRSA0WSrx-w%26cry%3D1%26dbm_d%3DAKAmf-CM9okD6QQvI0hJ8EU19Z0htUHQfWnisKrS0D6Yod9GrWb0kjve_GtDWpZ9PBNQ4SgRiGraldqxYVIxZifGmWIy4ocg0qzh4Vu3c1b1Yg1QfIpFruiVKKaRRk4Ls1SWhLGCa4Z0tzg8orVO3lAcsjq1WranYqXvjOxwr1R1TUQrRK4gD732cuQis9We2Qtwgn9hoee6bg3KQO4uTjVoRoFiiEAJJ3z7fL40B9lDZ0B1e6boho447j5v95-nY3aN8dsFmERJmrFV3ZAMWrKn6gS3-1ljO-AWIgju09yUN9jI_b4JjXDRUMltzBi1tybYlLsHriQla609KoHte2CMcbEZ6zPcgP6n3gMKwMPwF_mv_QOLaEwlqdLAOjkGkeloKzNSvKrQ7wQ_1CMZPqqBl0SPlDNQp5bb4DE7bndb3UcLFWhmz-l_4VkadmK5KB8N_ir4hXf4%26adurl%3D
Requested by: Host: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
URL: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.106.111.46.78.clients.your-server.de
Software: Apache /
Resource Hash: c17b685da1489972015458736902ba24a4e83536cb581d1262b810faac01a002

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:20:19 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3893
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

request.php Show response
hal90001.redintelligence.net/ Frame 20DC
Redirect Chain

https://hal90001.redintelligence.net/request.php?zone=zy291edt4ui9&nw=20&renderingType=javascript&namespace=bc4eab0841&subid=&uid=f0d22b1fa77e97bb&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90001.redintelligence.net/request.php?zone=zy291edt4ui9&nw=20&renderingType=javascript&namespace=bc4eab0841&subid=&uid=f0d22b1fa77e97bb&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

4 KB
2 KB

103ms
80ms

Script
application/x-javascript

46.4.10.49
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90001.redintelligence.net/request.php?zone=zy291edt4ui9&nw=20&renderingType=javascript&namespace=bc4eab0841&subid=&uid=f0d22b1fa77e97bb&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCptPU47XcYM3XB4_igQeWkpbgCbXN-YNXnNC5q-UM8C4QASC1y4pGYJXqqIKwB8gBCakCfm3Ytrrusz6oAwGqBMIBT9Co8ft-uXIfUsCK1HwBPeXoMTGdhO3a-CJ8Ev178hpoQQ-5F2ICzYI32cCavpLjzoYoX7TY1_t6LhDJuevi7si8ZGzmEy2PyBvCsVM5CGa9Zd2S2L50QhgvNqdyAbtyw9EuHSMKStaOiHFR4BypKPufykOpcOLFRySG8TwwXgf3IhXgJ6SOocJ8g5M_83hSYnyL9Pxeti1CahAmaZ0MeCSoYCEMyDnspIPXDS5KR0sG16PNA5NpYRXElD7KmemtRbTABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tODEwNTE5NTgwMzkxNDA2OYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRoXY7ppm-4bfyhkM-LxwNgj4-3dw%26sig%3DAOD64_0sxMIQYMC_x-3zMKzpwh5SWTaoDg%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-CDhT_-5-4RfoEz86RwgojXQV_bw5DXPRl3Nstwk1llQk6DJiFOJxOu7eHDgbf-0erYp5zVL7yViGCEuP3qm1tfVq3xNmo0KcwD9laiRU6Ruw_-cda0ICeW7xmA5JryrZTVYdmhZkYxvRgSzmtZ34MFJ4UrNg%26cry%3D1%26dbm_d%3DAKAmf-COzrGQN24TCTsWrGM6d5NTOxYefSzt3ZDs9XsPJaG_tF7pkKyD4xIrDjkBFenGhLO-LnWpdsKoW3mFzZG6c23O0EtBriygrLxuju2lfkdf4KHwHyWKHhL9M3JRX49w6hs9JBldYxnp-sonCgRw62fXNJgwG-050z69JA0ZQveO6sYgupT2ptf7SypBX43Lkxrf1xXrzSlgDGIkozMFviZ3UISooAAAnJv1QLQsWNfyCYVZWlGSfMM-xQH9COkagT0XsXkKt4JM2y6RLuy_WI2FeJ5I7jBPy07aX28QebeeHmQtLsx7ix97U07czP_hUSdb_HexEq6AEiiIoA4WdtSfeL-DM-Y4dkhEEuZ7zND8ucjPTHzvwdDZUM2vSqGqATJJg7cgK4Eabt4Fy3mR-2MNqsVWTvtg7XjlpwHJzAu3RYao0OYKiI6OkFJ_lFH5dIIa-U9h%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=3561920321195&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
URL: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.49.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: ebd68c66e5094b2751d1d9e93064b572a47ea588baa96b6cf5d12a3d147ee03b

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 18:20:20 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 97682600134659400710632011641001
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1303
Expires: Wed, 30 Jun 2021 19:20:20 +0200

Redirect headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 18:20:20 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=zy291edt4ui9&nw=20&renderingType=javascript&namespace=bc4eab0841&subid=&uid=f0d22b1fa77e97bb&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCptPU47XcYM3XB4_igQeWkpbgCbXN-YNXnNC5q-UM8C4QASC1y4pGYJXqqIKwB8gBCakCfm3Ytrrusz6oAwGqBMIBT9Co8ft-uXIfUsCK1HwBPeXoMTGdhO3a-CJ8Ev178hpoQQ-5F2ICzYI32cCavpLjzoYoX7TY1_t6LhDJuevi7si8ZGzmEy2PyBvCsVM5CGa9Zd2S2L50QhgvNqdyAbtyw9EuHSMKStaOiHFR4BypKPufykOpcOLFRySG8TwwXgf3IhXgJ6SOocJ8g5M_83hSYnyL9Pxeti1CahAmaZ0MeCSoYCEMyDnspIPXDS5KR0sG16PNA5NpYRXElD7KmemtRbTABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tODEwNTE5NTgwMzkxNDA2OYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRoXY7ppm-4bfyhkM-LxwNgj4-3dw%26sig%3DAOD64_0sxMIQYMC_x-3zMKzpwh5SWTaoDg%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-CDhT_-5-4RfoEz86RwgojXQV_bw5DXPRl3Nstwk1llQk6DJiFOJxOu7eHDgbf-0erYp5zVL7yViGCEuP3qm1tfVq3xNmo0KcwD9laiRU6Ruw_-cda0ICeW7xmA5JryrZTVYdmhZkYxvRgSzmtZ34MFJ4UrNg%26cry%3D1%26dbm_d%3DAKAmf-COzrGQN24TCTsWrGM6d5NTOxYefSzt3ZDs9XsPJaG_tF7pkKyD4xIrDjkBFenGhLO-LnWpdsKoW3mFzZG6c23O0EtBriygrLxuju2lfkdf4KHwHyWKHhL9M3JRX49w6hs9JBldYxnp-sonCgRw62fXNJgwG-050z69JA0ZQveO6sYgupT2ptf7SypBX43Lkxrf1xXrzSlgDGIkozMFviZ3UISooAAAnJv1QLQsWNfyCYVZWlGSfMM-xQH9COkagT0XsXkKt4JM2y6RLuy_WI2FeJ5I7jBPy07aX28QebeeHmQtLsx7ix97U07czP_hUSdb_HexEq6AEiiIoA4WdtSfeL-DM-Y4dkhEEuZ7zND8ucjPTHzvwdDZUM2vSqGqATJJg7cgK4Eabt4Fy3mR-2MNqsVWTvtg7XjlpwHJzAu3RYao0OYKiI6OkFJ_lFH5dIIa-U9h%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=3561920321195&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Wed, 30 Jun 2021 19:20:20 +0200

GET
H3-29 200 yXHsSCk3YzWUbRvqoZHyxkpI6JVLQi3qNywtkCkXe5s.js Show response
pagead2.googlesyndication.com/bg/ Frame DC11 14 KB
6 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/yXHsSCk3YzWUbRvqoZHyxkpI6JVLQi3qNywtkCkXe5s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c971ec4829376335946d1beaa191f2c64a48e8954b422dea372c2d9029177b9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:01:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1129
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5747
x-xss-protection: 0
last-modified: Tue, 22 Jun 2021 16:28:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 30 Jun 2022 18:01:31 GMT

GET
H3-29 200 yXHsSCk3YzWUbRvqoZHyxkpI6JVLQi3qNywtkCkXe5s.js Show response
pagead2.googlesyndication.com/bg/ Frame 3AEB 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/yXHsSCk3YzWUbRvqoZHyxkpI6JVLQi3qNywtkCkXe5s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c971ec4829376335946d1beaa191f2c64a48e8954b422dea372c2d9029177b9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:01:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1129
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5747
x-xss-protection: 0
last-modified: Tue, 22 Jun 2021 16:28:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 30 Jun 2022 18:01:31 GMT

GET
H/1.1

200
OK

request.php Show response
hal900016.redintelligence.net/ Frame 654C
Redirect Chain

https://hal900016.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=7818a6a347&subid=&uid=db506fc80cc1f3f8&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900016.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=7818a6a347&subid=&uid=db506fc80cc1f3f8&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

106ms
82ms

Script
application/x-javascript

138.201.220.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900016.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=7818a6a347&subid=&uid=db506fc80cc1f3f8&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCtur547XcYM7XB4_igQeWkpbgCbXN-YNX_Ni5q-UM8C4QASC1y4pGYJXqqIKwB8gBCakCfm3Ytrrusz6oAwGqBMIBT9CHweRFsy_3kYZAnxWghWpepA2xBA2CwgVu_CzfHxVje6zqREMVnO_ToyqbjH-ClHEj8byJkKU9vLIhEyGmTLRC2rtj83p15vuhgwejuNpZNaRSMGYlV46aZ-uzZUJXbAkuKrik5nNam3npSOKzeavGDuYk4RY9ESQOT9tsEnlKJeVw_4g8tZn907n0GLMCs6dXD2CeOicVFlJ1eJkKNrR-7olBSeXbqoQbDZsN_MfxoYOtMGq5a7pXoew0uEUs_M_ABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tODEwNTE5NTgwMzkxNDA2OYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRol7sUNtLw9qT59t_ZEbMEXctoDw%26sig%3DAOD64_1V5Nf7EoSuFkA6qKPgcUH4vO1_Nw%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-BvRGeM3B6Vk4grQ0y0NPrvH4mPPhQ4Wq1hyZg5fTO1OAxEDwR78Q_9ER_Ewu_93h3EBLoD5sZ98yXyKcM9BRXJn6AH2Q0jlr_nM9pt-Wq9xicgPQpqv_3PeRnMeuVNiTBmfCg9UaH8OQJFlZjWRSA0WSrx-w%26cry%3D1%26dbm_d%3DAKAmf-CM9okD6QQvI0hJ8EU19Z0htUHQfWnisKrS0D6Yod9GrWb0kjve_GtDWpZ9PBNQ4SgRiGraldqxYVIxZifGmWIy4ocg0qzh4Vu3c1b1Yg1QfIpFruiVKKaRRk4Ls1SWhLGCa4Z0tzg8orVO3lAcsjq1WranYqXvjOxwr1R1TUQrRK4gD732cuQis9We2Qtwgn9hoee6bg3KQO4uTjVoRoFiiEAJJ3z7fL40B9lDZ0B1e6boho447j5v95-nY3aN8dsFmERJmrFV3ZAMWrKn6gS3-1ljO-AWIgju09yUN9jI_b4JjXDRUMltzBi1tybYlLsHriQla609KoHte2CMcbEZ6zPcgP6n3gMKwMPwF_mv_QOLaEwlqdLAOjkGkeloKzNSvKrQ7wQ_1CMZPqqBl0SPlDNQp5bb4DE7bndb3UcLFWhmz-l_4VkadmK5KB8N_ir4hXf4%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=841583525802&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
URL: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: 400f59f491fa26d4f9c4d225a463182a7adc87bf37e06850558f24b1bad211d3

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 18:20:20 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 76269700203896600710612011641016
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1312
Expires: Wed, 30 Jun 2021 19:20:20 +0200

Redirect headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 18:20:20 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=7818a6a347&subid=&uid=db506fc80cc1f3f8&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCtur547XcYM7XB4_igQeWkpbgCbXN-YNX_Ni5q-UM8C4QASC1y4pGYJXqqIKwB8gBCakCfm3Ytrrusz6oAwGqBMIBT9CHweRFsy_3kYZAnxWghWpepA2xBA2CwgVu_CzfHxVje6zqREMVnO_ToyqbjH-ClHEj8byJkKU9vLIhEyGmTLRC2rtj83p15vuhgwejuNpZNaRSMGYlV46aZ-uzZUJXbAkuKrik5nNam3npSOKzeavGDuYk4RY9ESQOT9tsEnlKJeVw_4g8tZn907n0GLMCs6dXD2CeOicVFlJ1eJkKNrR-7olBSeXbqoQbDZsN_MfxoYOtMGq5a7pXoew0uEUs_M_ABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tODEwNTE5NTgwMzkxNDA2OYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRol7sUNtLw9qT59t_ZEbMEXctoDw%26sig%3DAOD64_1V5Nf7EoSuFkA6qKPgcUH4vO1_Nw%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-BvRGeM3B6Vk4grQ0y0NPrvH4mPPhQ4Wq1hyZg5fTO1OAxEDwR78Q_9ER_Ewu_93h3EBLoD5sZ98yXyKcM9BRXJn6AH2Q0jlr_nM9pt-Wq9xicgPQpqv_3PeRnMeuVNiTBmfCg9UaH8OQJFlZjWRSA0WSrx-w%26cry%3D1%26dbm_d%3DAKAmf-CM9okD6QQvI0hJ8EU19Z0htUHQfWnisKrS0D6Yod9GrWb0kjve_GtDWpZ9PBNQ4SgRiGraldqxYVIxZifGmWIy4ocg0qzh4Vu3c1b1Yg1QfIpFruiVKKaRRk4Ls1SWhLGCa4Z0tzg8orVO3lAcsjq1WranYqXvjOxwr1R1TUQrRK4gD732cuQis9We2Qtwgn9hoee6bg3KQO4uTjVoRoFiiEAJJ3z7fL40B9lDZ0B1e6boho447j5v95-nY3aN8dsFmERJmrFV3ZAMWrKn6gS3-1ljO-AWIgju09yUN9jI_b4JjXDRUMltzBi1tybYlLsHriQla609KoHte2CMcbEZ6zPcgP6n3gMKwMPwF_mv_QOLaEwlqdLAOjkGkeloKzNSvKrQ7wQ_1CMZPqqBl0SPlDNQp5bb4DE7bndb3UcLFWhmz-l_4VkadmK5KB8N_ir4hXf4%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=841583525802&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Wed, 30 Jun 2021 19:20:20 +0200

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021062408&jk=2733353406244623&bg=!kpGlkdXNAAYo4NJEKOA7ACkAdvg8Wv-cVPTpOcd7TTMtHpg7Ssrx2SMHXcT3AY4Li9jkxlLDzpavPAIAAACuUgAAABloAQcKAJhIXwYOYwOjagvxzZO29Ghh6u-spk1yzZlzSzdH_vgdUWsNP5LDT4BWrXXs4GTCS5EG0AGZ-MfmPOM3MpVdNpUV-i0nRKQACFUezIRywOI5V_r6n9iT8c5FhRLj4N4S-Skn4zBrEvnTed27Fq1KSWiKESPeQoboLOV2dufsUIGT2-0dne04eAN7c6hy2f77Wtppem40T07jiJkCcyJuSiKbTNwXppGJGpXoaSIdnrjKwyJowk3gSCM2iLjLyF14sT3cq666PslLhdCNDc7BoR1lUJKb6ToYDdVHhfJDXEpXY2hsIDt4LjViREwJAwGDXNXWcXnkHDa-qPwOsh-8_zvlBawueoNZEz2xA6G2XpKirWewqrZFULGPC_lmJxh1mPSt-_g3OAvoJh6f-1dwDAHXKhV_s-WIj0UYZ-QgkPYP_lA-lbOGXTmqjIIgo2gn2IwReK2Vd7b1OrJZrd1cQ7foIiVKnbO_wPhRx8w0gAGrCRktEIIDHnT5cr76FeKMbkC_UZ-l0dLxjBFZuY7TzHkW2E2G5WEmBMRjeXLHo95e3b3ZcPkK4ryNVhPDmv5mbAml3GTAEPH7a_lNbLhbfWJsMUUtXPELHvV5tGDtud-6gQsy8mJx0f273r9ZHyF3zpyNExxjEqGvD4CczwD8I-Ne8FIPlpbdbIOk01fcyRU0AyaMldQCcHxz_8KJZXhi6wY8PwfUN4i2h5ksr-gknHrnDXvIe-mDeALRWBobLwYZDnrzd5Re8jyLJa1RsIO5GeoDUdMleBKwCO1gC8PcPxkb6zKDvMdgED-3Jt6GpRP5MYQiMAJNOdrv7_naZzOKpYRCZyw9XgaKMegXXFN9qPr-6tiM8B_iNe3jPnKWwbv91XyNmJDwS0lRX6b5abBlWhjJyMbIz3SC_cTHWJppKmK4ZSN2OKFHj6Uko-o-A4tFd_WEDlPlv-VssMxUiK8-MA1OyCl2mcIXDL1QNFSLHFGhYcFZluAvP7-gP81l2u3Hr8lOV6ja19cJ5MpTPfDeEbOl8eOSzIxqJAh7t0a3XA

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blip.fm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Jun 2021 18:20:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 69E0
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=97682600134659400710632011641001&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=97682600134659400710632011641001&actionid=731824&produktid=businessgiro&dt_url=

0
629 B

87ms
43ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=97682600134659400710632011641001&actionid=731824&produktid=businessgiro&dt_url=

Requested by

Host: hal90001.redintelligence.net
URL: https://hal90001.redintelligence.net/request.php?zone=zy291edt4ui9&nw=20&renderingType=javascript&namespace=bc4eab0841&subid=&uid=f0d22b1fa77e97bb&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCptPU47XcYM3XB4_igQeWkpbgCbXN-YNXnNC5q-UM8C4QASC1y4pGYJXqqIKwB8gBCakCfm3Ytrrusz6oAwGqBMIBT9Co8ft-uXIfUsCK1HwBPeXoMTGdhO3a-CJ8Ev178hpoQQ-5F2ICzYI32cCavpLjzoYoX7TY1_t6LhDJuevi7si8ZGzmEy2PyBvCsVM5CGa9Zd2S2L50QhgvNqdyAbtyw9EuHSMKStaOiHFR4BypKPufykOpcOLFRySG8TwwXgf3IhXgJ6SOocJ8g5M_83hSYnyL9Pxeti1CahAmaZ0MeCSoYCEMyDnspIPXDS5KR0sG16PNA5NpYRXElD7KmemtRbTABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tODEwNTE5NTgwMzkxNDA2OYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRoXY7ppm-4bfyhkM-LxwNgj4-3dw%26sig%3DAOD64_0sxMIQYMC_x-3zMKzpwh5SWTaoDg%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-CDhT_-5-4RfoEz86RwgojXQV_bw5DXPRl3Nstwk1llQk6DJiFOJxOu7eHDgbf-0erYp5zVL7yViGCEuP3qm1tfVq3xNmo0KcwD9laiRU6Ruw_-cda0ICeW7xmA5JryrZTVYdmhZkYxvRgSzmtZ34MFJ4UrNg%26cry%3D1%26dbm_d%3DAKAmf-COzrGQN24TCTsWrGM6d5NTOxYefSzt3ZDs9XsPJaG_tF7pkKyD4xIrDjkBFenGhLO-LnWpdsKoW3mFzZG6c23O0EtBriygrLxuju2lfkdf4KHwHyWKHhL9M3JRX49w6hs9JBldYxnp-sonCgRw62fXNJgwG-050z69JA0ZQveO6sYgupT2ptf7SypBX43Lkxrf1xXrzSlgDGIkozMFviZ3UISooAAAnJv1QLQsWNfyCYVZWlGSfMM-xQH9COkagT0XsXkKt4JM2y6RLuy_WI2FeJ5I7jBPy07aX28QebeeHmQtLsx7ix97U07czP_hUSdb_HexEq6AEiiIoA4WdtSfeL-DM-Y4dkhEEuZ7zND8ucjPTHzvwdDZUM2vSqGqATJJg7cgK4Eabt4Fy3mR-2MNqsVWTvtg7XjlpwHJzAu3RYao0OYKiI6OkFJ_lFH5dIIa-U9h%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=3561920321195&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 Bad Schwalbach, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: pb.media01.eu
:scheme: https
:path: /view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=97682600134659400710632011641001&actionid=731824&produktid=businessgiro&dt_url=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Wed, 30 Jun 2021 08:20:20 GMT
server: Microsoft-IIS/10.0
set-cookie: ASP.NET_SessionId=icvw0v13ypcfzqyejguvum5p; path=/; secure; HttpOnly; SameSite=None DTU=4C39D7F7E4524D686AB9EDE9712AA81F; expires=Fri, 30-Jun-2023 18:20:20 GMT; path=/; SameSite=None; secure; HttpOnly; SameSite=None
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
access-control-allow-origin: *
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Wed, 30 Jun 2021 18:20:19 GMT
content-length: 0

Redirect headers

Server: nginx/1.19.7
Date: Wed, 30 Jun 2021 18:20:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Keep-Alive: timeout=20
X-Powered-By: PHP/7.2.34
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization
Access-Control-Allow-Credentials: true
Set-Cookie: session_trs=60dcb5e4fab4c902d501c9d4; path=/; samesite=none; domain=.medialead.de; secure trs=60dcb5e4fab4c902d501c9d4; expires=Thu, 30-Jun-2022 18:20:20 GMT; Max-Age=31536000; path=/; samesite=none; domain=.medialead.de; secure trscj=MTYyNTA3NzIyMHxMM1J5WTJzdlpYQjJMMlU1T1dGaFkyVTVOR1UyWlRVNE56TTRNekJoTjJSbU9HUmxaR0UwWVdFMlAzTjFZbWxrUFRrM05qZ3lOakF3TVRNME5qVTVOREF3TnpFd05qTXlNREV4TmpReE1EQXhKblE5YUhSc2NBPT18YUhSMGNITTZMeTh5WlRKa09EUTVPVGhsWTJGa016QTNNakl6TnpKak5XVXhNREF4T1RZNE5DNXpZV1psWm5KaGJXVXVaMjl2WjJ4bGMzbHVaR2xqWVhScGIyNHVZMjl0THc9PQ%3D%3D; expires=Thu, 30-Jun-2022 18:20:20 GMT; Max-Age=31536000; path=/; samesite=none; domain=.medialead.de; secure SERVERID177589=2|YNy15|YNy15; path=/; HttpOnly
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=97682600134659400710632011641001&actionid=731824&produktid=businessgiro&dt_url=
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload max-age=15768000
X-IPLB-Request-ID: C3B5AE59:EB72_91EFC182:01BB_60DCB5E4_17B5DBA:1B141
X-IPLB-Instance: 40027
Cache-control: private

GET
H2 200 / Show response
adv.office-partner.de/ Frame E4F1 930 B
1 KB 40ms
12ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal90001.redintelligence.net
URL: https://hal90001.redintelligence.net/request.php?zone=zy291edt4ui9&nw=20&renderingType=javascript&namespace=bc4eab0841&subid=&uid=f0d22b1fa77e97bb&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCptPU47XcYM3XB4_igQeWkpbgCbXN-YNXnNC5q-UM8C4QASC1y4pGYJXqqIKwB8gBCakCfm3Ytrrusz6oAwGqBMIBT9Co8ft-uXIfUsCK1HwBPeXoMTGdhO3a-CJ8Ev178hpoQQ-5F2ICzYI32cCavpLjzoYoX7TY1_t6LhDJuevi7si8ZGzmEy2PyBvCsVM5CGa9Zd2S2L50QhgvNqdyAbtyw9EuHSMKStaOiHFR4BypKPufykOpcOLFRySG8TwwXgf3IhXgJ6SOocJ8g5M_83hSYnyL9Pxeti1CahAmaZ0MeCSoYCEMyDnspIPXDS5KR0sG16PNA5NpYRXElD7KmemtRbTABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tODEwNTE5NTgwMzkxNDA2OYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRoXY7ppm-4bfyhkM-LxwNgj4-3dw%26sig%3DAOD64_0sxMIQYMC_x-3zMKzpwh5SWTaoDg%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-CDhT_-5-4RfoEz86RwgojXQV_bw5DXPRl3Nstwk1llQk6DJiFOJxOu7eHDgbf-0erYp5zVL7yViGCEuP3qm1tfVq3xNmo0KcwD9laiRU6Ruw_-cda0ICeW7xmA5JryrZTVYdmhZkYxvRgSzmtZ34MFJ4UrNg%26cry%3D1%26dbm_d%3DAKAmf-COzrGQN24TCTsWrGM6d5NTOxYefSzt3ZDs9XsPJaG_tF7pkKyD4xIrDjkBFenGhLO-LnWpdsKoW3mFzZG6c23O0EtBriygrLxuju2lfkdf4KHwHyWKHhL9M3JRX49w6hs9JBldYxnp-sonCgRw62fXNJgwG-050z69JA0ZQveO6sYgupT2ptf7SypBX43Lkxrf1xXrzSlgDGIkozMFviZ3UISooAAAnJv1QLQsWNfyCYVZWlGSfMM-xQH9COkagT0XsXkKt4JM2y6RLuy_WI2FeJ5I7jBPy07aX28QebeeHmQtLsx7ix97U07czP_hUSdb_HexEq6AEiiIoA4WdtSfeL-DM-Y4dkhEEuZ7zND8ucjPTHzvwdDZUM2vSqGqATJJg7cgK4Eabt4Fy3mR-2MNqsVWTvtg7XjlpwHJzAu3RYao0OYKiI6OkFJ_lFH5dIIa-U9h%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=3561920321195&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

:method: GET
:authority: adv.office-partner.de
:scheme: https
:path: /?utm_source=webgains&utm_campaign=webgains
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/

Response headers

server: keycdn-engine
date: Wed, 30 Jun 2021 18:20:20 GMT
content-type: text/html
content-length: 930
last-modified: Thu, 06 May 2021 15:37:28 GMT
etag: "3a2-5c1ab16ba8ac4"
expires: Wed, 07 Jul 2021 18:20:20 GMT
cache-control: max-age=604800
link: <http://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
x-cache: HIT
x-edge-location: defr
access-control-allow-origin: *
accept-ranges: bytes

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame 20DC 12 KB
12 KB 1189ms
99ms Script
text/html 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=97682600134659400710632011641001&nw=1
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: b8674b34db95e2ad3c3eb7b55039fede3957c6c961df57348c51188c9edd0216

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 18:20:21 GMT
Last-Modified: Wed, 30 Jun 2021 18:20:21 GMT
Server: Apache
Transfer-Encoding: chunked
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame 20DC 12 KB
12 KB 7318ms
92ms Script
text/html 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=3392355&wgcampaignid=99582&viewref=97682600134659400710632011641001&js=1&nw=1
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: bce13c2a268eda008ffa6b4e48b203013d016750e3bdb46776105f74c04e1287

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 18:20:27 GMT
Last-Modified: Wed, 30 Jun 2021 18:20:27 GMT
Server: Apache
Transfer-Encoding: chunked
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3-29

200

activityi;dc_pre=COaS_7b8v_ECFZLn5god9-4Bcw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9175711665424.055 Show response
5994599.fls.doubleclick.net/ Frame 4818
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9175711665424.055?
https://5994599.fls.doubleclick.net/activityi;dc_pre=COaS_7b8v_ECFZLn5god9-4Bcw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9175711665424.055?

540 B
434 B

53ms
27ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=COaS_7b8v_ECFZLn5god9-4Bcw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9175711665424.055?

Requested by

Host: blip.fm
URL: https://blip.fm/pastabrick6

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

194019b2051c48fa79f179be31c4d707237d5359e3faedcb3ab30d683aa40940

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 5994599.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=COaS_7b8v_ECFZLn5god9-4Bcw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9175711665424.055?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 30 Jun 2021 18:20:27 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 409
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 30-Jun-2021 18:35:27 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 30 Jun 2021 18:20:27 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=COaS_7b8v_ECFZLn5god9-4Bcw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9175711665424.055?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal90001.redintelligence.net/ Frame E445 7 KB
2 KB 7213ms
12ms Document
text/html 46.4.10.49
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90001.redintelligence.net/request_content.php?s=97682600134659400710632011641001&a=d0756dd2
Requested by: Host: hal90001.redintelligence.net
URL: https://hal90001.redintelligence.net/request.php?zone=zy291edt4ui9&nw=20&renderingType=javascript&namespace=bc4eab0841&subid=&uid=f0d22b1fa77e97bb&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCptPU47XcYM3XB4_igQeWkpbgCbXN-YNXnNC5q-UM8C4QASC1y4pGYJXqqIKwB8gBCakCfm3Ytrrusz6oAwGqBMIBT9Co8ft-uXIfUsCK1HwBPeXoMTGdhO3a-CJ8Ev178hpoQQ-5F2ICzYI32cCavpLjzoYoX7TY1_t6LhDJuevi7si8ZGzmEy2PyBvCsVM5CGa9Zd2S2L50QhgvNqdyAbtyw9EuHSMKStaOiHFR4BypKPufykOpcOLFRySG8TwwXgf3IhXgJ6SOocJ8g5M_83hSYnyL9Pxeti1CahAmaZ0MeCSoYCEMyDnspIPXDS5KR0sG16PNA5NpYRXElD7KmemtRbTABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tODEwNTE5NTgwMzkxNDA2OYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRoXY7ppm-4bfyhkM-LxwNgj4-3dw%26sig%3DAOD64_0sxMIQYMC_x-3zMKzpwh5SWTaoDg%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-CDhT_-5-4RfoEz86RwgojXQV_bw5DXPRl3Nstwk1llQk6DJiFOJxOu7eHDgbf-0erYp5zVL7yViGCEuP3qm1tfVq3xNmo0KcwD9laiRU6Ruw_-cda0ICeW7xmA5JryrZTVYdmhZkYxvRgSzmtZ34MFJ4UrNg%26cry%3D1%26dbm_d%3DAKAmf-COzrGQN24TCTsWrGM6d5NTOxYefSzt3ZDs9XsPJaG_tF7pkKyD4xIrDjkBFenGhLO-LnWpdsKoW3mFzZG6c23O0EtBriygrLxuju2lfkdf4KHwHyWKHhL9M3JRX49w6hs9JBldYxnp-sonCgRw62fXNJgwG-050z69JA0ZQveO6sYgupT2ptf7SypBX43Lkxrf1xXrzSlgDGIkozMFviZ3UISooAAAnJv1QLQsWNfyCYVZWlGSfMM-xQH9COkagT0XsXkKt4JM2y6RLuy_WI2FeJ5I7jBPy07aX28QebeeHmQtLsx7ix97U07czP_hUSdb_HexEq6AEiiIoA4WdtSfeL-DM-Y4dkhEEuZ7zND8ucjPTHzvwdDZUM2vSqGqATJJg7cgK4Eabt4Fy3mR-2MNqsVWTvtg7XjlpwHJzAu3RYao0OYKiI6OkFJ_lFH5dIIa-U9h%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=3561920321195&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.49.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: 2203f34f9a55ef8597ae87870975a2cf56cf9f9b271b29e301ec4c610306eff8

Request headers

Host: hal90001.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: 8lcfmzhxc8d6_uid=41154cda3b3f99f3
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/

Response headers

Date: Wed, 30 Jun 2021 18:20:27 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Wed, 30 Jun 2021 19:20:27 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2062
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame 20DC
Redirect Chain

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=97682600134659400710632011641001
https://ad-server.eu/wm/pb/native.png

68 B
312 B

1937ms
31ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
URL: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:22:36 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Wed, 30 Jun 2021 18:20:20 GMT
Server: nginx/1.17.5
X-IPLB-Request-ID: C3B5AE59:EB72_91EFC182:01BB_60DCB5E4_17B5DDA:1B141
X-Powered-By: PHP/7.2.21
X-IPLB-Instance: 40027
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload, max-age=15768000
Content-Type: text/html; charset=UTF-8
Location: https://ad-server.eu/wm/pb/native.png
Cache-control: private
Transfer-Encoding: chunked
Keep-Alive: timeout=20

GET
DATA 200
OK truncated
/ Frame 20DC 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 841351c61827b0f259159c9fde6a52f50cf3cb43b64b0407bb64a4da2ed2101d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame A854
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=76269700203896600710612011641016&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=76269700203896600710612011641016&actionid=879111&produktid=ratenkredit&dt_url=

0
59 B

86ms
86ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=76269700203896600710612011641016&actionid=879111&produktid=ratenkredit&dt_url=

Requested by

Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=7818a6a347&subid=&uid=db506fc80cc1f3f8&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCtur547XcYM7XB4_igQeWkpbgCbXN-YNX_Ni5q-UM8C4QASC1y4pGYJXqqIKwB8gBCakCfm3Ytrrusz6oAwGqBMIBT9CHweRFsy_3kYZAnxWghWpepA2xBA2CwgVu_CzfHxVje6zqREMVnO_ToyqbjH-ClHEj8byJkKU9vLIhEyGmTLRC2rtj83p15vuhgwejuNpZNaRSMGYlV46aZ-uzZUJXbAkuKrik5nNam3npSOKzeavGDuYk4RY9ESQOT9tsEnlKJeVw_4g8tZn907n0GLMCs6dXD2CeOicVFlJ1eJkKNrR-7olBSeXbqoQbDZsN_MfxoYOtMGq5a7pXoew0uEUs_M_ABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tODEwNTE5NTgwMzkxNDA2OYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRol7sUNtLw9qT59t_ZEbMEXctoDw%26sig%3DAOD64_1V5Nf7EoSuFkA6qKPgcUH4vO1_Nw%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-BvRGeM3B6Vk4grQ0y0NPrvH4mPPhQ4Wq1hyZg5fTO1OAxEDwR78Q_9ER_Ewu_93h3EBLoD5sZ98yXyKcM9BRXJn6AH2Q0jlr_nM9pt-Wq9xicgPQpqv_3PeRnMeuVNiTBmfCg9UaH8OQJFlZjWRSA0WSrx-w%26cry%3D1%26dbm_d%3DAKAmf-CM9okD6QQvI0hJ8EU19Z0htUHQfWnisKrS0D6Yod9GrWb0kjve_GtDWpZ9PBNQ4SgRiGraldqxYVIxZifGmWIy4ocg0qzh4Vu3c1b1Yg1QfIpFruiVKKaRRk4Ls1SWhLGCa4Z0tzg8orVO3lAcsjq1WranYqXvjOxwr1R1TUQrRK4gD732cuQis9We2Qtwgn9hoee6bg3KQO4uTjVoRoFiiEAJJ3z7fL40B9lDZ0B1e6boho447j5v95-nY3aN8dsFmERJmrFV3ZAMWrKn6gS3-1ljO-AWIgju09yUN9jI_b4JjXDRUMltzBi1tybYlLsHriQla609KoHte2CMcbEZ6zPcgP6n3gMKwMPwF_mv_QOLaEwlqdLAOjkGkeloKzNSvKrQ7wQ_1CMZPqqBl0SPlDNQp5bb4DE7bndb3UcLFWhmz-l_4VkadmK5KB8N_ir4hXf4%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=841583525802&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 Bad Schwalbach, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: pb.media01.eu
:scheme: https
:path: /view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=76269700203896600710612011641016&actionid=879111&produktid=ratenkredit&dt_url=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: ASP.NET_SessionId=icvw0v13ypcfzqyejguvum5p; DTU=4C39D7F7E4524D686AB9EDE9712AA81F
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Wed, 30 Jun 2021 08:20:20 GMT
server: Microsoft-IIS/10.0
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
access-control-allow-origin: *
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
x-aspnet-version: 4.0.30319
set-cookie: DTU=4C39D7F7E4524D686AB9EDE9712AA81F; expires=Fri, 30-Jun-2023 18:20:20 GMT; path=/; SameSite=None; secure; HttpOnly; SameSite=None
x-powered-by: ASP.NET
date: Wed, 30 Jun 2021 18:20:20 GMT
content-length: 0

Redirect headers

Server: nginx/1.17.5
Date: Wed, 30 Jun 2021 18:20:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Keep-Alive: timeout=20
X-Powered-By: PHP/7.2.21
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization
Access-Control-Allow-Credentials: true
Set-Cookie: session_trs=60dcb5e4db460f00e53a7c2d; path=/; samesite=none; domain=.medialead.de; secure trs=60dcb5e4db460f00e53a7c2d; expires=Thu, 30-Jun-2022 18:20:20 GMT; Max-Age=31536000; path=/; samesite=none; domain=.medialead.de; secure trscj=MTYyNTA3NzIyMHxMM1J5WTJzdlpYQjJMMlU1T1dGaFkyVTVOR1UyWlRVNE56TTRPREZrTXpRd01EazVNMlV4WlRkbFAzTjFZbWxrUFRjMk1qWTVOekF3TWpBek9EazJOakF3TnpFd05qRXlNREV4TmpReE1ERTJKblE5YUhSc2NBPT18YUhSMGNITTZMeTh5WlRKa09EUTVPVGhsWTJGa016QTNNakl6TnpKak5XVXhNREF4T1RZNE5DNXpZV1psWm5KaGJXVXVaMjl2WjJ4bGMzbHVaR2xqWVhScGIyNHVZMjl0THc9PQ%3D%3D; expires=Thu, 30-Jun-2022 18:20:20 GMT; Max-Age=31536000; path=/; samesite=none; domain=.medialead.de; secure SERVERID177589=1|YNy15|YNy15; path=/; HttpOnly
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=76269700203896600710612011641016&actionid=879111&produktid=ratenkredit&dt_url=
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload max-age=15768000
X-IPLB-Request-ID: C3B5AE59:EB72_91EFC182:01BB_60DCB5E4_17B5DBD:1B141
X-IPLB-Instance: 40027
Cache-control: private

GET
H2 200 / Show response
adv.office-partner.de/ Frame EB32 930 B
1 KB 7ms
7ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=7818a6a347&subid=&uid=db506fc80cc1f3f8&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCtur547XcYM7XB4_igQeWkpbgCbXN-YNX_Ni5q-UM8C4QASC1y4pGYJXqqIKwB8gBCakCfm3Ytrrusz6oAwGqBMIBT9CHweRFsy_3kYZAnxWghWpepA2xBA2CwgVu_CzfHxVje6zqREMVnO_ToyqbjH-ClHEj8byJkKU9vLIhEyGmTLRC2rtj83p15vuhgwejuNpZNaRSMGYlV46aZ-uzZUJXbAkuKrik5nNam3npSOKzeavGDuYk4RY9ESQOT9tsEnlKJeVw_4g8tZn907n0GLMCs6dXD2CeOicVFlJ1eJkKNrR-7olBSeXbqoQbDZsN_MfxoYOtMGq5a7pXoew0uEUs_M_ABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tODEwNTE5NTgwMzkxNDA2OYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRol7sUNtLw9qT59t_ZEbMEXctoDw%26sig%3DAOD64_1V5Nf7EoSuFkA6qKPgcUH4vO1_Nw%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-BvRGeM3B6Vk4grQ0y0NPrvH4mPPhQ4Wq1hyZg5fTO1OAxEDwR78Q_9ER_Ewu_93h3EBLoD5sZ98yXyKcM9BRXJn6AH2Q0jlr_nM9pt-Wq9xicgPQpqv_3PeRnMeuVNiTBmfCg9UaH8OQJFlZjWRSA0WSrx-w%26cry%3D1%26dbm_d%3DAKAmf-CM9okD6QQvI0hJ8EU19Z0htUHQfWnisKrS0D6Yod9GrWb0kjve_GtDWpZ9PBNQ4SgRiGraldqxYVIxZifGmWIy4ocg0qzh4Vu3c1b1Yg1QfIpFruiVKKaRRk4Ls1SWhLGCa4Z0tzg8orVO3lAcsjq1WranYqXvjOxwr1R1TUQrRK4gD732cuQis9We2Qtwgn9hoee6bg3KQO4uTjVoRoFiiEAJJ3z7fL40B9lDZ0B1e6boho447j5v95-nY3aN8dsFmERJmrFV3ZAMWrKn6gS3-1ljO-AWIgju09yUN9jI_b4JjXDRUMltzBi1tybYlLsHriQla609KoHte2CMcbEZ6zPcgP6n3gMKwMPwF_mv_QOLaEwlqdLAOjkGkeloKzNSvKrQ7wQ_1CMZPqqBl0SPlDNQp5bb4DE7bndb3UcLFWhmz-l_4VkadmK5KB8N_ir4hXf4%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=841583525802&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

:method: GET
:authority: adv.office-partner.de
:scheme: https
:path: /?utm_source=webgains&utm_campaign=webgains
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/

Response headers

server: keycdn-engine
date: Wed, 30 Jun 2021 18:20:20 GMT
content-type: text/html
content-length: 930
last-modified: Thu, 06 May 2021 15:37:28 GMT
etag: "3a2-5c1ab16ba8ac4"
expires: Wed, 07 Jul 2021 18:20:20 GMT
cache-control: max-age=604800
link: <http://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
x-cache: HIT
x-edge-location: defr
access-control-allow-origin: *
accept-ranges: bytes

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame 654C 12 KB
12 KB 7265ms
94ms Script
text/html 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=76269700203896600710612011641016&nw=1
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 037f3348bdf0f46a31d8c2e88216de74d4bc9bb53c9226e1471a59d5c388f727

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 18:20:27 GMT
Last-Modified: Wed, 30 Jun 2021 18:20:27 GMT
Server: Apache
Transfer-Encoding: chunked
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame 654C 12 KB
12 KB 10470ms
100ms Script
text/html 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=3392345&wgcampaignid=99582&viewref=76269700203896600710612011641016&js=1&nw=1
Requested by: Host: blip.fm
URL: https://blip.fm/pastabrick6
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: b75495ef8f447cb7bbcc3918eb567a2139187fa373469dde8a25c311d3f9d187

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 18:20:30 GMT
Last-Modified: Wed, 30 Jun 2021 18:20:30 GMT
Server: Apache
Transfer-Encoding: chunked
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3-29

200

activityi;dc_pre=CNyQ_7b8v_ECFYIcBgAdZlUGLA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876534480504.767 Show response
5994599.fls.doubleclick.net/ Frame B14B
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876534480504.767?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CNyQ_7b8v_ECFYIcBgAdZlUGLA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876534480504.767?

540 B
437 B

55ms
28ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CNyQ_7b8v_ECFYIcBgAdZlUGLA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876534480504.767?

Requested by

Host: blip.fm
URL: https://blip.fm/pastabrick6

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

0684aa7098030225d614dcb0c4f9be8b21273c45b412ef493feb44e5c80a2509

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 5994599.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CNyQ_7b8v_ECFYIcBgAdZlUGLA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876534480504.767?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 30 Jun 2021 18:20:27 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 412
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 30-Jun-2021 18:35:27 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 30 Jun 2021 18:20:27 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CNyQ_7b8v_ECFYIcBgAdZlUGLA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876534480504.767?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal900016.redintelligence.net/ Frame 9C02 7 KB
2 KB 7160ms
13ms Document
text/html 138.201.220.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900016.redintelligence.net/request_content.php?s=76269700203896600710612011641016&a=666fdb4d
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=7818a6a347&subid=&uid=db506fc80cc1f3f8&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCtur547XcYM7XB4_igQeWkpbgCbXN-YNX_Ni5q-UM8C4QASC1y4pGYJXqqIKwB8gBCakCfm3Ytrrusz6oAwGqBMIBT9CHweRFsy_3kYZAnxWghWpepA2xBA2CwgVu_CzfHxVje6zqREMVnO_ToyqbjH-ClHEj8byJkKU9vLIhEyGmTLRC2rtj83p15vuhgwejuNpZNaRSMGYlV46aZ-uzZUJXbAkuKrik5nNam3npSOKzeavGDuYk4RY9ESQOT9tsEnlKJeVw_4g8tZn907n0GLMCs6dXD2CeOicVFlJ1eJkKNrR-7olBSeXbqoQbDZsN_MfxoYOtMGq5a7pXoew0uEUs_M_ABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tODEwNTE5NTgwMzkxNDA2OYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRol7sUNtLw9qT59t_ZEbMEXctoDw%26sig%3DAOD64_1V5Nf7EoSuFkA6qKPgcUH4vO1_Nw%26client%3Dca-pub-6949480713202456%26dbm_c%3DAKAmf-BvRGeM3B6Vk4grQ0y0NPrvH4mPPhQ4Wq1hyZg5fTO1OAxEDwR78Q_9ER_Ewu_93h3EBLoD5sZ98yXyKcM9BRXJn6AH2Q0jlr_nM9pt-Wq9xicgPQpqv_3PeRnMeuVNiTBmfCg9UaH8OQJFlZjWRSA0WSrx-w%26cry%3D1%26dbm_d%3DAKAmf-CM9okD6QQvI0hJ8EU19Z0htUHQfWnisKrS0D6Yod9GrWb0kjve_GtDWpZ9PBNQ4SgRiGraldqxYVIxZifGmWIy4ocg0qzh4Vu3c1b1Yg1QfIpFruiVKKaRRk4Ls1SWhLGCa4Z0tzg8orVO3lAcsjq1WranYqXvjOxwr1R1TUQrRK4gD732cuQis9We2Qtwgn9hoee6bg3KQO4uTjVoRoFiiEAJJ3z7fL40B9lDZ0B1e6boho447j5v95-nY3aN8dsFmERJmrFV3ZAMWrKn6gS3-1ljO-AWIgju09yUN9jI_b4JjXDRUMltzBi1tybYlLsHriQla609KoHte2CMcbEZ6zPcgP6n3gMKwMPwF_mv_QOLaEwlqdLAOjkGkeloKzNSvKrQ7wQ_1CMZPqqBl0SPlDNQp5bb4DE7bndb3UcLFWhmz-l_4VkadmK5KB8N_ir4hXf4%26adurl%3D&documentReferer=https%3A%2F%2Fblip.fm%2F&ancestorOrigins=https%3A%2F%2Fblip.fm&random=841583525802&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: 48e3099656f79d817efb82ddf0fe74874310a71d97103795f86ee1712f84f95c

Request headers

Host: hal900016.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: 8lcfmzhxc8d6_uid=e91ad325dcc628d2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/

Response headers

Date: Wed, 30 Jun 2021 18:20:27 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Wed, 30 Jun 2021 19:20:27 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2088
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame 654C
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=76269700203896600710612011641016
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=76269700203896600710612011641016
https://ad-server.eu/wm/pb/native.png

68 B
312 B

93ms
29ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
URL: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:22:41 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Wed, 30 Jun 2021 18:20:27 GMT
Server: nginx/1.19.7
X-IPLB-Request-ID: C3B5AE59:EB72_91EFC182:01BB_60DCB5EB_17B5FF2:1B141
X-Powered-By: PHP/7.2.34
X-IPLB-Instance: 40027
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload, max-age=15768000
Content-Type: text/html; charset=UTF-8
Location: https://ad-server.eu/wm/pb/native.png
Cache-control: private
Transfer-Encoding: chunked
Keep-Alive: timeout=20

GET
DATA 200
OK truncated
/ Frame 654C 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b4770947c9e1449eefa34fbbfe7e9c9d4d843503b37f87153cdd7864b8dc15a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame E4F1 83 KB
32 KB 14ms
14ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d01cf1560095bc641f7a2bae61ddb095164241b06e9c3ef40e249c1f3261429c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:20:20 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32870
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 30 Jun 2021 18:20:20 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame EB32 83 KB
32 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

226ec615f0a0c2613591a97914994237cdb908a15558bea6e2746cc9e214a056

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:20:20 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32871
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 30 Jun 2021 18:20:20 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3AEB 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BdzLO47XcYM6ENo3RgQfPmKDgDAAAAAA4AeAEAg&bg=!EBOlE1fNAAYo4NJEKOA7ACkAdvg8WpcYLcsanhvqMouPkQzaz29NriCKt-D3zwe4wGvkpURRf6dQpAIAAACIUgAAACloAQcKAFGSV1tgNhd712GgVYo9OccXkzgzLlR-1lBiEPePwuNjhdnTsIc6TMf2oKMbyywGKxNdX1l4CFecK3BFEKn0GWqhLLSp4NKRBxukR3ETo9DU_jGZArxX4MGODQiiEHTRhpNag7WopKNWUeWiLPl5JR5CjFGTwlTDQJnALTZ-uVaqEDQO_yTp6Jhfhf7J3Fxg4r3aATibcSLKQMB9-Md7iNG3kfEsFxLvSbWE5EoLEBR1BoLPEpwF4gjD7sH5v8O8Ccvzfbq270QS9cySB3WvSBB-kkz9GdLzbfb5SZb_Kyj2lF4-r1zkZ5v7M03MAMnrezqMGto5xaHYv2ltoydVmRJw_n0HpXgm8PRTkpKSe-Nq7yoSzy2FlsqEYcihm_cVoL-aXp_FoWbqs8hIJMxoEwmoo2py9HMyVaM-jMztvSLJ_Y6z7cpUuQHxR7MhnjB5d38PAL7oYn_imL9UqM47wFzp3IjK2aHvLmRV0_qQb0X3LJNStzFzb2z-EKfZbPRvStOac17_0B0YIwsTtM9hHSAJfXcXyqqOg-L_YJT28c8hqDyP8-2kFfrZd1Paloh0g2VRFbhlcLnhy7VJjZJ8RZsuvNa1tv4P1mbLsUOmz3iY6N5skq2IrYtMr2zOZPrar_6tdD0e3zIX3GyYZ8-up1UNFqqNLruOGTK7btaZnkyKHxh863gQE2F7wBF2Y9OWaqwx1YCOI9mXxAKy5n4_xhBwDNgKQdMgGzz0bS7JtlHFY5BLdX2ImPyJm6tV-bdz5PZ_ms4IiwTx27M1FYvAG_GRxKjF_yy3WD74bxE7KWYhWE2EANDQNsRHXMwXSFB0LqnT9eA_q2AmwzM0oKZJyxG3eCa7utx2Iz7-9x74t2bi6moT-nHcI6rlHGdl2phyqgZDKOvK-NwB7yRz7BvWovU0L_8BWPebXfNyMcRhTAZGTB07OxoNzMRQ7tZOv0TEmRp9FhoJ_MY34EeenWEfGhDwdVEUHOl0weERu1uvpZMQGnWSV37WbL52vdcHRn-SLxHLKcXb9-M_BcwM35zVuSKD

Requested by

Host: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
URL: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Jun 2021 18:20:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DC11 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BwaZm47XcYJ6bNeCW7_UPuoWX8A8AAAAAOAHgBAI&bg=!RUalRgLNAAYo4NJEKOA7ACkAdvg8WnsclskTT06r16wWh9UkLa-NcXLZCrK1Asw4unvlmebD75K_oAIAAADHUgAAAA5oAQcKABinojNnyfiHh-hsxHcsu4xw9i1IKso6xJiZAtCI8BcStpeHQODUTdiQRQpIjcaWX-B6TcQkroq9bA-mNk0EdJ0z272pPk4znbmaZyhkA51ePcP0EQS1qvbKVO-78FyZikah0Ut-pHui0V0YM_OFRTaLcBaUiJ5H3VfdRuJSgM7jSjeriDFtg_FPJ9q2QNe9whkG7Mp7DBv4_qIPLM1yFv08NEDG_a1GeADkPa8-tUvh9MvOc5mkN-4xN0H4CthzQ9XbRGKi5yXond42__bzdAQpqj2Zd4lRBnc1N5Cs4RgG_tOn_aotgxLG5Sq_0QfUuZdZLL2Sa2Qv1QgEdoq4DytTVaVDv3ILqTyltBFRe7LGT3cjhtFTmWVth8d2Ijdgiprsz45yPT3mCDLxBuYDGu6s5rv0Ra4t6sJFf_2Kze3GvOL7tksgfkY-C1SNrADh5AjCP-_2xuu6KH55SCgVIY02PFw0Umcz-y--ALm-gYmCFVIM5CGBygwkWWx4hrH8lrmJcExRSQ3Jq_5dmf2PqGCZ8i3nkvJyeQcYpkBmNP3meT2AxEs91FbG1zSNehdSOmU2V0tYkdQHwVg-DNsjFsrM_dYIsdsSAo5kvfopHLG-zRSwwkfkLMrx5vAvRahmi8E6orO7Bun_zeY-BdHSg6HkwieaWxxnV_gNiTXXnRZCKs8IayQEN-p84nffG6sE2C8lXKsjY6WtNrswjMtI4yCzTfgdx7jtppUyPRnERgjasQhrW4BRuMjZRSHk0668RAh9E89OjF3L1yjGaSN-FIEQ9oITSWTihacqgl0cNyu1CF4sM4S1rxxjR9ldv2NGvhsZiZmeun3f5OPqtvdpoUpwuiZmX5DNMOIhcUHvqVbDOClR6DCsAW-EVpohVzdxCHW0Gc35XLwOXtMwFku6WhrbzalhtvVnGKewro5WFfZFXyp1NYiK3Kk-aQtfo21D2nTOnFHi6T8Vy89IZjkEBi7V6Xy7Jg8-Ffl1MKU

Requested by

Host: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
URL: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Jun 2021 18:20:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 401 check_scope Show response
api.spotify.com/v1/melody/v1/ Frame C504 77 B
162 B 19ms
18ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

863e7d2c37417b268dcfbeb4430cccad660050490c6d66f2d657370df21c5b06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

authorization: Bearer undefined
Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
www-authenticate: Bearer realm="spotify", error="invalid_token", error_description="Invalid access token"
server: envoy
access-control-allow-origin: *
date: Wed, 30 Jun 2021 18:20:20 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
via: HTTP/2 edgeproxy, 1.1 google
access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
alt-svc: clear
content-length: 92
x-content-type-options: nosniff

OPTIONS
H2 200 check_scope
api.spotify.com/v1/melody/v1/ Frame 0
0 16ms
15ms Preflight 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Protocol

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://sdk.scdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-length: 0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 30 Jun 2021 18:20:19 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

POST
H2 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame BC5D 28 B
197 B 20ms
19ms XHR
application/json 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/1a0ca43b/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 120
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/?enablejsapi=1&origin=https%3A%2F%2Fblip.fm&widgetid=1
X-YouTube-Client-Version: 1.20210627.0.0
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: Cgt6ZWVZMTVpTGpFQSji6_KGBg%3D%3D
X-YouTube-Ad-Signals: dt=1625077218346&flash=0&frm=2&u_tz=120&u_his=2&u_java&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug&u_nmime&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C270&vis=1&wgl=true&ca_type=image&bid=ANyPxKpbj4mPPPd3uMe3YaVNbzDIJgrQpbOco9V_vH-QmCRen30UIucHdg49AmgzEw0Nked5Ruf7uil_SzUYQvMIIbt0ilrTvw

Response headers

date: Wed, 30 Jun 2021 18:20:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Wed, 30 Jun 2021 18:20:20 GMT

GET
H2 401 check_scope Show response
api.spotify.com/v1/melody/v1/ Frame C504 77 B
162 B 16ms
15ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

863e7d2c37417b268dcfbeb4430cccad660050490c6d66f2d657370df21c5b06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

authorization: Bearer undefined
Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
www-authenticate: Bearer realm="spotify", error="invalid_token", error_description="Invalid access token"
server: envoy
access-control-allow-origin: *
date: Wed, 30 Jun 2021 18:20:20 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
via: HTTP/2 edgeproxy, 1.1 google
access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
alt-svc: clear
content-length: 92
x-content-type-options: nosniff

OPTIONS
H2 200 check_scope
api.spotify.com/v1/melody/v1/ Frame 0
0 17ms
17ms Preflight 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Protocol

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://sdk.scdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-length: 0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 30 Jun 2021 18:20:20 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

GET
H2 401 check_scope Show response
api.spotify.com/v1/melody/v1/ Frame C504 77 B
162 B 16ms
16ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

863e7d2c37417b268dcfbeb4430cccad660050490c6d66f2d657370df21c5b06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

authorization: Bearer undefined
Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
www-authenticate: Bearer realm="spotify", error="invalid_token", error_description="Invalid access token"
server: envoy
access-control-allow-origin: *
date: Wed, 30 Jun 2021 18:20:21 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
via: HTTP/2 edgeproxy, 1.1 google
access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
alt-svc: clear
content-length: 92
x-content-type-options: nosniff

OPTIONS
H2 200 check_scope
api.spotify.com/v1/melody/v1/ Frame 0
0 16ms
16ms Preflight 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Protocol

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://sdk.scdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-length: 0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 30 Jun 2021 18:20:20 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 20DC 42 B
108 B 41ms
40ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuZc0vem7GEdTjj0owI4hjdWpHba05debq6nytNUjblxFgg-uj2iIecvq5lPltnVkV0qLZ-U7eS9yQsjgbnQZIJfsg19FPPhFr_tuiNAYni7j5V&sai=AMfl-YRTEuUOcYI88v9jlcXIRNf5nEQxgnvpWEG5R0TuiTIU9Q1s_tmtqfU_OBh9NZMakiFUrypw6HbhnSs29KJrMCuxSsjMQ4cnMH3jbDH5vr0MydjbrwezRbQIiZ8OUWR_&sig=Cg0ArKJSzNY7WTvgoDB2EAE&cid=CAASFeRoXY7ppm-4bfyhkM-LxwNgj4-3dw&id=lidar2&mcvt=1000&p=689,315,779,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210628&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3076314635&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1625077219812&dlt=19&rpt=426&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Jun 2021 18:20:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 654C 42 B
108 B 41ms
40ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsta5jTfISDOrIDXvSi1sUZrSi5E8NNXVgTgtQQXG_BnDRTnNnqgfcdq7wcXoEZVCJYoTbLTo7p5K5SQziIT2wORJSmj0_Z-1lW4TTxzEUtAZiPD&sai=AMfl-YQ-A3s5i5YO_Fl52D9cBzmWWQ1xgAK93Qjpx_QvwTPlOPUI33dzhhDABPFmCAm8h2mR1RB390tw8wFuWtQ7ihIRcKm5Et-9oZGjWATlx0rfaQsNrtJhz9bp4LDJXXRJ&sig=Cg0ArKJSzA9MGbC97K3XEAE&cid=CAASFeRol7sUNtLw9qT59t_ZEbMEXctoDw&id=lidar2&mcvt=1000&p=1110,436,1200,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210628&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3224969948&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1625077219813&dlt=21&rpt=460&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Jun 2021 18:20:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 20DC 59 KB
60 KB 2059ms
23ms Script
application/javascript 65.9.77.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=97682600134659400710632011641001&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a91a21b8a5843a8d8fac4d3916d5eb926ea4917b7d27dbee00ae068f4dd9d07e

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 18:39:37 GMT
via: 1.1 6d424430e2badcd8859fea1f1185697a.cloudfront.net (CloudFront)
last-modified: Mon, 28 Jun 2021 16:00:47 GMT
server: AmazonS3
age: 85247
etag: "edfa65aada7c65cbe3a78f39f8444ab3"
x-cache: Hit from cloudfront
x-amz-version-id: 9gxRQLkEbSwlqYx89yHTPWBPBM9yYdWx
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
content-type: application/javascript
content-length: 60765
x-amz-cf-id: mVRcG-4yL7gfaAKem_6abiimQ_nnj-bQpWEt9RpN212aSr5Znlh7Qw==

GET
H/1.1 200
OK hit Show response
diapi.webgains.com/2.0/ Frame 20DC 79 B
374 B 3610ms
37ms Script
text/javascript 81.29.72.47
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://diapi.webgains.com/2.0/hit?callback=hitCallback&wgpayload=Fta44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6STpjB9TjQDKMhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt.gEngMQEjZr_WhXTA2s.XTVV26y8GGEDd5ihORoVyFGh8cmvSuCKzIlnY6xljQlpRDuxfTNJxTqRejPm8LKfAaZ4ySy.aPjftckeseSp2qvSTKBdmNOK9I9ecQWNH6N6JDQDJztEqwhMBxEYYdtt_xvtqpI92PIbJlpMpwoNSUC56MnGWpwoNN5uQ32SCVc45W__JccFViLs2dI_AIQjvEodUW2vqCRc7L1eLY6Rn5.25.ea.68WDK1civyfxJAxGUTlfe2Rc7L1eWNNW5BNlYiMfTjV.3gv&wgcookie=%7B%22wgifp7121%22%3A%5B%2299582%22%2C%227121%22%2C%222513135%22%2C%22%22%2C%221625077221%22%2C%22https%253A%252F%252F2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com%252F%22%2C%22%22%2C%22%22%2C%221632853221%22%2C%2297682600134659400710632011641001%22%5D%7D&wgchecksum=893e2bdb97a0ff3f0eede8d0cae6e69a&userIP=195.181.174.89&doAffectv=1&wgtime=1625077221
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=97682600134659400710632011641001&nw=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.29.72.47 Brixton, United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 81-29-72-47.servers.dedipower.net
Software: Apache /
Resource Hash: 01fec730c5a97395ea727b1eda475fc152fb7e3583fdb24f55fcc5e6ef3f070e

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 30 Jun 2021 18:20:25 GMT
Server: Apache
Connection: close
Content-Length: 79
Content-Type: text/javascript;charset=utf-8

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame 20DC 3 KB
3 KB 9194ms
25ms Image
image/png 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=99582&viewref=50530500131895300710696011641001&wglinkid=2513135
Requested by: Host: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
URL: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 18:20:30 GMT
Last-Modified: Wed, 30 Jun 2021 18:20:30 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/png
Content-Length: 2808
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 401 check_scope Show response
api.spotify.com/v1/melody/v1/ Frame C504 77 B
162 B 20ms
20ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

863e7d2c37417b268dcfbeb4430cccad660050490c6d66f2d657370df21c5b06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

authorization: Bearer undefined
Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
www-authenticate: Bearer realm="spotify", error="invalid_token", error_description="Invalid access token"
server: envoy
access-control-allow-origin: *
date: Wed, 30 Jun 2021 18:20:22 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
via: HTTP/2 edgeproxy, 1.1 google
access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
alt-svc: clear
content-length: 92
x-content-type-options: nosniff

OPTIONS
H2 200 check_scope
api.spotify.com/v1/melody/v1/ Frame 0
0 18ms
17ms Preflight 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Protocol

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://sdk.scdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-length: 0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 30 Jun 2021 18:20:22 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

OPTIONS
H2 200 check_scope
api.spotify.com/v1/melody/v1/ Frame 0
0 23ms
22ms Preflight 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Protocol

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://sdk.scdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-length: 0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 30 Jun 2021 18:20:22 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

GET
H2 401 check_scope Show response
api.spotify.com/v1/melody/v1/ Frame C504 77 B
162 B 20ms
20ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

863e7d2c37417b268dcfbeb4430cccad660050490c6d66f2d657370df21c5b06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

authorization: Bearer undefined
Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
www-authenticate: Bearer realm="spotify", error="invalid_token", error_description="Invalid access token"
server: envoy
access-control-allow-origin: *
date: Wed, 30 Jun 2021 18:20:22 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
via: HTTP/2 edgeproxy, 1.1 google
access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
alt-svc: clear
content-length: 92
x-content-type-options: nosniff

GET
H2 401 check_scope Show response
api.spotify.com/v1/melody/v1/ Frame C504 77 B
162 B 17ms
16ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Requested by

Host: sdk.scdn.co
URL: https://sdk.scdn.co/embedded/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

863e7d2c37417b268dcfbeb4430cccad660050490c6d66f2d657370df21c5b06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

authorization: Bearer undefined
Referer: https://sdk.scdn.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
www-authenticate: Bearer realm="spotify", error="invalid_token", error_description="Invalid access token"
server: envoy
access-control-allow-origin: *
date: Wed, 30 Jun 2021 18:20:23 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
via: HTTP/2 edgeproxy, 1.1 google
access-control-allow-credentials: true
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
alt-svc: clear
content-length: 92
x-content-type-options: nosniff

OPTIONS
H2 200 check_scope
api.spotify.com/v1/melody/v1/ Frame 0
0 18ms
18ms Preflight 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.spotify.com/v1/melody/v1/check_scope?scope=web-playback

Protocol

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://sdk.scdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-length: 0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 30 Jun 2021 18:20:23 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

GET
H/1.1 200
OK fp_decode.html Show response
track.webgains.com/ Frame 20DC 63 B
270 B 2888ms
41ms Fetch
application/json 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/fp_decode.html?wgpayload=Fta44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6STpjB9TjQDKMhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt.gEngMQEjZr_WhXTA2s.XTVV26y8GGEDd5ihORoVyFGh8cmvSuCKzIlnY6xljQlpRDuxfTNJxTqRejPm8LKfAaZ4ySy.aPjftckeseSp2qvSTKBdmNOK9I9ecQWNH6N6JDQDJztEqwhMBxEYYdtt_xvtqpI92PIbJlpMpwoNSUC56MnGWpwoNN5uQ32SCVc45W__Jd7OKMAR0odm_dhrxbuJjkWxv5iJ3A0KAGYiey.25.ea.68WDK1civyfxJAxHUTlfe2Rc7L1eWNNW5BNlYiMfTjV.27E
Requested by: Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 33aed9d6dfd89dc1b80f590d08b897c4e52ba9cfb09fe73a0b5836b2dfc90308

Request headers

Accept: application/json
Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 30 Jun 2021 18:20:26 GMT
Server: Apache
Connection: close
Keep-Alive: timeout=1, max=100
Content-Length: 63
Content-Type: application/json

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 20DC 16 B
232 B 81ms
81ms Fetch
application/json 34.249.16.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.249.16.73 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx / PHP/7.4.19

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 30 Jun 2021 18:20:26 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.19
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 113ms
31ms Preflight 34.249.16.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Server: 34.249.16.73 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 30 Jun 2021 18:20:26 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS

GET
H3-29 200 css
fonts.googleapis.com/ Frame E445 4 KB
648 B 26ms
20ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal90001.redintelligence.net
URL: https://hal90001.redintelligence.net/request_content.php?s=97682600134659400710632011641001&a=d0756dd2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

932060b34fe451f1cb994f3da257f6d2d0f281e1e286e9f3f0e2da63e862fec6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://hal90001.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 17:35:04 GMT
server: ESF
date: Wed, 30 Jun 2021 18:20:27 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 30 Jun 2021 18:20:27 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame E445 15 KB
15 KB 1045ms
12ms Image
image/png 78.46.111.106
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/laptop_1200x627.jpg
Requested by: Host: hal90001.redintelligence.net
URL: https://hal90001.redintelligence.net/request_content.php?s=97682600134659400710632011641001&a=d0756dd2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.106.111.46.78.clients.your-server.de
Software: Apache /
Resource Hash: a24c9b19cd79b37cf333496fe12926c2d8ec2ac2136ae367aec6bdc9f8cfb719

Request headers

Referer: https://hal90001.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:20:28 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 15249
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame E445 16 KB
16 KB 1046ms
13ms Image
image/png 78.46.111.106
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal90001.redintelligence.net
URL: https://hal90001.redintelligence.net/request_content.php?s=97682600134659400710632011641001&a=d0756dd2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.106.111.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 6c583658a214486da5662d7c13e3614752d4fd5b2eb8501feedf185b9f0805fa

Request headers

Referer: https://hal90001.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:20:28 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16531
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame E445 15 KB
16 KB 1046ms
14ms Image
image/png 78.46.111.106
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/52113/creativesup/paninicomics-banner-2021-1200x627.jpg
Requested by: Host: hal90001.redintelligence.net
URL: https://hal90001.redintelligence.net/request_content.php?s=97682600134659400710632011641001&a=d0756dd2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.106.111.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 6c2baf904f2fb07ea3ed80ec47e4b7273fe454b46113b1f0574babab9e8218b3

Request headers

Referer: https://hal90001.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:20:28 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 15705
Vary: Accept-Encoding
Content-Type: image/png

GET
H3-29 200 css
fonts.googleapis.com/ Frame 9C02 1 KB
418 B 24ms
19ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=76269700203896600710612011641016&a=666fdb4d

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1d14552be6ee4946f37aab45221783569a7de93bf04647d430d36102b4dcd748

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://hal900016.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 16:28:01 GMT
server: ESF
date: Wed, 30 Jun 2021 18:20:27 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 30 Jun 2021 18:20:27 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 9C02 16 KB
16 KB 2290ms
13ms Image
image/png 78.46.111.106
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=76269700203896600710612011641016&a=666fdb4d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.106.111.46.78.clients.your-server.de
Software: Apache /
Resource Hash: d64d3eef147691fcce8235a94b9e2a93f5829a14435f434bc9d91f328065ba9a

Request headers

Referer: https://hal900016.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:20:29 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16247
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 9C02 16 KB
16 KB 1044ms
13ms Image
image/png 78.46.111.106
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=76269700203896600710612011641016&a=666fdb4d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.106.111.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 6c583658a214486da5662d7c13e3614752d4fd5b2eb8501feedf185b9f0805fa

Request headers

Referer: https://hal900016.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:20:28 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16531
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 9C02 16 KB
16 KB 3061ms
13ms Image
image/png 78.46.111.106
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/52113/creativesup/affiliate-panini-paw-patrol-disney-banner-1200x627.jpg
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=76269700203896600710612011641016&a=666fdb4d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.106.111.46.78.clients.your-server.de
Software: Apache /
Resource Hash: bbf7650c0f23f5956a3401c747b0fa3af71bc37a44e3c5e48579b5aa1740c4db

Request headers

Referer: https://hal900016.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:20:30 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16333
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK viewability Show response
hal90001.redintelligence.net/ Frame E445 0
150 B 1047ms
12ms Script
text/html 46.4.10.49
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90001.redintelligence.net/viewability?s=97682600134659400710632011641001&a=0b443e24&vb=m
Requested by: Host: hal90001.redintelligence.net
URL: https://hal90001.redintelligence.net/request_content.php?s=97682600134659400710632011641001&a=d0756dd2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.49.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal90001.redintelligence.net/request_content.php?s=97682600134659400710632011641001&a=d0756dd2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:20:28 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3-29 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ Frame E445 16 KB
16 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://hal90001.redintelligence.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 11:39:10 GMT
x-content-type-options: nosniff
age: 110477
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15948
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:32 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jun 2022 11:39:10 GMT

GET
H3-29 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ Frame E445 16 KB
16 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://hal90001.redintelligence.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 11:39:10 GMT
x-content-type-options: nosniff
age: 110477
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16112
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:09 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jun 2022 11:39:10 GMT

GET
H/1.1 200
OK viewability Show response
hal900016.redintelligence.net/ Frame 9C02 0
150 B 2154ms
12ms Script
text/html 138.201.220.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900016.redintelligence.net/viewability?s=76269700203896600710612011641016&a=21c55420&vb=m
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=76269700203896600710612011641016&a=666fdb4d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal900016.redintelligence.net/request_content.php?s=76269700203896600710612011641016&a=666fdb4d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:20:29 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 / Show response
adservice.google.com/ddm/fls/i/dc_pre=COaS_7b8v_ECFZLn5god9-4Bcw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9175711665424.055;~oref=https://2e2d84... Frame D7CD 539 B
499 B 41ms
41ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=COaS_7b8v_ECFZLn5god9-4Bcw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9175711665424.055;~oref=https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=COaS_7b8v_ECFZLn5god9-4Bcw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9175711665424.055?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b421fb7e8f30a2a32cd5b7b3c25d6fc65cbd0de8fd1390bce145896300d6980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: adservice.google.com
:scheme: https
:path: /ddm/fls/i/dc_pre=COaS_7b8v_ECFZLn5god9-4Bcw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9175711665424.055;~oref=https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://5994599.fls.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://5994599.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 30 Jun 2021 18:20:27 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 411
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 / Show response
adservice.google.com/ddm/fls/i/dc_pre=CNyQ_7b8v_ECFYIcBgAdZlUGLA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876534480504.767;~oref=https://2e2d84... Frame EFF3 539 B
484 B 42ms
41ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CNyQ_7b8v_ECFYIcBgAdZlUGLA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876534480504.767;~oref=https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CNyQ_7b8v_ECFYIcBgAdZlUGLA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876534480504.767?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d087cfdd4313df9dc2c7199cfc49ed5a690ceb590d91f0d23af64ddebe22b70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: adservice.google.com
:scheme: https
:path: /ddm/fls/i/dc_pre=CNyQ_7b8v_ECFYIcBgAdZlUGLA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876534480504.767;~oref=https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://5994599.fls.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://5994599.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 30 Jun 2021 18:20:27 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 414
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK hit Show response
diapi.webgains.com/2.0/ Frame 20DC 79 B
374 B 79ms
36ms Script
text/javascript 81.29.72.47
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://diapi.webgains.com/2.0/hit?callback=hitCallback&wgpayload=Fta44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6STpjB9TjQDKMhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt.gEngMQEjZr_WhXTA2s.XTVV26y8GGEDd5ihORoVyFGh8cmvSuCKzIlnY6xljQlpRDuxfTNJxTqRejPm8LKfAaZ4ySy.aPjftckeseSp2qvSTKBdmNOK9I9ecQWNH6N6JDQDJztEqwhMBxEYYdtt_xvtqpI92PIbJlpMpwoNSUC56MnGWpwoNN5uQ32SCVc45W__JeJmdQ_i.uJtHoqvynx9MsFyxYM914Ve_clrKU.0Y.KI.2Zkb9WJMSzKye4yeMrgPuVr914VecL57GY5BNv_urfs.BQn&wgcookie=%7B%22wgifp268155%22%3A%5B%2299582%22%2C%22268155%22%2C%223392355%22%2C%22%22%2C%221625077227%22%2C%22https%253A%252F%252F2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com%252F%22%2C%22%22%2C%22%22%2C%221632853227%22%2C%2297682600134659400710632011641001%22%5D%7D&wgchecksum=9d1c052b8fdc1aa71df55f3218155769&userIP=195.181.174.89&doAffectv=1&wgtime=1625077227
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=3392355&wgcampaignid=99582&viewref=97682600134659400710632011641001&js=1&nw=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.29.72.47 Brixton, United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 81-29-72-47.servers.dedipower.net
Software: Apache /
Resource Hash: 17b47a1ed2cd2e1ec86f4735497e2956eb34be0a66fc20b427148f65c6ebaca5

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 30 Jun 2021 18:20:27 GMT
Server: Apache
Connection: close
Content-Length: 79
Content-Type: text/javascript;charset=utf-8

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame 20DC 160 B
618 B 4303ms
26ms Image
image/jpeg 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=99582&viewref=63274400183135500710776011641017&wglinkid=3392355
Requested by: Host: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
URL: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 6b71d2bd27010cbb01e505314423d9c903230bf4182019eb1ca8016bd2b624a0

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 18:20:31 GMT
Last-Modified: Wed, 30 Jun 2021 18:20:31 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/jpeg
Content-Length: 160
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 654C 59 KB
60 KB 24ms
24ms Script
application/javascript 65.9.77.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=76269700203896600710612011641016&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a91a21b8a5843a8d8fac4d3916d5eb926ea4917b7d27dbee00ae068f4dd9d07e

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 18:39:37 GMT
via: 1.1 6d424430e2badcd8859fea1f1185697a.cloudfront.net (CloudFront)
last-modified: Mon, 28 Jun 2021 16:00:47 GMT
server: AmazonS3
age: 85251
etag: "edfa65aada7c65cbe3a78f39f8444ab3"
x-cache: Hit from cloudfront
x-amz-version-id: 9gxRQLkEbSwlqYx89yHTPWBPBM9yYdWx
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
content-type: application/javascript
content-length: 60765
x-amz-cf-id: O2tNQYi5uz71fvyhr0t9Kl8r5XSQ-2l5CkjlXgyj11U6xGaLIX5m6Q==

GET
H/1.1 200
OK hit Show response
diapi.webgains.com/2.0/ Frame 654C 79 B
374 B 3125ms
39ms Script
text/javascript 81.29.72.47
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://diapi.webgains.com/2.0/hit?callback=hitCallback&wgpayload=Fta44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6STpjB9TjQDKMhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt.gEngMQEjZr_WhXTA2s.XTVV26y8GGEDd5ihORoVyFGh8cmvSuCKzIlnY6xljQlpRDuxfTNJxTqRejPm8LKfAaZ4ySy.aPjftckeseSp2qvSTKBdmNOK9I9ecQWNH6N6JDQDJztEqwhMBxEYYdtt_xvtqpI92PIbJlpMpwoNSUC56MnGWpwoNN5uQ32SCVc45W__JeJmHrAR0odm_dhrxbuJjkWxv5iJ3A0KAGYiey.25.ea.68WDK1civyfxJAxJjjNpp0iJ3A0KFgBFY5BNlrApjMk.6v6&wgcookie=%7B%22wgifp7121%22%3A%5B%2299582%22%2C%227121%22%2C%222513135%22%2C%22%22%2C%221625077227%22%2C%22https%253A%252F%252F2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com%252F%22%2C%22%22%2C%22%22%2C%221632853227%22%2C%2276269700203896600710612011641016%22%5D%7D&wgchecksum=2e044f23e313a5846fda715c0345c464&userIP=195.181.174.89&doAffectv=1&wgtime=1625077227
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=76269700203896600710612011641016&nw=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.29.72.47 Brixton, United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 81-29-72-47.servers.dedipower.net
Software: Apache /
Resource Hash: d1e797c515a409448d82f20dc32e107fdaa19937330cfa859b6233e82cb2312a

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 30 Jun 2021 18:20:30 GMT
Server: Apache
Connection: close
Content-Length: 79
Content-Type: text/javascript;charset=utf-8

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame 654C 3 KB
3 KB 8102ms
25ms Image
image/png 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=99582&viewref=93666700173594800951425011641030&wglinkid=2513135
Requested by: Host: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
URL: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 18:20:35 GMT
Last-Modified: Wed, 30 Jun 2021 18:20:35 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/png
Content-Length: 2808
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK fp_decode.html Show response
track.webgains.com/ Frame 654C 63 B
270 B 44ms
44ms Fetch
application/json 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/fp_decode.html?wgpayload=Fta44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6STpjB9TjQDKMhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt.gEngMQEjZr_WhXTA2s.XTVV26y8GGEDd5ihORoVyFGh8cmvSuCKzIlnY6xljQlpRDuxfTNJxTqRejPm8LKfAaZ4ySy.aPjftckeseSp2qvSTKBdmNOK9I9ecQWNH6N6JDQDJztEqwhMBxEYYdtt_xvtqpI92PIbJlpMpwoNSUC56MnGWpwoNN5uQ32SCVc45W__JeJk.MAR0odm_dhrxbuJjkWxv5iJ3A0KAGYiLy.25.ea.68WDK1civyfxJAxJjjNpp0iJ3A0KFgBFY5BNlrApjMk.9aD
Requested by: Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 84f8704bdc07ab2809b5a9dd028ef0c9e0001bd0b21c32fc06c18231069a581e

Request headers

Accept: application/json
Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 30 Jun 2021 18:20:27 GMT
Server: Apache
Connection: close
Keep-Alive: timeout=1, max=100
Content-Length: 63
Content-Type: application/json

GET
H2 200 / Show response
adservice.google.de/ddm/fls/i/dc_pre=COaS_7b8v_ECFZLn5god9-4Bcw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9175711665424.055;~oref=https://2e2d849... Frame C508 194 B
391 B 42ms
42ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=COaS_7b8v_ECFZLn5god9-4Bcw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9175711665424.055;~oref=https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=COaS_7b8v_ECFZLn5god9-4Bcw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9175711665424.055;~oref=https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: adservice.google.de
:scheme: https
:path: /ddm/fls/i/dc_pre=COaS_7b8v_ECFZLn5god9-4Bcw;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9175711665424.055;~oref=https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://adservice.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://adservice.google.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 30 Jun 2021 18:20:27 GMT
expires: Wed, 30 Jun 2021 18:20:27 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 / Show response
adservice.google.de/ddm/fls/i/dc_pre=CNyQ_7b8v_ECFYIcBgAdZlUGLA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876534480504.767;~oref=https://2e2d849... Frame 7D6F 194 B
242 B 43ms
43ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=CNyQ_7b8v_ECFYIcBgAdZlUGLA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876534480504.767;~oref=https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CNyQ_7b8v_ECFYIcBgAdZlUGLA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876534480504.767;~oref=https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: adservice.google.de
:scheme: https
:path: /ddm/fls/i/dc_pre=CNyQ_7b8v_ECFYIcBgAdZlUGLA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876534480504.767;~oref=https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://adservice.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://adservice.google.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 30 Jun 2021 18:20:27 GMT
expires: Wed, 30 Jun 2021 18:20:27 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 20DC 16 B
232 B 75ms
75ms Fetch
application/json 34.249.16.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.249.16.73 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx / PHP/7.4.19

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 30 Jun 2021 18:20:28 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.19
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 32ms
31ms Preflight 34.249.16.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Server: 34.249.16.73 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 30 Jun 2021 18:20:28 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 654C 16 B
232 B 87ms
86ms Fetch
application/json 34.249.16.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.249.16.73 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx / PHP/7.4.19

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 30 Jun 2021 18:20:28 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.19
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 31ms
31ms Preflight 34.249.16.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Server: 34.249.16.73 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 30 Jun 2021 18:20:28 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS

GET
H/1.1 200
OK viewability Show response
hal90001.redintelligence.net/ Frame E445 0
150 B 35ms
12ms Script
text/html 46.4.10.49
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90001.redintelligence.net/viewability?s=97682600134659400710632011641001&a=0b443e24&vb=v
Requested by: Host: hal90001.redintelligence.net
URL: https://hal90001.redintelligence.net/request_content.php?s=97682600134659400710632011641001&a=d0756dd2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.49.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal90001.redintelligence.net/request_content.php?s=97682600134659400710632011641001&a=d0756dd2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:20:28 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
hal900016.redintelligence.net/ Frame 9C02 0
150 B 1978ms
12ms Script
text/html 138.201.220.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900016.redintelligence.net/viewability?s=76269700203896600710612011641016&a=21c55420&vb=v
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=76269700203896600710612011641016&a=666fdb4d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal900016.redintelligence.net/request_content.php?s=76269700203896600710612011641016&a=666fdb4d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 18:20:30 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK hit Show response
diapi.webgains.com/2.0/ Frame 654C 79 B
374 B 3154ms
38ms Script
text/javascript 81.29.72.47
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://diapi.webgains.com/2.0/hit?callback=hitCallback&wgpayload=Nta44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6STpjB9TjQDKMhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt.gEngMQEjZr_WhXTA2s.XTVV26y8GGEDd5ihORoVyFGh8cmvSuCKzIlnY6xljQlpRDuxfTNJxTqRejPm8LKfAaZ4ySy.aPjftckeseSp2qvSTKBdmNOK9I9ecQWNH6N6JDQDJztEqwhMBxEYYdtt_xvtqpI92PIbJlpMpwoNSUC56MnGWpwoNN5uQ32SCVc45W__Ja5JELtQVD_DJhCizgzH_y3EjNpmVWN9dPBSmajV.lV9dV0mNI_FeAizezK1zI2vqCSFQ_01kKJA237lY5BSmxQpw.7JB&wgcookie=%7B%22wgifp268155%22%3A%5B%2299582%22%2C%22268155%22%2C%223392345%22%2C%22%22%2C%221625077230%22%2C%22https%253A%252F%252F2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com%252F%22%2C%22%22%2C%22%22%2C%221632853230%22%2C%2276269700203896600710612011641016%22%5D%7D&wgchecksum=34784102d5ffbbca1b070a083f021d64&userIP=195.181.174.89&doAffectv=1&wgtime=1625077230
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=3392345&wgcampaignid=99582&viewref=76269700203896600710612011641016&js=1&nw=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.29.72.47 Brixton, United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 81-29-72-47.servers.dedipower.net
Software: Apache /
Resource Hash: d1e797c515a409448d82f20dc32e107fdaa19937330cfa859b6233e82cb2312a

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 30 Jun 2021 18:20:33 GMT
Server: Apache
Connection: close
Content-Length: 79
Content-Type: text/javascript;charset=utf-8

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame 654C 160 B
618 B 5142ms
25ms Image
image/jpeg 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=99582&viewref=81859900145104501051022011641009&wglinkid=3392345
Requested by: Host: 2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
URL: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 6b71d2bd27010cbb01e505314423d9c903230bf4182019eb1ca8016bd2b624a0

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 18:20:35 GMT
Last-Modified: Wed, 30 Jun 2021 18:20:35 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/jpeg
Content-Length: 160
Expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 654C 16 B
232 B 75ms
74ms Fetch
application/json 34.249.16.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.249.16.73 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx / PHP/7.4.19

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 30 Jun 2021 18:20:31 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.19
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 32ms
32ms Preflight 34.249.16.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Server: 34.249.16.73 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 30 Jun 2021 18:20:31 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/cdn/prod/config?src=434bb5e4-3704-4b75-b36c-785a444462bd&u=https%3A%2F%2Fblip.fm%2Fpastabrick6

Verdicts & Comments Add Verdict or Comment

221 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://cdn.jsdelivr.net/npm/vue@2.x/dist/vue.js(Line 9099) Message: Download the Vue Devtools extension for a better development experience: https://github.com/vuejs/vue-devtools
console-api	info	URL: https://cdn.jsdelivr.net/npm/vue@2.x/dist/vue.js(Line 9108) Message: You are running Vue in development mode. Make sure to turn on production mode when deploying for production. See more tips at https://vuejs.org/guide/deployment.html
console-api	error	URL: https://blip.fm/_/js/spotify-api.js(Line 158) Message: Failed to initialize player
console-api	error	URL: https://blip.fm/_/js/spotify-api.js(Line 163) Message: Authentication failed
console-api	log	URL: https://analytics.webgains.io/pvClk.min.js(Line 1) Message: Webgains [object Object]
console-api	log	URL: https://analytics.webgains.io/pvClk.min.js(Line 1) Message: Webgains [object Object]
console-api	log	URL: https://analytics.webgains.io/pvClk.min.js(Line 1) Message: Webgains [object Object]
console-api	log	URL: https://analytics.webgains.io/pvClk.min.js(Line 1) Message: Webgains [object Object]

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2e2d84998ecad30722372c5e10019684.safeframe.googlesyndication.com
5994599.fls.doubleclick.net
ad-server.eu
adservice.google.com
adservice.google.de
adv.office-partner.de
ajax.googleapis.com
analytics.webgains.io
api.spotify.com
api.webgains.io
apresolve.spotify.com
blip.fm
c.amazon-adsystem.com
cdn.ampproject.org
cdn.jsdelivr.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
d1uswytv6491xe.cloudfront.net
diapi.webgains.com
dsum-sec.casalemedia.com
empowerlocal-plugin-js.s3.us-east-2.amazonaws.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal90001.redintelligence.net
hal900016.redintelligence.net
ib.adnxs.com
medialead.de
miro.medium.com
pagead2.googlesyndication.com
pb.media01.eu
pixel.quantserve.com
pv.medialead.de
rules.quantcount.com
s7.addthis.com
sdk.scdn.co
secure.quantserve.com
securepubads.g.doubleclick.net
ssl.google-analytics.com
static.doubleclick.net
stats.g.doubleclick.net
tpc.googlesyndication.com
track.webgains.com
v1.addthisedge.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.youtube.com
z.moatads.com
c.amazon-adsystem.com
13.224.194.70
138.201.220.30
142.250.185.102
145.239.193.130
184.30.24.121
185.33.221.53
2.18.234.21
2.18.235.40
216.58.212.130
216.58.212.162
2600:1901:0:524d::
2600:1901:1:c36::
2600:9000:2104:e200:6:44e3:f8c0:93a1
2606:4700:7::a29f:9804
2606:4700::6810:125e
2620:116:800d:21:5a23:9c4e:e774:96c1
2a00:1450:4001:800::2004
2a00:1450:4001:801::2002
2a00:1450:4001:802::200a
2a00:1450:4001:803::2001
2a00:1450:4001:808::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::200e
2a00:1450:4001:811::200a
2a00:1450:4001:811::200e
2a00:1450:4001:812::2002
2a00:1450:4001:812::2008
2a00:1450:4001:813::2002
2a00:1450:4001:813::2008
2a00:1450:4001:827::2001
2a00:1450:4001:827::2008
2a00:1450:4001:828::2002
2a00:1450:4001:828::200e
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2006
2a00:1450:4001:82f::2001
2a00:1450:4001:831::2003
2a00:1450:400c:c08::9a
2a04:4e42:3::485
2a04:4e42:f::760
2a0b:4d07:101::1
34.249.16.73
46.236.13.147
46.4.10.49
52.219.98.130
54.163.233.121
54.76.176.197
65.9.77.19
65.9.86.127
78.46.111.106
81.29.72.47
88.198.250.30
94.23.99.218
01fec730c5a97395ea727b1eda475fc152fb7e3583fdb24f55fcc5e6ef3f070e
037f3348bdf0f46a31d8c2e88216de74d4bc9bb53c9226e1471a59d5c388f727
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
0684aa7098030225d614dcb0c4f9be8b21273c45b412ef493feb44e5c80a2509
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0f4b08d07ecca9f8fcaf108ea78bb163fc98cfc19a844bd0f87412ab34a41873
10985b0138ee107431b8118e0d8b2efa14439caf69807bf0bde75c96c578f018
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
1279be228b76650c906578a28262aee57088adace7ae847000d6210be757b928
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
17b47a1ed2cd2e1ec86f4735497e2956eb34be0a66fc20b427148f65c6ebaca5
17c3bd5b578cb7f4fccd1ad422794185e0c96b0c68a60756f4b1a72b674972c8
194019b2051c48fa79f179be31c4d707237d5359e3faedcb3ab30d683aa40940
1d14552be6ee4946f37aab45221783569a7de93bf04647d430d36102b4dcd748
1e26892b2736c82171e10cf7325fdc8627423517c96f0e12877de14ed63e8b07
1feda3dc45dfdcb46ec8f8abdafc23f06d4e2d954a864ec9e9e61b857dc8d1e8
1fee0b34c67a3e22047b627896862289225552817e79f658ade465b28c7103e0
2203f34f9a55ef8597ae87870975a2cf56cf9f9b271b29e301ec4c610306eff8
226ec615f0a0c2613591a97914994237cdb908a15558bea6e2746cc9e214a056
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
23e9af9dd850b89baa8d2da06ae1fb06103c5535e7956d3b1100016756cf13d3
29d592e34e3d2c8ca0c55ceafd75940de79cdb6381d8ceb372d226e7820e7220
29fbcd298fc07c75ac9e05bb8e7d3697374acf0485061bb8364695c4e1082de6
33aed9d6dfd89dc1b80f590d08b897c4e52ba9cfb09fe73a0b5836b2dfc90308
35e9144015046c3d25f20ddbd1f3036306891c441a18343c1d1e2da6ff3c2bd1
3799840e4c9f8f842d29bd32da3ca39fc7cb1f5adf069126c37c996434f64e41
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
396e92552e8ff284f6e204090bc222578d5a1a6ec0f92ccf31ed5978606784b4
3983c27985f9ae67aed69d7ca6a82a682a7095df30b8d8253014de0f4ee97427
3b4770947c9e1449eefa34fbbfe7e9c9d4d843503b37f87153cdd7864b8dc15a
3c00d50d6046dfc2e2a7de2a5a177d35e11b708fe9fc93f966c0d28a304ab485
3debfa0aadc0f7951dbf335ad2cc96b5ed01567d09b5f7d991471a9ada6c7516
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
400f59f491fa26d4f9c4d225a463182a7adc87bf37e06850558f24b1bad211d3
41d6e3b9d0f24eed6d98bc3b748a97bc946b85e7edd2f17967026eb6406326fc
43fd3d250066576810ef71a65960f8c788f0b41ef832c92a58265290f3d87128
4545eb1dec25fe868d19dc292d417d8a9e41c0276d75a4eaf524a9db21aa705a
48e3099656f79d817efb82ddf0fe74874310a71d97103795f86ee1712f84f95c
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b6a2b0fd27801f153917af3d6558094fd0e76f7e08e21e78b45b0343362d3d6
4b6c4dd2186139cfe5da8627cbd85b7f54e8b4d84164a4f98af88427c6ebb5e0
4c1c7ec93cf2e50e092a70c71a3c3c18da6e8030d1667dcf248ad9245f12a41f
4cf8b4da854cac70fb514c2d255e93904353bda1fcc7229de2f59d5971d83028
4db8af548255ad1270380918e096b18fddd5b984f95fd4862f18575f8267162f
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51849fb8f2b161981d2a508c4e58503a0a752c6bbac592a742d92efdb1c378c6
5345a3bf0a85143d337b572e4cea04e8705eb606e47611d54a7c1e1f6242308a
535c476ba5e9e1ab4f2f1667a0415e148f5f8f44a5957c2e78cc705bf406d389
598a6c545ec2b27cf7388041cb424a0f4ecc1884dc06e37781b927fbd3cd58fd
5d087cfdd4313df9dc2c7199cfc49ed5a690ceb590d91f0d23af64ddebe22b70
67f2b0a60f37796c436ea0d9f947a22cb196312a87705d10069b65acc2993f01
69b75483b270421e1a89426dd59387ba090772313561c3e9fa415396a78e8936
6b421fb7e8f30a2a32cd5b7b3c25d6fc65cbd0de8fd1390bce145896300d6980
6b71d2bd27010cbb01e505314423d9c903230bf4182019eb1ca8016bd2b624a0
6c2baf904f2fb07ea3ed80ec47e4b7273fe454b46113b1f0574babab9e8218b3
6c583658a214486da5662d7c13e3614752d4fd5b2eb8501feedf185b9f0805fa
7152e4a01105884c7ff4422626f35c48c86614b31b35eab17c48ed35c21ee50a
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
7ab7813b063dff1c218123137182af775baab815a9a9950a3095e9913597d2df
7ae7715773eb9e65b5645c463396217b826fa0cc510400e414f21568a57481a3
82e2d5fd2ae7a2dfb049133d30a1c14aa65ddacffd138a73921f2994766c3324
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8389ab2ff25b494852f8aa7c6972c69140ffb4f74ad5fb5f030d6ed3a1160359
841351c61827b0f259159c9fde6a52f50cf3cb43b64b0407bb64a4da2ed2101d
84f8704bdc07ab2809b5a9dd028ef0c9e0001bd0b21c32fc06c18231069a581e
863e7d2c37417b268dcfbeb4430cccad660050490c6d66f2d657370df21c5b06
88c003ca3b8264aa64112d6c7ebe5a82011b6041c24460dbea7a31d3bfafee34
932060b34fe451f1cb994f3da257f6d2d0f281e1e286e9f3f0e2da63e862fec6
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20
9585f9660d61236506d8fe0d442168949a866c238ee7fe8c5f32b0aec2b29d71
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a029ad1de22249db15e4a05e5e168cf70b256ce05cdef7f7e7927c2df030f57b
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a17d4e558f6c423dff315fe4b14cf6b35bbb0a25e820ff5726bcd325cf0c4b5b
a24c9b19cd79b37cf333496fe12926c2d8ec2ac2136ae367aec6bdc9f8cfb719
a41a97e036c40bd6d31118912e9f1770032b5e649673e52a52b5f8079cae25be
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a74acb7a696191bfe5e2819a4bac32c071a0302e63413044e4f6b4e396d5e6d5
a91a21b8a5843a8d8fac4d3916d5eb926ea4917b7d27dbee00ae068f4dd9d07e
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
ad6c03b014c238c864d168340a81b0249fb963c060c336b5a85868da5efd6a3f
ae6e79fcd093e4a8968d1ebc25b12f74f12503794384e0de7598761261c01f70
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3d07bd62da73385f67aa7d09c598bade0243347339334c81763124a803dbaf7
b75495ef8f447cb7bbcc3918eb567a2139187fa373469dde8a25c311d3f9d187
b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8
b8674b34db95e2ad3c3eb7b55039fede3957c6c961df57348c51188c9edd0216
bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012
bbf7650c0f23f5956a3401c747b0fa3af71bc37a44e3c5e48579b5aa1740c4db
bce13c2a268eda008ffa6b4e48b203013d016750e3bdb46776105f74c04e1287
c04e372715cffbc60a3f59d89c6ba50bb9f8adbc36c2e75cbd155f4ae1a911e8
c0e57c534e7fce5e66fb419c269b97d436385a2c69b9f508edf480ef60dedf91
c17b685da1489972015458736902ba24a4e83536cb581d1262b810faac01a002
c6316846b9bd6c2893d7cad544c23901a4785599d36576d0ab02bd84d853eed8
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
c971ec4829376335946d1beaa191f2c64a48e8954b422dea372c2d9029177b9b
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cd0763d3b49747aaacedd4874ec5764c5ef26ad0733a6c14c8835893c699cc36
d01cf1560095bc641f7a2bae61ddb095164241b06e9c3ef40e249c1f3261429c
d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa
d1e797c515a409448d82f20dc32e107fdaa19937330cfa859b6233e82cb2312a
d2d83fb413d6990a7cee7e66140ccefe79ad15d28b56f4ba96e42de1e7351b3b
d328e59e06cf56740aa92089470c256ed33b84ee20721b73a6d65f1b890fc49f
d64d3eef147691fcce8235a94b9e2a93f5829a14435f434bc9d91f328065ba9a
d770749019637859894001e3ce01057cc47b89c89f5afe98f1c6d0aaf9a4648d
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d975a9e858b8e9e5e002e83f34e7fa4662f5f12e17e4d30aac25abb063dc0e79
dae99faa031521260cbe94595aed271655e1be2dcf7ef00f9584e565de9e3e1b
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
dec6a0b276c15b010acbbc7c201810712d7b9f7217308225174dfdeda5d4f6e0
e0a33668aff9c9594385fb20caada686d5b769206a8b516d0e6410fce2e0258f
e28463622bc695d9d5b808ef0c18b6237b829a42a3f5301c8e1766c1191571c2
e2f5a99d439c1d7bc8cd4e02f39d77d0dab1eba4e1fae40d3fc5d06ac3aaf1ea
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4a54349dc54879fad8d1567c0dbaad10d67553f8d1c190f3939e46b434c6e9a
e6d76a2dedcc68e2317925b345474a47ee6294694ded93655ee3d69559a4a583
ebd68c66e5094b2751d1d9e93064b572a47ea588baa96b6cf5d12a3d147ee03b
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309
f78d09fc4727cc1fc4f7e9e4cd3e49ba64e314bbbe1375634174bf22af3f2a07
f852dfebba4af97add777a1d789b4739164d6cc93aa34db2c463141a5c3f4d09
ff7bf0e46bc638dc36c28fd98b218a1983bc2badd30cbed318de10c270f66ec1

blip.fm Open in urlscan Pro 54.163.233.121 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

193 Requests

99 %HTTPS

58 %IPv6

34 Domains

52 Subdomains

51 IPs

8 Countries

3093 kBTransfer

8463 kBSize

0 Cookies

2 Outgoing links

Redirected requests

193 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

blip.fm Open in urlscan Pro
54.163.233.121 Public Scan

Screenshot
Live screenshot

Full Image

193
Requests

99 %
HTTPS

58 %
IPv6

34
Domains

52
Subdomains

51
IPs

8
Countries

3093 kB
Transfer

8463 kB
Size

0
Cookies

193 HTTP transactions
2 data transactions