www.onworks.net Open in urlscan Pro
2606:4700:20::681a:caa Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.onworks.net/playonline/index.php
Effective URL:
https://www.onworks.net/onworkssession.php
Submission: On October 08 via manual (October 8th 2024, 12:43:38 pm UTC) from TN — Scanned from CA

Summary HTTP 345 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 51 IPs in 5 countries across 50 domains to perform 345 HTTP transactions. The main IP is 2606:4700:20::681a:caa, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.onworks.net. The Cisco Umbrella rank of the primary domain is 283185.
TLS certificate: Issued by WE1 on September 4th 2024. Valid for: 3 months.

This is the only time www.onworks.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 13	2606:4700:20:... 2606:4700:20::681a:caa	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a02:c206:220... 2a02:c206:2202:9398::1	51167 (CONTABO) (CONTABO)
20	2a02:c206:221... 2a02:c206:2217:8560::1	51167 (CONTABO) (CONTABO)
2	2607:f8b0:400... 2607:f8b0:400d:c04::61	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:400d:c07::5e	15169 (GOOGLE) (GOOGLE)
9	2606:4700::68... 2606:4700::6812:1f31	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4004:c06::8a	15169 (GOOGLE) (GOOGLE)
6	2607:f8b0:400... 2607:f8b0:400d:c1d::9c	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
6	2607:f8b0:400... 2607:f8b0:400d:c03::9a	15169 (GOOGLE) (GOOGLE)
3	2620:100:a00b... 2620:100:a00b::12	19750 (AS-CRITEO) (AS-CRITEO)
18	3.171.139.122 3.171.139.122	16509 (AMAZON-02) (AMAZON-02)
6	2a04:4e42::485 2a04:4e42::485	54113 (FASTLY) (FASTLY)
12	162.19.138.119 162.19.138.119	16276 (OVH) (OVH)
12	2606:4700:20:... 2606:4700:20::ac43:4bf1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	104.26.8.178 104.26.8.178	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	185.167.164.52 185.167.164.52	198622 (ADFORM) (ADFORM)
6	147.28.129.37 147.28.129.37	54825 (PACKET) (PACKET)
6	2606:ae80:145... 2606:ae80:1451:22::820	25751 (VALUECLICK) (VALUECLICK)
6	216.22.16.49 216.22.16.49	30633 (LEASEWEB-...) (LEASEWEB-USA-WDC)
6	2620:100:a00b... 2620:100:a00b::30	19750 (AS-CRITEO) (AS-CRITEO)
6	107.22.180.23 107.22.180.23	14618 (AMAZON-AES) (AMAZON-AES)
6	2606:4700:440... 2606:4700:4400::6812:22b2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 8	68.67.160.184 68.67.160.184	29990 (ASN-APPNEX) (ASN-APPNEX)
6	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
6	185.106.140.18 185.106.140.18	7979 (SERVERS-COM) (SERVERS-COM)
1	2606:4700::68... 2606:4700::6812:1691	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	162.19.138.118 162.19.138.118	16276 (OVH) (OVH)
1	23.21.219.138 23.21.219.138	14618 (AMAZON-AES) (AMAZON-AES)
9	2607:f8b0:400... 2607:f8b0:4004:c08::9c	15169 (GOOGLE) (GOOGLE)
6	2607:f8b0:400... 2607:f8b0:4004:c08::84	15169 (GOOGLE) (GOOGLE)
12	2620:100:a00b::4 2620:100:a00b::4	19750 (AS-CRITEO) (AS-CRITEO)
5 6	37.157.6.237 37.157.6.237	198622 (ADFORM) (ADFORM)
4	18.211.45.190 18.211.45.190	14618 (AMAZON-AES) (AMAZON-AES)
6 6	23.105.14.100 23.105.14.100	30633 (LEASEWEB-...) (LEASEWEB-USA-WDC)
2	23.105.12.143 23.105.12.143	30633 (LEASEWEB-...) (LEASEWEB-USA-WDC)
5	2607:f8b0:400... 2607:f8b0:4004:c0b::84	15169 (GOOGLE) (GOOGLE)
16	52.223.22.214 52.223.22.214	() ()
3 9	172.98.26.246 172.98.26.246	() ()
1	51.222.39.186 51.222.39.186	() ()
2 2	96.7.19.48 96.7.19.48	() ()
2	23.55.205.215 23.55.205.215	() ()
1 1	67.202.105.24 67.202.105.24	32748 (STEADFAST) (STEADFAST)
1 1	67.202.105.31 67.202.105.31	() ()
1	67.202.105.33 67.202.105.33	() ()
6	147.28.146.89 147.28.146.89	() ()
6	151.101.65.108 151.101.65.108	() ()
6	2606:4700:303... 2606:4700:3035::6815:30d7	() ()
4 4	69.194.240.13 69.194.240.13	() ()
3 3	2620:112:f008... 2620:112:f008:200::101	() ()
5 24	216.22.16.9 216.22.16.9	() ()
4	51.222.241.100 51.222.241.100	() ()
2 4	151.101.130.49 151.101.130.49	() ()
1 1	216.200.232.253 216.200.232.253	() ()
3 3	2600:9000:284... 2600:9000:2840:e200:1b:5138:8a40:93a1	() ()
3 3	185.167.164.39 185.167.164.39	() ()
1 1	74.214.194.131 74.214.194.131	() ()
1 1	34.96.71.22 34.96.71.22	() ()
1 1	8.28.7.81 8.28.7.81	() ()
1 2	54.224.103.108 54.224.103.108	() ()
1 1	2620:116:800b... 2620:116:800b:21:a021:b886:81cc:55cf	() ()
1 1	64.202.112.63 64.202.112.63	() ()
2	98.82.49.249 98.82.49.249	() ()
1 1	80.77.87.163 80.77.87.163	() ()
1	23.220.140.208 23.220.140.208	() ()
345	51

13 2606:4700:20::681a:caa (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.onworks.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:c206:2202:9398::1 (Düsseldorf, Germany)

ASN51167 (CONTABO, DE)

downloads.uptoplay.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a02:c206:2217:8560::1 (Düsseldorf, Germany)

ASN51167 (CONTABO, DE)

stream.onworks.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.onworks.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:400d:c04::61 (Morganton, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:400d:c07::5e (Morganton, United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6812:1f31 (United States)

ASN13335 (CLOUDFLARENET, US)

stpd.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c06::8a (Washington, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:400d:c1d::9c (Morganton, United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:400d:c03::9a (Morganton, United States)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:100:a00b::12 (United States)

ASN19750 (AS-CRITEO, US)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 3.171.139.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-171-139-122.jfk52.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 162.19.138.119 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533570.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700:20::ac43:4bf1 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 104.26.8.178 (None, )

ASN13335 (CLOUDFLARENET, US)

prebid-stag.setupad.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.167.164.52 (Denmark)

ASN198622 (ADFORM, DK)

adx2.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 147.28.129.37 (Ashburn, United States)

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:ae80:1451:22::820 (United States)

ASN25751 (VALUECLICK, US)

web.hb.ad.cpe.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 216.22.16.49 (Manassas, United States)

ASN30633 (LEASEWEB-USA-WDC, US)

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:100:a00b::30 (United States)

ASN19750 (AS-CRITEO, US)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 107.22.180.23 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-22-180-23.compute-1.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:4400::6812:22b2 (United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 68.67.160.184 (Colonia, United States) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, CY)
PTR: ip-185-184-8-90.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.106.140.18 (Netherlands)

ASN7979 (SERVERS-COM, US)

rtb.adxpremium.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1691 (United States)

ASN13335 (CLOUDFLARENET, US)

cadmus.script.ac	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 162.19.138.118 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533569.ip-162-19-138.eu

lb.eu-1-id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.21.219.138 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-21-219-138.compute-1.amazonaws.com

1x1.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2607:f8b0:4004:c08::9c (Washington, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4004:c08::84 (Washington, United States)

ASN15169 (GOOGLE, US)

78f2b2ba7cc9a97790316455cc353d46.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
73b1b441d5ec8fd6214674ef4bf3f201.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
89779d4c66cc9b079384e6f80d961ffc.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
e2150ba3f730e7b92f78b8fa68990e59.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c0bac51ae654068e113256cdd860875d.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
2bcb5971552bb1856828998e6214d35c.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2620:100:a00b::4 (United States)

ASN19750 (AS-CRITEO, US)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 37.157.6.237 (Denmark) 5 redirects

ASN198622 (ADFORM, DK)

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.211.45.190 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-211-45-190.compute-1.amazonaws.com

pbs-cs.yellowblue.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.105.14.100 (Manassas, United States) 6 redirects

ASN30633 (LEASEWEB-USA-WDC, US)
PTR: 23.105.14.100.rdns.racklot.com

ssbsync-global.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.105.12.143 (Manassas, United States)

ASN30633 (LEASEWEB-USA-WDC, US)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4004:c0b::84 (Washington, United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 52.223.22.214 (None, )

ASN- ()

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 172.98.26.246 (None, ) 3 redirects

ASN- ()

ads.us.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.222.39.186 (None, )

ASN- ()

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 96.7.19.48 (None, ) 2 redirects

ASN- ()

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.55.205.215 (None, )

ASN- ()

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.24 (United States) 1 redirects

ASN32748 (STEADFAST, US)
PTR: ip24.67-202-105.static.steadfastdns.net

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.31 (None, ) 1 redirects

ASN- ()

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.33 (None, )

ASN- ()

hde.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 147.28.146.89 (None, )

ASN- ()

sync.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.65.108 (None, )

ASN- ()

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3035::6815:30d7 (None, )

ASN- ()

adxbid.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.194.240.13 (None, ) 4 redirects

ASN- ()

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:112:f008:200::101 (None, ) 3 redirects

ASN- ()

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 216.22.16.9 (None, ) 5 redirects

ASN- ()

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 51.222.241.100 (None, )

ASN- ()

wt.rqtrk.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.130.49 (None, ) 2 redirects

ASN- ()

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.200.232.253 (None, ) 1 redirects

ASN- ()

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2840:e200:1b:5138:8a40:93a1 (None, ) 3 redirects

ASN- ()

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.167.164.39 (None, ) 3 redirects

ASN- ()

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.214.194.131 (None, ) 1 redirects

ASN- ()

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.71.22 (None, ) 1 redirects

ASN- ()

s.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.28.7.81 (None, ) 1 redirects

ASN- ()

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.224.103.108 (None, ) 1 redirects

ASN- ()

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800b:21:a021:b886:81cc:55cf (None, ) 1 redirects

ASN- ()

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.202.112.63 (None, ) 1 redirects

ASN- ()

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 98.82.49.249 (None, )

ASN- ()

ms-cookie-sync.presage.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.77.87.163 (None, ) 1 redirects

ASN- ()

cs.admanmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.220.140.208 (None, )

ASN- ()

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
38	smartadserver.com 11 redirects prg.smartadserver.com — Cisco Umbrella Rank: 1960 ssbsync-global.smartadserver.com — Cisco Umbrella Rank: 1767 ssbsync.smartadserver.com — Cisco Umbrella Rank: 748 rtb-csync.smartadserver.com	75 KB
33	onworks.net 1 redirects www.onworks.net — Cisco Umbrella Rank: 283185 stream.onworks.net images.onworks.net	105 KB
22	3lift.com tlx.3lift.com — Cisco Umbrella Rank: 535 eb2.3lift.com Failed	39 KB
22	setupad.net prebid-stag.setupad.net — Cisco Umbrella Rank: 53378	44 KB
20	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 116 78f2b2ba7cc9a97790316455cc353d46.safeframe.googlesyndication.com 73b1b441d5ec8fd6214674ef4bf3f201.safeframe.googlesyndication.com 89779d4c66cc9b079384e6f80d961ffc.safeframe.googlesyndication.com e2150ba3f730e7b92f78b8fa68990e59.safeframe.googlesyndication.com c0bac51ae654068e113256cdd860875d.safeframe.googlesyndication.com 2bcb5971552bb1856828998e6214d35c.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 163	111 KB
18	4dex.io script.4dex.io — Cisco Umbrella Rank: 3596 mp.4dex.io — Cisco Umbrella Rank: 3227	54 KB
18	adlightning.com tagan.adlightning.com — Cisco Umbrella Rank: 2602	98 KB
15	adform.net 8 redirects adx2.adform.net — Cisco Umbrella Rank: 17012 cm.adform.net — Cisco Umbrella Rank: 1528 c1.adform.net	16 KB
14	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 267 acdn.adnxs.com secure.adnxs.com	31 KB
13	a-mo.net prebid.a-mo.net — Cisco Umbrella Rank: 777 1x1.a-mo.net — Cisco Umbrella Rank: 3298 sync.a-mo.net	21 KB
12	criteo.net static.criteo.net — Cisco Umbrella Rank: 776	31 KB
12	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 522	9 KB
9	e-planning.net 3 redirects ads.us.e-planning.net	1 KB
9	criteo.com gum.criteo.com — Cisco Umbrella Rank: 461 bidder.criteo.com — Cisco Umbrella Rank: 745	50 KB
9	stpd.cloud stpd.cloud — Cisco Umbrella Rank: 49176	771 KB
6	adxbid.info adxbid.info
6	eu-1-id5-sync.com lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 917	2 KB
6	adxpremium.services rtb.adxpremium.services — Cisco Umbrella Rank: 22603	14 KB
6	creativecdn.com prebid-eu.creativecdn.com — Cisco Umbrella Rank: 8337	1 KB
6	dotomi.com web.hb.ad.cpe.dotomi.com — Cisco Umbrella Rank: 4379	1 KB
6	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 311	1 KB
6	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 215	149 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 307	33 KB
5	uptoplay.net downloads.uptoplay.net	94 KB
4	everesttech.net 2 redirects sync-tm.everesttech.net	1 KB
4	rqtrk.eu wt.rqtrk.eu	748 B
4	rubiconproject.com 2 redirects secure-assets.rubiconproject.com eus.rubiconproject.com	137 B
4	yellowblue.io pbs-cs.yellowblue.io — Cisco Umbrella Rank: 4668
3	smaato.net 3 redirects s.ad.smaato.net	1 KB
3	turn.com 3 redirects ad.turn.com	1 KB
3	1rx.io 3 redirects sync.1rx.io	2 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 34 region1.google-analytics.com — Cisco Umbrella Rank: 3643	22 KB
2	presage.io ms-cookie-sync.presage.io	339 B
2	sharethrough.com 1 redirects match.sharethrough.com	667 B
2	pubmatic.com 1 redirects image6.pubmatic.com ads.pubmatic.com	270 B
2	tynt.com de.tynt.com Failed hde.tynt.com	650 B
2	gstatic.com www.gstatic.com	22 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	168 KB
1	admanmedia.com 1 redirects cs.admanmedia.com	630 B
1	zemanta.com 1 redirects b1sync.zemanta.com	608 B
1	quantserve.com 1 redirects cms.quantserve.com	322 B
1	company-target.com 1 redirects s.company-target.com	651 B
1	contextweb.com 1 redirects bh.contextweb.com	1 KB
1	mathtag.com 1 redirects sync.mathtag.com	770 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	501 B
1	33across.com 1 redirects ssc-cms.33across.com — Cisco Umbrella Rank: 902	578 B
1	onetag-sys.com onetag-sys.com
1	script.ac cadmus.script.ac — Cisco Umbrella Rank: 1583	239 B
0	casalemedia.com Failed ssum-sec.casalemedia.com Failed
0	setupad.com Failed node.setupad.com Failed
345	50

	Domain	Requested by
24	rtb-csync.smartadserver.com	5 redirects
22	prebid-stag.setupad.net	www.onworks.net
18	tagan.adlightning.com	www.onworks.net tagan.adlightning.com
16	eb2.3lift.com	www.onworks.net
14	stream.onworks.net	www.onworks.net
13	www.onworks.net	1 redirects www.onworks.net
12	static.criteo.net	www.onworks.net static.criteo.net
12	script.4dex.io	www.onworks.net script.4dex.io
12	id5-sync.com	www.onworks.net
9	ads.us.e-planning.net	3 redirects www.onworks.net
9	pagead2.googlesyndication.com	securepubads.g.doubleclick.net
9	stpd.cloud	www.onworks.net stpd.cloud
6	adxbid.info	www.onworks.net
6	acdn.adnxs.com	www.onworks.net
6	sync.a-mo.net	www.onworks.net
6	ssbsync-global.smartadserver.com	6 redirects
6	cm.adform.net	5 redirects www.onworks.net
6	lb.eu-1-id5-sync.com	www.onworks.net
6	rtb.adxpremium.services	www.onworks.net
6	prebid-eu.creativecdn.com	www.onworks.net
6	ib.adnxs.com	www.onworks.net
6	mp.4dex.io	www.onworks.net
6	tlx.3lift.com	www.onworks.net
6	bidder.criteo.com	www.onworks.net
6	prg.smartadserver.com	www.onworks.net
6	web.hb.ad.cpe.dotomi.com	www.onworks.net
6	prebid.a-mo.net	www.onworks.net
6	adx2.adform.net	www.onworks.net
6	cdn.jsdelivr.net	www.onworks.net
6	securepubads.g.doubleclick.net	www.googletagservices.com
6	www.googletagservices.com	stpd.cloud
6	images.onworks.net	www.onworks.net
5	tpc.googlesyndication.com	tagan.adlightning.com
5	downloads.uptoplay.net	www.onworks.net
4	sync-tm.everesttech.net	2 redirects
4	wt.rqtrk.eu
4	pbs-cs.yellowblue.io	www.onworks.net
3	c1.adform.net	3 redirects
3	s.ad.smaato.net	3 redirects
3	ad.turn.com	3 redirects
3	sync.1rx.io	3 redirects
3	gum.criteo.com	www.onworks.net
2	ms-cookie-sync.presage.io	www.onworks.net
2	secure.adnxs.com	2 redirects
2	match.sharethrough.com	1 redirects
2	eus.rubiconproject.com	www.onworks.net
2	secure-assets.rubiconproject.com	2 redirects
2	ssbsync.smartadserver.com	www.onworks.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.gstatic.com	www.onworks.net
2	www.googletagmanager.com	www.onworks.net www.googletagmanager.com
1	ads.pubmatic.com	www.onworks.net
1	cs.admanmedia.com	1 redirects
1	b1sync.zemanta.com	1 redirects
1	cms.quantserve.com	1 redirects
1	image6.pubmatic.com	1 redirects
1	s.company-target.com	1 redirects
1	bh.contextweb.com	1 redirects
1	sync.mathtag.com	1 redirects
1	sync.targeting.unrulymedia.com	1 redirects
1	hde.tynt.com	www.onworks.net
1	ssc-cms.33across.com	1 redirects
1	onetag-sys.com	www.onworks.net
1	de.tynt.com	www.onworks.net
1	2bcb5971552bb1856828998e6214d35c.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	c0bac51ae654068e113256cdd860875d.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	e2150ba3f730e7b92f78b8fa68990e59.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	89779d4c66cc9b079384e6f80d961ffc.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	73b1b441d5ec8fd6214674ef4bf3f201.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	78f2b2ba7cc9a97790316455cc353d46.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	1x1.a-mo.net	www.onworks.net
1	cadmus.script.ac	tagan.adlightning.com
1	region1.google-analytics.com	www.googletagmanager.com
0	ssum-sec.casalemedia.com Failed	www.onworks.net
0	node.setupad.com Failed	www.onworks.net
345	75

This site contains links to these domains. Also see Links.

Domain
www.megadisk.net
chromewebstore.google.com
www.facebook.com
twitter.com
instagram.com
www.youtube.com
www.linkedin.com
www.offidocs.com
www.apkonline.net
www.uptoplay.net
www.offilive.com
www.redcoolmedia.net

Subject Issuer	Validity	Valid
onworks.net WE1	`2024-09-04` - `2024-12-03`	3 months	crt.sh
uptoplay.net R10	`2024-09-18` - `2024-12-17`	3 months	crt.sh
*.google-analytics.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.gstatic.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
stpd.cloud WE1	`2024-09-06` - `2024-12-05`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-09-24` - `2024-12-25`	3 months	crt.sh
*.adlightning.com Amazon RSA 2048 M02	`2024-07-30` - `2025-08-27`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
*.id5-sync.com E5	`2024-09-01` - `2024-11-30`	3 months	crt.sh
script.4dex.io WE1	`2024-09-21` - `2024-12-21`	3 months	crt.sh
setupad.net WE1	`2024-09-04` - `2024-12-03`	3 months	crt.sh
track.adform.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-09-03` - `2025-09-24`	a year	crt.sh
*.a-mo.net R11	`2024-09-02` - `2024-12-01`	3 months	crt.sh
ad.cpe.dotomi.com GlobalSign RSA OV SSL CA 2018	`2024-06-17` - `2025-07-19`	a year	crt.sh
*.smartadserver.com DigiCert Global G3 TLS ECC SHA384 2020 CA1	`2024-01-17` - `2025-01-16`	a year	crt.sh
*.3lift.com Amazon RSA 2048 M02	`2024-03-13` - `2025-04-10`	a year	crt.sh
mp.4dex.io WE1	`2024-08-29` - `2024-11-27`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
*.creativecdn.com RapidSSL TLS RSA CA G1	`2024-04-05` - `2025-04-30`	a year	crt.sh
*.adxpremium.services Sectigo RSA Domain Validation Secure Server CA	`2024-07-30` - `2025-08-05`	a year	crt.sh
script.ac E6	`2024-08-21` - `2024-11-19`	3 months	crt.sh
*.eu-1-id5-sync.com R10	`2024-09-01` - `2024-11-30`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-09-24` - `2024-12-21`	3 months	crt.sh
*.adform.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-27` - `2025-06-18`	a year	crt.sh
*.yellowblue.io Amazon ECDSA 256 M03	`2024-03-18` - `2025-04-16`	a year	crt.sh
tpc.googlesyndication.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
ads.us.e-planning.net R11	`2024-08-31` - `2024-11-29`	3 months	crt.sh
*.onetag-sys.com DigiCert Global G3 TLS ECC SHA384 2020 CA1	`2024-01-23` - `2025-01-29`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2024-07-30` - `2025-04-03`	8 months	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2024-09-05` - `2025-09-30`	a year	crt.sh
cdn.adnxs.com GeoTrust TLS RSA CA G1	`2024-04-08` - `2025-05-09`	a year	crt.sh
adxbid.info WE1	`2024-09-25` - `2024-12-24`	3 months	crt.sh
*.prod.cloud.ogury.io E6	`2024-10-03` - `2025-01-01`	3 months	crt.sh
*.pubmatic.com DigiCert TLS RSA SHA256 2020 CA1	`2023-11-26` - `2024-11-26`	a year	crt.sh

This page contains 74 frames:

Primary Page: https://www.onworks.net/onworkssession.php
Frame ID: 6F12284CB0A926A3E1688E3A62A50B7D
Requests: 54 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: FFC6E1E98B7344F46516BEEA70D8F2FC
Requests: 38 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: B08164FB9F26F15201D70EDC70DCF61F
Requests: 39 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: 02743FE4C8348C5DABE6F72ED8DD9722
Requests: 37 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: CDAEB0742F9DDF906509B3330F793F31
Requests: 35 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: 4FD2127BC01F3222EA49442A07953400
Requests: 36 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: AEE8FE9E3E6B4F03E22FF819AEE01C8B
Requests: 36 HTTP requests in this frame

Frame: https://78f2b2ba7cc9a97790316455cc353d46.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 7A951450030C7E5C0600BFDC22605756
Requests: 1 HTTP requests in this frame

Frame: https://73b1b441d5ec8fd6214674ef4bf3f201.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 3D90F3D93ABE50158BADB9F9D8208FE5
Requests: 1 HTTP requests in this frame

Frame: https://89779d4c66cc9b079384e6f80d961ffc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: FB11A0CF66733F91036053F6DC1F8344
Requests: 1 HTTP requests in this frame

Frame: https://e2150ba3f730e7b92f78b8fa68990e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 44B66CB377CDE924BDFDB6CA887738D4
Requests: 1 HTTP requests in this frame

Frame: https://pbs-cs.yellowblue.io/pbs-iframe?gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Drise%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BPBS_UID%5D
Frame ID: B21A8CF8311070BC2A603137C628374C
Requests: 1 HTTP requests in this frame

Frame: https://pbs-cs.yellowblue.io/pbs-iframe?gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Drise%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BPBS_UID%5D
Frame ID: 1C941A8F7A1B19EF3B1DE58415F1D11B
Requests: 1 HTTP requests in this frame

Frame: https://c0bac51ae654068e113256cdd860875d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 5FB32690FC8B4EF070831911BD92B886
Requests: 1 HTTP requests in this frame

Frame: https://2bcb5971552bb1856828998e6214d35c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: FCC9D6DCB2245CEC72577FB08062D768
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=43&gdpr=0&gdpr_consent=
Frame ID: E934F1BB116AA5F22FCE4934889A17CD
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26it%3Dadg-pb-clt%26uid%3D33XUSERID33X
Frame ID: 4C0D8668941AF3D62948AD15CD0B119C
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: 4CE0986BF26E85CA19336F674EF7B6A2
Requests: 1 HTTP requests in this frame

Frame: https://pbs-cs.yellowblue.io/pbs-iframe?gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Drise%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BPBS_UID%5D
Frame ID: DD44334363F1AE55B6C3CEDA56D06B83
Requests: 1 HTTP requests in this frame

Frame: https://pbs-cs.yellowblue.io/pbs-iframe?gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Drise%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BPBS_UID%5D
Frame ID: FDFD69AC9168460EEA58935CA6A102A5
Requests: 1 HTTP requests in this frame

Frame: https://tagan.adlightning.com/setupad/b-904ac2d-53355591.js
Frame ID: 68FA55C232A5286D73CE02AED9FA2862
Requests: 1 HTTP requests in this frame

Frame: https://tagan.adlightning.com/setupad/b-904ac2d-53355591.js
Frame ID: 210D17833C74898CCFF064A506F8DA31
Requests: 1 HTTP requests in this frame

Frame: https://tagan.adlightning.com/setupad/b-904ac2d-53355591.js
Frame ID: AB18026EAD71A2D00A0AB79A6E13878C
Requests: 1 HTTP requests in this frame

Frame: https://tagan.adlightning.com/setupad/b-904ac2d-53355591.js
Frame ID: 2F4C24DBFCA0D19510D9415D7BBBE294
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: 20784DDD7752C555C58CAD9A7DE7AFFF
Requests: 1 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: 98B2231BA9793C9273B49D7C27F55718
Requests: 1 HTTP requests in this frame

Frame: https://pbs-cs.yellowblue.io/pbs-iframe?gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Drise%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BPBS_UID%5D
Frame ID: A3D215BB98D943B3E0842AB7305460A2
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=6b859b96c564fbe&gdpr=0&gdpr_consent=&us_privacy=
Frame ID: 355C91077424DABCBC459368726A35B9
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=onfocus&endpoint=us-west
Frame ID: 28086A8A3B450B58DF6BB288A9BBF4D3
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/232/runner.html
Frame ID: 3D61965037399EBE4B8E2209DE110B0B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/232/runner.html
Frame ID: C6AA5D2CAF2C8528CE669756500BE716
Requests: 1 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: 63FF024FA4A4A6FA14520C0D73B9479A
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: 55BDEB69F1D49AA5CB0D3C9DD3B9A15E
Requests: 1 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: 7CA506C85C7DFD2DAB22F54B031F8E55
Requests: 1 HTTP requests in this frame

Frame: https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26it%3Dadg-pb-clt%26uid%3D33XUSERID33X&b=1
Frame ID: 37C679F3B06058DFACA89FC67EEE3EC0
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=43&gdpr=0&gdpr_consent=
Frame ID: 0EEA1D63DD6FC3C6EA2E273E0A13013A
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: 4373B94E56A77737965053953180FBC6
Requests: 1 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: 70D86C4350F6156064A1FB88232E8260
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: 25E740CE885F81D6A603CBD4765D59B9
Requests: 1 HTTP requests in this frame

Frame: https://sync.a-mo.net/isyn?__st=iframe&gdpr=0&gdpr_consent=&us_privacy=1---&_e=CqECSg93d3cub253b3Jrcy5uZXRSC2Fhcy02NTlkZmRlWghwYmExLjMuM2oPd3d3Lm9ud29ya3MubmV0-gEGOC4yNy4w6AIBiAPw0ZS4BqgDBeoDJDZkY2E3OGE3LTQ3YWQtNGNjOC04NmY5LTRiMTVhMGQxMGI3ZKIEKmh0dHBzOi8vd3d3Lm9ud29ya3MubmV0L29ud29ya3NzZXNzaW9uLnBocKoEA0lTULIFA1VTROoFB2Rlc2t0b3D6BQRkYzEzwAYAyAYB0gYgQzMzMzBCMDc2MDk0MzM4QjNBMzc2OTBFOTBDQ0E1RDSqBwN3ZWLKBwtvbndvcmtzLm5ldOAHAYIIC29ud29ya3MubmV0iggGY2hyb21lmQgAAAAAAAgAAA
Frame ID: 8668F311119D1E913F9652AC76E8C03A
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 7244B71459220A53F7921C73C40A5D01
Requests: 1 HTTP requests in this frame

Frame: https://adxbid.info/sync-all.html?gdpr=0&gdpr_consent=&us_privacy=
Frame ID: 95D5334681A82014815C2542F344249F
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: CFF3C77A0E038546AF0ADF951AB0B9ED
Requests: 1 HTTP requests in this frame

Frame: https://sync.a-mo.net/isyn?__st=iframe&gdpr=0&gdpr_consent=&us_privacy=1---&_e=CqECSg93d3cub253b3Jrcy5uZXRSC2Fhcy02NTlkZmRlWghwYmExLjMuM2oPd3d3Lm9ud29ya3MubmV0-gEGOC4yNy4w6AIBiAPv0ZS4BqgDBeoDJDkyNzBmNGJkLWVlOTAtNDBiYi05Njc5LWUxMGQ4MzgxYWIzN6IEKmh0dHBzOi8vd3d3Lm9ud29ya3MubmV0L29ud29ya3NzZXNzaW9uLnBocKoEA0lTULIFA1VTROoFB2Rlc2t0b3D6BQRkYzEzwAYAyAYB0gYgQzMzMzBCMDc2MDk0MzM4QjNBMzc2OTBFOTBDQ0E1RDSqBwN3ZWLKBwtvbndvcmtzLm5ldOAHAYIIC29ud29ya3MubmV0iggGY2hyb21lmQgAAAAAAAgAAA
Frame ID: 0943D5279CCCDF144704AE6ABF3F1902
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: DFC50156D49B8C0F6893B39D9EC5D8E4
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 795D036E2BCE3FC17E00CA7E2245C7E5
Requests: 1 HTTP requests in this frame

Frame: https://adxbid.info/sync-all.html?gdpr=0&gdpr_consent=&us_privacy=
Frame ID: 3E340621B51648F8A73639BDA0C39252
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: A0866411B2F0B67B584A58F6727A1504
Requests: 1 HTTP requests in this frame

Frame: https://pbs-cs.yellowblue.io/pbs-iframe?gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Drise%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BPBS_UID%5D
Frame ID: C20E427A3217978DE2F275189BE2F39F
Requests: 1 HTTP requests in this frame

Frame: https://sync.a-mo.net/isyn?__st=iframe&gdpr=0&gdpr_consent=&us_privacy=1---&_e=CqECSg93d3cub253b3Jrcy5uZXRSC2Fhcy02NTlkZmRlWghwYmExLjMuM2oPd3d3Lm9ud29ya3MubmV0-gEGOC4yNy4w6AIBiAPw0ZS4BqgDBeoDJGEyZjg2ZmFjLTkwNDMtNGE4YS04ZjcxLWM3OGQ2OTM3NGZiN6IEKmh0dHBzOi8vd3d3Lm9ud29ya3MubmV0L29ud29ya3NzZXNzaW9uLnBocKoEA0lTULIFA1VTROoFB2Rlc2t0b3D6BQRkYzEzwAYAyAYB0gYgQzMzMzBCMDc2MDk0MzM4QjNBMzc2OTBFOTBDQ0E1RDSqBwN3ZWLKBwtvbndvcmtzLm5ldOAHAYIIC29ud29ya3MubmV0iggGY2hyb21lmQgAAAAAAAgAAA
Frame ID: 56682E74E257CB63FA1DA8A3DD2A9F78
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 20F2F8C03393A6EC5A908F5FF1F5C174
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 888A1F0E4B2A6976515747CD52D9ADBF
Requests: 1 HTTP requests in this frame

Frame: https://adxbid.info/sync-all.html?gdpr=0&gdpr_consent=&us_privacy=
Frame ID: ABEFCEBE2A0BBF07DDD8096A1BF6A67B
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 311B65DD2C351EBD54D48AAC6A393AD3
Requests: 1 HTTP requests in this frame

Frame: https://adxbid.info/sync-all.html?gdpr=0&gdpr_consent=&us_privacy=
Frame ID: 57833F5428C859A72DA4A86B453BB475
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 9DB34938D7F1952B42730202E45D8C90
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 43A950D56446601B0C56653F8152E09D
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: F622B24AE038ECB1892B7BAC34D6DBCB
Requests: 1 HTTP requests in this frame

Frame: https://sync.a-mo.net/isyn?__st=iframe&gdpr=0&gdpr_consent=&us_privacy=1---&_e=CqECSg93d3cub253b3Jrcy5uZXRSC2Fhcy02NTlkZmRlWghwYmExLjMuM2oPd3d3Lm9ud29ya3MubmV0-gEGOC4yNy4w6AIBiAPw0ZS4BqgDBeoDJDQ2N2NiZGRlLWFmYTYtNDFhZS1hN2RiLWI2ZmE3MjBkYWQ0NqIEKmh0dHBzOi8vd3d3Lm9ud29ya3MubmV0L29ud29ya3NzZXNzaW9uLnBocKoEA0lTULIFA1VTROoFB2Rlc2t0b3D6BQRkYzEzwAYAyAYB0gYgQzMzMzBCMDc2MDk0MzM4QjNBMzc2OTBFOTBDQ0E1RDSqBwN3ZWLKBwtvbndvcmtzLm5ldOAHAYIIC29ud29ya3MubmV0iggGY2hyb21lmQgAAAAAAAgAAA
Frame ID: 57ED665756A454814A94D3BB15D15842
Requests: 1 HTTP requests in this frame

Frame: https://sync.a-mo.net/isyn?__st=iframe&gdpr=0&gdpr_consent=&us_privacy=1---&_e=CqECSg93d3cub253b3Jrcy5uZXRSC2Fhcy02NTlkZmRlWghwYmExLjMuM2oPd3d3Lm9ud29ya3MubmV0-gEGOC4yNy4w6AIBiAPw0ZS4BqgDBeoDJDY5YjY2ZjgzLWQ0YzYtNDMxNC1hMzI3LTM5MGJkMGE3MzcxZKIEKmh0dHBzOi8vd3d3Lm9ud29ya3MubmV0L29ud29ya3NzZXNzaW9uLnBocKoEA0lTULIFA1VTROoFB2Rlc2t0b3D6BQRkYzEzwAYAyAYB0gYgQzMzMzBCMDc2MDk0MzM4QjNBMzc2OTBFOTBDQ0E1RDSqBwN3ZWLKBwtvbndvcmtzLm5ldOAHAYIIC29ud29ya3MubmV0iggGY2hyb21lmQgAAAAAAAgAAA
Frame ID: 663F168B4E64761CE2FE77FA8D541A69
Requests: 1 HTTP requests in this frame

Frame: https://adxbid.info/sync-all.html?gdpr=0&gdpr_consent=&us_privacy=
Frame ID: 6062E4A72B2A84F95753206DF89B9C58
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: AA22EE0C667DF52922D9EA44C9997B4B
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: F98F571F285DBB02B063473BAD45A5E9
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 3ACBAA4B55444548F3A8DBC2E62D0E42
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: C7EFF75334BAA4EA93740DEB5079278A
Requests: 1 HTTP requests in this frame

Frame: https://adxbid.info/sync-all.html?gdpr=0&gdpr_consent=&us_privacy=
Frame ID: 90C588F276D5B64FDFB55925B1F30063
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 73DD740CB7BEE33D07F71F7B247EE7D6
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 99157D20A4C6A465515424D4473C33D5
Requests: 1 HTTP requests in this frame

Frame: https://sync.a-mo.net/isyn?__st=iframe&gdpr=0&gdpr_consent=&us_privacy=1---&_e=CqECSg93d3cub253b3Jrcy5uZXRSC2Fhcy02NTlkZmRlWghwYmExLjMuM2oPd3d3Lm9ud29ya3MubmV0-gEGOC4yNy4w6AIBiAPw0ZS4BqgDBeoDJDhmOTk1ZmUwLTdiNTQtNDQ5Ny04NWNkLTAzNjY0MzgyMDAwNqIEKmh0dHBzOi8vd3d3Lm9ud29ya3MubmV0L29ud29ya3NzZXNzaW9uLnBocKoEA0lTULIFA1VTROoFB2Rlc2t0b3D6BQRkYzEzwAYAyAYB0gYgQzMzMzBCMDc2MDk0MzM4QjNBMzc2OTBFOTBDQ0E1RDSqBwN3ZWLKBwtvbndvcmtzLm5ldOAHAYIIC29ud29ya3MubmV0iggGY2hyb21lmQgAAAAAAAgAAA
Frame ID: 6EBC4DB997B3EBCFFBDCACD45C49735C
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=onfocus&endpoint=us-west
Frame ID: 5DBAB0CDD72BEBD0441D4DD972EF7975
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26it%3Dadg-pb-clt%26uid%3D(PM_UID)
Frame ID: 541D0964C07EFBE9C963984CCC2FF0EA
Requests: 1 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: C83859C6A98DE9A09D1AC300D12DFD6A
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: EF5194A94640B0C0DE666D0AF727EACE
Requests: 1 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: 8E543881530820418C5A6B9DC707B1C8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Session management for OnWorks Free hosting provider for Linux online

Page URL History Show full URLs

https://www.onworks.net/playonline/index.php HTTP 307
https://www.onworks.net/onworkssession.php Page URL

Detected technologies

Firebase (Databases) Expand

Overall confidence: 100%
Detected patterns

/firebasejs/([\d.]+)/firebase

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

345
Requests

81 %
HTTPS

38 %
IPv6

50
Domains

75
Subdomains

51
IPs

5
Countries

1955 kB
Transfer

11053 kB
Size

53
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://www.megadisk.net/pricing-onworks/
Title: Pricing

Search URL Search Domain Scan URL

URL: https://chromewebstore.google.com/detail/vpnonline-secure-vpn-as-u/ojoiohfkfnfkdcmccickjhkmcdgeeifl
Title: VPN

Search URL Search Domain Scan URL

URL: https://www.facebook.com/OnWorks-114357987913897/

Search URL Search Domain Scan URL

URL: https://twitter.com/onworksglobal

Search URL Search Domain Scan URL

URL: https://instagram.com/onworksglobal

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCggT8SMrUfB6NxjVndr6exA?sub_confirmation=1

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/onworks-hosting/

Search URL Search Domain Scan URL

URL: https://www.offidocs.com/
Title: OffiDocs

Search URL Search Domain Scan URL

URL: https://www.apkonline.net/
Title: ApkOnline

Search URL Search Domain Scan URL

URL: https://www.uptoplay.net/
Title: UptoPlay

Search URL Search Domain Scan URL

URL: https://www.offilive.com/
Title: Offilive

Search URL Search Domain Scan URL

URL: https://www.megadisk.net/
Title: Megadisk

Search URL Search Domain Scan URL

URL: https://www.redcoolmedia.net/
Title: RedcoolMedia

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.onworks.net/playonline/index.php HTTP 307
https://www.onworks.net/onworkssession.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 213

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsmartadserver%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%5Bssb_sync_pid%5D HTTP 302
https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441

Request Chain 215

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsmartadserver%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%5Bssb_sync_pid%5D HTTP 302
https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441

Request Chain 216

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsmartadserver%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%5Bssb_sync_pid%5D HTTP 302
https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441

Request Chain 228

https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26it%3Dadg-pb-clt%26uid%3D33XUSERID33X HTTP 302
https://de.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26it%3Dadg-pb-clt%26uid%3D33XUSERID33X

Request Chain 255

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID HTTP 302
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID

Request Chain 258

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=onfocus&endpoint=us-west HTTP 301
https://eus.rubiconproject.com/usync.html?p=onfocus&endpoint=us-west

Request Chain 261

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID HTTP 302
https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=4808694100205090752

Request Chain 262

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID HTTP 302
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID

Request Chain 264

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID HTTP 302
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID

Request Chain 265

https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26it%3Dadg-pb-clt%26uid%3D33XUSERID33X HTTP 302
https://de.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26it%3Dadg-pb-clt%26uid%3D33XUSERID33X HTTP 307
https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26it%3Dadg-pb-clt%26uid%3D33XUSERID33X&b=1

Request Chain 267

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID HTTP 302
https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=4808694100205090752

Request Chain 268

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsmartadserver%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%5Bssb_sync_pid%5D HTTP 302
https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441

Request Chain 272

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID HTTP 302
https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=4808694100205090752

Request Chain 277

https://sync.1rx.io/usersync2/smartadserver?gdpr=0&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync2/smartadserver?zcc=1&cb=1728391415821 HTTP 302
https://ad.turn.com/r/cs?pid=45&id=RX-fa695cef-9019-4c7f-a9ff-8e01a15dec6e-005&rndcb=5711677149 HTTP 302
https://sync.1rx.io/usersync/turn/8386219872675358071?dspret=1&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-fa695cef-9019-4c7f-a9ff-8e01a15dec6e-005?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fpartnerid%3D113%26partneruserid%3DRX-fa695cef-9019-4c7f-a9ff-8e01a15dec6e-005 HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=RX-fa695cef-9019-4c7f-a9ff-8e01a15dec6e-005

Request Chain 278

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=150&partneruserid=0&redirurl=https%3A%2F%2Fwt.rqtrk.eu%3Fpid%3D58a76248-f101-4e52-b8f7-c4de9362ea12%26src%3Dwww%26type%3D100%26sid%3D0%26uid%3DSMART_USER_ID%26gdpr_pd%3D0&gdpr=0&gdpr_consent= HTTP 302
https://wt.rqtrk.eu/?pid=58a76248-f101-4e52-b8f7-c4de9362ea12&src=www&type=100&sid=0&uid=1534546851490544441&gdpr_pd=0&gdpr=0&gdpr_consent=

Request Chain 279

https://ssum-sec.casalemedia.com/usermatch?s=179394&cb=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D33%26partneruserid%3D&gdpr=0&gdpr_consent= HTTP 302
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D33%26partneruserid%3D&gdpr=0&gdpr_consent=&s=179394&C=1

Request Chain 280

https://sync-tm.everesttech.net/upi/pid/gjIEMT18?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D94%26partneruserid%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/gjIEMT18?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D94%26partneruserid%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=ZwUo9AAHvfacAwA9

Request Chain 281

https://sync.mathtag.com/sync/img?mt_exid=39&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D25%26partneruserid%3D%5BMM_UUID%5D&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=25&partneruserid=caaf6705-28f2-4800-a0cd-7f0f921a8c92&gdpr=0&gdpr_consent=

Request Chain 282

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID HTTP 302
https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=4808694100205090752

Request Chain 288

https://ad.turn.com/r/cs?pid=33&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D32%26partneruserid%3D%23USER_ID%23%26gdpr%3D%23GDPR_APPLICABLE%23%26gdpr_consent%3D%23GDPR_CONSENT%23&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=32&partneruserid=8386219872675358071&gdpr=0&gdpr_consent=

Request Chain 289

https://s.ad.smaato.net/c/?adExInit=sas&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D133%26partneruserid%3D$UID&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=133&partneruserid=a3741dbdcc

Request Chain 290

https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=4808694100205090752&gdpr=0&gdpr_consent=

Request Chain 291

https://bh.contextweb.com/bh/rtset?pid=560288&ev=1&rurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D92%26partneruserid%3D%25%25VGUID%25%25&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=92&partneruserid=73nc1fLu6GnV&ev=1&pid=560288&gdpr_consent=&gdpr=0

Request Chain 292

https://s.company-target.com/s/eqx?sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D152%26partneruserid%3DPARTNER_USER_ID&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?gdpr=0&gdpr_consent=&issi=1&partnerid=152&partneruserid=15024c69-0a23-49b0-9d9a-d05c6e985359

Request Chain 299

https://s.ad.smaato.net/c/?adExInit=sas&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D133%26partneruserid%3D$UID&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=133&partneruserid=a3741dbdcc

Request Chain 300

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=150&partneruserid=0&redirurl=https%3A%2F%2Fwt.rqtrk.eu%3Fpid%3D58a76248-f101-4e52-b8f7-c4de9362ea12%26src%3Dwww%26type%3D100%26sid%3D0%26uid%3DSMART_USER_ID%26gdpr_pd%3D0&gdpr=0&gdpr_consent= HTTP 302
https://wt.rqtrk.eu/?pid=58a76248-f101-4e52-b8f7-c4de9362ea12&src=www&type=100&sid=0&uid=1534546851490544441&gdpr_pd=0&gdpr=0&gdpr_consent=

Request Chain 301

https://image6.pubmatic.com/AdServer/UCookieSetPug?&rd=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D91%26partneruserid%3D%23PM_USER_ID%26gdpr%3DPM_GDPR%26gdpr_consent%3DPM_CONSENT&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=91&partneruserid=45B74515-02D5-42AF-995E-FB515CFAC66F&gdpr=0&gdpr_consent=

Request Chain 302

https://match.sharethrough.com/universal/v1?supply_id=v5hJK9Sl&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=147&partneruserid=079ec56f-b288-4082-8556-6ac5267d6e13&gdpr=0

Request Chain 303

https://secure.adnxs.com/getuid?https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D86%26partneruserid%3D$UID&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=642459759305403779&gdpr=0&gdpr_consent=

Request Chain 309

https://s.ad.smaato.net/c/?adExInit=sas&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D133%26partneruserid%3D$UID&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=133&partneruserid=a3741dbdcc

Request Chain 310

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=150&partneruserid=0&redirurl=https%3A%2F%2Fwt.rqtrk.eu%3Fpid%3D58a76248-f101-4e52-b8f7-c4de9362ea12%26src%3Dwww%26type%3D100%26sid%3D0%26uid%3DSMART_USER_ID%26gdpr_pd%3D0&gdpr=0&gdpr_consent= HTTP 302
https://wt.rqtrk.eu/?pid=58a76248-f101-4e52-b8f7-c4de9362ea12&src=www&type=100&sid=0&uid=1534546851490544441&gdpr_pd=0&gdpr=0&gdpr_consent=

Request Chain 311

https://cms.quantserve.com/pixel/p-EtBqU4Lj3YbAv.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=80&gdpr=0&partneruserid=20PVw99Mg8TAR4OTjEHIwN1E18XATIGSiBeEOFNq

Request Chain 312

https://b1sync.zemanta.com/usersync/smart/?cb=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D116%26partneruserid%3D__ZUID__&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=116&partneruserid=Rcx3QdsnLYk3jFqSpFoo&gdpr=0

Request Chain 313

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=139&partneruserid=0&redirurl=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3D98KUz37ype9D3X2sf9ovgeTt%26source_user_id%3DSMART_USER_ID&gdpr=0&gdpr_consent= HTTP 302
https://match.sharethrough.com/sync/v1?source_id=98KUz37ype9D3X2sf9ovgeTt&source_user_id=1534546851490544441&gdpr=0&gdpr_consent=

Request Chain 321

https://secure.adnxs.com/getuid?https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D86%26partneruserid%3D$UID&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=642459759305403779&gdpr=0&gdpr_consent=

Request Chain 322

https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=4808694100205090752&gdpr=0&gdpr_consent=

Request Chain 324

https://sync-tm.everesttech.net/upi/pid/gjIEMT18?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D94%26partneruserid%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/gjIEMT18?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D94%26partneruserid%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=ZwUo9AAHvW2fPQA9

Request Chain 332

https://ad.turn.com/r/cs?pid=33&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D32%26partneruserid%3D%23USER_ID%23%26gdpr%3D%23GDPR_APPLICABLE%23%26gdpr_consent%3D%23GDPR_CONSENT%23&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=32&partneruserid=8386219872675358071&gdpr=0&gdpr_consent=

Request Chain 333

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=150&partneruserid=0&redirurl=https%3A%2F%2Fwt.rqtrk.eu%3Fpid%3D58a76248-f101-4e52-b8f7-c4de9362ea12%26src%3Dwww%26type%3D100%26sid%3D0%26uid%3DSMART_USER_ID%26gdpr_pd%3D0&gdpr=0&gdpr_consent= HTTP 302
https://wt.rqtrk.eu/?pid=58a76248-f101-4e52-b8f7-c4de9362ea12&src=www&type=100&sid=0&uid=1534546851490544441&gdpr_pd=0&gdpr=0&gdpr_consent=

Request Chain 334

https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=4808694100205090752&gdpr=0&gdpr_consent=

Request Chain 335

https://cs.admanmedia.com/e09bad714a425a93d6dea503dcf9c528.gif?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D130%26partneruserid%3D%5BUID%5D%26gdpr%3D%5BGDPR%5D%26gdpr_consent%3D%5BGDPR_CONSENT%5D&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=130&partneruserid=d44af6b8-d798-40ea-bf68-7cee4051c8bb&gdpr=0&gdpr_consent=[GDPR_CONSENT]

Request Chain 336

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=onfocus&endpoint=us-west HTTP 301
https://eus.rubiconproject.com/usync.html?p=onfocus&endpoint=us-west

Request Chain 341

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsmartadserver%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%5Bssb_sync_pid%5D HTTP 302
https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441

Request Chain 342

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsmartadserver%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%5Bssb_sync_pid%5D HTTP 302
https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441

Request Chain 343

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID HTTP 302
https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=4808694100205090752

345 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request onworkssession.php Show response
www.onworks.net/
Redirect Chain

https://www.onworks.net/playonline/index.php
https://www.onworks.net/onworkssession.php

64 KB
17 KB

212ms
211ms

Document
text/html

2606:4700:20::681a:caa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:caa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

87cc64769a62314612e92ffae77d8875a1efc1bbab37a294b336b7722aec9ef3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8cf637548a1b447a-EWR
content-encoding: br
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
date: Tue, 08 Oct 2024 12:43:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aejdGJMJWk66W5Uuwwwko0L8hWDGJ%2FK2rOqdV4pnvRqNZHQXYQVFgOpIAx5%2B1A8woDllp%2F%2B362Qzs5fNzvIfJHUneFPCgXnsgokmHhpY6%2Fbuhrfvzt%2FfCIFv36janPQO3p2sfOFw7JFVxCmCgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, X-Auth-Token , Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cf-cache-status: DYNAMIC
cf-ray: 8cf637528fe6447a-EWR
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
date: Tue, 08 Oct 2024 12:43:21 GMT
location: /onworkssession.php
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xjfpPwpUZDWOsiuBuK8qkdFj4zSGbWn1yaJsEBLyO%2B3S2uD3Y2p2tssSmestsM8Mte7%2BZzeJ8gN6tRF%2Bvgl9Oi%2BGHf0xq0C65Pd245WD4C8QEEU01RIJR2KinIF3bz%2F591A35aN3SQOqQo7gag%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload

GET
H2 200 jquery-ui.css
downloads.uptoplay.net/apkdownloader/ 32 KB
6 KB 1006ms
428ms Stylesheet
text/css 2a02:c206:2202:9398::1
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://downloads.uptoplay.net/apkdownloader/jquery-ui.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2202:9398::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

24e077516b89f2a627c538ae9c18493ecd80f1fe367c0528c2cadc62d6601b6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=1200
cross-origin-opener-policy: unsafe-none
content-encoding: gzip
x-content-type-options: nosniff
x-cache-url-1: /apkdownloader/jquery-ui.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
date: Tue, 08 Oct 2024 12:43:22 GMT
x-xss-protection: 1; mode=block
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding

GET
H2 200 jquery.min.js Show response
downloads.uptoplay.net/apkdownloader/ 93 KB
34 KB 769ms
191ms Script
application/x-javascript 2a02:c206:2202:9398::1
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://downloads.uptoplay.net/apkdownloader/jquery.min.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2202:9398::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: max-age=31536000
cross-origin-opener-policy: unsafe-none
content-encoding: gzip
x-content-type-options: nosniff
x-cache-url-1: /apkdownloader/jquery.min.js
expires: Wed, 08 Oct 2025 12:27:43 GMT
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
date: Tue, 08 Oct 2024 12:43:22 GMT
x-xss-protection: 1; mode=block
content-type: application/x-javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding

GET
H2 200 jquery-ui.min.js Show response
downloads.uptoplay.net/apkdownloader/ 197 KB
52 KB 1004ms
426ms Script
application/x-javascript 2a02:c206:2202:9398::1
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://downloads.uptoplay.net/apkdownloader/jquery-ui.min.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2202:9398::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

e4bf411611a715a5752d6e80345cd5fa56731a8ff96e54e5212024337a1c6984

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: max-age=31536000
cross-origin-opener-policy: unsafe-none
content-encoding: gzip
x-content-type-options: nosniff
x-cache-url-1: /apkdownloader/jquery-ui.min.js
expires: Wed, 08 Oct 2025 12:27:43 GMT
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
date: Tue, 08 Oct 2024 12:43:22 GMT
x-xss-protection: 1; mode=block
content-type: application/x-javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding

GET
H2 200 theme.css
downloads.uptoplay.net/apkdownloader/ 2 KB
971 B 1005ms
427ms Stylesheet
text/css 2a02:c206:2202:9398::1
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://downloads.uptoplay.net/apkdownloader/theme.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2202:9398::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

7c69058459fdf0b4521ba057f595d6aa938265ccf3095e818150886a7bb5bf44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=1200
cross-origin-opener-policy: unsafe-none
content-encoding: gzip
x-content-type-options: nosniff
x-cache-url-1: /apkdownloader/theme.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
date: Tue, 08 Oct 2024 12:43:22 GMT
x-xss-protection: 1; mode=block
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding

GET
H2 200 styles.css
downloads.uptoplay.net/apkdownloader/ 620 B
824 B 1005ms
427ms Stylesheet
text/css 2a02:c206:2202:9398::1
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://downloads.uptoplay.net/apkdownloader/styles.css?v=2

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2202:9398::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

9a3272fdc40cb2636333e4ba1bd290adb9c78e01c7af4ae21da20a5cdf54b3b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=1200
cross-origin-opener-policy: unsafe-none
content-encoding: gzip
x-content-type-options: nosniff
x-cache-url-1: /apkdownloader/styles.css?v=2
expires: Wed, 08 Oct 2025 12:27:08 GMT
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
date: Tue, 08 Oct 2024 12:43:22 GMT
x-xss-protection: 1; mode=block
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding

GET
H2 200 general.css
stream.onworks.net/templates/system/css/ 3 KB
1 KB 934ms
404ms Stylesheet
text/css 2a02:c206:2217:8560::1
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/system/css/general.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2217:8560::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

3ad9292f7844d507f33f4de3bf19577c9115a8b7bc807f989ab26b19e3c97fe7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-MtMUQyOcDY"
x-original-content-length: 2730
x-cache-url-1: /templates/system/css/general.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 798
date: Tue, 08 Oct 2024 12:43:22 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 addons.css
stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/ 1 KB
1 KB 934ms
404ms Stylesheet
text/css 2a02:c206:2217:8560::1
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/addons.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2217:8560::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

50f17262769a2476f090fd24ef33caffed8acd6caf684b20bdc90909c5c43758

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-lXdv-Gwc3a"
x-original-content-length: 2795
x-cache-url-1: /plugins/system/jat3/jat3/base-themes/default/css/addons.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 615
date: Tue, 08 Oct 2024 12:43:22 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 layout.css
stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/ 1 KB
867 B 820ms
291ms Stylesheet
text/css 2a02:c206:2217:8560::1
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/layout.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2217:8560::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

fef0ae74dc3bcf89260cfe9fe70df333bb482dc7e52f129aa73b177426c72152

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-1yeZ15PgBe"
x-original-content-length: 3259
x-cache-url-1: /plugins/system/jat3/jat3/base-themes/default/css/layout.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 452
date: Tue, 08 Oct 2024 12:43:22 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 template.css
stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/ 20 KB
5 KB 930ms
401ms Stylesheet
text/css 2a02:c206:2217:8560::1
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/template.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2217:8560::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

11fefb9c374d241b645ab5030176d8d2af1b3d362b31f20620848af9e0835ec4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: MISS
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-C76MovcGZy"
x-original-content-length: 26939
x-cache-url-1: /plugins/system/jat3/jat3/base-themes/default/css/template.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 4983
date: Tue, 08 Oct 2024 12:43:22 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 css3.css
stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/ 970 B
657 B 929ms
400ms Stylesheet
text/css 2a02:c206:2217:8560::1
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/css3.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2217:8560::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

e687ea2f0b101508eb42841e23a305148562e615919a5c646aca1b753bd518a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-Aag-hZxQyz"
x-original-content-length: 2096
x-cache-url-1: /plugins/system/jat3/jat3/base-themes/default/css/css3.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 244
date: Tue, 08 Oct 2024 12:43:22 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 layout.css
stream.onworks.net/templates/ja_elastica/css/ 2 KB
939 B 933ms
405ms Stylesheet
text/css 2a02:c206:2217:8560::1
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/layout.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2217:8560::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

773485acaee520be797ce2adbd1ae738c1c28b49b11e298ed784edbb11b08a2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-97Bl_gQT9D"
x-original-content-length: 3596
x-cache-url-1: /templates/ja_elastica/css/layout.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 547
date: Tue, 08 Oct 2024 12:43:22 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 template-3-new01.css
stream.onworks.net/templates/ja_elastica/css/ 25 KB
6 KB 818ms
290ms Stylesheet
text/css 2a02:c206:2217:8560::1
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/template-3-new01.css?v=020

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2217:8560::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

b831ee2bbbdc5353833b35f1176feab0fe3d5a00c04c2576e7de866bced4a3c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: max-age=321, public
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-yFoVuFwV5i"
x-original-content-length: 35313
x-cache-url-1: /templates/ja_elastica/css/template-3-new01.css?v=020
expires: Tue, 08 Oct 2024 12:48:44 GMT
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 6093
date: Tue, 08 Oct 2024 12:43:22 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 modules.css
stream.onworks.net/templates/ja_elastica/css/ 1 KB
935 B 938ms
410ms Stylesheet
text/css 2a02:c206:2217:8560::1
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/modules.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2217:8560::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

2440da49abf00e2fc8e09c38bbb2ac1afca94303ead6974b746c79155c789b9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-eDveT_ggor"
x-original-content-length: 2543
x-cache-url-1: /templates/ja_elastica/css/modules.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 542
date: Tue, 08 Oct 2024 12:43:22 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 layout-normal-2b.css
stream.onworks.net/templates/ja_elastica/css/ 2 KB
1 KB 939ms
412ms Stylesheet
text/css 2a02:c206:2217:8560::1
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/layout-normal-2b.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2217:8560::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

28bac19e2c9954e907755a04a23f54e66d170896802b32937d02835afc1aa3ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-GVyzB23AEn"
x-original-content-length: 3637
x-cache-url-1: /templates/ja_elastica/css/layout-normal-2b.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 648
date: Tue, 08 Oct 2024 12:43:22 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 css3.css
stream.onworks.net/templates/ja_elastica/css/ 3 KB
1 KB 935ms
408ms Stylesheet
text/css 2a02:c206:2217:8560::1
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/css3.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2217:8560::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

56fdceec363758833100b58312eb4993fe9f599ca70117325ccbabe03b7d6d26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-30gcjA_HN3"
x-original-content-length: 3917
x-cache-url-1: /templates/ja_elastica/css/css3.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 670
date: Tue, 08 Oct 2024 12:43:22 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 mega.css
stream.onworks.net/templates/ja_elastica/css/menu/ 5 KB
1 KB 945ms
418ms Stylesheet
text/css 2a02:c206:2217:8560::1
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/menu/mega.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2217:8560::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

aafd776ec37c9b47abb96dc3199c4dda7aff364fa6ec9f0458822793bee3e890

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-lAK6Sgz8bE"
x-original-content-length: 7009
x-cache-url-1: /templates/ja_elastica/css/menu/mega.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 1083
date: Tue, 08 Oct 2024 12:43:22 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 215 KB
78 KB 956ms
98ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-117545413-4

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cb6874cc8ea1ab7f923b4bd1b5663f8e990ce4ac41f7d45e094d45ad48a29d43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 08 Oct 2024 12:43:24 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 12:43:24 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 78814
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 firebase-app.js Show response
www.gstatic.com/firebasejs/5.4.0/ 34 KB
12 KB 291ms
60ms Script
text/javascript 2607:f8b0:400d:c07::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/5.4.0/firebase-app.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c07::5e Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2320f2452434b494e292e5a413126980c134215940ab091e9e496a0052d62f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
age: 28017
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
x-content-type-options: nosniff
expires: Wed, 08 Oct 2025 04:56:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 04:56:25 GMT
last-modified: Thu, 16 Aug 2018 18:59:55 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
accept-ranges: bytes
access-control-allow-origin: *
content-length: 12419
x-xss-protection: 0
server: sffe

GET
H3 200 firebase-messaging.js Show response
www.gstatic.com/firebasejs/5.4.0/ 35 KB
10 KB 295ms
64ms Script
text/javascript 2607:f8b0:400d:c07::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/5.4.0/firebase-messaging.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c07::5e Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

246fef45b3c78c283fb603de040c9263bbb48532dcb057d4045a790b1b149318

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
age: 357773
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 09:20:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 04 Oct 2024 09:20:29 GMT
last-modified: Thu, 16 Aug 2018 18:59:55 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
accept-ranges: bytes
access-control-allow-origin: *
content-length: 10046
x-xss-protection: 0
server: sffe

GET
H3 200 24.png
www.onworks.net/images/ 24 KB
24 KB 116ms
108ms Image
image/webp 2606:4700:20::681a:caa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onworks.net/images/24.png

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:caa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b87de489c3eda2d7cc12367ec2cd76c0bd53ff131e63b0068a92acab334a0227

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/onworkssession.php

Response headers

cf-bgj: imgq:100,h2pri
etag: "5b05ec18-9860"
age: 1105635
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mrODzZepG3p8WMU8OyivWtHf9Zvs4LrsUhvYznzC7ZhKE91SmCZn2l%2BpGQnlT1T4Z17ZHyCIlz7segwvxQRj385%2FzQxmGGWY6uvYkkRymZZM7ts1MFQ0rmNLQOBZpJuRR3WfAkKYV4CRXl8vYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cache-url-1: /images/24.png
cf-polished: origFmt=png, origSize=39008
date: Tue, 08 Oct 2024 12:43:23 GMT
content-type: image/webp
content-disposition: inline; filename="24.webp"
vary: Accept
last-modified: Wed, 23 May 2018 22:32:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: unsafe-none
cf-ray: 8cf6375e7d70447a-EWR
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 24384
server: cloudflare

GET
H3 200 menu_x48.png
www.onworks.net/images/ 70 B
727 B 210ms
202ms Image
image/webp 2606:4700:20::681a:caa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onworks.net/images/menu_x48.png

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:caa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25377c3b5fdd6f4fe4b3e8f786d6e5a475b99f242487b52b81c0162e67ece722

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/onworkssession.php

Response headers

cf-bgj: imgq:100,h2pri
etag: "62503f4b-a4f"
age: 2508623
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5RsSjYArl31wKsbUPh9xrgeEl8btW0UuqrDkgk1VN72y%2FmBniAiJc3SMThCK29z5i8OFBl2JQ3g%2F4Yv3GXKIY4nakDzYNO3C1lKdGPSL2mMiDtQVT%2FnDpBY6x6%2Bz%2BXSVFe25qcKlJYLv8pvfIA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cache-url-1: /images/menu_x48.png
cf-polished: origFmt=png, origSize=2639
date: Tue, 08 Oct 2024 12:43:23 GMT
content-type: image/webp
content-disposition: inline; filename="menu_x48.webp"
vary: Accept
last-modified: Fri, 08 Apr 2022 13:57:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: unsafe-none
cf-ray: 8cf6375e7d72447a-EWR
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 70
server: cloudflare

GET
H3 200 onworkslogox30.png
www.onworks.net/images/ 780 B
1 KB 208ms
195ms Image
image/webp 2606:4700:20::681a:caa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onworks.net/images/onworkslogox30.png

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:caa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dc5c3307b9b9a11721bc963c6f44ba98bc586f2cd9740fb0b5064f5f79962cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/onworkssession.php

Response headers

cf-bgj: imgq:100,h2pri
etag: "625b025f-b14"
age: 2508623
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bg5s%2BrbsYXPehn3pu%2B3Z1REmY3bSJAw2Bre4%2Bx8zYudm6g6ARLf0xKjqEGU8PHBVdPvzPPlm4jmjzt5iEkZQ46R0cLKrq7PouZUHmSYX8bGVU3eZKi%2BpZkQHvCpQrqc1UquY3KpS4AiRdlHUag%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cache-url-1: /images/onworkslogox30.png
cf-polished: origFmt=png, origSize=2836
date: Tue, 08 Oct 2024 12:43:23 GMT
content-type: image/webp
content-disposition: inline; filename="onworkslogox30.webp"
vary: Accept
last-modified: Sat, 16 Apr 2022 17:52:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: unsafe-none
cf-ray: 8cf6375e8d80447a-EWR
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 780
server: cloudflare

GET
H3 200 240px-Search_Icon.svg.png
www.onworks.net/images/ 2 KB
3 KB 88ms
86ms Image
image/webp 2606:4700:20::681a:caa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onworks.net/images/240px-Search_Icon.svg.png

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:caa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

101ffbc58574cf8ad9080605fe602a65cdc54445b6eebf60c87bac3fe31bf636

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/onworkssession.php

Response headers

cf-bgj: imgq:100,h2pri
etag: "5bc8c0e1-fae"
age: 2508621
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uBpn4qfo3yJK4z3m95M7uQV%2BRjIVFtEOn1C1Gw0s1UN%2B7itvI0VztjzU8NfJ9PJQPqi4txsNtB3iJoNIeUxOd6w6%2FJ1a7pxZJn28ddAP%2FTkRr%2BptS1gBF3dB1CcMQ%2BDblrah3o6KyPIoRf1PgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cache-url-1: /images/240px-Search_Icon.svg.png
cf-polished: origFmt=png, origSize=4014
date: Tue, 08 Oct 2024 12:43:21 GMT
content-type: image/webp
content-disposition: inline; filename="240px-Search_Icon.webp"
vary: Accept
last-modified: Thu, 18 Oct 2018 17:20:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: unsafe-none
cf-ray: 8cf63755fbb7447a-EWR
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 2462
server: cloudflare

GET
H2 200 stpdwrapper.js Show response
stpd.cloud/assets/ 9 KB
4 KB 794ms
131ms Script
application/javascript 2606:4700::6812:1f31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stpd.cloud/assets/stpdwrapper.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1f31 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90909d259afbaaa73f4accf86af27e03040ec2540cf1aca4a0a0e5aa8fbdc133

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.onworks.net
Referer: https://www.onworks.net/

Response headers

cache-control: public, max-age=1200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: MISS
etag: W/"4138a5b1014ef329ccf608f46f48b303"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EDJXtxhUACy8S8h9JFhLBcnHZjcQ0uRQCUWSAooimaVdvBJ9Ba4UVh%2BDCrsKn9E3QqHXGRc5twEbyojyM3%2FwZdYn2rtlEWAfgb5MwxTQWIr3xp9WJrVJOgo4gOk0yKf4yd78VXxpIg7I"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8cf637629fff42ea-EWR
expires: Tue, 08 Oct 2024 13:03:23 GMT
access-control-allow-origin: *
date: Tue, 08 Oct 2024 12:43:23 GMT
content-type: application/javascript
vary: Accept-Encoding
server: cloudflare

GET
H2 200 fedoraicon128.jpg
images.onworks.net/images/ 4 KB
4 KB 808ms
219ms Image
image/jpeg 2a02:c206:2217:8560::1
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.onworks.net/images/fedoraicon128.jpg

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2217:8560::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

25b8f3aefaa2bbab5d6a50fdb519e28c7c5e68296ae272beb4a75aa46cc298f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: MISS
cache-control: public, max-age=31536000
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-VpGYxLBqE7"
x-original-content-length: 5870
x-cache-url-1: /images/fedoraicon128.jpg
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 4089
date: Tue, 08 Oct 2024 12:43:22 GMT
content-type: image/jpeg

GET
H3 200 readmoreblue2.svg
www.onworks.net/images/ 417 B
849 B 208ms
196ms Image
image/svg+xml 2606:4700:20::681a:caa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onworks.net/images/readmoreblue2.svg

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:caa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0bb478b61a1c97d3485a9075de3db15d34e1882a6af6c406516cb869097f859

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/onworkssession.php

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"626eaf08-1a1"
age: 2506983
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t7Yn4mZ1f8%2BKML0GBk92Gn6YIZoQiX4Qw%2FoBN7ZljPwTwVMgcblUPGV3zjV5QnhBQciXol%2BzknqLKd%2B%2BhLvdOLqV%2FmslbMtjhUVAb%2BkTlrnJQzlhDuiH%2Bjty4Eb%2BFMxfdFHYRrgeKOVFnpLfTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cache-url-1: /images/readmoreblue2.svg
date: Tue, 08 Oct 2024 12:43:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Sun, 01 May 2022 16:02:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: unsafe-none
cf-ray: 8cf6375e8d83447a-EWR
cross-origin-embedder-policy: unsafe-none
server: cloudflare

GET
H2 200 windows10icon128.jpg
images.onworks.net/images/ 3 KB
3 KB 670ms
219ms Image
image/jpeg 2a02:c206:2217:8560::1
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.onworks.net/images/windows10icon128.jpg

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2217:8560::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

52de3fb37e167bc691b7233a515bda92daee4d136e081ec14876f571fa8355d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=31536000
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-Mm96OZd_ek"
x-original-content-length: 4819
x-cache-url-1: /images/windows10icon128.jpg
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 2938
date: Tue, 08 Oct 2024 12:43:22 GMT
content-type: image/jpeg

GET
H2 200 ubuntuicon128.jpg
images.onworks.net/images/ 5 KB
5 KB 306ms
289ms Image
image/jpeg 2a02:c206:2217:8560::1
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.onworks.net/images/ubuntuicon128.jpg

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2217:8560::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

388bf206c1a54aac2a0f643ea09aa7cd8735cb5eaa18632c4f88e44044f33e15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: MISS
cache-control: public, max-age=31536000
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-Fb0Cg5W2we"
x-original-content-length: 7983
x-cache-url-1: /images/ubuntuicon128.jpg
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 4910
date: Tue, 08 Oct 2024 12:43:22 GMT
content-type: image/jpeg

GET
H2 200 pearosicon128.jpg
images.onworks.net/images/ 2 KB
2 KB 301ms
290ms Image
image/jpeg 2a02:c206:2217:8560::1
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.onworks.net/images/pearosicon128.jpg

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2217:8560::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

14f29c0d1d5cb9f8871c929af419262d5b724aa2264ba2f47ee774c7b1740e0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=31536000
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-QvM3gMGtUL"
x-original-content-length: 2511
x-cache-url-1: /images/pearosicon128.jpg
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 1884
date: Tue, 08 Oct 2024 12:43:22 GMT
content-type: image/jpeg

GET
H2 200 kodiicon128.jpg
images.onworks.net/images/ 4 KB
4 KB 210ms
167ms Image
image/jpeg 2a02:c206:2217:8560::1
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.onworks.net/images/kodiicon128.jpg

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2217:8560::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

81ea22e6310b2238f0c937448a5e8b9f37c3e1aeee273dd3e4a5cff86bf34a6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=31536000
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-FOytV9gU7c"
x-original-content-length: 5332
x-cache-url-1: /images/kodiicon128.jpg
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 3734
date: Tue, 08 Oct 2024 12:43:23 GMT
content-type: image/jpeg

GET
H2 200 zorinosicon128.jpg
images.onworks.net/images/ 5 KB
6 KB 305ms
262ms Image
image/jpeg 2a02:c206:2217:8560::1
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.onworks.net/images/zorinosicon128.jpg

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2217:8560::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

72826aebfbd36b0946d90411b2eb52e7e54d8b002030abce5ee27dd51eadfacd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: MISS
cache-control: public, max-age=31536000
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-EAcXNQycXi"
x-original-content-length: 7995
x-cache-url-1: /images/zorinosicon128.jpg
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 5453
date: Tue, 08 Oct 2024 12:43:23 GMT
content-type: image/jpeg

GET
H3 200 email-decode.min.js Show response
www.onworks.net/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 89ms
85ms Script
application/javascript 2606:4700:20::681a:caa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onworks.net/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:caa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/onworkssession.php

Response headers

x-frame-options: DENY
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control: max-age=172800, public
content-encoding: gzip
etag: W/"66fc0c28-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cFz9lYYSBxBxxtiMGLJY3D509RvnX8kC93xiViG3RvUEZ%2ByzUktHoBJLoRysLPoacR9oJ1JbwNmWxA3%2FysV5VzMsIzHLs%2B%2FusTtvqKSujWqfqzfh0zUoKJ8ozSX4rL7SP%2BPmX8ZCd5r8HW4tJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8cf6375d2bec447a-EWR
expires: Thu, 10 Oct 2024 12:43:23 GMT
date: Tue, 08 Oct 2024 12:43:23 GMT
content-type: application/javascript
last-modified: Tue, 01 Oct 2024 14:50:16 GMT
server: cloudflare
vary: Accept-Encoding

GET
H3 200 postscribe.min.js Show response
www.onworks.net/ 17 KB
6 KB 98ms
87ms Script
application/x-javascript 2606:4700:20::681a:caa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onworks.net/postscribe.min.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:caa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c84c0e919ae72b8ef9abd4d5f8f38bddffd185e571a13c9ab0de6be1391c3c64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/onworkssession.php

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"PSA-21EPrDTH8D"
age: 2509064
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RAa3AE71AA5yjqgnvzdv%2B0f4qRXJ1ny3IODObe3YyzzdB%2BJvk%2B1QNakD%2F8FBOWCMeiebH73Sg2kvEcnjihAcRCGe8ncQnSD8DucKz1VGi8AsQ4lIidLTUQCmLa84KNUF8ThCvQLVZuyJQsnn9A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cache-url-1: /postscribe.min.js
date: Tue, 08 Oct 2024 12:43:23 GMT
content-type: application/x-javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: unsafe-none
cf-ray: 8cf6375d3c07447a-EWR
cross-origin-embedder-policy: unsafe-none
server: cloudflare

GET
H3 200 ad-blocker.js Show response
www.onworks.net/ 112 B
693 B 83ms
77ms Script
application/x-javascript 2606:4700:20::681a:caa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onworks.net/ad-blocker.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:caa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7887c0f698d53558fa97c35fee57be8ef4c615a0b26d6d4f0daee6a6228c4bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/onworkssession.php

Response headers

content-encoding: br
cf-cache-status: HIT
age: 2506986
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G1EqRrMEGkE5DLvYgeBuDW%2FXlF3R8oykbpZBspOaEE1lVfkLWLqcBenaPmvmRIIWbi4lj6j%2Bk04cdHc0CUzz8XR5nb4eWbTnu%2Fm1rFUaPSqGnYWLLrUVomuoGy%2BtPnDMFsI6GE4DpDkXlN4eOg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cache-url-1: /ad-blocker.js
date: Tue, 08 Oct 2024 12:43:23 GMT
content-type: application/x-javascript
vary: Accept-Encoding, Accept-Encoding
last-modified: Mon, 09 Sep 2024 11:35:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: MISS
cache-control: public, max-age=80000, s-maxage=80000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: unsafe-none
cf-ray: 8cf6375ddca3447a-EWR
cross-origin-embedder-policy: unsafe-none
server: cloudflare

GET
H2 200 layout-mobile-2b.css
stream.onworks.net/templates/ja_elastica/css/ 5 KB
2 KB 210ms
167ms Stylesheet
text/css 2a02:c206:2217:8560::1
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/layout-mobile-2b.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2217:8560::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

2419d5df9c26372a71c881e16f8716d02ba9fa384074fcf0dc9ab526847eef61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-W8B6bCngcR"
x-original-content-length: 6944
x-cache-url-1: /templates/ja_elastica/css/layout-mobile-2b.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 1700
date: Tue, 08 Oct 2024 12:43:23 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 layout-tablet-2b.css
stream.onworks.net/templates/ja_elastica/css/ 2 KB
1 KB 303ms
261ms Stylesheet
text/css 2a02:c206:2217:8560::1
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/layout-tablet-2b.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:c206:2217:8560::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

Software

Resource Hash

cf7a26ecb0b35482b0f35ddd6e28fa91a0b109cf22a5953831c91234251651b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-8STxswNSgw"
x-original-content-length: 3680
x-cache-url-1: /templates/ja_elastica/css/layout-tablet-2b.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 652
date: Tue, 08 Oct 2024 12:43:23 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 template-3-new01.css
stream.onworks.net/templates/ja_elastica/css/ 25 KB
0 17ms
17ms Stylesheet
text/css 2a02:c206:2217:8560::1
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://stream.onworks.net/templates/ja_elastica/css/template-3-new01.css?v=020
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:c206:2217:8560::1 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS
Software: /
Resource Hash: b831ee2bbbdc5353833b35f1176feab0fe3d5a00c04c2576e7de866bced4a3c0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

x-cache-status-1: HIT
cache-control: max-age=321, public
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-yFoVuFwV5i"
x-original-content-length: 35313
x-cache-url-1: /templates/ja_elastica/css/template-3-new01.css?v=020
expires: Tue, 08 Oct 2024 12:48:44 GMT
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 6093
date: Tue, 08 Oct 2024 12:43:22 GMT
content-type: text/css
vary: Accept-Encoding

GET
H3 200 readmoreblue2.svg
www.onworks.net/images/ 417 B
0 266ms
266ms Image
image/svg+xml 2606:4700:20::681a:caa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.onworks.net/images/readmoreblue2.svg
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:caa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c0bb478b61a1c97d3485a9075de3db15d34e1882a6af6c406516cb869097f859

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/onworkssession.php

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"626eaf08-1a1"
age: 2506983
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t7Yn4mZ1f8%2BKML0GBk92Gn6YIZoQiX4Qw%2FoBN7ZljPwTwVMgcblUPGV3zjV5QnhBQciXol%2BzknqLKd%2B%2BhLvdOLqV%2FmslbMtjhUVAb%2BkTlrnJQzlhDuiH%2Bjty4Eb%2BFMxfdFHYRrgeKOVFnpLfTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cache-url-1: /images/readmoreblue2.svg
date: Tue, 08 Oct 2024 12:43:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Sun, 01 May 2022 16:02:16 GMT
x-cache-status-1: HIT
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: unsafe-none
cf-ray: 8cf6375e8d83447a-EWR
cross-origin-embedder-policy: unsafe-none
server: cloudflare

GET
H2 200 stpdwrapper.js Show response
stpd.cloud/assets/ 9 KB
0 831ms
831ms Script
application/javascript 2606:4700::6812:1f31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stpd.cloud/assets/stpdwrapper.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1f31 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90909d259afbaaa73f4accf86af27e03040ec2540cf1aca4a0a0e5aa8fbdc133

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.onworks.net
Referer: https://www.onworks.net/

Response headers

cache-control: public, max-age=1200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: MISS
etag: W/"4138a5b1014ef329ccf608f46f48b303"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EDJXtxhUACy8S8h9JFhLBcnHZjcQ0uRQCUWSAooimaVdvBJ9Ba4UVh%2BDCrsKn9E3QqHXGRc5twEbyojyM3%2FwZdYn2rtlEWAfgb5MwxTQWIr3xp9WJrVJOgo4gOk0yKf4yd78VXxpIg7I"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8cf637629fff42ea-EWR
expires: Tue, 08 Oct 2024 13:03:23 GMT
access-control-allow-origin: *
date: Tue, 08 Oct 2024 12:43:23 GMT
content-type: application/javascript
vary: Accept-Encoding
server: cloudflare

GET
H3 200 240px-Search_Icon.svg.png
www.onworks.net/images/ 2 KB
0 23ms
23ms Image
image/webp 2606:4700:20::681a:caa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.onworks.net/images/240px-Search_Icon.svg.png
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:caa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 101ffbc58574cf8ad9080605fe602a65cdc54445b6eebf60c87bac3fe31bf636

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/onworkssession.php

Response headers

cf-bgj: imgq:100,h2pri
etag: "5bc8c0e1-fae"
age: 2508621
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uBpn4qfo3yJK4z3m95M7uQV%2BRjIVFtEOn1C1Gw0s1UN%2B7itvI0VztjzU8NfJ9PJQPqi4txsNtB3iJoNIeUxOd6w6%2FJ1a7pxZJn28ddAP%2FTkRr%2BptS1gBF3dB1CcMQ%2BDblrah3o6KyPIoRf1PgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cache-url-1: /images/240px-Search_Icon.svg.png
cf-polished: origFmt=png, origSize=4014
date: Tue, 08 Oct 2024 12:43:21 GMT
content-type: image/webp
content-disposition: inline; filename="240px-Search_Icon.webp"
vary: Accept
last-modified: Thu, 18 Oct 2018 17:20:33 GMT
x-cache-status-1: HIT
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: unsafe-none
cf-ray: 8cf63755fbb7447a-EWR
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 2462
server: cloudflare

GET
H3 200 getbloa.php Show response
www.onworks.net/push/ 3 B
546 B 204ms
199ms XHR
text/html 2606:4700:20::681a:caa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onworks.net/push/getbloa.php?email=No

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:caa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a3cf5192354f71615ac51034b3e97c20eda99643fcaf5bbe6d41ad59bd12167

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/onworkssession.php

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=0, no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-page-speed: 1.13.35.2-0
cross-origin-opener-policy: unsafe-none
cf-cache-status: DYNAMIC
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PRByH4OotZ%2BLa7TtqnzNbPf7%2Bm8cC76fMgRLfimLoLq6IJP0ckBibPoy4esx22JmFLT0w06a1c58Avn4jss3GWxkQmyTtbKaoZSJHQ6L2p4ZAICmr9qM5X8OvctbpQj5tvYwpNu4pkI78jHrIg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf637613887447a-EWR
cross-origin-embedder-policy: unsafe-none
date: Tue, 08 Oct 2024 12:43:23 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 5728 Show response
stpd.cloud/tag/ 384 KB
128 KB 250ms
216ms Fetch
text/javascript 2606:4700::6812:1f31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stpd.cloud/tag/5728
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1f31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 83e02cfaa6d799e4ac4ebaad3f06ba2cdcc2e8debdff46031ece686660855a34

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: s-maxage=300
x-stpd-module-cache: HIT
content-encoding: br
cf-ray: 8cf637642a3642ea-EWR
access-control-allow-origin: *
date: Tue, 08 Oct 2024 12:43:24 GMT
content-type: text/javascript
vary: Accept-Encoding
server: cloudflare

GET
H2 200 5744 Show response
stpd.cloud/tag/ 384 KB
128 KB 329ms
295ms Fetch
text/javascript 2606:4700::6812:1f31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stpd.cloud/tag/5744
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1f31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f80df68d881718fb56d2da30083ef4621ea5a2e1c1089c6c381bbfc4d59d1c6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: s-maxage=300
x-stpd-module-cache: HIT
content-encoding: br
cf-ray: 8cf637644a4e42ea-EWR
access-control-allow-origin: *
date: Tue, 08 Oct 2024 12:43:24 GMT
content-type: text/javascript
vary: Accept-Encoding
server: cloudflare

GET
H2 200 5732 Show response
stpd.cloud/tag/ 384 KB
128 KB 385ms
353ms Fetch
text/javascript 2606:4700::6812:1f31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stpd.cloud/tag/5732
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1f31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e71694471196951f384b6d51c935c27d11e397d87418681a398172b7f57c7ee8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: s-maxage=300
x-stpd-module-cache: HIT
content-encoding: br
cf-ray: 8cf637644a5042ea-EWR
access-control-allow-origin: *
date: Tue, 08 Oct 2024 12:43:24 GMT
content-type: text/javascript
vary: Accept-Encoding
server: cloudflare

GET
H2 200 5745 Show response
stpd.cloud/tag/ 384 KB
128 KB 294ms
269ms Fetch
text/javascript 2606:4700::6812:1f31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stpd.cloud/tag/5745
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1f31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54bc15c88c5d8f15e4a674ca1c644553c958e2eaa924dbaf55bfb4733adb40fe

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: s-maxage=300
x-stpd-module-cache: HIT
content-encoding: br
cf-ray: 8cf637644a5242ea-EWR
access-control-allow-origin: *
date: Tue, 08 Oct 2024 12:43:24 GMT
content-type: text/javascript
vary: Accept-Encoding
server: cloudflare

GET
H2 200 5729 Show response
stpd.cloud/tag/ 384 KB
128 KB 369ms
344ms Fetch
text/javascript 2606:4700::6812:1f31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stpd.cloud/tag/5729
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1f31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e789783f2d0e71b874cce13b7245a94e3adbb91c1236b1b22780e1e29b0e45a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: s-maxage=300
x-stpd-module-cache: HIT
content-encoding: br
cf-ray: 8cf637644a5342ea-EWR
access-control-allow-origin: *
date: Tue, 08 Oct 2024 12:43:24 GMT
content-type: text/javascript
vary: Accept-Encoding
server: cloudflare

GET
H2 200 stpdwrapper.js Show response
stpd.cloud/assets/ 9 KB
0 10ms
10ms Script
application/javascript 2606:4700::6812:1f31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stpd.cloud/assets/stpdwrapper.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/postscribe.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1f31 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90909d259afbaaa73f4accf86af27e03040ec2540cf1aca4a0a0e5aa8fbdc133

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.onworks.net
Referer: https://www.onworks.net/

Response headers

cache-control: public, max-age=1200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: MISS
etag: W/"4138a5b1014ef329ccf608f46f48b303"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EDJXtxhUACy8S8h9JFhLBcnHZjcQ0uRQCUWSAooimaVdvBJ9Ba4UVh%2BDCrsKn9E3QqHXGRc5twEbyojyM3%2FwZdYn2rtlEWAfgb5MwxTQWIr3xp9WJrVJOgo4gOk0yKf4yd78VXxpIg7I"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8cf637629fff42ea-EWR
expires: Tue, 08 Oct 2024 13:03:23 GMT
access-control-allow-origin: *
date: Tue, 08 Oct 2024 12:43:23 GMT
content-type: application/javascript
vary: Accept-Encoding
server: cloudflare

GET
H2 200 5733 Show response
stpd.cloud/tag/ 384 KB
128 KB 283ms
213ms Fetch
text/javascript 2606:4700::6812:1f31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stpd.cloud/tag/5733
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1f31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c1fad0d0ad9fb1aa7a2306e7905f38030be3713f3fd5909182c62d40ceb024ff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: s-maxage=300
x-stpd-module-cache: HIT
content-encoding: br
cf-ray: 8cf63766ddec42ea-EWR
access-control-allow-origin: *
date: Tue, 08 Oct 2024 12:43:24 GMT
content-type: text/javascript
vary: Accept-Encoding
server: cloudflare

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 256 KB
90 KB 155ms
66ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-DN38F0DWYD&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-117545413-4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

86d8d9e5f6a8e6fed383bbceaa0753648e1d6958dce7fc639b6a3c6c066163f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 08 Oct 2024 12:43:24 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 12:43:24 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 92351
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 705ms
142ms Script
text/javascript 2607:f8b0:4004:c06::8a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-117545413-4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::8a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
age: 3346
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Tue, 08 Oct 2024 13:47:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 11:47:39 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame FFC6 105 KB
33 KB 644ms
85ms Script
text/javascript 2607:f8b0:400d:c1d::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c1d::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c7dda281b7289ad4d15c18180ecfa97d7c46a8e758cba49e9d1b4868cdd1ca45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 208 / 20004 / 31087863 / config-hash: 3564263562507503730
x-content-type-options: nosniff
expires: Tue, 08 Oct 2024 12:43:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 08 Oct 2024 12:43:25 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33034
x-xss-protection: 0
server: cafe

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame B081 105 KB
0 618ms
618ms Script
text/javascript 2607:f8b0:400d:c1d::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c1d::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c7dda281b7289ad4d15c18180ecfa97d7c46a8e758cba49e9d1b4868cdd1ca45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 208 / 20004 / 31087863 / config-hash: 3564263562507503730
x-content-type-options: nosniff
expires: Tue, 08 Oct 2024 12:43:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 08 Oct 2024 12:43:25 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33034
x-xss-protection: 0
server: cafe

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 0274 105 KB
0 623ms
623ms Script
text/javascript 2607:f8b0:400d:c1d::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c1d::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c7dda281b7289ad4d15c18180ecfa97d7c46a8e758cba49e9d1b4868cdd1ca45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 208 / 20004 / 31087863 / config-hash: 3564263562507503730
x-content-type-options: nosniff
expires: Tue, 08 Oct 2024 12:43:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 08 Oct 2024 12:43:25 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33034
x-xss-protection: 0
server: cafe

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame CDAE 105 KB
0 604ms
604ms Script
text/javascript 2607:f8b0:400d:c1d::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c1d::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c7dda281b7289ad4d15c18180ecfa97d7c46a8e758cba49e9d1b4868cdd1ca45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 208 / 20004 / 31087863 / config-hash: 3564263562507503730
x-content-type-options: nosniff
expires: Tue, 08 Oct 2024 12:43:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 08 Oct 2024 12:43:25 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33034
x-xss-protection: 0
server: cafe

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 4FD2 105 KB
0 597ms
597ms Script
text/javascript 2607:f8b0:400d:c1d::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c1d::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c7dda281b7289ad4d15c18180ecfa97d7c46a8e758cba49e9d1b4868cdd1ca45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 208 / 20004 / 31087863 / config-hash: 3564263562507503730
x-content-type-options: nosniff
expires: Tue, 08 Oct 2024 12:43:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 08 Oct 2024 12:43:25 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33034
x-xss-protection: 0
server: cafe

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame AEE8 105 KB
0 554ms
554ms Script
text/javascript 2607:f8b0:400d:c1d::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c1d::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c7dda281b7289ad4d15c18180ecfa97d7c46a8e758cba49e9d1b4868cdd1ca45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 208 / 20004 / 31087863 / config-hash: 3564263562507503730
x-content-type-options: nosniff
expires: Tue, 08 Oct 2024 12:43:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 08 Oct 2024 12:43:25 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33034
x-xss-protection: 0
server: cafe

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 718ms
269ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-DN38F0DWYD&gtm=45je4a20v9121000514za200&_p=1728391403229&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101671035~101747727&cid=1907463751.1728391405&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AAAI&_s=1&sid=1728391405&sct=1&seg=0&dl=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&dt=Session%20management%20for%20OnWorks%20Free%20hosting%20provider%20for%20Linux%20online&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=4507
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DN38F0DWYD&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.onworks.net
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 12:43:25 GMT
content-type: text/plain
server: Golfe2

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
419 B 65ms
61ms XHR
text/plain 2607:f8b0:4004:c06::8a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1997057390&t=pageview&_s=1&dl=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&ul=en-ca&de=UTF-8&dt=Session%20management%20for%20OnWorks%20Free%20hosting%20provider%20for%20Linux%20online&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=954004732&gjid=436321451&cid=1907463751.1728391405&tid=UA-117545413-4&_gid=822639989.1728391406&_r=1&gtm=457e4a20za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101671035~101747727&jsscut=1&npa=1&z=99479398

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::8a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.onworks.net/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 12:43:25 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://www.onworks.net
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 1
server: Golfe2

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/ Frame FFC6 481 KB
149 KB 308ms
65ms Script
text/javascript 2607:f8b0:400d:c03::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/pubads_impl.js?cb=31087863

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c03::9a Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

543c5adf9bd8c3b8db6eb0e512248483b0d7317bb7ad46f152b5f7d0474914a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 12885551914114104494
age: 7799
x-content-type-options: nosniff
expires: Wed, 08 Oct 2025 10:33:27 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 08 Oct 2024 10:33:27 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 153016
x-xss-protection: 0
server: cafe

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/ Frame AEE8 481 KB
0 293ms
293ms Script
text/javascript 2607:f8b0:400d:c03::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/pubads_impl.js?cb=31087863

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c03::9a Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

543c5adf9bd8c3b8db6eb0e512248483b0d7317bb7ad46f152b5f7d0474914a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 12885551914114104494
age: 7799
x-content-type-options: nosniff
expires: Wed, 08 Oct 2025 10:33:27 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 08 Oct 2024 10:33:27 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 153016
x-xss-protection: 0
server: cafe

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/ Frame CDAE 481 KB
0 272ms
272ms Script
text/javascript 2607:f8b0:400d:c03::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/pubads_impl.js?cb=31087863

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c03::9a Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

543c5adf9bd8c3b8db6eb0e512248483b0d7317bb7ad46f152b5f7d0474914a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 12885551914114104494
age: 7799
x-content-type-options: nosniff
expires: Wed, 08 Oct 2025 10:33:27 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 08 Oct 2024 10:33:27 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 153016
x-xss-protection: 0
server: cafe

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/ Frame 0274 481 KB
0 261ms
261ms Script
text/javascript 2607:f8b0:400d:c03::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/pubads_impl.js?cb=31087863

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c03::9a Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

543c5adf9bd8c3b8db6eb0e512248483b0d7317bb7ad46f152b5f7d0474914a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 12885551914114104494
age: 7799
x-content-type-options: nosniff
expires: Wed, 08 Oct 2025 10:33:27 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 08 Oct 2024 10:33:27 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 153016
x-xss-protection: 0
server: cafe

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/ Frame B081 481 KB
0 253ms
253ms Script
text/javascript 2607:f8b0:400d:c03::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/pubads_impl.js?cb=31087863

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c03::9a Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

543c5adf9bd8c3b8db6eb0e512248483b0d7317bb7ad46f152b5f7d0474914a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 12885551914114104494
age: 7799
x-content-type-options: nosniff
expires: Wed, 08 Oct 2025 10:33:27 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 08 Oct 2024 10:33:27 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 153016
x-xss-protection: 0
server: cafe

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/ Frame 4FD2 481 KB
0 239ms
239ms Script
text/javascript 2607:f8b0:400d:c03::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/pubads_impl.js?cb=31087863

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c03::9a Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

543c5adf9bd8c3b8db6eb0e512248483b0d7317bb7ad46f152b5f7d0474914a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 12885551914114104494
age: 7799
x-content-type-options: nosniff
expires: Wed, 08 Oct 2025 10:33:27 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 08 Oct 2024 10:33:27 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 153016
x-xss-protection: 0
server: cafe

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 236ms
75ms Preflight
application/json 2620:100:a00b::12
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.onworks.net%2F&domain=www.onworks.net&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a00b::12 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.onworks.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://www.onworks.net
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Tue, 08 Oct 2024 12:43:26 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 268241
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 op.js Show response
tagan.adlightning.com/setupad/ Frame B081 15 KB
7 KB 343ms
63ms Script
application/javascript 3.171.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/op.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.171.139.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-171-139-122.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7732243d95f6b7d9101f253cb61fd4d414bc2c27597e82ec582da14bf4f2dca2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "cce95bda8f60489405d4bd75942daf0e"
x-amz-version-id: dGg.E0AijgMszrhSqd3WKAZqPQj9KR2j
age: 3037
x-cache: Hit from cloudfront
x-amz-cf-id: jraDYXKIDV-D7vai_iq9GAfBQfirOqSjOF7M6vtXor6nP9xUrFafqA==
date: Tue, 08 Oct 2024 11:52:51 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 03:32:30 GMT
cache-control: max-age=3600
via: 1.1 97713e58966a50f0173f1cdb4e67aea0.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 6686
x-amz-meta-git_commit: 904ac2d
x-amz-cf-pop: JFK52-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ Frame B081 2 KB
1 KB 185ms
62ms Fetch
application/json 2a04:4e42::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20241008

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

efe6299dc5fe28c470e7580ba46ee67183750077983fb1a4f64714da4c9adb36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"63a-CPw2cJ7HBdPfIFqeLOW9VtVqqns"
age: 31351
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Tue, 08 Oct 2024 12:43:26 GMT
content-type: application/json; charset=utf-8
x-served-by: cache-fra-eddf8230103-FRA, cache-yyz4529-YYZ
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 848
x-jsd-version: 1.0.2202

POST
H2 200 prebid Show response
id5-sync.com/api/config/ Frame B081 167 B
447 B 707ms
218ms Fetch
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

3b9767e5d0bea4d284bb1e624cc6ee3244b13efedfe5424eb5140ef326511eb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:26 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-credentials: true

GET json
gum.criteo.com/sid/ Frame B081 0
0

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ Frame B081 1 KB
1 KB 503ms
82ms Script
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3aec57ffa5c31e185202ddaa3b5b9d9872d4504f4546ab4eea1298baaf3c7cc7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Transfer-Encoding: chunked
Cache-Control: public, max-age=1800
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"00a8e13a83b2bbab51af8e55f52be363"
Age: 452647
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OqH0HcMWAVclZAjpOVOV50SafExSqo9kZF6AwAWRsUz0ACwwqo2Ul8OTbuZMBGBsmFdzsgO08sb5LeJGY2%2FXOVLO%2B3lIKIn2BIDWnUeiJEgEnIwXBjKPVviWzztM51Zp86Bw%2FVLm0yXuv9BV"}],"group":"cf-nel","max_age":604800}
CF-RAY: 8cf63777cd6f432e-EWR
Date: Tue, 08 Oct 2024 12:43:27 GMT
Content-Type: application/javascript
Last-Modified: Wed, 28 Aug 2024 15:06:32 GMT
Vary: Accept-Encoding
Server: cloudflare

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 141ms
76ms Preflight
application/json 2620:100:a00b::12
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.onworks.net%2F&domain=www.onworks.net&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a00b::12 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.onworks.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://www.onworks.net
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Tue, 08 Oct 2024 12:43:26 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 195736
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 op.js Show response
tagan.adlightning.com/setupad/ Frame FFC6 15 KB
0 154ms
154ms Script
application/javascript 3.171.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/op.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.171.139.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-171-139-122.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7732243d95f6b7d9101f253cb61fd4d414bc2c27597e82ec582da14bf4f2dca2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "cce95bda8f60489405d4bd75942daf0e"
x-amz-version-id: dGg.E0AijgMszrhSqd3WKAZqPQj9KR2j
age: 3037
x-cache: Hit from cloudfront
x-amz-cf-id: jraDYXKIDV-D7vai_iq9GAfBQfirOqSjOF7M6vtXor6nP9xUrFafqA==
date: Tue, 08 Oct 2024 11:52:51 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 03:32:30 GMT
cache-control: max-age=3600
via: 1.1 97713e58966a50f0173f1cdb4e67aea0.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 6686
x-amz-meta-git_commit: 904ac2d
x-amz-cf-pop: JFK52-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ Frame FFC6 2 KB
0 0ms
0ms Fetch
application/json 2a04:4e42::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20241008

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

efe6299dc5fe28c470e7580ba46ee67183750077983fb1a4f64714da4c9adb36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"63a-CPw2cJ7HBdPfIFqeLOW9VtVqqns"
age: 31351
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Tue, 08 Oct 2024 12:43:26 GMT
content-type: application/json; charset=utf-8
x-served-by: cache-fra-eddf8230103-FRA, cache-yyz4529-YYZ
vary: Accept-Encoding
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 848
x-jsd-version: 1.0.2202

POST
H2 200 prebid Show response
id5-sync.com/api/config/ Frame FFC6 167 B
447 B 612ms
217ms Fetch
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

3b9767e5d0bea4d284bb1e624cc6ee3244b13efedfe5424eb5140ef326511eb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:26 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-credentials: true

GET json
gum.criteo.com/sid/ Frame FFC6 0
0

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ Frame FFC6 1 KB
656 B 578ms
131ms Script
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3aec57ffa5c31e185202ddaa3b5b9d9872d4504f4546ab4eea1298baaf3c7cc7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Cache-Control: public, max-age=1800
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"00a8e13a83b2bbab51af8e55f52be363"
Age: 452647
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DKNAyHbciN%2FA1nSwJ2lgVCAx6f9jl7IqwMZbAwiuNcu4K9s9yZGrQ8IIVKkQZxKi3D0LMoonSUInSz0ITcW2ZRbbFecCGmz9Y2Jgw80EDKeBOX6UaYX0itPBIFhL1A87%2Bo7i6MlkCzDD2z3D"}],"group":"cf-nel","max_age":604800}
CF-RAY: 8cf637788e21432e-EWR
Date: Tue, 08 Oct 2024 12:43:27 GMT
Last-Modified: Wed, 28 Aug 2024 15:06:32 GMT
Vary: Accept-Encoding
Server: cloudflare
Content-Type: application/javascript

GET
H2 200 op.js Show response
tagan.adlightning.com/setupad/ Frame AEE8 15 KB
0 61ms
61ms Script
application/javascript 3.171.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/op.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.171.139.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-171-139-122.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7732243d95f6b7d9101f253cb61fd4d414bc2c27597e82ec582da14bf4f2dca2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "cce95bda8f60489405d4bd75942daf0e"
x-amz-version-id: dGg.E0AijgMszrhSqd3WKAZqPQj9KR2j
age: 3037
x-cache: Hit from cloudfront
x-amz-cf-id: jraDYXKIDV-D7vai_iq9GAfBQfirOqSjOF7M6vtXor6nP9xUrFafqA==
date: Tue, 08 Oct 2024 11:52:51 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 03:32:30 GMT
cache-control: max-age=3600
via: 1.1 97713e58966a50f0173f1cdb4e67aea0.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 6686
x-amz-meta-git_commit: 904ac2d
x-amz-cf-pop: JFK52-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ Frame AEE8 2 KB
0 0ms
0ms Fetch
application/json 2a04:4e42::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20241008

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

efe6299dc5fe28c470e7580ba46ee67183750077983fb1a4f64714da4c9adb36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"63a-CPw2cJ7HBdPfIFqeLOW9VtVqqns"
age: 31351
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Tue, 08 Oct 2024 12:43:26 GMT
content-type: application/json; charset=utf-8
x-served-by: cache-fra-eddf8230103-FRA, cache-yyz4529-YYZ
vary: Accept-Encoding
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 848
x-jsd-version: 1.0.2202

POST
H2 200 prebid Show response
id5-sync.com/api/config/ Frame AEE8 167 B
447 B 503ms
216ms Fetch
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

3b9767e5d0bea4d284bb1e624cc6ee3244b13efedfe5424eb5140ef326511eb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:26 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-credentials: true

GET json
gum.criteo.com/sid/ Frame AEE8 0
0

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ Frame AEE8 1 KB
656 B 557ms
80ms Script
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3aec57ffa5c31e185202ddaa3b5b9d9872d4504f4546ab4eea1298baaf3c7cc7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Cache-Control: public, max-age=1800
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"00a8e13a83b2bbab51af8e55f52be363"
Age: 452647
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kz7s7UKFUIyH2WZ0HK6FytWxNv4PEBXd%2F4EEeRmFVV33YxQ8uwNuLB9KKwRkgTBtTac9NqyUQh580D3S5mO4jK43lly75dIXZR0BOwF0w3y4%2Ft4HIlYt5M2yle0JkOPAoalnuuXxfJRpCOhl"}],"group":"cf-nel","max_age":604800}
CF-RAY: 8cf637796f03432e-EWR
Date: Tue, 08 Oct 2024 12:43:27 GMT
Last-Modified: Wed, 28 Aug 2024 15:06:32 GMT
Vary: Accept-Encoding
Server: cloudflare
Content-Type: application/javascript

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 97ms
85ms Preflight
application/json 2620:100:a00b::12
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.onworks.net%2F&domain=www.onworks.net&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a00b::12 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.onworks.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://www.onworks.net
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Tue, 08 Oct 2024 12:43:26 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 222018
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 op.js Show response
tagan.adlightning.com/setupad/ Frame 0274 15 KB
0 0ms
0ms Script
application/javascript 3.171.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/op.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.171.139.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-171-139-122.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7732243d95f6b7d9101f253cb61fd4d414bc2c27597e82ec582da14bf4f2dca2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "cce95bda8f60489405d4bd75942daf0e"
x-amz-version-id: dGg.E0AijgMszrhSqd3WKAZqPQj9KR2j
age: 3037
x-cache: Hit from cloudfront
x-amz-cf-id: jraDYXKIDV-D7vai_iq9GAfBQfirOqSjOF7M6vtXor6nP9xUrFafqA==
date: Tue, 08 Oct 2024 11:52:51 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 03:32:30 GMT
cache-control: max-age=3600
via: 1.1 97713e58966a50f0173f1cdb4e67aea0.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 6686
x-amz-meta-git_commit: 904ac2d
x-amz-cf-pop: JFK52-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ Frame 0274 2 KB
0 3ms
3ms Fetch
application/json 2a04:4e42::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20241008

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

efe6299dc5fe28c470e7580ba46ee67183750077983fb1a4f64714da4c9adb36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"63a-CPw2cJ7HBdPfIFqeLOW9VtVqqns"
age: 31351
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Tue, 08 Oct 2024 12:43:26 GMT
content-type: application/json; charset=utf-8
x-served-by: cache-fra-eddf8230103-FRA, cache-yyz4529-YYZ
vary: Accept-Encoding
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 848
x-jsd-version: 1.0.2202

POST
H2 200 prebid Show response
id5-sync.com/api/config/ Frame 0274 167 B
448 B 241ms
218ms Fetch
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

3b9767e5d0bea4d284bb1e624cc6ee3244b13efedfe5424eb5140ef326511eb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:27 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-credentials: true

GET json
gum.criteo.com/sid/ Frame 0274 0
0

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ Frame 0274 1 KB
664 B 406ms
108ms Script
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3aec57ffa5c31e185202ddaa3b5b9d9872d4504f4546ab4eea1298baaf3c7cc7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Cache-Control: public, max-age=1800
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"00a8e13a83b2bbab51af8e55f52be363"
Age: 452647
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uOAeACeLmzrnm86aUkXQkL09%2FiJ65i6FTsHJZjuts2o%2FXW%2BUo0MSjMxEZ980SJDewKS04UAk79UVWY4X2iAa%2FGZYPHU8ArrX4qDgDgW58gD0kW2fpfFMcWQhAp%2FKPhDL%2F91Z5JefEWL2B3HO"}],"group":"cf-nel","max_age":604800}
CF-RAY: 8cf63779efaf432e-EWR
Date: Tue, 08 Oct 2024 12:43:27 GMT
Last-Modified: Wed, 28 Aug 2024 15:06:32 GMT
Vary: Accept-Encoding
Server: cloudflare
Content-Type: application/javascript

GET
H2 200 op.js Show response
tagan.adlightning.com/setupad/ Frame 4FD2 15 KB
0 3ms
3ms Script
application/javascript 3.171.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/op.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.171.139.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-171-139-122.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7732243d95f6b7d9101f253cb61fd4d414bc2c27597e82ec582da14bf4f2dca2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "cce95bda8f60489405d4bd75942daf0e"
x-amz-version-id: dGg.E0AijgMszrhSqd3WKAZqPQj9KR2j
age: 3037
x-cache: Hit from cloudfront
x-amz-cf-id: jraDYXKIDV-D7vai_iq9GAfBQfirOqSjOF7M6vtXor6nP9xUrFafqA==
date: Tue, 08 Oct 2024 11:52:51 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 03:32:30 GMT
cache-control: max-age=3600
via: 1.1 97713e58966a50f0173f1cdb4e67aea0.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 6686
x-amz-meta-git_commit: 904ac2d
x-amz-cf-pop: JFK52-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ Frame 4FD2 2 KB
0 6ms
6ms Fetch
application/json 2a04:4e42::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20241008

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

efe6299dc5fe28c470e7580ba46ee67183750077983fb1a4f64714da4c9adb36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"63a-CPw2cJ7HBdPfIFqeLOW9VtVqqns"
age: 31351
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Tue, 08 Oct 2024 12:43:26 GMT
content-type: application/json; charset=utf-8
x-served-by: cache-fra-eddf8230103-FRA, cache-yyz4529-YYZ
vary: Accept-Encoding
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 848
x-jsd-version: 1.0.2202

POST
H2 200 prebid Show response
id5-sync.com/api/config/ Frame 4FD2 167 B
447 B 283ms
269ms Fetch
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

3b9767e5d0bea4d284bb1e624cc6ee3244b13efedfe5424eb5140ef326511eb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:26 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-credentials: true

GET json
gum.criteo.com/sid/ Frame 4FD2 0
0

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ Frame 4FD2 1 KB
658 B 445ms
163ms Script
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3aec57ffa5c31e185202ddaa3b5b9d9872d4504f4546ab4eea1298baaf3c7cc7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Cache-Control: public, max-age=1800
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"00a8e13a83b2bbab51af8e55f52be363"
Age: 452647
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bKjl6NdQaBivnhkN4VjCzJR6bKhOoBbuI5T8vY7awcSopejb6i4tUnRkUQ1lo0EsNTKAteXCWKav%2B6FWg20B2nzmv7AJCep2Pbg0fJkek4JrTFu%2Bckkxfh7N7UPTSgeACP99UFZU%2BwxeBpza"}],"group":"cf-nel","max_age":604800}
CF-RAY: 8cf6377ab8ce432e-EWR
Date: Tue, 08 Oct 2024 12:43:27 GMT
Last-Modified: Wed, 28 Aug 2024 15:06:32 GMT
Vary: Accept-Encoding
Server: cloudflare
Content-Type: application/javascript

GET
H2 200 op.js Show response
tagan.adlightning.com/setupad/ Frame CDAE 15 KB
0 6ms
6ms Script
application/javascript 3.171.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/op.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.171.139.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-171-139-122.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7732243d95f6b7d9101f253cb61fd4d414bc2c27597e82ec582da14bf4f2dca2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "cce95bda8f60489405d4bd75942daf0e"
x-amz-version-id: dGg.E0AijgMszrhSqd3WKAZqPQj9KR2j
age: 3037
x-cache: Hit from cloudfront
x-amz-cf-id: jraDYXKIDV-D7vai_iq9GAfBQfirOqSjOF7M6vtXor6nP9xUrFafqA==
date: Tue, 08 Oct 2024 11:52:51 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 03:32:30 GMT
cache-control: max-age=3600
via: 1.1 97713e58966a50f0173f1cdb4e67aea0.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 6686
x-amz-meta-git_commit: 904ac2d
x-amz-cf-pop: JFK52-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ Frame CDAE 2 KB
0 6ms
6ms Fetch
application/json 2a04:4e42::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20241008

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

efe6299dc5fe28c470e7580ba46ee67183750077983fb1a4f64714da4c9adb36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"63a-CPw2cJ7HBdPfIFqeLOW9VtVqqns"
age: 31351
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Tue, 08 Oct 2024 12:43:26 GMT
content-type: application/json; charset=utf-8
x-served-by: cache-fra-eddf8230103-FRA, cache-yyz4529-YYZ
vary: Accept-Encoding
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 848
x-jsd-version: 1.0.2202

POST
H2 200 prebid Show response
id5-sync.com/api/config/ Frame CDAE 167 B
447 B 264ms
239ms Fetch
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

3b9767e5d0bea4d284bb1e624cc6ee3244b13efedfe5424eb5140ef326511eb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:26 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-credentials: true

GET json
gum.criteo.com/sid/ Frame CDAE 0
0

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ Frame CDAE 1 KB
666 B 458ms
105ms Script
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3aec57ffa5c31e185202ddaa3b5b9d9872d4504f4546ab4eea1298baaf3c7cc7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Cache-Control: public, max-age=1800
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"00a8e13a83b2bbab51af8e55f52be363"
Age: 452647
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CadapGowd7lMRxERz%2FCdpdvx4TeEiNjgFl6YhQy%2BevKtGRVS8i%2FajD2nrx%2FE7XwFpFxCcV9Rtdnnumfx9hjUwFtZ%2B%2FW9VJuOc%2B4IAqXlpQcmhJSyK1LwM8Q951oqZhKrspsgIhiVv5CMVebb"}],"group":"cf-nel","max_age":604800}
CF-RAY: 8cf6377ba9f1432e-EWR
Date: Tue, 08 Oct 2024 12:43:27 GMT
Last-Modified: Wed, 28 Aug 2024 15:06:32 GMT
Vary: Accept-Encoding
Server: cloudflare
Content-Type: application/javascript

POST
H2 200 cookie_sync Show response
prebid-stag.setupad.net/ Frame B081 1 KB
713 B 578ms
260ms Fetch
application/json 104.26.8.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/cookie_sync
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8229499317a05ecd670f92bd16e6c3654e86be58644c5e0912eaf663344bed2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
pragma: no-cache
access-control-allow-credentials: true
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VNQstfpJ%2B1ChbnHYQ4hBBTeAHN5ryrE30n1HXIDVVUS86wR4fjapmb5xe%2FwN60CO5VB71nBUDoAms%2FUNVfsgD4GKrD8NiY3bGgAtp%2FS68b2jKwKXv916G5RbdzposyDnBHjC%2Fn725zeI"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf6377b9e1336fe-YYZ
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
content-type: application/json; charset=utf-8
vary: Origin
server: cloudflare

POST auction
prebid-stag.setupad.net/openrtb2/ Frame B081 0
0

POST
H2 200 openrtb Show response
adx2.adform.net/adx/ Frame B081 2 KB
2 KB 500ms
156ms Fetch
application/json 185.167.164.52
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx2.adform.net/adx/openrtb

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.167.164.52 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

d1bbb9cc0402bdee3c142cf351f607601c351f703220984c6c3a7bcb4b4816e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 86400
content-encoding: gzip
access-control-allow-methods: POST,OPTIONS
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
date: Tue, 08 Oct 2024 12:43:28 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
server: nginx

POST
H2 200 c Show response
prebid.a-mo.net/a/ Frame B081 30 KB
15 KB 689ms
347ms Fetch
application/json 147.28.129.37
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.28.129.37 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: 43e15e9fb0ff6510b376bf164750100d0c923c05c767e16de2dc01de9f17705e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
x-envoy-upstream-service-time: 187
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
content-length: 14672
date: Tue, 08 Oct 2024 12:43:27 GMT
content-type: application/json; charset=utf-8
vary: origin, accept-encoding
server: envoy

POST
H2 204 25 Show response
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ Frame B081 0
214 B 554ms
117ms Fetch 2606:ae80:1451:22::820
VALUECLICK

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:ae80:1451:22::820 , United States, ASN25751 (VALUECLICK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Bitness
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
server: nginx

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame B081 28 KB
10 KB 725ms
195ms Fetch
application/json 216.22.16.49
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.22.16.49 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 38103175aa8c9c66201969cb71ace5467027b47e521e656d7c1b44c2ee7d6113

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:28 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding, Origin

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame B081 24 KB
11 KB 537ms
236ms Fetch
application/json 2620:100:a00b::30
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.27.0&cb=58117458695&lsavail=1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

dc9b878d422a04bfe7f287d6b9bec8e3bbb2326890588799e1864a740f56431c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; preload;
content-encoding: br
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
observe-browsing-topics: ?1
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:27 GMT
content-type: application/json
vary: Accept-Encoding, Origin
server: Kestrel

POST
H2 200 auction Show response
tlx.3lift.com/header/ Frame B081 9 KB
7 KB 589ms
255ms Fetch
application/json 107.22.180.23
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=8.27.0&referrer=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&tmax=1000

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

107.22.180.23 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-107-22-180-23.compute-1.amazonaws.com

Software

Resource Hash

4bc933b0514d3df33d2bdb4c0fae7a3882e08fb7093049c77145fb92b407d4d9

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: zstd
pragma: no-cache
accept-ch: sec-ch-ua-model,sec-ch-ect,sec-ch-save-data,sec-ch-viewport-height,sec-ch-width,user-agent,sec-ch-dpr,sec-ch-ua-platform,sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list,sec-ch-downlink,sec-ch-viewport-width,sec-ch-ua-mobile,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua-full-version,sec-ch-ua,sec-ch-ua-bitness,sec-ch-device-memory,sec-ch-ua-platform-version
access-control-allow-credentials: true
observe-browsing-topics: ?1
expires: Thu, 15 Oct 1992 20:10:00 GMT
access-control-allow-origin: https://www.onworks.net
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
content-length: 6237
x-xss-protection: 0
content-type: application/json; charset=utf-8

POST
H2 200 prebid Show response
mp.4dex.io/ Frame B081 25 KB
13 KB 868ms
505ms Fetch
application/json 2606:4700:4400::6812:22b2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22b2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f2d1d5c12ba71939fe706e742abde97dc965a850331b534782814ed8d774f420

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

x-version: 3.0.0-gcp-las
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
cf-cache-status: DYNAMIC
pragma: no-cache
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 8cf6377c1f398c81-EWR
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
content-type: application/json; charset=utf-8
vary: Origin, Accept-Encoding
server: cloudflare

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ Frame B081 139 B
831 B 448ms
150ms Fetch
application/json 68.67.160.184
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.184 Colonia, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

f9d58c8f6bdcd75c2aab42850bfb32b8eb0243b8d73c5ebc22a040b976974f74

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 157.254.49.145; 157.254.49.145; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://www.onworks.net
an-x-request-uuid: e5fe0271-b189-46e4-8d03-38fd5fcb9a22
content-length: 139
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 08 Oct 2024 12:43:27 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
server: nginx/1.23.4

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame B081 0
178 B 651ms
183ms Fetch 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, CY),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 3600
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
vary: Origin
access-control-allow-credentials: true
access-control-allow-methods: POST

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ Frame B081 2 KB
2 KB 697ms
205ms Fetch
application/json 185.106.140.18
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.106.140.18 , Netherlands, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx /
Resource Hash: da061dafa2a13919ccbaca8e71e811fdfbc1af85142d7a7c09c71b0e47eaa80e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Expires: 0
Access-Control-Allow-Origin: https://www.onworks.net
Content-Length: 1962
Date: Tue, 08 Oct 2024 12:43:28 GMT
X-Prebid: pbs-go/unknown
Content-Type: application/json
Vary: Origin
Server: nginx

POST
H2 200 cookie_sync Show response
prebid-stag.setupad.net/ Frame FFC6 1 KB
1 KB 495ms
221ms Fetch
application/json 104.26.8.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/cookie_sync
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a40d694056966b1091b9a35758d28b22ee6daedeeea45053572ed19b78fa96f9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
pragma: no-cache
access-control-allow-credentials: true
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JJAS9eHiuAB5L%2FOkbVTsYaFYnBWrcTQfubk%2Fl7e0trYTl9F%2Fk0zuXvDhjqxUgNjRKWz8euefPa46EhfVw%2FTzquasilKNMoyRsYs9XaJlE19N3ew0EodQbNyF2euGLTLwUqZCoTP6l3wS"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf6377b9e0d36fe-YYZ
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
content-type: application/json; charset=utf-8
vary: Origin
server: cloudflare

POST
H2 200 auction Show response
prebid-stag.setupad.net/openrtb2/ Frame FFC6 13 KB
6 KB 622ms
352ms Fetch
application/json 104.26.8.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d60a7836af26a09e916f6dc82ce2983482533d8b1f2467ac8940db22ca83539

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
pragma: no-cache
access-control-allow-credentials: true
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WxlRYQ72tFv%2BgGZPmPgGDgSvcDvXdMv%2B1nGSMxPY74PmhkrulMc9YT%2B0ErD834Jhv4XB2tvURLizxa4S82XuG3nsKN6UAmDEzfnyFESAzhZEWMkD6DoQ7WYvqrd1s7Ki9Nc7mwJK7LV0"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf6377b9e0b36fe-YYZ
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
x-prebid: pbs-go/0.259.0
content-type: application/json
vary: Origin
server: cloudflare

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ Frame FFC6 22 KB
14 KB 543ms
271ms Fetch
application/json 68.67.160.184
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.184 Colonia, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

15519579dfb97d7b504f1ec7d1f8dfad66d8776dc43a8398588c60b472658af1

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 157.254.49.145; 157.254.49.145; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://www.onworks.net
an-x-request-uuid: 791203d0-ec66-44b1-9aed-e76fc8d32887
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 08 Oct 2024 12:43:28 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: nginx/1.23.4

POST
H2 204 prebid Show response
mp.4dex.io/ Frame FFC6 0
272 B 727ms
400ms Fetch 2606:4700:4400::6812:22b2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22b2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

x-version: 3.0.0-gcp-las
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
pragma: no-cache
x-err: Calling bidders. no bid responses
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 8cf6377c1f3b8c81-EWR
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
vary: Origin, Accept-Encoding
server: cloudflare

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame FFC6 0
177 B 622ms
184ms Fetch 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, CY),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 3600
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
vary: Origin
access-control-allow-credentials: true
access-control-allow-methods: POST

POST
H2 200 c Show response
prebid.a-mo.net/a/ Frame FFC6 1 KB
1 KB 394ms
99ms Fetch
application/json 147.28.129.37
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.28.129.37 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: c4efebed08b52a0c03c15b37b89ca19e20778df3f7c57f2f325027278eb14dc5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
x-envoy-upstream-service-time: 3
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
content-length: 543
date: Tue, 08 Oct 2024 12:43:27 GMT
content-type: application/json; charset=utf-8
vary: origin, accept-encoding
server: envoy

POST
H2 200 openrtb Show response
adx2.adform.net/adx/ Frame FFC6 2 KB
2 KB 440ms
146ms Fetch
application/json 185.167.164.52
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx2.adform.net/adx/openrtb

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.167.164.52 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3e8da873efc457eddd7225cb873c7e8599435c22fa7b8070c398247416c94df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 86400
content-encoding: gzip
access-control-allow-methods: POST,OPTIONS
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
date: Tue, 08 Oct 2024 12:43:28 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
server: nginx

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ Frame FFC6 2 KB
2 KB 681ms
224ms Fetch
application/json 185.106.140.18
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.106.140.18 , Netherlands, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx /
Resource Hash: 1771e8f12bcde7a173e0a9b2bf632a8f6f0e777805828d18a61b3f764a3a9b9e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Expires: 0
Access-Control-Allow-Origin: https://www.onworks.net
Content-Length: 1962
Date: Tue, 08 Oct 2024 12:43:28 GMT
X-Prebid: pbs-go/unknown
Content-Type: application/json
Vary: Origin
Server: nginx

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame FFC6 28 KB
10 KB 720ms
258ms Fetch
application/json 216.22.16.49
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.22.16.49 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 0b68dbe6d6ebd20e32cabe65a224b16c76d89fab12c0e83fa5db6178b7bfb3d4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:27 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding, Origin

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame FFC6 0
489 B 488ms
236ms Fetch 2620:100:a00b::30
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.27.0&cb=3394950045&lsavail=1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
observe-browsing-topics: ?1
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:27 GMT
vary: Origin
server: Kestrel

POST
H2 200 auction Show response
tlx.3lift.com/header/ Frame FFC6 12 KB
6 KB 523ms
239ms Fetch
application/json 107.22.180.23
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=8.27.0&referrer=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&tmax=1000

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

107.22.180.23 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-107-22-180-23.compute-1.amazonaws.com

Software

Resource Hash

4514a8a8292e1ba83d5228118234a0a5becfd278c38ff12341afaf2254e1c9a2

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: zstd
pragma: no-cache
accept-ch: sec-ch-viewport-width,sec-ch-downlink,sec-ch-ua-full-version-list,sec-ch-prefers-color-scheme,sec-ch-ua-platform,sec-ch-dpr,user-agent,sec-ch-width,sec-ch-viewport-height,sec-ch-save-data,sec-ch-ect,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-device-memory,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-full-version,sec-ch-ua-arch,sec-ch-rtt,sec-ch-ua-mobile
access-control-allow-credentials: true
observe-browsing-topics: ?1
expires: Thu, 15 Oct 1992 20:10:00 GMT
access-control-allow-origin: https://www.onworks.net
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
content-length: 5282
x-xss-protection: 0
content-type: application/json; charset=utf-8

POST
H2 204 25 Show response
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ Frame FFC6 0
214 B 519ms
140ms Fetch 2606:ae80:1451:22::820
VALUECLICK

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:ae80:1451:22::820 , United States, ASN25751 (VALUECLICK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Bitness
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
server: nginx

POST
H2 200 cookie_sync Show response
prebid-stag.setupad.net/ Frame AEE8 1 KB
715 B 492ms
283ms Fetch
application/json 104.26.8.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/cookie_sync
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 99436e758293048244cc712bb20f41e8cd4d8ebcbc9169d6f141bb1865185a4a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
pragma: no-cache
access-control-allow-credentials: true
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QktILmM16SQpU8gCwbreXddR81L%2B57VeBP%2B93D%2F3pzGUXwvYroJPRDC4Lqv8cAQ1HREwMG%2BMtwWDYEsRgVia15g0pAOqkuEVPpZjm%2F91FSc19l7s19cq9IWF9N9EhMvf91HtGeilqayB"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf6377b9e1136fe-YYZ
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
content-type: application/json; charset=utf-8
vary: Origin
server: cloudflare

POST
H2 200 auction Show response
prebid-stag.setupad.net/openrtb2/ Frame AEE8 13 KB
6 KB 688ms
479ms Fetch
application/json 104.26.8.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 57b1f990b48a00f2235ecbd8a0c16412edc495c5ced36c77b05446c733e738fb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
pragma: no-cache
access-control-allow-credentials: true
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kyY5QRrSHNBKLFuTfPQOWKIyl0BGU1B%2FYfoR2lzbBzhBzE7yEVG8H8vUcqSenh%2B61PlkLFmf%2BI7etYzbnJShekDhRWlRNy9%2FciloucvHnLwqUfuakuVv%2FPKcJVoGBAzCZjVVroOi%2Bgrm"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf6377b9e1236fe-YYZ
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
x-prebid: pbs-go/0.259.0
content-type: application/json
vary: Origin
server: cloudflare

POST
H2 200 openrtb Show response
adx2.adform.net/adx/ Frame AEE8 2 KB
2 KB 436ms
193ms Fetch
application/json 185.167.164.52
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx2.adform.net/adx/openrtb

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.167.164.52 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

dd1924182441bbb68178a4eadc72a70377a236dc4a7e805243ee2d76263a813b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 86400
content-encoding: gzip
access-control-allow-methods: POST,OPTIONS
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
date: Tue, 08 Oct 2024 12:43:28 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
server: nginx

POST
H2 200 auction Show response
tlx.3lift.com/header/ Frame AEE8 13 KB
6 KB 438ms
201ms Fetch
application/json 107.22.180.23
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=8.27.0&referrer=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&tmax=1000

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

107.22.180.23 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-107-22-180-23.compute-1.amazonaws.com

Software

Resource Hash

d13d7a913e2188a046323739520cbfc683315c3a97e34204f5e0658c313967d3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: zstd
pragma: no-cache
accept-ch: sec-ch-ua-platform,sec-ch-dpr,user-agent,sec-ch-width,sec-ch-viewport-height,sec-ch-save-data,sec-ch-ect,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-device-memory,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-full-version,sec-ch-ua-arch,sec-ch-rtt,sec-ch-ua-mobile,sec-ch-viewport-width,sec-ch-downlink,sec-ch-ua-full-version-list,sec-ch-prefers-color-scheme
access-control-allow-credentials: true
observe-browsing-topics: ?1
expires: Thu, 15 Oct 1992 20:10:00 GMT
access-control-allow-origin: https://www.onworks.net
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
content-length: 5546
x-xss-protection: 0
content-type: application/json; charset=utf-8

POST
H2 204 25 Show response
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ Frame AEE8 0
215 B 448ms
119ms Fetch 2606:ae80:1451:22::820
VALUECLICK

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:ae80:1451:22::820 , United States, ASN25751 (VALUECLICK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Bitness
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
server: nginx

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ Frame AEE8 2 KB
2 KB 673ms
238ms Fetch
application/json 185.106.140.18
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.106.140.18 , Netherlands, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx /
Resource Hash: aa5cb27025a480712c138ea9aa5f82c9cacfbc9e2f07663d5c3fab9edea7044a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Expires: 0
Access-Control-Allow-Origin: https://www.onworks.net
Content-Length: 1961
Date: Tue, 08 Oct 2024 12:43:28 GMT
X-Prebid: pbs-go/unknown
Content-Type: application/json
Vary: Origin
Server: nginx

POST
H2 204 prebid Show response
mp.4dex.io/ Frame AEE8 0
274 B 663ms
404ms Fetch 2606:4700:4400::6812:22b2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22b2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

x-version: 3.0.0-gcp-las
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
pragma: no-cache
x-err: Calling bidders. no bid responses
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 8cf6377c1f418c81-EWR
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
vary: Origin, Accept-Encoding
server: cloudflare

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame AEE8 29 KB
11 KB 599ms
186ms Fetch
application/json 216.22.16.49
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.22.16.49 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 20a63647f84641ff98bf7d7fd811e8ef2209398899869e991641c31ef9782241

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:27 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding, Origin

POST
H2 200 c Show response
prebid.a-mo.net/a/ Frame AEE8 1 KB
1 KB 343ms
119ms Fetch
application/json 147.28.129.37
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.28.129.37 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: d99c63b027537c5f0106dfe1d2b8d4ea02b526aca3cbc1e31e92b6c7f09dba8d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
x-envoy-upstream-service-time: 2
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
content-length: 543
date: Tue, 08 Oct 2024 12:43:27 GMT
content-type: application/json; charset=utf-8
vary: origin, accept-encoding
server: envoy

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ Frame AEE8 21 KB
10 KB 530ms
341ms Fetch
application/json 68.67.160.184
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.184 Colonia, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

96f9dd0f0614a4974ac2d5f2b8f86c1f556a4ceb384b7c07bbe89d373f269711

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 157.254.49.145; 157.254.49.145; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://www.onworks.net
an-x-request-uuid: 0444a2d9-e8a6-4b62-b665-b219b928d6dc
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 08 Oct 2024 12:43:28 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: nginx/1.23.4

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame AEE8 0
177 B 543ms
183ms Fetch 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, CY),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 3600
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
vary: Origin
access-control-allow-credentials: true
access-control-allow-methods: POST

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame AEE8 22 KB
11 KB 457ms
276ms Fetch
application/json 2620:100:a00b::30
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.27.0&cb=55251936906&lsavail=1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

311249253152373d63f1d12933d663235435d11220e0d12f1bc7715e6f90d096

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; preload;
content-encoding: br
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
observe-browsing-topics: ?1
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:27 GMT
content-type: application/json
vary: Accept-Encoding, Origin
server: Kestrel

POST
H2 200 cookie_sync Show response
prebid-stag.setupad.net/ Frame 0274 1 KB
711 B 596ms
441ms Fetch
application/json 104.26.8.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/cookie_sync
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9bce51d88c56804217a207d5405e12b50c7ab74ed7a5e4e83a74e028a870b4d9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
pragma: no-cache
access-control-allow-credentials: true
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ApHvEd0yxnbWWE3FPyS%2BfxSk0eImJ4uxXBsxebIVpjR2rs3aYEbdxLRJ7FF21P7Ii45PxNFP9Ao0SYE8KoDqMAm3wNYHHRdsVxceJv3WI62%2BXt869CkZf6gWaj463SoUXkzFfzn2BgI%2F"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf6377bde4336fe-YYZ
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
content-type: application/json; charset=utf-8
vary: Origin
server: cloudflare

POST
H2 200 auction Show response
prebid-stag.setupad.net/openrtb2/ Frame 0274 10 KB
7 KB 454ms
410ms Fetch
application/json 104.26.8.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c43215e6f6730b631984e017de69ceb1d335cd1a8e9d588c6e59db1ed7578338

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
pragma: no-cache
access-control-allow-credentials: true
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vy7oMVeI%2F8I%2B5z5WqR4EKFA7C7Uy1bWMafHGm6Vwz3n5EjfyB7GktPd8jdk6Lf4UIqJfru5u97ipiR2Aqp03O76o30uWJLohbhVQIclp31QahK2YTbXlrzEGdfT9nrNPCfsHXfvtQzgu"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf6377bae2036fe-YYZ
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
x-prebid: pbs-go/0.259.0
content-type: application/json
vary: Origin
server: cloudflare

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame 0274 0
177 B 390ms
181ms Fetch 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, CY),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 3600
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
vary: Origin
access-control-allow-credentials: true
access-control-allow-methods: POST

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ Frame 0274 2 KB
2 KB 581ms
180ms Fetch
application/json 185.106.140.18
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.106.140.18 , Netherlands, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx /
Resource Hash: 182901173164e8dab8bf166b02eb0baaa06bc448e1b3508f8a0b3180fa316964

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Expires: 0
Access-Control-Allow-Origin: https://www.onworks.net
Content-Length: 1961
Date: Tue, 08 Oct 2024 12:43:28 GMT
X-Prebid: pbs-go/unknown
Content-Type: application/json
Vary: Origin
Server: nginx

POST
H2 204 25 Show response
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ Frame 0274 0
214 B 302ms
142ms Fetch 2606:ae80:1451:22::820
VALUECLICK

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:ae80:1451:22::820 , United States, ASN25751 (VALUECLICK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Bitness
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
server: nginx

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 0274 28 KB
10 KB 460ms
194ms Fetch
application/json 216.22.16.49
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.22.16.49 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: a2a072551d7bfedcd3f30e7ec384db850169352307e875ef9889fe8465bfcc0d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:27 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding, Origin

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ Frame 0274 145 B
1 KB 365ms
333ms Fetch
application/json 68.67.160.184
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.184 Colonia, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

23b600611c1b9a6be580de581684525195699978ba0e20dce969276ff4f115dc

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 157.254.49.145; 157.254.49.145; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://www.onworks.net
an-x-request-uuid: 0d7701b6-af03-4547-b02d-334a1959ba40
content-length: 145
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 08 Oct 2024 12:43:28 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
server: nginx/1.23.4

POST
H2 200 c Show response
prebid.a-mo.net/a/ Frame 0274 1 KB
1 KB 198ms
136ms Fetch
application/json 147.28.129.37
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.28.129.37 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e717d751caf73dfb8e4110b45bbae60ef30ec2f2b66ed3cada9ff801811a03d2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
x-envoy-upstream-service-time: 2
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
content-length: 540
date: Tue, 08 Oct 2024 12:43:27 GMT
content-type: application/json; charset=utf-8
vary: origin, accept-encoding
server: envoy

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 0274 15 KB
8 KB 289ms
259ms Fetch
application/json 2620:100:a00b::30
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.27.0&cb=74441573886&lsavail=1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

abc59839a55601896a391b25ffd100e48d26dde3b0f291d58355be2ce5aeb1ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; preload;
content-encoding: br
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
observe-browsing-topics: ?1
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:27 GMT
content-type: application/json
vary: Accept-Encoding, Origin
server: Kestrel

POST
H2 200 prebid Show response
mp.4dex.io/ Frame 0274 25 KB
12 KB 646ms
553ms Fetch
application/json 2606:4700:4400::6812:22b2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22b2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d85a2bd8e26fff9259eddca9e4ef0baaa1d7f649b6596f38dc8de9ed53334dde

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

x-version: 3.0.0-gcp-las
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
cf-cache-status: DYNAMIC
pragma: no-cache
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 8cf6377c1f408c81-EWR
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
content-type: application/json; charset=utf-8
vary: Origin, Accept-Encoding
server: cloudflare

POST
H2 200 auction Show response
tlx.3lift.com/header/ Frame 0274 9 KB
7 KB 295ms
234ms Fetch
application/json 107.22.180.23
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=8.27.0&referrer=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&tmax=1000

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

107.22.180.23 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-107-22-180-23.compute-1.amazonaws.com

Software

Resource Hash

3a0dca7169911339781d551455a65bdedbd3380a34cb3196b24c055df049b8b3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: zstd
pragma: no-cache
accept-ch: sec-ch-device-memory,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-full-version,sec-ch-ua-arch,sec-ch-rtt,sec-ch-ua-mobile,sec-ch-viewport-width,sec-ch-downlink,sec-ch-ua-full-version-list,sec-ch-prefers-color-scheme,sec-ch-ua-platform,sec-ch-dpr,user-agent,sec-ch-width,sec-ch-viewport-height,sec-ch-save-data,sec-ch-ect,sec-ch-ua-model,sec-ch-ua-platform-version
access-control-allow-credentials: true
observe-browsing-topics: ?1
expires: Thu, 15 Oct 1992 20:10:00 GMT
access-control-allow-origin: https://www.onworks.net
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
content-length: 6236
x-xss-protection: 0
content-type: application/json; charset=utf-8

POST
H2 200 openrtb Show response
adx2.adform.net/adx/ Frame 0274 2 KB
2 KB 244ms
181ms Fetch
application/json 185.167.164.52
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx2.adform.net/adx/openrtb

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.167.164.52 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

308016e81bd77382e8b42ae6d157c88996eea869e1d7b428e555a4f14328b392

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 86400
content-encoding: gzip
access-control-allow-methods: POST,OPTIONS
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
date: Tue, 08 Oct 2024 12:43:28 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
server: nginx

POST
H2 200 cookie_sync Show response
prebid-stag.setupad.net/ Frame 4FD2 1 KB
715 B 410ms
305ms Fetch
application/json 104.26.8.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/cookie_sync
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c3c4b0e674f9748a70088ef7af3b0cc9c2101693223d1ff988eea44058c36d30

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
pragma: no-cache
access-control-allow-credentials: true
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hajBhW%2B5DusbB7WgOvO8pAV1516ViPzllM95MhXEpPe%2Fa%2B5%2Bj1RiJfNNxPNoLonYQD1eX7UVQlfqwSP9t%2F0ugY6LcolhFucaXEeagMsQyCvgzB0tgVepXS0%2B0XT2Qy%2FfVIuE0qT0GBbp"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf6377bde4536fe-YYZ
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
content-type: application/json; charset=utf-8
vary: Origin
server: cloudflare

POST
H2 200 auction Show response
prebid-stag.setupad.net/openrtb2/ Frame 4FD2 13 KB
6 KB 453ms
412ms Fetch
application/json 104.26.8.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 160fa14d2da3609027c603b4244ed70135be6e98e7a92f1c74e5bba933f0ce11

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
pragma: no-cache
access-control-allow-credentials: true
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2DpcLhlpTT7%2BRaadorESON9ikjDhELKTTO0XD1159YyqSaTIXO26D1nRYg6h2YprnWL0KEuXK%2FB1wCgmjummN2nd9Fm9%2F0txr5PVAvMAa1gS8fBWVNd%2BqQsLw0lYK284zkxm%2FRm5U%2F9q"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf6377bae1f36fe-YYZ
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
x-prebid: pbs-go/0.259.0
content-type: application/json
vary: Origin
server: cloudflare

POST
H2 200 openrtb Show response
adx2.adform.net/adx/ Frame 4FD2 2 KB
2 KB 244ms
182ms Fetch
application/json 185.167.164.52
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx2.adform.net/adx/openrtb

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.167.164.52 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

ff6257eadaa75fd78aa9600946ea2979c70a44e4b7d5598b6744002feec57b12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 86400
content-encoding: gzip
access-control-allow-methods: POST,OPTIONS
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
date: Tue, 08 Oct 2024 12:43:28 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
server: nginx

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ Frame 4FD2 145 B
1 KB 340ms
312ms Fetch
application/json 68.67.160.184
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.184 Colonia, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

fbc8abfa148a169d24c38b852c05d671be2f4d77cce4ee9968480da021b694a5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 157.254.49.145; 157.254.49.145; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://www.onworks.net
an-x-request-uuid: ae83743c-2fdc-4006-9038-7b37da34fe3c
content-length: 145
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 08 Oct 2024 12:43:28 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
server: nginx/1.23.4

POST
H2 204 25 Show response
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ Frame 4FD2 0
214 B 294ms
140ms Fetch 2606:ae80:1451:22::820
VALUECLICK

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:ae80:1451:22::820 , United States, ASN25751 (VALUECLICK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Bitness
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
server: nginx

POST
H2 200 c Show response
prebid.a-mo.net/a/ Frame 4FD2 1 KB
1 KB 178ms
120ms Fetch
application/json 147.28.129.37
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.28.129.37 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: d21fda9313882f6b242e73bb65b815a001efd10ed32d2a364935c11932054046

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
x-envoy-upstream-service-time: 1
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
content-length: 542
date: Tue, 08 Oct 2024 12:43:27 GMT
content-type: application/json; charset=utf-8
vary: origin, accept-encoding
server: envoy

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 4FD2 15 KB
8 KB 272ms
249ms Fetch
application/json 2620:100:a00b::30
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.27.0&cb=44325799335&lsavail=1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

e27852f6ad1690271c67aab934e19a432a53447562e259d1621d49349bd0896a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; preload;
content-encoding: br
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
observe-browsing-topics: ?1
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:27 GMT
content-type: application/json
vary: Accept-Encoding, Origin
server: Kestrel

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ Frame 4FD2 2 KB
2 KB 655ms
239ms Fetch
application/json 185.106.140.18
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.106.140.18 , Netherlands, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx /
Resource Hash: 78816c7db1d2f1c7df5ac803c4fd206e9ab6a73a7da372faada03c266fd19ce7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Expires: 0
Access-Control-Allow-Origin: https://www.onworks.net
Content-Length: 1961
Date: Tue, 08 Oct 2024 12:43:28 GMT
X-Prebid: pbs-go/unknown
Content-Type: application/json
Vary: Origin
Server: nginx

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 4FD2 29 KB
11 KB 547ms
265ms Fetch
application/json 216.22.16.49
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.22.16.49 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: dda7e3b4f6aaf8bb41b5b7e14e4d224ce5b881116e48e04a9d3c6e91677ac805

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:27 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding, Origin

POST
H2 200 auction Show response
tlx.3lift.com/header/ Frame 4FD2 12 KB
6 KB 269ms
214ms Fetch
application/json 107.22.180.23
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=8.27.0&referrer=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&tmax=1000

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

107.22.180.23 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-107-22-180-23.compute-1.amazonaws.com

Software

Resource Hash

f6eacdcd42a648d37571434f1fd748b7a9e8ccb18c8c667a29850198d60e64f3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: zstd
pragma: no-cache
accept-ch: sec-ch-ua-model,sec-ch-ect,sec-ch-save-data,sec-ch-viewport-height,sec-ch-width,user-agent,sec-ch-dpr,sec-ch-ua-platform,sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list,sec-ch-downlink,sec-ch-viewport-width,sec-ch-ua-mobile,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua-full-version,sec-ch-ua,sec-ch-ua-bitness,sec-ch-device-memory,sec-ch-ua-platform-version
access-control-allow-credentials: true
observe-browsing-topics: ?1
expires: Thu, 15 Oct 1992 20:10:00 GMT
access-control-allow-origin: https://www.onworks.net
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
content-length: 5387
x-xss-protection: 0
content-type: application/json; charset=utf-8

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame 4FD2 0
177 B 381ms
183ms Fetch 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, CY),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 3600
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
vary: Origin
access-control-allow-credentials: true
access-control-allow-methods: POST

POST
H2 204 prebid Show response
mp.4dex.io/ Frame 4FD2 0
271 B 554ms
470ms Fetch 2606:4700:4400::6812:22b2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22b2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

x-version: 3.0.0-gcp-las
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
pragma: no-cache
x-err: Calling bidders. no bid responses
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 8cf6377c1f3d8c81-EWR
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
vary: Origin, Accept-Encoding
server: cloudflare

POST
H2 200 cookie_sync Show response
prebid-stag.setupad.net/ Frame CDAE 1 KB
722 B 368ms
304ms Fetch
application/json 104.26.8.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/cookie_sync
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85316192962569e16c4a6150a86c7937ed7f38c0324b402699744c0fd893911d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
pragma: no-cache
access-control-allow-credentials: true
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=euykhiPNGqUN%2FCu9IzrzW2qAU7Xeu2b4Lu4dbSx4B0c3f3UP%2Bu6xdX5axU313TY6CU2ZBsZe%2Fdovus8ECYN7jSDHf5Fk%2Fs7Z0ORnoS%2BM%2B0CEwaik3YcFKRsN4VAoTWE%2BOwwdkT3P9yaW"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf6377bde4136fe-YYZ
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
content-type: application/json; charset=utf-8
vary: Origin
server: cloudflare

POST
H2 200 auction Show response
prebid-stag.setupad.net/openrtb2/ Frame CDAE 13 KB
6 KB 888ms
850ms Fetch
application/json 104.26.8.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54aa55fe66aee5e3abeb64d6548271ee501b95d1c406f8410ebf2ca3d9fa021d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
pragma: no-cache
access-control-allow-credentials: true
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XQvogmiSRQ2r5wz6MO%2Fp2er0uB9r9kcUEZagy7EUzhMRSN%2BpSmkux9WuGgam6gqHxXpdnSkNl%2FO4tpuq%2FczKuSel%2Ffn5tqlNd8%2FONqz108dztbL%2BLjLggxYjFiFRX78q2oh7xUlcNi4k"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf6377bde4236fe-YYZ
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
x-prebid: pbs-go/0.259.0
content-type: application/json
vary: Origin
server: cloudflare

POST
H2 200 c Show response
prebid.a-mo.net/a/ Frame CDAE 1 KB
1 KB 188ms
135ms Fetch
application/json 147.28.129.37
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.28.129.37 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: a5022f8842bcb168062f25b7d798cef1d3b6cb704c6fcad142483cfb7117ca7a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
x-envoy-upstream-service-time: 2
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
content-length: 542
date: Tue, 08 Oct 2024 12:43:27 GMT
content-type: application/json; charset=utf-8
vary: origin, accept-encoding
server: envoy

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame CDAE 30 KB
11 KB 502ms
212ms Fetch
application/json 216.22.16.49
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.22.16.49 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 424ff918440a1f345821a6b19ccdeb406c8f6d096b87157407771aa0a8510bb2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:27 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding, Origin

POST
H2 204 25 Show response
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ Frame CDAE 0
214 B 291ms
143ms Fetch 2606:ae80:1451:22::820
VALUECLICK

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:ae80:1451:22::820 , United States, ASN25751 (VALUECLICK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Bitness
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
server: nginx

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame CDAE 0
177 B 464ms
269ms Fetch 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, CY),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 3600
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
vary: Origin
access-control-allow-credentials: true
access-control-allow-methods: POST

POST
H2 200 auction Show response
tlx.3lift.com/header/ Frame CDAE 12 KB
6 KB 266ms
215ms Fetch
application/json 107.22.180.23
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=8.27.0&referrer=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&tmax=1000

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

107.22.180.23 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-107-22-180-23.compute-1.amazonaws.com

Software

Resource Hash

ab7a7f21b698e85357163acf7ff04515cb7ec4708e6860ad6b729d328e0b854e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: zstd
pragma: no-cache
accept-ch: sec-ch-viewport-width,sec-ch-ua-mobile,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua-full-version,sec-ch-ua,sec-ch-ua-bitness,sec-ch-device-memory,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ect,sec-ch-save-data,sec-ch-viewport-height,sec-ch-width,user-agent,sec-ch-dpr,sec-ch-ua-platform,sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list,sec-ch-downlink
access-control-allow-credentials: true
observe-browsing-topics: ?1
expires: Thu, 15 Oct 1992 20:10:00 GMT
access-control-allow-origin: https://www.onworks.net
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
content-length: 5322
x-xss-protection: 0
content-type: application/json; charset=utf-8

POST
H2 200 openrtb Show response
adx2.adform.net/adx/ Frame CDAE 2 KB
2 KB 236ms
184ms Fetch
application/json 185.167.164.52
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx2.adform.net/adx/openrtb

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.167.164.52 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

024579c651e5d74179c63f40704da36e8b9b6f2ebc3e81ab0f181729a2cc7ed0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 86400
content-encoding: gzip
access-control-allow-methods: POST,OPTIONS
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
date: Tue, 08 Oct 2024 12:43:28 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
server: nginx

POST
H2 204 prebid Show response
mp.4dex.io/ Frame CDAE 0
491 B 443ms
360ms Fetch 2606:4700:4400::6812:22b2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22b2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

x-version: 3.0.0-gcp-las
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
pragma: no-cache
x-err: Calling bidders. no bid responses
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 8cf6377c1f3e8c81-EWR
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
vary: Origin, Accept-Encoding
server: cloudflare

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ Frame CDAE 2 KB
2 KB 707ms
295ms Fetch
application/json 185.106.140.18
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.106.140.18 , Netherlands, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx /
Resource Hash: 2d9357b76a0cb2171d25a6b219d414ef5be94fb0d48473c6630e71a9f47a9327

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Expires: 0
Access-Control-Allow-Origin: https://www.onworks.net
Content-Length: 1962
Date: Tue, 08 Oct 2024 12:43:28 GMT
X-Prebid: pbs-go/unknown
Content-Type: application/json
Vary: Origin
Server: nginx

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ Frame CDAE 144 B
1 KB 308ms
289ms Fetch
application/json 68.67.160.184
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.184 Colonia, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e0fb02cce659b29f4e2671c72874ce3338965abe4499c1dc3122b5ab2cc75103

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 157.254.49.145; 157.254.49.145; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://www.onworks.net
an-x-request-uuid: b55cdc50-6d51-4592-b12b-ce675072d76d
content-length: 144
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 08 Oct 2024 12:43:28 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
server: nginx/1.23.4

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame CDAE 24 KB
11 KB 263ms
248ms Fetch
application/json 2620:100:a00b::30
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.27.0&cb=75197868968&lsavail=1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

bea0186efd68fef459a1b8756ed0922e3df0171624cccb7d351699aa67a3fbb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; preload;
content-encoding: br
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
observe-browsing-topics: ?1
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:27 GMT
content-type: application/json
vary: Accept-Encoding, Origin
server: Kestrel

GET
H2 200 b-904ac2d-53355591.js Show response
tagan.adlightning.com/setupad/ Frame B081 68 KB
26 KB 118ms
102ms Script
application/javascript 3.171.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/b-904ac2d-53355591.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.171.139.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-171-139-122.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7f23724578ef5fd406a791a5e03059827041c355d0ebd9081a5a740a16b95431

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "05e9679509b61424a07cc4d4efb7247f"
x-amz-version-id: kPJhXXWG1Hq0AVBcmSAqAweMN.PW_rtc
age: 3694100
x-cache: Hit from cloudfront
x-amz-cf-id: fD63IlmvPQBaZ22MpX46dlCeXVRPHw-FYtvx0heY1rI8okmqHm40Sg==
date: Mon, 26 Aug 2024 18:35:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Feb 2024 15:54:08 GMT
cache-control: max-age=31536000
via: 1.1 97713e58966a50f0173f1cdb4e67aea0.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 26319
x-amz-meta-git_commit: 904ac2d
x-amz-cf-pop: JFK52-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 bl-314a5ef-3d806d5b.js Show response
tagan.adlightning.com/setupad/ Frame B081 182 KB
65 KB 155ms
139ms Script
application/javascript 3.171.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/bl-314a5ef-3d806d5b.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.171.139.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-171-139-122.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 216105c908b74921c3b3e6074772cc9044ab0b073e632127394fc3d166832fba

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "e956b67d3cd820c2628800a1406e923e"
x-amz-version-id: qPeDVDhsaRGvhWWZm3mMuV_GZrMVUKzL
age: 31862
x-cache: Hit from cloudfront
x-amz-cf-id: RfKIqmrWyNbdsJG7xGDCEUyIEOpV7HlSbuhuidY1W6M6B1rZDaH2Bw==
date: Tue, 08 Oct 2024 03:52:26 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 03:32:20 GMT
cache-control: max-age=31536000
via: 1.1 97713e58966a50f0173f1cdb4e67aea0.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 66284
x-amz-meta-git_commit: 314a5ef
x-amz-cf-pop: JFK52-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 b-904ac2d-53355591.js Show response
tagan.adlightning.com/setupad/ Frame FFC6 68 KB
0 113ms
113ms Script
application/javascript 3.171.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/b-904ac2d-53355591.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.171.139.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-171-139-122.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7f23724578ef5fd406a791a5e03059827041c355d0ebd9081a5a740a16b95431

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "05e9679509b61424a07cc4d4efb7247f"
x-amz-version-id: kPJhXXWG1Hq0AVBcmSAqAweMN.PW_rtc
age: 3694100
x-cache: Hit from cloudfront
x-amz-cf-id: fD63IlmvPQBaZ22MpX46dlCeXVRPHw-FYtvx0heY1rI8okmqHm40Sg==
date: Mon, 26 Aug 2024 18:35:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Feb 2024 15:54:08 GMT
cache-control: max-age=31536000
via: 1.1 97713e58966a50f0173f1cdb4e67aea0.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 26319
x-amz-meta-git_commit: 904ac2d
x-amz-cf-pop: JFK52-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 bl-314a5ef-3d806d5b.js Show response
tagan.adlightning.com/setupad/ Frame FFC6 182 KB
0 150ms
150ms Script
application/javascript 3.171.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/bl-314a5ef-3d806d5b.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.171.139.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-171-139-122.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 216105c908b74921c3b3e6074772cc9044ab0b073e632127394fc3d166832fba

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "e956b67d3cd820c2628800a1406e923e"
x-amz-version-id: qPeDVDhsaRGvhWWZm3mMuV_GZrMVUKzL
age: 31862
x-cache: Hit from cloudfront
x-amz-cf-id: RfKIqmrWyNbdsJG7xGDCEUyIEOpV7HlSbuhuidY1W6M6B1rZDaH2Bw==
date: Tue, 08 Oct 2024 03:52:26 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 03:32:20 GMT
cache-control: max-age=31536000
via: 1.1 97713e58966a50f0173f1cdb4e67aea0.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 66284
x-amz-meta-git_commit: 314a5ef
x-amz-cf-pop: JFK52-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 b-904ac2d-53355591.js Show response
tagan.adlightning.com/setupad/ Frame AEE8 68 KB
0 110ms
109ms Script
application/javascript 3.171.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/b-904ac2d-53355591.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.171.139.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-171-139-122.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7f23724578ef5fd406a791a5e03059827041c355d0ebd9081a5a740a16b95431

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "05e9679509b61424a07cc4d4efb7247f"
x-amz-version-id: kPJhXXWG1Hq0AVBcmSAqAweMN.PW_rtc
age: 3694100
x-cache: Hit from cloudfront
x-amz-cf-id: fD63IlmvPQBaZ22MpX46dlCeXVRPHw-FYtvx0heY1rI8okmqHm40Sg==
date: Mon, 26 Aug 2024 18:35:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Feb 2024 15:54:08 GMT
cache-control: max-age=31536000
via: 1.1 97713e58966a50f0173f1cdb4e67aea0.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 26319
x-amz-meta-git_commit: 904ac2d
x-amz-cf-pop: JFK52-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 bl-314a5ef-3d806d5b.js Show response
tagan.adlightning.com/setupad/ Frame AEE8 182 KB
0 147ms
147ms Script
application/javascript 3.171.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/bl-314a5ef-3d806d5b.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.171.139.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-171-139-122.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 216105c908b74921c3b3e6074772cc9044ab0b073e632127394fc3d166832fba

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "e956b67d3cd820c2628800a1406e923e"
x-amz-version-id: qPeDVDhsaRGvhWWZm3mMuV_GZrMVUKzL
age: 31862
x-cache: Hit from cloudfront
x-amz-cf-id: RfKIqmrWyNbdsJG7xGDCEUyIEOpV7HlSbuhuidY1W6M6B1rZDaH2Bw==
date: Tue, 08 Oct 2024 03:52:26 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 03:32:20 GMT
cache-control: max-age=31536000
via: 1.1 97713e58966a50f0173f1cdb4e67aea0.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 66284
x-amz-meta-git_commit: 314a5ef
x-amz-cf-pop: JFK52-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 b-904ac2d-53355591.js Show response
tagan.adlightning.com/setupad/ Frame 0274 68 KB
0 104ms
104ms Script
application/javascript 3.171.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/b-904ac2d-53355591.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.171.139.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-171-139-122.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7f23724578ef5fd406a791a5e03059827041c355d0ebd9081a5a740a16b95431

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "05e9679509b61424a07cc4d4efb7247f"
x-amz-version-id: kPJhXXWG1Hq0AVBcmSAqAweMN.PW_rtc
age: 3694100
x-cache: Hit from cloudfront
x-amz-cf-id: fD63IlmvPQBaZ22MpX46dlCeXVRPHw-FYtvx0heY1rI8okmqHm40Sg==
date: Mon, 26 Aug 2024 18:35:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Feb 2024 15:54:08 GMT
cache-control: max-age=31536000
via: 1.1 97713e58966a50f0173f1cdb4e67aea0.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 26319
x-amz-meta-git_commit: 904ac2d
x-amz-cf-pop: JFK52-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 bl-314a5ef-3d806d5b.js Show response
tagan.adlightning.com/setupad/ Frame 0274 182 KB
0 141ms
141ms Script
application/javascript 3.171.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/bl-314a5ef-3d806d5b.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.171.139.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-171-139-122.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 216105c908b74921c3b3e6074772cc9044ab0b073e632127394fc3d166832fba

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "e956b67d3cd820c2628800a1406e923e"
x-amz-version-id: qPeDVDhsaRGvhWWZm3mMuV_GZrMVUKzL
age: 31862
x-cache: Hit from cloudfront
x-amz-cf-id: RfKIqmrWyNbdsJG7xGDCEUyIEOpV7HlSbuhuidY1W6M6B1rZDaH2Bw==
date: Tue, 08 Oct 2024 03:52:26 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 03:32:20 GMT
cache-control: max-age=31536000
via: 1.1 97713e58966a50f0173f1cdb4e67aea0.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 66284
x-amz-meta-git_commit: 314a5ef
x-amz-cf-pop: JFK52-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 b-904ac2d-53355591.js Show response
tagan.adlightning.com/setupad/ Frame 4FD2 68 KB
0 97ms
97ms Script
application/javascript 3.171.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/b-904ac2d-53355591.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.171.139.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-171-139-122.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7f23724578ef5fd406a791a5e03059827041c355d0ebd9081a5a740a16b95431

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "05e9679509b61424a07cc4d4efb7247f"
x-amz-version-id: kPJhXXWG1Hq0AVBcmSAqAweMN.PW_rtc
age: 3694100
x-cache: Hit from cloudfront
x-amz-cf-id: fD63IlmvPQBaZ22MpX46dlCeXVRPHw-FYtvx0heY1rI8okmqHm40Sg==
date: Mon, 26 Aug 2024 18:35:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Feb 2024 15:54:08 GMT
cache-control: max-age=31536000
via: 1.1 97713e58966a50f0173f1cdb4e67aea0.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 26319
x-amz-meta-git_commit: 904ac2d
x-amz-cf-pop: JFK52-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 bl-314a5ef-3d806d5b.js Show response
tagan.adlightning.com/setupad/ Frame 4FD2 182 KB
0 136ms
136ms Script
application/javascript 3.171.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/bl-314a5ef-3d806d5b.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.171.139.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-171-139-122.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 216105c908b74921c3b3e6074772cc9044ab0b073e632127394fc3d166832fba

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "e956b67d3cd820c2628800a1406e923e"
x-amz-version-id: qPeDVDhsaRGvhWWZm3mMuV_GZrMVUKzL
age: 31862
x-cache: Hit from cloudfront
x-amz-cf-id: RfKIqmrWyNbdsJG7xGDCEUyIEOpV7HlSbuhuidY1W6M6B1rZDaH2Bw==
date: Tue, 08 Oct 2024 03:52:26 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 03:32:20 GMT
cache-control: max-age=31536000
via: 1.1 97713e58966a50f0173f1cdb4e67aea0.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 66284
x-amz-meta-git_commit: 314a5ef
x-amz-cf-pop: JFK52-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 b-904ac2d-53355591.js Show response
tagan.adlightning.com/setupad/ Frame CDAE 68 KB
0 93ms
93ms Script
application/javascript 3.171.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/b-904ac2d-53355591.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.171.139.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-171-139-122.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7f23724578ef5fd406a791a5e03059827041c355d0ebd9081a5a740a16b95431

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "05e9679509b61424a07cc4d4efb7247f"
x-amz-version-id: kPJhXXWG1Hq0AVBcmSAqAweMN.PW_rtc
age: 3694100
x-cache: Hit from cloudfront
x-amz-cf-id: fD63IlmvPQBaZ22MpX46dlCeXVRPHw-FYtvx0heY1rI8okmqHm40Sg==
date: Mon, 26 Aug 2024 18:35:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Feb 2024 15:54:08 GMT
cache-control: max-age=31536000
via: 1.1 97713e58966a50f0173f1cdb4e67aea0.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 26319
x-amz-meta-git_commit: 904ac2d
x-amz-cf-pop: JFK52-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 bl-314a5ef-3d806d5b.js Show response
tagan.adlightning.com/setupad/ Frame CDAE 182 KB
0 132ms
132ms Script
application/javascript 3.171.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/bl-314a5ef-3d806d5b.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.171.139.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-171-139-122.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 216105c908b74921c3b3e6074772cc9044ab0b073e632127394fc3d166832fba

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "e956b67d3cd820c2628800a1406e923e"
x-amz-version-id: qPeDVDhsaRGvhWWZm3mMuV_GZrMVUKzL
age: 31862
x-cache: Hit from cloudfront
x-amz-cf-id: RfKIqmrWyNbdsJG7xGDCEUyIEOpV7HlSbuhuidY1W6M6B1rZDaH2Bw==
date: Tue, 08 Oct 2024 03:52:26 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 03:32:20 GMT
cache-control: max-age=31536000
via: 1.1 97713e58966a50f0173f1cdb4e67aea0.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 66284
x-amz-meta-git_commit: 314a5ef
x-amz-cf-pop: JFK52-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 script.js Show response
cadmus.script.ac/dahhc4ozyvjm6/ 3 B
239 B 452ms
141ms Script
application/javascript 2606:4700::6812:1691
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cadmus.script.ac/dahhc4ozyvjm6/script.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1691 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 101ead936a2281d53dcc064b7e2a2ab0d53b92ef3ef7b34b668673007895c860

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: public,max-age=259200,stale-while-revalidate=86400,stale-if-error=259200
etag: W/"601055f6a0c6408859f97b5f0a84bdb88441a80e"
age: 0
cf-ray: 8cf6377dcf917cab-EWR
content-length: 3
date: Tue, 08 Oct 2024 12:43:28 GMT
content-type: application/javascript
vary: Accept-Encoding
server: cloudflare
last-modified: Mon, 01 Jan 2018 00:00:00 GMT

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/a/latest/ Frame B081 61 KB
19 KB 405ms
156ms Fetch
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/a/latest/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c06f0ff3bff18094a91fb345b425c2d6cbac9fb8ea56f6db2e879cd49fa36510

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Access-Control-Expose-Headers
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"3bd20e5fbdd6d804d194856ed36c4ccb"
Age: 852237
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=99LfTaD95TPCquFUMNaMLaT9cM5CKX6csBcnZOyCkAMp%2FksBdm4getYwp6t8DBDa0hPzjsbjzLbTVMWTi4%2Bs9y5OUcKrgwFrrU36t7QBxt0hHPEB7S71E6mR%2FH4KwnYAmIM7yL9AFbSq9HkV"}],"group":"cf-nel","max_age":604800}
Date: Tue, 08 Oct 2024 12:43:28 GMT
Content-Type: application/javascript
Last-Modified: Wed, 28 Aug 2024 15:06:29 GMT
Vary: Origin, Accept-Encoding
Transfer-Encoding: chunked
Cache-Control: public, max-age=1800
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
CF-RAY: 8cf6377daa898cec-EWR
Access-Control-Allow-Origin: *
Server: cloudflare

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ Frame B081 45 B
287 B 644ms
259ms Fetch
application/json 162.19.138.118
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.118 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533569.ip-162-19-138.eu

Software

Resource Hash

00c494dd621108466391a1f0b5f0e4a4364827ef278ed5845a7ae9f8ec62aa25

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:27 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ Frame FFC6 45 B
286 B 903ms
259ms Fetch
application/json 162.19.138.118
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.118 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533569.ip-162-19-138.eu

Software

Resource Hash

dd37b48c53e3dc321f75f5946b177dd9237ef23bafbf0916e2e4f66166318039

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/a/latest/ Frame FFC6 61 KB
731 B 482ms
58ms Fetch
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/a/latest/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c06f0ff3bff18094a91fb345b425c2d6cbac9fb8ea56f6db2e879cd49fa36510

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Cache-Control: public, max-age=1800
Access-Control-Expose-Headers
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"3bd20e5fbdd6d804d194856ed36c4ccb"
Age: 852237
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ydonc5NlJmBzsqzIgaCI%2FcEsOMWgnAS2Kk4g51LBQXry69wzRspChf6%2Fpk1lRgozJ53GyjXoLvFkNgLTZcnnLY9ksEyyTcLL41KyQT5Sam0knWK0WurhHlyuiJ6Yw03ZM%2BnC8GfigShjwiP1"}],"group":"cf-nel","max_age":604800}
CF-RAY: 8cf6377e6b9e8cec-EWR
Access-Control-Allow-Origin: *
Date: Tue, 08 Oct 2024 12:43:28 GMT
Last-Modified: Wed, 28 Aug 2024 15:06:29 GMT
Vary: Origin, Accept-Encoding
Server: cloudflare
Content-Type: application/javascript

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ Frame AEE8 45 B
286 B 1040ms
135ms Fetch
application/json 162.19.138.118
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.118 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533569.ip-162-19-138.eu

Software

Resource Hash

6bb51490456d55a58dec094b26809621b787b6ebb391e1e36cc515dde65d39d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/a/latest/ Frame AEE8 61 KB
739 B 534ms
55ms Fetch
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/a/latest/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c06f0ff3bff18094a91fb345b425c2d6cbac9fb8ea56f6db2e879cd49fa36510

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Cache-Control: public, max-age=1800
Access-Control-Expose-Headers
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"3bd20e5fbdd6d804d194856ed36c4ccb"
Age: 852237
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FH0CABr8ULnRd4N1ixz6ixeFpH4ywBINfeoDpKK3LHi47GH8rWqI7x6%2F%2B8%2F%2FqOMpCFqjCXmkt42zOpqRtwPvEiy4VxmzRIy9LI2%2Bj%2B5NvWMO06gTZLvMsUCBFn6Ai5MhnsPrMk4sK31EtfSO"}],"group":"cf-nel","max_age":604800}
CF-RAY: 8cf6377ecc168cec-EWR
Access-Control-Allow-Origin: *
Date: Tue, 08 Oct 2024 12:43:28 GMT
Last-Modified: Wed, 28 Aug 2024 15:06:29 GMT
Vary: Origin, Accept-Encoding
Server: cloudflare
Content-Type: application/javascript

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ Frame 0274 45 B
286 B 1173ms
139ms Fetch
application/json 162.19.138.118
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.118 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533569.ip-162-19-138.eu

Software

Resource Hash

cc9e22162bf0cd26f1c95b18ad0e6568567ce6446a44dc25c68f2010eb9f5798

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ Frame 4FD2 45 B
286 B 1314ms
138ms Fetch
application/json 162.19.138.118
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.118 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533569.ip-162-19-138.eu

Software

Resource Hash

00c494dd621108466391a1f0b5f0e4a4364827ef278ed5845a7ae9f8ec62aa25

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/a/latest/ Frame 0274 61 KB
743 B 588ms
56ms Fetch
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/a/latest/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c06f0ff3bff18094a91fb345b425c2d6cbac9fb8ea56f6db2e879cd49fa36510

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Cache-Control: public, max-age=1800
Access-Control-Expose-Headers
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"3bd20e5fbdd6d804d194856ed36c4ccb"
Age: 852237
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vt27BoXecyNa70Q78YwRft%2BBlZIk66fDiiwcdDap%2F6%2FmFyg7n1wGEN5P%2BWmDmXaNBJWuG2ehHl25vyfX3DmHARI%2FH3tQMPHo4c%2Fv55z8sGwBwGscvXVnYflbAFThx%2BVK%2Bbcggdwga5%2FcYgFE"}],"group":"cf-nel","max_age":604800}
CF-RAY: 8cf6377f2c8f8cec-EWR
Access-Control-Allow-Origin: *
Date: Tue, 08 Oct 2024 12:43:28 GMT
Last-Modified: Wed, 28 Aug 2024 15:06:29 GMT
Vary: Origin, Accept-Encoding
Server: cloudflare
Content-Type: application/javascript

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ Frame CDAE 45 B
286 B 1453ms
137ms Fetch
application/json 162.19.138.118
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.118 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533569.ip-162-19-138.eu

Software

Resource Hash

f1f626454412f470bb8c6448da913027124657eb9fbacefa1e79ee2ba86823c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Tue, 08 Oct 2024 12:43:28 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/a/latest/ Frame 4FD2 61 KB
731 B 642ms
52ms Fetch
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/a/latest/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c06f0ff3bff18094a91fb345b425c2d6cbac9fb8ea56f6db2e879cd49fa36510

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Cache-Control: public, max-age=1800
Access-Control-Expose-Headers
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"3bd20e5fbdd6d804d194856ed36c4ccb"
Age: 852237
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GtH14fGGcXR6Xmd%2FmfRPdOcPAvKj5zLF5JawaYw7UXBJuCoKOFIgeo8TzMivbaCrmLCGqtrPoQFR%2FfxulrB4KskcFkj4nWmZNTkKb2bbEWVHV9cm1g3n6QIbvWVRRjd%2B0nstgmZUR7mpV5Pv"}],"group":"cf-nel","max_age":604800}
CF-RAY: 8cf6377f8cfb8cec-EWR
Access-Control-Allow-Origin: *
Date: Tue, 08 Oct 2024 12:43:28 GMT
Last-Modified: Wed, 28 Aug 2024 15:06:29 GMT
Vary: Origin, Accept-Encoding
Server: cloudflare
Content-Type: application/javascript

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/a/latest/ Frame CDAE 61 KB
735 B 621ms
58ms Fetch
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/a/latest/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c06f0ff3bff18094a91fb345b425c2d6cbac9fb8ea56f6db2e879cd49fa36510

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Cache-Control: public, max-age=1800
Access-Control-Expose-Headers
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"3bd20e5fbdd6d804d194856ed36c4ccb"
Age: 852237
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qQk3y98f1f9b%2BwTy7vU0ofSKsdth2pI10sAcDrAKLHBBjybKDbnmXuKe9YQGk9Eo%2B1TD0dd8oyVUER%2FQswTJMaT1hJ3zBSLfQ2%2BTYrX%2FWoMDCFcqycnUrUrceD0s7CuZyvKlLg9cCsjwme8M"}],"group":"cf-nel","max_age":604800}
CF-RAY: 8cf6377fdd588cec-EWR
Access-Control-Allow-Origin: *
Date: Tue, 08 Oct 2024 12:43:28 GMT
Last-Modified: Wed, 28 Aug 2024 15:06:29 GMT
Vary: Origin, Accept-Encoding
Server: cloudflare
Content-Type: application/javascript

GET
H2 204 g_pbto
1x1.a-mo.net/hbx/ Frame B081 0
107 B 436ms
91ms Image
text/plain 23.21.219.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1x1.a-mo.net/hbx/g_pbto?A=undefined&bid=undefined&a=undefined&cn=undefined&ts=1728391408814&eid=32b86be7814896c
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.21.219.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-21-219-138.compute-1.amazonaws.com
Software: MonetEngine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=0, private, must-revalidate
date: Tue, 08 Oct 2024 12:43:29 GMT
vary: accept-encoding
server: MonetEngine

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame B081 17 KB
13 KB 428ms
106ms XHR
application/json 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202410070101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/pubads_impl.js?cb=31087863

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

81e61b797a74b03d8f3d64ba472e1c8a77c20847aad72efc4fd5a18ac4b1a5cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 12930
date: Tue, 08 Oct 2024 12:43:29 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 200 ads Show response
pagead2.googlesyndication.com/gampad/ Frame B081 61 KB
14 KB 833ms
538ms Fetch
text/plain 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/gampad/ads?pvsid=3511976595640016&correlator=2958746646550369&eid=31087615%2C31087814%2C31087863&output=ldjh&gdfp_req=1&vrg=202410070101&ptt=17&impl=fifs&iu_parts=147246189%3A22385467611%2Conworks.net_1200x300_lazy_billboard_desktop&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x250%7C728x90%7C970x90%7C1200x300%7C980x300%7C1200x200%7C1100x200%7C1000x200%7C1000x250%7C970x300%7C980x240%7C980x120%7C970x200%7C970x120%7C728x100%7C728x250&ifi=1&sfv=1-0-40&eri=1&sc=1&abxe=1&dt=1728391408831&lmt=1728391408&adxs=650&adys=2182&biw=1600&bih=1200&isw=300&ish=150&scr_x=0&scr_y=0&btvi=1&ucis=5k67wwsfygz1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=1&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&ref=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&top=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&vis=1&psz=300x150&msz=300x0&fws=256&ohw=0&td=1&egid=38759&tan=bb84b57f-c7bf-4016-9313-75d34a7da4fc&tdf=2&topics=5&tps=5&htps=5&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1728391405238&idt=1435&prev_scp=pbsd%3D1%26hb_env%3Dweb%26hb_adomain%3Dwildz.com%26hb_source%3Dclient%26hb_format%3Dbanner%26hb_size%3D970x90%26hb_pb%3D0.25%26hb_adid%3D31abf32693fd4f1%26hb_bidder%3Dadform&cust_params=origin%3Ddirect%26ECT%3D4g%26hb_rf%3D0&adks=1288007980&frm=23&eoidce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/pubads_impl.js?cb=31087863

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a6af212a886a5ecdddd750e6321e82ae3bd14ded4f2c54b43df0eaaa080a6f8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

access-control-expose-headers: x-google-amp-ad-validated-version
content-encoding: br
google-lineitem-id: -1
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -1
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
content-length: 14013
x-xss-protection: 0
server: cafe

GET
H2 200 container.html
78f2b2ba7cc9a97790316455cc353d46.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7A95 0
0 363ms
74ms Document
text/html 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://78f2b2ba7cc9a97790316455cc353d46.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/pubads_impl.js?cb=31087863

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 12:43:29 GMT
expires: Tue, 08 Oct 2024 12:43:29 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame B081 96 KB
31 KB 366ms
93ms Script
text/javascript 2620:100:a00b::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.144.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a00b::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Wed, 09 Oct 2024 12:43:29 GMT
access-control-allow-origin: *
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame FFC6 17 KB
13 KB 545ms
159ms XHR
application/json 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202410070101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/pubads_impl.js?cb=31087863

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d2b8aae361c16b35ae1733ed7d46bd411157a6d5b0e349c3e4f37a03c7e9ab8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 12849
date: Tue, 08 Oct 2024 12:43:29 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 200 ads Show response
pagead2.googlesyndication.com/gampad/ Frame FFC6 56 KB
13 KB 780ms
520ms Fetch
text/plain 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/gampad/ads?pvsid=3478119220964076&correlator=4399740945546536&eid=31079956%2C31087863&output=ldjh&gdfp_req=1&vrg=202410070101&ptt=17&impl=fifs&iu_parts=147246189%3A22385467611%2Conworks.net_1000x100_leaderboard_desktop&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90%7C1000x100%7C728x90%7C990x90%7C970x50%7C960x90%7C950x90%7C980x90&ifi=1&sfv=1-0-40&eri=1&sc=1&abxe=1&dt=1728391408874&lmt=1728391408&adxs=650&adys=108&biw=1600&bih=1200&isw=300&ish=150&scr_x=0&scr_y=0&btvi=0&ucis=jpndz4vu6ez&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=1&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&ref=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&top=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&vis=1&psz=300x150&msz=300x0&fws=256&ohw=0&td=1&egid=38759&tan=eed646ca-68b9-4ab2-9059-c18f7179b4d1&tdf=2&topics=5&tps=5&htps=5&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1728391405180&idt=1706&prev_scp=pbsd%3D1%26hb_env%3Dweb%26hb_adomain%3Dwildz.com%26hb_source%3Dclient%26hb_format%3Dbanner%26hb_size%3D970x90%26hb_pb%3D0.24%26hb_adid%3D319ca5919bcf4da%26hb_bidder%3Dadform&cust_params=origin%3Ddirect%26ECT%3D4g%26hb_rf%3D0&adks=3491453002&frm=23&eoidce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/pubads_impl.js?cb=31087863

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85c9bd471f0b1d06869b279938aac0722c1f6ac64d326481b799a4928cb06db4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

access-control-expose-headers: x-google-amp-ad-validated-version
content-encoding: br
google-lineitem-id: -1
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -1
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
content-length: 13661
x-xss-protection: 0
server: cafe

GET
H2 200 container.html
73b1b441d5ec8fd6214674ef4bf3f201.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3D90 0
0 311ms
64ms Document
text/html 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://73b1b441d5ec8fd6214674ef4bf3f201.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/pubads_impl.js?cb=31087863

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 12:43:29 GMT
expires: Tue, 08 Oct 2024 12:43:29 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame FFC6 96 KB
0 338ms
338ms Script
text/javascript 2620:100:a00b::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2620:100:a00b::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software: nginx /
Resource Hash: 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Wed, 09 Oct 2024 12:43:29 GMT
access-control-allow-origin: *
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

GET
H2 200 cookie
cm.adform.net/ Frame FFC6 35 B
474 B 786ms
208ms Image
image/gif 37.157.6.237
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.237 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 86400
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: *
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: image/gif
server: nginx
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame AEE8 17 KB
13 KB 649ms
141ms XHR
application/json 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202410070101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/pubads_impl.js?cb=31087863

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4b5adbb406cb5bb2ca54244f7e28893551ab8e26c7226422b456be9835df0d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 12871
date: Tue, 08 Oct 2024 12:43:29 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET ads
pagead2.googlesyndication.com/gampad/ Frame AEE8 0
0

GET
H2 200 container.html
89779d4c66cc9b079384e6f80d961ffc.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame FB11 0
0 307ms
65ms Document
text/html 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://89779d4c66cc9b079384e6f80d961ffc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/pubads_impl.js?cb=31087863

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 12:43:29 GMT
expires: Tue, 08 Oct 2024 12:43:29 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame AEE8 96 KB
0 319ms
319ms Script
text/javascript 2620:100:a00b::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2620:100:a00b::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software: nginx /
Resource Hash: 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Wed, 09 Oct 2024 12:43:29 GMT
access-control-allow-origin: *
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 0274 17 KB
13 KB 758ms
122ms XHR
application/json 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202410070101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/pubads_impl.js?cb=31087863

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66ae203571e2c6f1ad128806e98e50328e7b6b9aba245b744f1e7994510dd5c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 12959
date: Tue, 08 Oct 2024 12:43:29 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 200 ads Show response
pagead2.googlesyndication.com/gampad/ Frame 0274 59 KB
14 KB 724ms
521ms Fetch
text/plain 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/gampad/ads?pvsid=2859072274631852&correlator=1499142827403151&eid=31087813%2C31087814%2C31087863&output=ldjh&gdfp_req=1&vrg=202410070101&ptt=17&impl=fifs&iu_parts=147246189%3A22385467611%2Conworks.net_1200x300_top_billboard_desktop&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x250%7C728x90%7C970x90%7C1200x300%7C980x300%7C1200x200%7C1100x200%7C1000x200%7C1000x250%7C970x300%7C980x240%7C980x120%7C970x200%7C970x120%7C728x100%7C728x250&ifi=1&sfv=1-0-40&eri=1&sc=1&abxe=1&dt=1728391408939&lmt=1728391408&adxs=650&adys=2382&biw=1600&bih=1200&isw=300&ish=150&scr_x=0&scr_y=0&btvi=1&ucis=siv5601q89hw&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=1&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&ref=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&top=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&vis=1&psz=300x150&msz=300x0&fws=256&ohw=0&td=1&egid=38759&tan=0bc32be0-3b34-4d00-85a5-aab95039a2e7&tdf=2&topics=5&tps=5&htps=5&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1728391405254&idt=1836&prev_scp=pbsd%3D1%26hb_env%3Dweb%26hb_adomain%3Dwildz.com%26hb_source%3Dclient%26hb_format%3Dbanner%26hb_size%3D970x250%26hb_pb%3D0.25%26hb_adid%3D31d6ef40a19b474%26hb_bidder%3Dadform&cust_params=origin%3Ddirect%26ECT%3D4g%26hb_rf%3D0&adks=4136289833&frm=23&eoidce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/pubads_impl.js?cb=31087863

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c509981282604f5d81e16d6e93a1a6e25f857c8f7d0e8c5a865a951ab17975a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

access-control-expose-headers: x-google-amp-ad-validated-version
content-encoding: br
google-lineitem-id: -1
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -1
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
content-length: 13931
x-xss-protection: 0
server: cafe

GET
H2 200 container.html
e2150ba3f730e7b92f78b8fa68990e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 44B6 0
0 291ms
68ms Document
text/html 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e2150ba3f730e7b92f78b8fa68990e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/pubads_impl.js?cb=31087863

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 12:43:29 GMT
expires: Tue, 08 Oct 2024 12:43:29 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame 0274 96 KB
0 302ms
302ms Script
text/javascript 2620:100:a00b::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2620:100:a00b::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software: nginx /
Resource Hash: 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Wed, 09 Oct 2024 12:43:29 GMT
access-control-allow-origin: *
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

GET
H2 200 pbs-iframe
pbs-cs.yellowblue.io/ Frame B21A 0
0 319ms
67ms Document
text/html 18.211.45.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pbs-cs.yellowblue.io/pbs-iframe?gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Drise%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BPBS_UID%5D
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.211.45.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-45-190.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://www.onworks.net/
content-type: text/html
date: Tue, 08 Oct 2024 12:43:29 GMT
server: istio-envoy
x-envoy-upstream-service-time: 1

GET
H2

200

setuid
prebid-stag.setupad.net/ Frame AEE8
Redirect Chain

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsmartadserver%26gdpr%3D%26gdpr_con...
https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441

86 B
667 B

214ms
198ms

Image
image/png

104.26.8.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Server: 104.26.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z0a%2BXVsB89SPoI4i7wHEva0yo7XTh%2Faula6BCRQ0rr9vrkX5UUGm%2FCLu7rF9%2B7MtfZYC0%2FfauS8Q%2Fk2FqMoH0kFFZqDtzogUn%2BvScKMRYCkvEWmGqOLCQZyi4WQe0PYo%2F%2FsqTzgWFx1O"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf637848d0736fe-YYZ
expires: 0
content-length: 86
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: image/png
vary: Origin
server: cloudflare

Redirect headers

date: Tue, 08 Oct 2024 12:43:28 GMT
location: https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441
content-length: 0

GET
H2 200 pbs-iframe
pbs-cs.yellowblue.io/ Frame 1C94 0
0 333ms
141ms Document
text/html 18.211.45.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pbs-cs.yellowblue.io/pbs-iframe?gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Drise%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BPBS_UID%5D
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.211.45.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-45-190.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://www.onworks.net/
content-type: text/html
date: Tue, 08 Oct 2024 12:43:29 GMT
server: istio-envoy
x-envoy-upstream-service-time: 4

GET
H2

200

setuid
prebid-stag.setupad.net/ Frame 4FD2
Redirect Chain

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsmartadserver%26gdpr%3D%26gdpr_con...
https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441

86 B
529 B

258ms
154ms

Image
image/png

104.26.8.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Server: 104.26.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hR9FSNybFohkpGH7j9OrpGmhlNcBn2Hkoa3XmH5J8ja3YyHrg2t7nJ%2FgHRCt2QcjaoQtW9L7Odupj%2BBn1TfdBMt06MtJZr0eojNHEPJbNp7BJ1Oqy31jSQgHzWKmLHvsogU8xWCteGwY"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf63785dde136fe-YYZ
expires: 0
content-length: 86
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: image/png
vary: Origin
server: cloudflare

Redirect headers

date: Tue, 08 Oct 2024 12:43:28 GMT
location: https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441
content-length: 0

GET
H2

200

setuid
prebid-stag.setupad.net/ Frame 0274
Redirect Chain

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsmartadserver%26gdpr%3D%26gdpr_con...
https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441

86 B
532 B

318ms
142ms

Image
image/png

104.26.8.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Server: 104.26.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eHYAKUymBtOfCUSiFz3Ry74l82629U2kaLxqeDZ9v%2FKLImYRyowf8p6J5vUMErD%2BCp1esZFe3qkExA5erA1atEtFu0%2FUfrKPdwQke3mE6%2Bo5U6CVaqVwSKs1W9mHZPeAe6ZdhHr07Q0X"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf63786eeaf36fe-YYZ
expires: 0
content-length: 86
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: image/png
vary: Origin
server: cloudflare

Redirect headers

date: Tue, 08 Oct 2024 12:43:29 GMT
location: https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441
content-length: 0

GET sodar
pagead2.googlesyndication.com/getconfig/ Frame 4FD2 0
0

GET
H3 200 ads Show response
pagead2.googlesyndication.com/gampad/ Frame 4FD2 60 KB
14 KB 584ms
539ms Fetch
text/plain 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/gampad/ads?pvsid=2896012597127874&correlator=56680062026891&eid=31079957%2C31087815%2C31085772%2C31087863%2C95344210%2C31085774&output=ldjh&gdfp_req=1&vrg=202410070101&ptt=17&impl=fifs&iu_parts=147246189%3A22385467611%2Conworks.net_200x600_sidebar_left_desktop&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600%7C200x600%7C120x600&ifi=1&sfv=1-0-40&eri=1&sc=1&abxe=1&dt=1728391409039&lmt=1728391409&adxs=100&adys=400&biw=1600&bih=1200&isw=300&ish=150&scr_x=0&scr_y=0&btvi=0&ucis=ie7rhow3xf8o&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=1&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&ref=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&top=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&vis=1&psz=300x150&msz=300x0&fws=256&ohw=0&td=1&egid=38759&tan=ee27c4ff-52c5-41e4-b3e1-fb1e7a5d699f&tdf=2&topics=5&tps=5&htps=5&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1728391405299&idt=2070&prev_scp=pbsd%3D1%26hb_env%3Dweb%26hb_adomain%3Doracle.com%26hb_source%3Ds2s%26hb_format%3Dbanner%26hb_adid%3D34b2a68446e64d2%26hb_size%3D160x600%26hb_pb%3D0.37%26hb_bidder%3DtripleliftS2S&cust_params=origin%3Ddirect%26ECT%3D4g%26hb_rf%3D0&adks=4227105449&frm=23&eoidce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/pubads_impl.js?cb=31087863

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3adc3f26b11098da9ba4f2d50277c3de82e9267c26b8b4720cb5ed18e953728a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

access-control-expose-headers: x-google-amp-ad-validated-version
content-encoding: br
google-lineitem-id: -1
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -1
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
content-length: 13846
x-xss-protection: 0
server: cafe

GET
H2 200 container.html
c0bac51ae654068e113256cdd860875d.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5FB3 0
0 316ms
62ms Document
text/html 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c0bac51ae654068e113256cdd860875d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/pubads_impl.js?cb=31087863

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 12:43:29 GMT
expires: Tue, 08 Oct 2024 12:43:29 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame 4FD2 96 KB
0 210ms
210ms Script
text/javascript 2620:100:a00b::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2620:100:a00b::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software: nginx /
Resource Hash: 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Wed, 09 Oct 2024 12:43:29 GMT
access-control-allow-origin: *
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

GET sodar
pagead2.googlesyndication.com/getconfig/ Frame CDAE 0
0

GET
H3 200 ads
pagead2.googlesyndication.com/gampad/ Frame CDAE 0
0 616ms
581ms Fetch
text/plain 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/gampad/ads?pvsid=1018349623579733&correlator=1996783807721150&eid=31079957%2C31087792%2C31087863&output=ldjh&gdfp_req=1&vrg=202410070101&ptt=17&impl=fifs&iu_parts=147246189%3A22385467611%2Conworks.net_970x90_sticky_anchor_desktop&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90%7C1000x100%7C728x90%7C990x90%7C970x50%7C960x90%7C950x90%7C980x90&ifi=1&sfv=1-0-40&eri=1&sc=1&abxe=1&dt=1728391409054&lmt=1728391409&adxs=0&adys=3149&biw=1600&bih=1200&isw=300&ish=150&scr_x=0&scr_y=0&btvi=1&ucis=1f39s5atpe1e&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=1&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&ref=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&top=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&vis=1&psz=300x150&msz=300x0&fws=256&ohw=0&td=1&egid=38759&tan=69f79eff-3e65-4954-8ddd-24893ec71b58&tdf=2&topics=5&tps=5&htps=5&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1728391405281&idt=2194&prev_scp=pbsd%3D1%26hb_env%3Dweb%26hb_adomain%3Dtdcanadatrust.com%26hb_source%3Dclient%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.45%26hb_adid%3D3297a9008cffc71%26hb_bidder%3Dcriteo&cust_params=origin%3Ddirect%26ECT%3D4g%26hb_rf%3D0&adks=2150855633&frm=23&eoidce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/pubads_impl.js?cb=31087863

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

access-control-expose-headers: x-google-amp-ad-validated-version
content-encoding: br
google-lineitem-id: -1
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -1
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
content-length: 13894
x-xss-protection: 0
server: cafe

GET
H2 200 container.html
2bcb5971552bb1856828998e6214d35c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame FCC9 0
0 398ms
102ms Document
text/html 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2bcb5971552bb1856828998e6214d35c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410070101/pubads_impl.js?cb=31087863

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 12:43:29 GMT
expires: Tue, 08 Oct 2024 12:43:29 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame CDAE 96 KB
0 2ms
2ms Script
text/javascript 2620:100:a00b::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2620:100:a00b::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software: nginx /
Resource Hash: 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Wed, 09 Oct 2024 12:43:29 GMT
access-control-allow-origin: *
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

POST
H2 200 481.json Show response
id5-sync.com/g/v2/ Frame B081 638 B
1 KB 595ms
161ms Fetch
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/481.json

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

56bba4538f2b95be5b25ff90145374b5bb2dc8bfc0f864408a84225a69ed5c0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://www.onworks.net
p3p: CP="CAO PSA OUR"
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: application/json
vary: Origin

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame E934 0
0 476ms
161ms Document
text/html 23.105.12.143
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=43&gdpr=0&gdpr_consent=
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.105.12.143 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-length: 1013
content-type: text/html
date: Tue, 08 Oct 2024 12:43:28 GMT

POST
H2 200 481.json Show response
id5-sync.com/g/v2/ Frame FFC6 638 B
1 KB 612ms
191ms Fetch
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/481.json

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

b0b42c2e3b3612d2f17a00d14b4d9f7db2eeaa9f9a63a6cd29c703359d9b21a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://www.onworks.net
p3p: CP="CAO PSA OUR"
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: application/json
vary: Origin

GET

/
de.tynt.com/deb/ Frame 4C0D
Redirect Chain

https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26it%3Dadg-pb-clt%26uid%3D33XUSERID33X
https://de.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26it%3Dadg-pb-clt%26uid%3D33XUSERID33X

0
0

POST
H2 200 481.json Show response
id5-sync.com/g/v2/ Frame AEE8 638 B
1 KB 606ms
193ms Fetch
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/481.json

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

51bb92eee7f8ca37d5403c9c89ba9b1557866a644da98e597a676c02f4539279

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://www.onworks.net
p3p: CP="CAO PSA OUR"
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: application/json
vary: Origin

POST
H2 200 481.json Show response
id5-sync.com/g/v2/ Frame 0274 636 B
1 KB 593ms
191ms Fetch
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/481.json

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

6c3d28e10dadfe24cf245315922b3bc919be2102d6e315c19a1d915b529a08cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://www.onworks.net
p3p: CP="CAO PSA OUR"
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: application/json
vary: Origin

POST
H2 200 481.json Show response
id5-sync.com/g/v2/ Frame 4FD2 638 B
1 KB 421ms
160ms Fetch
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/481.json

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

ae47a1395cc27a32a97325b40eb8275bdf88a02cffc18b4eb82c69f522b986c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://www.onworks.net
p3p: CP="CAO PSA OUR"
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: application/json
vary: Origin

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame B081 96 KB
0 2ms
2ms XHR
text/javascript 2620:100:a00b::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2620:100:a00b::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software: nginx /
Resource Hash: 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Wed, 09 Oct 2024 12:43:29 GMT
access-control-allow-origin: *
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame B081 18 KB
7 KB 428ms
79ms Script
text/javascript 2607:f8b0:4004:c0b::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "1727224258380615"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Tue, 08 Oct 2024 12:43:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: private, max-age=3000
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 6445
x-xss-protection: 0
server: sffe

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame FFC6 96 KB
0 30ms
30ms XHR
text/javascript 2620:100:a00b::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2620:100:a00b::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software: nginx /
Resource Hash: 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Wed, 09 Oct 2024 12:43:29 GMT
access-control-allow-origin: *
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame 0274 96 KB
0 36ms
36ms XHR
text/javascript 2620:100:a00b::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2620:100:a00b::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software: nginx /
Resource Hash: 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Wed, 09 Oct 2024 12:43:29 GMT
access-control-allow-origin: *
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame CDAE 96 KB
0 34ms
34ms XHR
text/javascript 2620:100:a00b::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2620:100:a00b::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software: nginx /
Resource Hash: 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Wed, 09 Oct 2024 12:43:29 GMT
access-control-allow-origin: *
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame AEE8 96 KB
0 31ms
31ms XHR
text/javascript 2620:100:a00b::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2620:100:a00b::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software: nginx /
Resource Hash: 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Wed, 09 Oct 2024 12:43:29 GMT
access-control-allow-origin: *
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame 4FD2 96 KB
0 30ms
30ms XHR
text/javascript 2620:100:a00b::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2620:100:a00b::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software: nginx /
Resource Hash: 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Wed, 09 Oct 2024 12:43:29 GMT
access-control-allow-origin: *
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

POST
H2 200 481.json Show response
id5-sync.com/g/v2/ Frame CDAE 638 B
1 KB 311ms
193ms Fetch
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/481.json

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

29e6a98677c0aabe77664382af9e096700712d7440aaeac49e5763ba76292893

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://www.onworks.net
p3p: CP="CAO PSA OUR"
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: application/json
vary: Origin

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame FFC6 18 KB
0 286ms
286ms Script
text/javascript 2607:f8b0:4004:c0b::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "1727224258380615"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Tue, 08 Oct 2024 12:43:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: private, max-age=3000
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 6445
x-xss-protection: 0
server: sffe

GET sync
eb2.3lift.com/ Frame 4CE0 0
0

GET
H2 200 sodar2.js
tpc.googlesyndication.com/sodar/ Frame AEE8 18 KB
0 106ms
106ms Script
text/javascript 2607:f8b0:4004:c0b::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "1727224258380615"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Tue, 08 Oct 2024 12:43:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 12:43:29 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: private, max-age=3000
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 6445
x-xss-protection: 0
server: sffe

GET pbs-iframe
pbs-cs.yellowblue.io/ Frame DD44 0
0

GET pbs-iframe
pbs-cs.yellowblue.io/ Frame FDFD 0
0

GET b-904ac2d-53355591.js
tagan.adlightning.com/setupad/ Frame 68FA 0
0

POST node.php
node.setupad.com/node/ Frame 0274 0
0

GET b-904ac2d-53355591.js
tagan.adlightning.com/setupad/ Frame 210D 0
0

POST node.php
node.setupad.com/node/ Frame FFC6 0
0

GET b-904ac2d-53355591.js
tagan.adlightning.com/setupad/ Frame AB18 0
0

POST node.php
node.setupad.com/node/ Frame 4FD2 0
0

GET sodar2.js
tpc.googlesyndication.com/sodar/ Frame 0274 0
0

GET b-904ac2d-53355591.js
tagan.adlightning.com/setupad/ Frame 2F4C 0
0

POST node.php
node.setupad.com/node/ Frame B081 0
0

GET
H2 200 sync
eb2.3lift.com/ Frame 2078 0
0 89ms
88ms Document
text/html 52.223.22.214

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.223.22.214 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1072
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:30 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

/
ads.us.e-planning.net/uspd/1/ Frame 98B2
Redirect Chain

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID

0
0

128ms
128ms

Document
text/html

172.98.26.246

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 172.98.26.246 -, , ASN (),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch: sec-ch-ua,sec-ch-ua-mobile,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
cache-control: max-age=0, no-cache
content-encoding: gzip
content-type: text/html
date: Tue, 08 Oct 2024 12:43:31 GMT
expires: Tue, 08 Oct 2024 12:43:31 GMT
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server: openresty
x-sid: IAD-1222

Redirect headers

content-type: text/html; charset=iso-8859-1
date: Tue, 08 Oct 2024 12:43:30 GMT
location: /uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server: openresty
x-sid: IAD-1222

GET
H2 200 pbs-iframe
pbs-cs.yellowblue.io/ Frame A3D2 0
0 75ms
74ms Document
text/html 18.211.45.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pbs-cs.yellowblue.io/pbs-iframe?gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Drise%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BPBS_UID%5D
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.211.45.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-45-190.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://www.onworks.net/
content-length: 937
content-type: text/html
date: Tue, 08 Oct 2024 12:43:30 GMT
server: istio-envoy
x-envoy-upstream-service-time: 11

GET
H2 200 /
onetag-sys.com/usync/ Frame 355C 0
0 47ms
47ms Document
text/html 51.222.39.186

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=6b859b96c564fbe&gdpr=0&gdpr_consent=&us_privacy=

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.222.39.186 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 1442
content-type: text/html
strict-transport-security: max-age=15552000

GET
H2

200

usync.html
eus.rubiconproject.com/ Frame 2808
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=onfocus&endpoint=us-west
https://eus.rubiconproject.com/usync.html?p=onfocus&endpoint=us-west

0
0

359ms
139ms

Document
text/html

23.55.205.215

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=onfocus&endpoint=us-west
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.55.205.215 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
content-encoding: gzip
content-length: 224
content-type: text/html; charset=UTF-8
date: Tue, 08 Oct 2024 12:43:30 GMT
etag: "2052a-10d-6142d69a886c0"
last-modified: Thu, 21 Mar 2024 15:32:19 GMT
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Tue, 08 Oct 2024 12:43:30 GMT
location: https://eus.rubiconproject.com/usync.html?p=onfocus&endpoint=us-west
server: AkamaiGHost

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/232/ Frame 3D61 0
0 301ms
92ms Document
text/html 2607:f8b0:4004:c0b::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/232/runner.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 1929
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000
content-encoding: gzip
content-length: 5005
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 12:11:21 GMT
expires: Tue, 08 Oct 2024 13:01:21 GMT
last-modified: Mon, 23 Sep 2024 18:12:21 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/232/ Frame C6AA 0
0 299ms
299ms Document
text/html 2607:f8b0:4004:c0b::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/232/runner.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 1929
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000
content-encoding: gzip
content-length: 5005
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 12:11:21 GMT
expires: Tue, 08 Oct 2024 13:01:21 GMT
last-modified: Mon, 23 Sep 2024 18:12:21 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

setuid
prebid-stag.setupad.net/ Frame AEE8
Redirect Chain

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID
https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=4808694100205090752

86 B
818 B

163ms
163ms

Image
image/png

104.26.8.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=4808694100205090752
Protocol: H2
Server: 104.26.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BtqzeNvR1kjMn%2F2YurttZTmGtIF%2B8wrKjFlRN2XTRd9S7gzqZXXzipnwdWrqyfDVU2oQz0aGAOXCLnT%2FJDaY9KNxkqVfeafixE9S22kNqDgdjU1yXNAKSmA93Cl1eCjbxTUNlEMCYLa%2B"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf6378d0acc36fe-YYZ
expires: 0
content-length: 86
date: Tue, 08 Oct 2024 12:43:30 GMT
content-type: image/png
vary: Origin
server: cloudflare

Redirect headers

access-control-max-age: 86400
location: https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=4808694100205090752
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: *
content-length: 0
date: Tue, 08 Oct 2024 12:43:30 GMT
server: nginx
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With

GET
H2

200

/
ads.us.e-planning.net/uspd/1/ Frame 63FF
Redirect Chain

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID

0
0

64ms
63ms

Document
text/html

172.98.26.246

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 172.98.26.246 -, , ASN (),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch: sec-ch-ua,sec-ch-ua-mobile,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
cache-control: max-age=0, no-cache
content-encoding: gzip
content-type: text/html
date: Tue, 08 Oct 2024 12:43:31 GMT
expires: Tue, 08 Oct 2024 12:43:31 GMT
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server: openresty
x-sid: IAD-1222

Redirect headers

content-type: text/html; charset=iso-8859-1
date: Tue, 08 Oct 2024 12:43:31 GMT
location: /uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server: openresty
x-sid: IAD-1222

GET
H2 200 sync
eb2.3lift.com/ Frame 55BD 0
0 93ms
93ms Document
text/html 52.223.22.214

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.223.22.214 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1270
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:30 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

/
ads.us.e-planning.net/uspd/1/ Frame 7CA5
Redirect Chain

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID

0
0

141ms
104ms

Document
text/html

172.98.26.246

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 172.98.26.246 -, , ASN (),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch: sec-ch-ua,sec-ch-ua-mobile,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
cache-control: max-age=0, no-cache
content-encoding: gzip
content-type: text/html
date: Tue, 08 Oct 2024 12:43:31 GMT
expires: Tue, 08 Oct 2024 12:43:31 GMT
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server: openresty
x-sid: IAD-1222

Redirect headers

content-type: text/html; charset=iso-8859-1
date: Tue, 08 Oct 2024 12:43:31 GMT
location: /uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server: openresty
x-sid: IAD-1222

GET
H2

200

/
hde.tynt.com/deb/ Frame 37C6
Redirect Chain

https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26it%3Dadg-pb-clt%26uid%3D33XUSERID33X
https://de.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26it%3Dadg-pb-clt%26uid%3D33XUSERID33X
https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26it%3Dadg-pb-clt%26uid%3D33XUSERID33X&b=1

0
0

521ms
66ms

Document
text/html

67.202.105.33

General

Check archive.org

Show headers Download Go to

Full URL: https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26it%3Dadg-pb-clt%26uid%3D33XUSERID33X&b=1
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.33 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA, Sec-CH-UA-Mobile
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
content-length: 1724
content-type: text/html
date: Tue, 08 Oct 2024 12:43:31 GMT
expires: Sat, 26 Jul 1997 05:00:00 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy: unsafe-url

Redirect headers

accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA, Sec-CH-UA-Mobile
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
content-length: 0
date: Tue, 08 Oct 2024 12:43:31 GMT
expires: Sat, 26 Jul 1997 05:00:00 GMT
location: https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26it%3Dadg-pb-clt%26uid%3D33XUSERID33X&b=1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy: unsafe-url

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame 0EEA 0
0 67ms
60ms Document
text/html 23.105.12.143
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=43&gdpr=0&gdpr_consent=
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.105.12.143 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-length: 899
content-type: text/html
date: Tue, 08 Oct 2024 12:43:30 GMT

GET
H2

200

setuid
prebid-stag.setupad.net/ Frame B081
Redirect Chain

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID
https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=4808694100205090752

86 B
944 B

185ms
184ms

Image
image/png

104.26.8.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=4808694100205090752
Protocol: H2
Server: 104.26.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1T0Kz7PtE2K4vJT9VrDW%2B4k3euheGC6Ba2%2B6JiEDQqjcYynqe2Esdl14k9jTdzoBwSw%2BeFSqX1f5QKksfe%2Boc2BTH%2FbZG8E2oymBHlu0F7csgJ%2F3JaZfMdhtbDFfN18tmX2bIaGuqFNG"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf637913db536fe-YYZ
expires: 0
content-length: 86
date: Tue, 08 Oct 2024 12:43:31 GMT
content-type: image/png
vary: Origin
server: cloudflare

Redirect headers

access-control-max-age: 86400
location: https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=4808694100205090752
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: *
content-length: 0
date: Tue, 08 Oct 2024 12:43:31 GMT
server: nginx
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With

GET
H2

200

setuid
prebid-stag.setupad.net/ Frame CDAE
Redirect Chain

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsmartadserver%26gdpr%3D%26gdpr_con...
https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441

86 B
711 B

162ms
161ms

Image
image/png

104.26.8.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441
Protocol: H2
Server: 104.26.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TQg2n0ICDc9ySuPsw5zyVwgFssgXvXUab%2Fmt%2BOt6YSYuMb%2BSHhElKDBbGL6ru296qA6mTk1mMni%2FFOYknriRKuPoewiWasvFVf79j6VzBwmrAEI2q%2BMvnNZFOuypt0YdU8dhLYLJbfjt"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf637928f3536fe-YYZ
expires: 0
content-length: 86
date: Tue, 08 Oct 2024 12:43:31 GMT
content-type: image/png
vary: Origin
server: cloudflare

Redirect headers

date: Tue, 08 Oct 2024 12:43:30 GMT
location: https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441
content-length: 0

GET
H2 200 sync
eb2.3lift.com/ Frame 4373 0
0 69ms
69ms Document
text/html 52.223.22.214

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.223.22.214 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1344
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:31 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 /
ads.us.e-planning.net/uspd/1/ Frame 70D8 0
0 72ms
72ms Document
text/html 172.98.26.246

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 172.98.26.246 -, , ASN (),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch: sec-ch-ua,sec-ch-ua-mobile,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
cache-control: max-age=0, no-cache
content-encoding: gzip
content-type: text/html
date: Tue, 08 Oct 2024 12:43:31 GMT
expires: Tue, 08 Oct 2024 12:43:31 GMT
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server: openresty
x-sid: IAD-1222

GET
H2 200 sync
eb2.3lift.com/ Frame 25E7 0
0 101ms
94ms Document
text/html 52.223.22.214

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.223.22.214 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1277
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:31 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

setuid
prebid-stag.setupad.net/ Frame 4FD2
Redirect Chain

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID
https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=4808694100205090752

86 B
899 B

222ms
203ms

Image
image/png

104.26.8.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=4808694100205090752
Protocol: H2
Server: 104.26.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ge5hpmRMYiv1kAgRpy2fsyy29uxpttUEiApqEepbiTuWuLlFi9872kGCllEy0h3OIeVrLxU2gAWUxxs4OnLke37ZTk5RX4ft4oXhwAQZaDCM5ap5e5x3%2F%2Boul5IQdW%2FHqmV5NWwJErAs"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf63794d94b36fe-YYZ
expires: 0
content-length: 86
date: Tue, 08 Oct 2024 12:43:32 GMT
content-type: image/png
vary: Origin
server: cloudflare

Redirect headers

access-control-max-age: 86400
location: https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=4808694100205090752
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: *
content-length: 0
date: Tue, 08 Oct 2024 12:43:31 GMT
server: nginx
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With

GET
H2 200 isyn
sync.a-mo.net/ Frame 8668 0
0 1255ms
101ms Document
text/html 147.28.146.89

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.a-mo.net/isyn?__st=iframe&gdpr=0&gdpr_consent=&us_privacy=1---&_e=CqECSg93d3cub253b3Jrcy5uZXRSC2Fhcy02NTlkZmRlWghwYmExLjMuM2oPd3d3Lm9ud29ya3MubmV0-gEGOC4yNy4w6AIBiAPw0ZS4BqgDBeoDJDZkY2E3OGE3LTQ3YWQtNGNjOC04NmY5LTRiMTVhMGQxMGI3ZKIEKmh0dHBzOi8vd3d3Lm9ud29ya3MubmV0L29ud29ya3NzZXNzaW9uLnBocKoEA0lTULIFA1VTROoFB2Rlc2t0b3D6BQRkYzEzwAYAyAYB0gYgQzMzMzBCMDc2MDk0MzM4QjNBMzc2OTBFOTBDQ0E1RDSqBwN3ZWLKBwtvbndvcmtzLm5ldOAHAYIIC29ud29ya3MubmV0iggGY2hyb21lmQgAAAAAAAgAAA
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.28.146.89 -, , ASN (),
Reverse DNS
Software: envoy /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
content-length: 656
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:32 GMT
server: envoy
vary: accept-encoding
x-envoy-upstream-service-time: 1

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 7244 0
0 1223ms
96ms Document
text/html 151.101.65.108

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 5712
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 08 Oct 2024 12:43:33 GMT
ETag: W/"623de86a-cf34"
Expires: Fri, 17 May 2024 08:31:56 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2227086, 26050
X-Served-By: cache-lga21993-LGA, cache-yul1970027-YUL
X-Timer: S1728391413.064984,VS0,VE0

GET
H3 200 sync-all.html
adxbid.info/ Frame 95D5 0
0 988ms
134ms Document
text/html 2606:4700:3035::6815:30d7

General

Check archive.org

Show headers Download Go to

Full URL: https://adxbid.info/sync-all.html?gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:30d7 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8cf63799cb061851-EWR
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:32 GMT
last-modified: Thu, 26 Jan 2023 09:50:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P%2B5RbXj3WArNzNHRzJ62rWX9wvTBuHSZbTIPzDI8ZX6IvuZZem2oqXbE1OobIu2gBgNBvQX7nubyE0C8FUsk2NryjeJMWp0L1SU%2BCMQxWxNWkKwFUDV1TJn8tujDOT8cYfSIP5RqPu%2B9kA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"

GET
H2 200 sync
eb2.3lift.com/ Frame CFF3 0
0 158ms
109ms Document
text/html 52.223.22.214

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.223.22.214 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1257
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:31 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame B081
Redirect Chain

https://sync.1rx.io/usersync2/smartadserver?gdpr=0&gdpr_consent=
https://sync.1rx.io/usersync2/smartadserver?zcc=1&cb=1728391415821
https://ad.turn.com/r/cs?pid=45&id=RX-fa695cef-9019-4c7f-a9ff-8e01a15dec6e-005&rndcb=5711677149
https://sync.1rx.io/usersync/turn/8386219872675358071?dspret=1&gdpr=0&gdpr_consent=&us_privacy=
https://sync.targeting.unrulymedia.com/csync/RX-fa695cef-9019-4c7f-a9ff-8e01a15dec6e-005?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fpartnerid%3D113%26partneruserid%3DRX-fa695cef-9...
https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=RX-fa695cef-9019-4c7f-a9ff-8e01a15dec6e-005

43 B
690 B

63ms
60ms

Image
image/gif

216.22.16.9

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=RX-fa695cef-9019-4c7f-a9ff-8e01a15dec6e-005
Protocol: HTTP/1.1
Server: 216.22.16.9 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:32 GMT
pragma: no-cache
content-type: image/gif

Redirect headers

location: https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=RX-fa695cef-9019-4c7f-a9ff-8e01a15dec6e-005
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
date: Tue, 08 Oct 2024 12:43:37 GMT
etag: RXfa695cef90194c7fa9ff8e01a15dec6e005
content-type: text/html

GET
H2

200

/
wt.rqtrk.eu/ Frame B081
Redirect Chain

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=150&partneruserid=0&redirurl=https%3A%2F%2Fwt.rqtrk.eu%3Fpid%3D58a76248-f101-4e52-b8f7-c4de9362ea12%26src%3Dwww%26type%3D100%26sid%3D0%26...
https://wt.rqtrk.eu/?pid=58a76248-f101-4e52-b8f7-c4de9362ea12&src=www&type=100&sid=0&uid=1534546851490544441&gdpr_pd=0&gdpr=0&gdpr_consent=

43 B
349 B

370ms
134ms

Image
image/gif

51.222.241.100

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wt.rqtrk.eu/?pid=58a76248-f101-4e52-b8f7-c4de9362ea12&src=www&type=100&sid=0&uid=1534546851490544441&gdpr_pd=0&gdpr=0&gdpr_consent=
Protocol: H2
Server: 51.222.241.100 -, , ASN (),
Reverse DNS
Software: istio-envoy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache,private
pragma: no-cache
x-envoy-upstream-service-time: 3
expires: Tue, 08 Oct 2024 12:43:31 GMT
content-length: 43
p3p: CP="NOI DSP COR DEVa PSAa PSDa OUR BUS UNI COM NAV STA"
date: Tue, 08 Oct 2024 12:43:32 GMT
content-type: image/gif
server: istio-envoy

Redirect headers

cache-control: no-cache,no-store
location: https://wt.rqtrk.eu?pid=58a76248-f101-4e52-b8f7-c4de9362ea12&src=www&type=100&sid=0&uid=1534546851490544441&gdpr_pd=0&gdpr=0&gdpr_consent=
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:31 GMT
pragma: no-cache

GET

usermatch
ssum-sec.casalemedia.com/ Frame B081
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=179394&cb=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D33%26partneruserid%3D&gdpr=0&gdpr_consent=
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D33%26partneruserid%3D&gdpr=0&gdpr_consent=&s=179394&C=1

0
0

GET
H2

200

gjIEMT18
sync-tm.everesttech.net/ct/upi/pid/ Frame B081
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/gjIEMT18?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D94%26partneruserid%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
https://sync-tm.everesttech.net/ct/upi/pid/gjIEMT18?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D94%26partneruserid%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=...

85 B
172 B

52ms
51ms

Image
image/png

151.101.130.49

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-tm.everesttech.net/ct/upi/pid/gjIEMT18?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D94%26partneruserid%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=ZwUo9AAHvfacAwA9
Protocol: H2
Server: 151.101.130.49 -, , ASN (),
Reverse DNS
Software: Jetty(9.4.35.v20201120) /
Resource Hash: acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

x-robots-tag: noindex
cache-control: no-cache
x-timer: S1728391413.836963,VS0,VE0
age: 1719
pragma: no-cache
via: 1.1 varnish
accept-ranges: bytes
x-cache: HIT
content-length: 85
date: Tue, 08 Oct 2024 12:43:32 GMT
content-type: image/png
x-served-by: cache-yul1970032-YUL
server: Jetty(9.4.35.v20201120)
x-cache-hits: 12609

Redirect headers

x-robots-tag: noindex
cache-control: no-cache
location: https://sync-tm.everesttech.net/ct/upi/pid/gjIEMT18?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D94%26partneruserid%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=ZwUo9AAHvfacAwA9
x-timer: S1728391413.777085,VS0,VE16
pragma: no-cache
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
content-length: 0
date: Tue, 08 Oct 2024 12:43:32 GMT
x-served-by: cache-yul1970032-YUL
server: Jetty(9.4.35.v20201120)
x-cache-hits: 0

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame B081
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=39&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D25%26partneruserid%3D%5BMM_UUID%5D&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=25&partneruserid=caaf6705-28f2-4800-a0cd-7f0f921a8c92&gdpr=0&gdpr_consent=

43 B
471 B

132ms
76ms

Image
image/gif

216.22.16.9

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=25&partneruserid=caaf6705-28f2-4800-a0cd-7f0f921a8c92&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 216.22.16.9 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:32 GMT
pragma: no-cache
content-type: image/gif

Redirect headers

X-Permitted-Cross-Domain-Policies: all
X-Content-Type-Options: nosniff
Keep-Alive: timeout=360
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Tue, 08 Oct 2024 12:43:32 GMT
Content-Type: image/gif
Strict-Transport-Security: 31536000
Cache-Control: no-cache,no-store,must-revalidate
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=25&partneruserid=caaf6705-28f2-4800-a0cd-7f0f921a8c92&gdpr=0&gdpr_consent=
Pragma: no-cache
Connection: keep-alive
Cross-Origin-Resource-Policy: cross-origin
Referrer-Policy: strict-origin
Access-Control-Allow-Origin: *
Content-Length: 0
X-XSS-Protection: 0
Server: MT3 1668 f41eadd master ord ord-pixel-x56 config_version:"3849"

GET
H2

200

setuid
prebid-stag.setupad.net/ Frame CDAE
Redirect Chain

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID
https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=4808694100205090752

86 B
878 B

183ms
173ms

Image
image/png

104.26.8.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=4808694100205090752
Protocol: H2
Server: 104.26.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6ELnIQty4p4JPrw29kWp1KHv5Cb3084OzGj4pjaUL06Q47qFoZBCapVzPdinX2uxb8rmSEDvVwpVW3Qdd39aRdcC38ZH4g%2FcCaqajsS1RIBkOPjkN%2BbD3ASXFYOzZYCQpsXixXqgNOKa"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf637965a5936fe-YYZ
expires: 0
content-length: 86
date: Tue, 08 Oct 2024 12:43:32 GMT
content-type: image/png
vary: Origin
server: cloudflare

Redirect headers

access-control-max-age: 86400
location: https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=4808694100205090752
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: *
content-length: 0
date: Tue, 08 Oct 2024 12:43:32 GMT
server: nginx
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With

GET
H2 200 isyn
sync.a-mo.net/ Frame 0943 0
0 1195ms
104ms Document
text/html 147.28.146.89

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.a-mo.net/isyn?__st=iframe&gdpr=0&gdpr_consent=&us_privacy=1---&_e=CqECSg93d3cub253b3Jrcy5uZXRSC2Fhcy02NTlkZmRlWghwYmExLjMuM2oPd3d3Lm9ud29ya3MubmV0-gEGOC4yNy4w6AIBiAPv0ZS4BqgDBeoDJDkyNzBmNGJkLWVlOTAtNDBiYi05Njc5LWUxMGQ4MzgxYWIzN6IEKmh0dHBzOi8vd3d3Lm9ud29ya3MubmV0L29ud29ya3NzZXNzaW9uLnBocKoEA0lTULIFA1VTROoFB2Rlc2t0b3D6BQRkYzEzwAYAyAYB0gYgQzMzMzBCMDc2MDk0MzM4QjNBMzc2OTBFOTBDQ0E1RDSqBwN3ZWLKBwtvbndvcmtzLm5ldOAHAYIIC29ud29ya3MubmV0iggGY2hyb21lmQgAAAAAAAgAAA
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.28.146.89 -, , ASN (),
Reverse DNS
Software: envoy /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
content-length: 656
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:32 GMT
server: envoy
vary: accept-encoding
x-envoy-upstream-service-time: 1

GET
H2 200 sync
eb2.3lift.com/ Frame DFC5 0
0 315ms
70ms Document
text/html 52.223.22.214

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.223.22.214 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1257
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:32 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 795D 0
0 1233ms
1233ms Document
text/html 151.101.65.108

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 5712
Cache-Control: max-age=86402
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 08 Oct 2024 12:43:33 GMT
ETag: W/"623de86a-cf34"
Expires: Fri, 17 May 2024 08:31:56 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2227086, 26050
X-Served-By: cache-lga21993-LGA, cache-yul1970027-YUL
X-Timer: S1728391413.064984,VS0,VE0

GET
H3 200 sync-all.html
adxbid.info/ Frame 3E34 0
0 937ms
937ms Document
text/html 2606:4700:3035::6815:30d7

General

Check archive.org

Show headers Download Go to

Full URL: https://adxbid.info/sync-all.html?gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:30d7 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8cf63799cb061851-EWR
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:32 GMT
last-modified: Thu, 26 Jan 2023 09:50:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P%2B5RbXj3WArNzNHRzJ62rWX9wvTBuHSZbTIPzDI8ZX6IvuZZem2oqXbE1OobIu2gBgNBvQX7nubyE0C8FUsk2NryjeJMWp0L1SU%2BCMQxWxNWkKwFUDV1TJn8tujDOT8cYfSIP5RqPu%2B9kA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"

GET
H2 200 sync
eb2.3lift.com/ Frame A086 0
0 434ms
72ms Document
text/html 52.223.22.214

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.223.22.214 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1257
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:32 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame FFC6
Redirect Chain

https://ad.turn.com/r/cs?pid=33&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D32%26partneruserid%3D%23USER_ID%23%26gdpr%3D%23GDPR_APPLICABLE%23%26gdpr_consent%...
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=32&partneruserid=8386219872675358071&gdpr=0&gdpr_consent=

43 B
500 B

211ms
82ms

Image
image/gif

216.22.16.9

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=32&partneruserid=8386219872675358071&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 216.22.16.9 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:31 GMT
pragma: no-cache
content-type: image/gif

Redirect headers

cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=32&partneruserid=8386219872675358071&gdpr=0&gdpr_consent=
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
content-length: 0
pragma: no-cache
date: Tue, 08 Oct 2024 12:43:27 GMT

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame FFC6
Redirect Chain

https://s.ad.smaato.net/c/?adExInit=sas&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D133%26partneruserid%3D$UID&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=133&partneruserid=a3741dbdcc

43 B
492 B

234ms
118ms

Image
image/gif

216.22.16.9

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=133&partneruserid=a3741dbdcc
Protocol: HTTP/1.1
Server: 216.22.16.9 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:31 GMT
pragma: no-cache
content-type: image/gif

Redirect headers

cache-control: no-cache, must-revalidate
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=133&partneruserid=a3741dbdcc
via: 1.1 d6f425c1386ac9fd47879737b06938c4.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
content-length: 0
x-amz-cf-id: EkFpnbdK_b-yOq8SDaAczz_FdLkImJkQ23Rf4G7iBCnj0ywNkptnJA==
date: Tue, 08 Oct 2024 12:43:32 GMT
x-amz-cf-pop: JFK52-P7
server: CloudFront

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame FFC6
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=4808694100205090752&gdpr=0&gdpr_consent=

43 B
576 B

60ms
56ms

Image
image/gif

216.22.16.9

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=4808694100205090752&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 216.22.16.9 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:32 GMT
pragma: no-cache
content-type: image/gif

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=4808694100205090752&gdpr=0&gdpr_consent=
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-methods: GET
expires: -1
access-control-allow-origin: *
content-length: 0
date: Tue, 08 Oct 2024 12:43:33 GMT
server: nginx
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame FFC6
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=560288&ev=1&rurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D92%26partneruserid%3D%25%25VGUID%25%25&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=92&partneruserid=73nc1fLu6GnV&ev=1&pid=560288&gdpr_consent=&gdpr=0

43 B
493 B

133ms
59ms

Image
image/gif

216.22.16.9

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=92&partneruserid=73nc1fLu6GnV&ev=1&pid=560288&gdpr_consent=&gdpr=0
Protocol: HTTP/1.1
Server: 216.22.16.9 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:32 GMT
pragma: no-cache
content-type: image/gif

Redirect headers

cache-control: private, max-age=0, no-cache, no-store
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=92&partneruserid=73nc1fLu6GnV&ev=1&pid=560288&gdpr_consent=&gdpr=0
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
cw-server: bh-deployment-stage-0
expires: -1
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-CA
server: Jetty(10.0.14)

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame FFC6
Redirect Chain

https://s.company-target.com/s/eqx?sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D152%26partneruserid%3DPARTNER_USER_ID&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?gdpr=0&gdpr_consent=&issi=1&partnerid=152&partneruserid=15024c69-0a23-49b0-9d9a-d05c6e985359

43 B
594 B

58ms
55ms

Image
image/gif

216.22.16.9

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?gdpr=0&gdpr_consent=&issi=1&partnerid=152&partneruserid=15024c69-0a23-49b0-9d9a-d05c6e985359
Protocol: HTTP/1.1
Server: 216.22.16.9 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:32 GMT
pragma: no-cache
content-type: image/gif

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
location: https://rtb-csync.smartadserver.com/redir/?gdpr=0&gdpr_consent=&issi=1&partnerid=152&partneruserid=15024c69-0a23-49b0-9d9a-d05c6e985359
access-control-allow-methods: GET,OPTIONS
via: 1.1 google
access-control-allow-origin: *.smartadserver.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 174
date: Tue, 08 Oct 2024 12:43:33 GMT
content-type: text/html; charset=utf-8

GET
H2 200 pbs-iframe
pbs-cs.yellowblue.io/ Frame C20E 0
0 93ms
92ms Document
text/html 18.211.45.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pbs-cs.yellowblue.io/pbs-iframe?gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Drise%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BPBS_UID%5D
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.211.45.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-45-190.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://www.onworks.net/
content-length: 655
content-type: text/html
date: Tue, 08 Oct 2024 12:43:32 GMT
server: istio-envoy
x-envoy-upstream-service-time: 3

GET
H2 200 isyn
sync.a-mo.net/ Frame 5668 0
0 979ms
102ms Document
text/html 147.28.146.89

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.a-mo.net/isyn?__st=iframe&gdpr=0&gdpr_consent=&us_privacy=1---&_e=CqECSg93d3cub253b3Jrcy5uZXRSC2Fhcy02NTlkZmRlWghwYmExLjMuM2oPd3d3Lm9ud29ya3MubmV0-gEGOC4yNy4w6AIBiAPw0ZS4BqgDBeoDJGEyZjg2ZmFjLTkwNDMtNGE4YS04ZjcxLWM3OGQ2OTM3NGZiN6IEKmh0dHBzOi8vd3d3Lm9ud29ya3MubmV0L29ud29ya3NzZXNzaW9uLnBocKoEA0lTULIFA1VTROoFB2Rlc2t0b3D6BQRkYzEzwAYAyAYB0gYgQzMzMzBCMDc2MDk0MzM4QjNBMzc2OTBFOTBDQ0E1RDSqBwN3ZWLKBwtvbndvcmtzLm5ldOAHAYIIC29ud29ya3MubmV0iggGY2hyb21lmQgAAAAAAAgAAA
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.28.146.89 -, , ASN (),
Reverse DNS
Software: envoy /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
content-length: 656
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:32 GMT
server: envoy
vary: accept-encoding
x-envoy-upstream-service-time: 1

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 20F2 0
0 1038ms
1038ms Document
text/html 151.101.65.108

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 5712
Cache-Control: max-age=86402
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 08 Oct 2024 12:43:33 GMT
ETag: W/"623de86a-cf34"
Expires: Fri, 17 May 2024 08:31:56 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2227086, 26050
X-Served-By: cache-lga21993-LGA, cache-yul1970027-YUL
X-Timer: S1728391413.064984,VS0,VE0

GET
H2 200 sync
eb2.3lift.com/ Frame 888A 0
0 358ms
117ms Document
text/html 52.223.22.214

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.223.22.214 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1257
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:32 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 200 sync-all.html
adxbid.info/ Frame ABEF 0
0 723ms
723ms Document
text/html 2606:4700:3035::6815:30d7

General

Check archive.org

Show headers Download Go to

Full URL: https://adxbid.info/sync-all.html?gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:30d7 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8cf63799cb061851-EWR
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:32 GMT
last-modified: Thu, 26 Jan 2023 09:50:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P%2B5RbXj3WArNzNHRzJ62rWX9wvTBuHSZbTIPzDI8ZX6IvuZZem2oqXbE1OobIu2gBgNBvQX7nubyE0C8FUsk2NryjeJMWp0L1SU%2BCMQxWxNWkKwFUDV1TJn8tujDOT8cYfSIP5RqPu%2B9kA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"

GET
H2 200 sync
eb2.3lift.com/ Frame 311B 0
0 430ms
75ms Document
text/html 52.223.22.214

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.223.22.214 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1257
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:32 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame AEE8
Redirect Chain

https://s.ad.smaato.net/c/?adExInit=sas&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D133%26partneruserid%3D$UID&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=133&partneruserid=a3741dbdcc

43 B
486 B

226ms
57ms

Image
image/gif

216.22.16.9

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=133&partneruserid=a3741dbdcc
Protocol: HTTP/1.1
Server: 216.22.16.9 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:32 GMT
pragma: no-cache
content-type: image/gif

Redirect headers

cache-control: no-cache, must-revalidate
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=133&partneruserid=a3741dbdcc
via: 1.1 d6f425c1386ac9fd47879737b06938c4.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
content-length: 0
x-amz-cf-id: 9mtj167Gv8eOe64ja4D0U27foQ4a5PM_4Jl7Gruy0KwFUceMylwVEA==
date: Tue, 08 Oct 2024 12:43:32 GMT
x-amz-cf-pop: JFK52-P7
server: CloudFront

GET
H2

200

/
wt.rqtrk.eu/ Frame AEE8
Redirect Chain

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=150&partneruserid=0&redirurl=https%3A%2F%2Fwt.rqtrk.eu%3Fpid%3D58a76248-f101-4e52-b8f7-c4de9362ea12%26src%3Dwww%26type%3D100%26sid%3D0%26...
https://wt.rqtrk.eu/?pid=58a76248-f101-4e52-b8f7-c4de9362ea12&src=www&type=100&sid=0&uid=1534546851490544441&gdpr_pd=0&gdpr=0&gdpr_consent=

43 B
183 B

100ms
62ms

Image
image/gif

51.222.241.100

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wt.rqtrk.eu/?pid=58a76248-f101-4e52-b8f7-c4de9362ea12&src=www&type=100&sid=0&uid=1534546851490544441&gdpr_pd=0&gdpr=0&gdpr_consent=
Protocol: H2
Server: 51.222.241.100 -, , ASN (),
Reverse DNS
Software: istio-envoy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache,private
pragma: no-cache
x-envoy-upstream-service-time: 0
expires: Tue, 08 Oct 2024 12:43:31 GMT
content-length: 43
p3p: CP="NOI DSP COR DEVa PSAa PSDa OUR BUS UNI COM NAV STA"
date: Tue, 08 Oct 2024 12:43:32 GMT
content-type: image/gif
server: istio-envoy

Redirect headers

cache-control: no-cache,no-store
location: https://wt.rqtrk.eu?pid=58a76248-f101-4e52-b8f7-c4de9362ea12&src=www&type=100&sid=0&uid=1534546851490544441&gdpr_pd=0&gdpr=0&gdpr_consent=
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:32 GMT
pragma: no-cache

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame AEE8
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?&rd=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D91%26partneruserid%3D%23PM_USER_ID%26gdpr%3DPM_GDPR%26gdpr_conse...
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=91&partneruserid=45B74515-02D5-42AF-995E-FB515CFAC66F&gdpr=0&gdpr_consent=

43 B
517 B

63ms
61ms

Image
image/gif

216.22.16.9

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=91&partneruserid=45B74515-02D5-42AF-995E-FB515CFAC66F&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 216.22.16.9 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:31 GMT
pragma: no-cache
content-type: image/gif

Redirect headers

location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=91&partneruserid=45B74515-02D5-42AF-995E-FB515CFAC66F&gdpr=0&gdpr_consent=
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
date: Tue, 08 Oct 2024 12:43:31 GMT
content-type: text/html; charset=UTF-8

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame AEE8
Redirect Chain

https://match.sharethrough.com/universal/v1?supply_id=v5hJK9Sl&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?partnerid=147&partneruserid=079ec56f-b288-4082-8556-6ac5267d6e13&gdpr=0

43 B
558 B

64ms
64ms

Image
image/gif

216.22.16.9

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=147&partneruserid=079ec56f-b288-4082-8556-6ac5267d6e13&gdpr=0
Protocol: HTTP/1.1
Server: 216.22.16.9 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:32 GMT
pragma: no-cache
content-type: image/gif

Redirect headers

strict-transport-security: max-age=16000000; includeSubDomains; preload;
location: https://rtb-csync.smartadserver.com/redir/?partnerid=147&partneruserid=079ec56f-b288-4082-8556-6ac5267d6e13&gdpr=0
content-length: 0

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame AEE8
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D86%26partneruserid%3D$UID&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=642459759305403779&gdpr=0&gdpr_consent=

43 B
508 B

58ms
57ms

Image
image/gif

216.22.16.9

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=642459759305403779&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 216.22.16.9 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:32 GMT
pragma: no-cache
content-type: image/gif

Redirect headers

cache-control: no-store, no-cache, private
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=642459759305403779&gdpr=0&gdpr_consent=
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 157.254.49.145; 157.254.49.145; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: *
an-x-request-uuid: 60f160b6-d533-4d1c-bbbd-146b6d4083d7
content-length: 0
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 08 Oct 2024 12:43:32 GMT
x-xss-protection: 0
content-type: text/html; charset=utf-8
server: nginx/1.23.4

GET
H3 200 sync-all.html
adxbid.info/ Frame 5783 0
0 701ms
701ms Document
text/html 2606:4700:3035::6815:30d7

General

Check archive.org

Show headers Download Go to

Full URL: https://adxbid.info/sync-all.html?gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:30d7 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8cf63799cb061851-EWR
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:32 GMT
last-modified: Thu, 26 Jan 2023 09:50:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P%2B5RbXj3WArNzNHRzJ62rWX9wvTBuHSZbTIPzDI8ZX6IvuZZem2oqXbE1OobIu2gBgNBvQX7nubyE0C8FUsk2NryjeJMWp0L1SU%2BCMQxWxNWkKwFUDV1TJn8tujDOT8cYfSIP5RqPu%2B9kA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"

GET
H2 200 sync
eb2.3lift.com/ Frame 9DB3 0
0 479ms
73ms Document
text/html 52.223.22.214

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.223.22.214 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1257
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:32 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 43A9 0
0 985ms
985ms Document
text/html 151.101.65.108

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 5712
Cache-Control: max-age=86402
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 08 Oct 2024 12:43:33 GMT
ETag: W/"623de86a-cf34"
Expires: Fri, 17 May 2024 08:31:56 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2227086, 26050
X-Served-By: cache-lga21993-LGA, cache-yul1970027-YUL
X-Timer: S1728391413.064984,VS0,VE0

GET
H2 200 sync
eb2.3lift.com/ Frame F622 0
0 559ms
82ms Document
text/html 52.223.22.214

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.223.22.214 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1257
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:32 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 isyn
sync.a-mo.net/ Frame 57ED 0
0 911ms
102ms Document
text/html 147.28.146.89

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.a-mo.net/isyn?__st=iframe&gdpr=0&gdpr_consent=&us_privacy=1---&_e=CqECSg93d3cub253b3Jrcy5uZXRSC2Fhcy02NTlkZmRlWghwYmExLjMuM2oPd3d3Lm9ud29ya3MubmV0-gEGOC4yNy4w6AIBiAPw0ZS4BqgDBeoDJDQ2N2NiZGRlLWFmYTYtNDFhZS1hN2RiLWI2ZmE3MjBkYWQ0NqIEKmh0dHBzOi8vd3d3Lm9ud29ya3MubmV0L29ud29ya3NzZXNzaW9uLnBocKoEA0lTULIFA1VTROoFB2Rlc2t0b3D6BQRkYzEzwAYAyAYB0gYgQzMzMzBCMDc2MDk0MzM4QjNBMzc2OTBFOTBDQ0E1RDSqBwN3ZWLKBwtvbndvcmtzLm5ldOAHAYIIC29ud29ya3MubmV0iggGY2hyb21lmQgAAAAAAAgAAA
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.28.146.89 -, , ASN (),
Reverse DNS
Software: envoy /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
content-length: 656
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:33 GMT
server: envoy
vary: accept-encoding
x-envoy-upstream-service-time: 1

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 0274
Redirect Chain

https://s.ad.smaato.net/c/?adExInit=sas&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D133%26partneruserid%3D$UID&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=133&partneruserid=a3741dbdcc

43 B
486 B

291ms
291ms

Image
image/gif

216.22.16.9

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=133&partneruserid=a3741dbdcc
Protocol: HTTP/1.1
Server: 216.22.16.9 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:32 GMT
pragma: no-cache
content-type: image/gif

Redirect headers

cache-control: no-cache, must-revalidate
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=133&partneruserid=a3741dbdcc
via: 1.1 d6f425c1386ac9fd47879737b06938c4.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
content-length: 0
x-amz-cf-id: SVpeY3UvBukmO_mgndJexf88lr-QvpICoFnpIGjn_TcReBGRywqNCA==
date: Tue, 08 Oct 2024 12:43:32 GMT
x-amz-cf-pop: JFK52-P7
server: CloudFront

GET
H2

200

/
wt.rqtrk.eu/ Frame 0274
Redirect Chain

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=150&partneruserid=0&redirurl=https%3A%2F%2Fwt.rqtrk.eu%3Fpid%3D58a76248-f101-4e52-b8f7-c4de9362ea12%26src%3Dwww%26type%3D100%26sid%3D0%26...
https://wt.rqtrk.eu/?pid=58a76248-f101-4e52-b8f7-c4de9362ea12&src=www&type=100&sid=0&uid=1534546851490544441&gdpr_pd=0&gdpr=0&gdpr_consent=

43 B
86 B

61ms
59ms

Image
image/gif

51.222.241.100

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wt.rqtrk.eu/?pid=58a76248-f101-4e52-b8f7-c4de9362ea12&src=www&type=100&sid=0&uid=1534546851490544441&gdpr_pd=0&gdpr=0&gdpr_consent=
Protocol: H2
Server: 51.222.241.100 -, , ASN (),
Reverse DNS
Software: istio-envoy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache,private
pragma: no-cache
x-envoy-upstream-service-time: 1
expires: Tue, 08 Oct 2024 12:43:31 GMT
content-length: 43
p3p: CP="NOI DSP COR DEVa PSAa PSDa OUR BUS UNI COM NAV STA"
date: Tue, 08 Oct 2024 12:43:32 GMT
content-type: image/gif
server: istio-envoy

Redirect headers

cache-control: no-cache,no-store
location: https://wt.rqtrk.eu?pid=58a76248-f101-4e52-b8f7-c4de9362ea12&src=www&type=100&sid=0&uid=1534546851490544441&gdpr_pd=0&gdpr=0&gdpr_consent=
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:32 GMT
pragma: no-cache

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 0274
Redirect Chain

https://cms.quantserve.com/pixel/p-EtBqU4Lj3YbAv.gif?idmatch=0&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?partnerid=80&gdpr=0&partneruserid=20PVw99Mg8TAR4OTjEHIwN1E18XATIGSiBeEOFNq

43 B
530 B

90ms
87ms

Image
image/gif

216.22.16.9

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=80&gdpr=0&partneruserid=20PVw99Mg8TAR4OTjEHIwN1E18XATIGSiBeEOFNq
Protocol: HTTP/1.1
Server: 216.22.16.9 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:32 GMT
pragma: no-cache
content-type: image/gif

Redirect headers

strict-transport-security: max-age=86400
cache-control: private, no-store, proxy-revalidate
location: https://rtb-csync.smartadserver.com/redir/?partnerid=80&gdpr=0&partneruserid=20PVw99Mg8TAR4OTjEHIwN1E18XATIGSiBeEOFNq
content-length: 0
date: Tue, 08 Oct 2024 12:43:32 GMT

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 0274
Redirect Chain

https://b1sync.zemanta.com/usersync/smart/?cb=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D116%26partneruserid%3D__ZUID__&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=116&partneruserid=Rcx3QdsnLYk3jFqSpFoo&gdpr=0

43 B
578 B

68ms
64ms

Image
image/gif

216.22.16.9

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=116&partneruserid=Rcx3QdsnLYk3jFqSpFoo&gdpr=0
Protocol: HTTP/1.1
Server: 216.22.16.9 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:33 GMT
pragma: no-cache
content-type: image/gif

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store, must-revalidate
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=116&partneruserid=Rcx3QdsnLYk3jFqSpFoo&gdpr=0
pragma: no-cache
expires: Thu, 01 Dec 1994 16:00:00 GMT
content-length: 140
p3p: CP="We do not support P3P header."
date: Tue, 08 Oct 2024 12:43:33 GMT
content-type: text/html; charset=utf-8

GET
H2

200

v1
match.sharethrough.com/sync/ Frame 0274
Redirect Chain

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=139&partneruserid=0&redirurl=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3D98KUz37ype9D3X2sf9ovgeTt%26source_user_id%3DS...
https://match.sharethrough.com/sync/v1?source_id=98KUz37ype9D3X2sf9ovgeTt&source_user_id=1534546851490544441&gdpr=0&gdpr_consent=

68 B
323 B

64ms
63ms

Image
image/png

54.224.103.108

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://match.sharethrough.com/sync/v1?source_id=98KUz37ype9D3X2sf9ovgeTt&source_user_id=1534546851490544441&gdpr=0&gdpr_consent=

Protocol

Server

54.224.103.108 -, , ASN (),

Reverse DNS

Software

Resource Hash

6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Security Headers

Name	Value
Strict-Transport-Security	max-age=16000000; includeSubDomains; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=16000000; includeSubDomains; preload;
cache-control: no-cache
content-length: 68
content-type: image/png

Redirect headers

cache-control: no-cache,no-store
location: https://match.sharethrough.com/sync/v1?source_id=98KUz37ype9D3X2sf9ovgeTt&source_user_id=1534546851490544441&gdpr=0&gdpr_consent=
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:32 GMT
pragma: no-cache

GET sodar
pagead2.googlesyndication.com/pagead/ Frame FFC6 0
0

GET sodar
pagead2.googlesyndication.com/pagead/ Frame B081 0
0

GET
H2 200 isyn
sync.a-mo.net/ Frame 663F 0
0 829ms
103ms Document
text/html 147.28.146.89

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.a-mo.net/isyn?__st=iframe&gdpr=0&gdpr_consent=&us_privacy=1---&_e=CqECSg93d3cub253b3Jrcy5uZXRSC2Fhcy02NTlkZmRlWghwYmExLjMuM2oPd3d3Lm9ud29ya3MubmV0-gEGOC4yNy4w6AIBiAPw0ZS4BqgDBeoDJDY5YjY2ZjgzLWQ0YzYtNDMxNC1hMzI3LTM5MGJkMGE3MzcxZKIEKmh0dHBzOi8vd3d3Lm9ud29ya3MubmV0L29ud29ya3NzZXNzaW9uLnBocKoEA0lTULIFA1VTROoFB2Rlc2t0b3D6BQRkYzEzwAYAyAYB0gYgQzMzMzBCMDc2MDk0MzM4QjNBMzc2OTBFOTBDQ0E1RDSqBwN3ZWLKBwtvbndvcmtzLm5ldOAHAYIIC29ud29ya3MubmV0iggGY2hyb21lmQgAAAAAAAgAAA
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.28.146.89 -, , ASN (),
Reverse DNS
Software: envoy /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
content-length: 656
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:32 GMT
server: envoy
vary: accept-encoding
x-envoy-upstream-service-time: 1

GET
H3 200 sync-all.html
adxbid.info/ Frame 6062 0
0 594ms
594ms Document
text/html 2606:4700:3035::6815:30d7

General

Check archive.org

Show headers Download Go to

Full URL: https://adxbid.info/sync-all.html?gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:30d7 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8cf63799cb061851-EWR
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:32 GMT
last-modified: Thu, 26 Jan 2023 09:50:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P%2B5RbXj3WArNzNHRzJ62rWX9wvTBuHSZbTIPzDI8ZX6IvuZZem2oqXbE1OobIu2gBgNBvQX7nubyE0C8FUsk2NryjeJMWp0L1SU%2BCMQxWxNWkKwFUDV1TJn8tujDOT8cYfSIP5RqPu%2B9kA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"

GET
H2 200 sync
eb2.3lift.com/ Frame AA22 0
0 542ms
76ms Document
text/html 52.223.22.214

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.223.22.214 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 793
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:32 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 sync
eb2.3lift.com/ Frame F98F 0
0 609ms
70ms Document
text/html 52.223.22.214

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.223.22.214 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 793
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:32 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 3ACB 0
0 877ms
877ms Document
text/html 151.101.65.108

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 5712
Cache-Control: max-age=86402
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 08 Oct 2024 12:43:33 GMT
ETag: W/"623de86a-cf34"
Expires: Fri, 17 May 2024 08:31:56 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2227086, 26050
X-Served-By: cache-lga21993-LGA, cache-yul1970027-YUL
X-Timer: S1728391413.064984,VS0,VE0

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 4FD2
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D86%26partneruserid%3D$UID&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=642459759305403779&gdpr=0&gdpr_consent=

43 B
508 B

65ms
63ms

Image
image/gif

216.22.16.9

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=642459759305403779&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 216.22.16.9 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:32 GMT
pragma: no-cache
content-type: image/gif

Redirect headers

cache-control: no-store, no-cache, private
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=642459759305403779&gdpr=0&gdpr_consent=
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 157.254.49.145; 157.254.49.145; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: *
an-x-request-uuid: 743771e4-fc80-4ea8-8bc4-d670e4f901f4
content-length: 0
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 08 Oct 2024 12:43:32 GMT
x-xss-protection: 0
content-type: text/html; charset=utf-8
server: nginx/1.23.4

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 4FD2
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=4808694100205090752&gdpr=0&gdpr_consent=

43 B
601 B

70ms
69ms

Image
image/gif

216.22.16.9

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=4808694100205090752&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 216.22.16.9 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:32 GMT
pragma: no-cache
content-type: image/gif

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=4808694100205090752&gdpr=0&gdpr_consent=
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-methods: GET
expires: -1
access-control-allow-origin: *
content-length: 0
date: Tue, 08 Oct 2024 12:43:33 GMT
server: nginx
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With

GET usermatch
ssum-sec.casalemedia.com/ Frame 4FD2 0
0

GET
H2

200

gjIEMT18
sync-tm.everesttech.net/ct/upi/pid/ Frame 4FD2
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/gjIEMT18?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D94%26partneruserid%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
https://sync-tm.everesttech.net/ct/upi/pid/gjIEMT18?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D94%26partneruserid%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=...

85 B
150 B

52ms
51ms

Image
image/png

151.101.130.49

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-tm.everesttech.net/ct/upi/pid/gjIEMT18?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D94%26partneruserid%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=ZwUo9AAHvW2fPQA9
Protocol: H2
Server: 151.101.130.49 -, , ASN (),
Reverse DNS
Software: Jetty(9.4.35.v20201120) /
Resource Hash: acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

x-robots-tag: noindex
cache-control: no-cache
x-timer: S1728391413.964634,VS0,VE0
age: 1719
pragma: no-cache
via: 1.1 varnish
accept-ranges: bytes
x-cache: HIT
content-length: 85
date: Tue, 08 Oct 2024 12:43:32 GMT
content-type: image/png
x-served-by: cache-yul1970032-YUL
server: Jetty(9.4.35.v20201120)
x-cache-hits: 12610

Redirect headers

x-robots-tag: noindex
cache-control: no-cache
location: https://sync-tm.everesttech.net/ct/upi/pid/gjIEMT18?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D94%26partneruserid%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=ZwUo9AAHvW2fPQA9
x-timer: S1728391413.903951,VS0,VE15
pragma: no-cache
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
content-length: 0
date: Tue, 08 Oct 2024 12:43:32 GMT
x-served-by: cache-yul1970032-YUL
server: Jetty(9.4.35.v20201120)
x-cache-hits: 0

GET
H2 204 user-sync.html
ms-cookie-sync.presage.io/ Frame 4FD2 0
170 B 880ms
120ms Image
text/plain 98.82.49.249

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ms-cookie-sync.presage.io/user-sync.html?equativ_id=SMART_USER_ID&source=equativ&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 98.82.49.249 -, , ASN (),
Reverse DNS
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

surrogate-control: no-store
expires: 0
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
date: Tue, 08 Oct 2024 12:43:33 GMT
pragma: no-cache
x-powered-by: Express

GET
H2 200 sync
eb2.3lift.com/ Frame C7EF 0
0 680ms
79ms Document
text/html 52.223.22.214

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.223.22.214 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 793
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:32 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 200 sync-all.html
adxbid.info/ Frame 90C5 0
0 572ms
572ms Document
text/html 2606:4700:3035::6815:30d7

General

Check archive.org

Show headers Download Go to

Full URL: https://adxbid.info/sync-all.html?gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:30d7 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8cf63799cb061851-EWR
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:32 GMT
last-modified: Thu, 26 Jan 2023 09:50:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P%2B5RbXj3WArNzNHRzJ62rWX9wvTBuHSZbTIPzDI8ZX6IvuZZem2oqXbE1OobIu2gBgNBvQX7nubyE0C8FUsk2NryjeJMWp0L1SU%2BCMQxWxNWkKwFUDV1TJn8tujDOT8cYfSIP5RqPu%2B9kA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 73DD 0
0 863ms
863ms Document
text/html 151.101.65.108

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 5712
Cache-Control: max-age=86402
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 08 Oct 2024 12:43:33 GMT
ETag: W/"623de86a-cf34"
Expires: Fri, 17 May 2024 08:31:56 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2227086, 26050
X-Served-By: cache-lga21993-LGA, cache-yul1970027-YUL
X-Timer: S1728391413.064984,VS0,VE0

GET
H2 200 sync
eb2.3lift.com/ Frame 9915 0
0 800ms
114ms Document
text/html 52.223.22.214

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.223.22.214 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 793
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:33 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 isyn
sync.a-mo.net/ Frame 6EBC 0
0 799ms
117ms Document
text/html 147.28.146.89

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.a-mo.net/isyn?__st=iframe&gdpr=0&gdpr_consent=&us_privacy=1---&_e=CqECSg93d3cub253b3Jrcy5uZXRSC2Fhcy02NTlkZmRlWghwYmExLjMuM2oPd3d3Lm9ud29ya3MubmV0-gEGOC4yNy4w6AIBiAPw0ZS4BqgDBeoDJDhmOTk1ZmUwLTdiNTQtNDQ5Ny04NWNkLTAzNjY0MzgyMDAwNqIEKmh0dHBzOi8vd3d3Lm9ud29ya3MubmV0L29ud29ya3NzZXNzaW9uLnBocKoEA0lTULIFA1VTROoFB2Rlc2t0b3D6BQRkYzEzwAYAyAYB0gYgQzMzMzBCMDc2MDk0MzM4QjNBMzc2OTBFOTBDQ0E1RDSqBwN3ZWLKBwtvbndvcmtzLm5ldOAHAYIIC29ud29ya3MubmV0iggGY2hyb21lmQgAAAAAAAgAAA
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.28.146.89 -, , ASN (),
Reverse DNS
Software: envoy /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
content-length: 656
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:32 GMT
server: envoy
vary: accept-encoding
x-envoy-upstream-service-time: 1

GET
H2 204 user-sync.html
ms-cookie-sync.presage.io/ Frame CDAE 0
169 B 992ms
142ms Image
text/plain 98.82.49.249

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ms-cookie-sync.presage.io/user-sync.html?equativ_id=SMART_USER_ID&source=equativ&gdpr=0&gdpr_consent=
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 98.82.49.249 -, , ASN (),
Reverse DNS
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

surrogate-control: no-store
expires: 0
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
date: Tue, 08 Oct 2024 12:43:33 GMT
pragma: no-cache
x-powered-by: Express

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame CDAE
Redirect Chain

https://ad.turn.com/r/cs?pid=33&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D32%26partneruserid%3D%23USER_ID%23%26gdpr%3D%23GDPR_APPLICABLE%23%26gdpr_consent%...
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=32&partneruserid=8386219872675358071&gdpr=0&gdpr_consent=

43 B
553 B

89ms
88ms

Image
image/gif

216.22.16.9

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=32&partneruserid=8386219872675358071&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 216.22.16.9 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:33 GMT
pragma: no-cache
content-type: image/gif

Redirect headers

cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=32&partneruserid=8386219872675358071&gdpr=0&gdpr_consent=
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
content-length: 0
pragma: no-cache
date: Tue, 08 Oct 2024 12:43:29 GMT

GET
H2

200

/
wt.rqtrk.eu/ Frame CDAE
Redirect Chain

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=150&partneruserid=0&redirurl=https%3A%2F%2Fwt.rqtrk.eu%3Fpid%3D58a76248-f101-4e52-b8f7-c4de9362ea12%26src%3Dwww%26type%3D100%26sid%3D0%26...
https://wt.rqtrk.eu/?pid=58a76248-f101-4e52-b8f7-c4de9362ea12&src=www&type=100&sid=0&uid=1534546851490544441&gdpr_pd=0&gdpr=0&gdpr_consent=

43 B
130 B

79ms
52ms

Image
image/gif

51.222.241.100

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wt.rqtrk.eu/?pid=58a76248-f101-4e52-b8f7-c4de9362ea12&src=www&type=100&sid=0&uid=1534546851490544441&gdpr_pd=0&gdpr=0&gdpr_consent=
Protocol: H2
Server: 51.222.241.100 -, , ASN (),
Reverse DNS
Software: istio-envoy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache,private
pragma: no-cache
x-envoy-upstream-service-time: 0
expires: Tue, 08 Oct 2024 12:43:32 GMT
content-length: 43
p3p: CP="NOI DSP COR DEVa PSAa PSDa OUR BUS UNI COM NAV STA"
date: Tue, 08 Oct 2024 12:43:33 GMT
content-type: image/gif
server: istio-envoy

Redirect headers

cache-control: no-cache,no-store
location: https://wt.rqtrk.eu?pid=58a76248-f101-4e52-b8f7-c4de9362ea12&src=www&type=100&sid=0&uid=1534546851490544441&gdpr_pd=0&gdpr=0&gdpr_consent=
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:32 GMT
pragma: no-cache

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame CDAE
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=4808694100205090752&gdpr=0&gdpr_consent=

43 B
601 B

77ms
74ms

Image
image/gif

216.22.16.9

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=4808694100205090752&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 216.22.16.9 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:32 GMT
pragma: no-cache
content-type: image/gif

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=4808694100205090752&gdpr=0&gdpr_consent=
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-methods: GET
expires: -1
access-control-allow-origin: *
content-length: 0
date: Tue, 08 Oct 2024 12:43:33 GMT
server: nginx
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame CDAE
Redirect Chain

https://cs.admanmedia.com/e09bad714a425a93d6dea503dcf9c528.gif?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D130%26partneruserid%3D%5BUID%5D%26gdpr%3D%5BGDPR%5...
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=130&partneruserid=d44af6b8-d798-40ea-bf68-7cee4051c8bb&gdpr=0&gdpr_consent=[GDPR_CONSENT]

43 B
642 B

77ms
72ms

Image
image/gif

216.22.16.9

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=130&partneruserid=d44af6b8-d798-40ea-bf68-7cee4051c8bb&gdpr=0&gdpr_consent=[GDPR_CONSENT]
Protocol: HTTP/1.1
Server: 216.22.16.9 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

transfer-encoding: chunked
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 08 Oct 2024 12:43:32 GMT
pragma: no-cache
content-type: image/gif

Redirect headers

Cache-Control: no-cache, no-store, must-revalidate
Location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=130&partneruserid=d44af6b8-d798-40ea-bf68-7cee4051c8bb&gdpr=0&gdpr_consent=[GDPR_CONSENT]
Pragma: no-cache
Connection: keep-alive
Expires: 0
Content-Length: 0
Date: Tue, 08 Oct 2024 12:43:33 GMT
Server: nginx

GET
H2

200

usync.html
eus.rubiconproject.com/ Frame 5DBA
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=onfocus&endpoint=us-west
https://eus.rubiconproject.com/usync.html?p=onfocus&endpoint=us-west

0
0

0ms
0ms

Document
text/html

23.55.205.215

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=onfocus&endpoint=us-west
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.55.205.215 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
content-encoding: gzip
content-length: 224
content-type: text/html; charset=UTF-8
date: Tue, 08 Oct 2024 12:43:30 GMT
etag: "2052a-10d-6142d69a886c0"
last-modified: Thu, 21 Mar 2024 15:32:19 GMT
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Tue, 08 Oct 2024 12:43:30 GMT
location: https://eus.rubiconproject.com/usync.html?p=onfocus&endpoint=us-west
server: AkamaiGHost

GET
H2 200 user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 541D 0
0 70ms
69ms Document
text/html 23.220.140.208

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26it%3Dadg-pb-clt%26uid%3D(PM_UID)
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.220.140.208 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=108617
content-encoding: gzip
content-length: 5633
content-type: text/html
date: Tue, 08 Oct 2024 12:43:32 GMT
expires: Wed, 09 Oct 2024 18:53:49 GMT
last-modified: Mon, 26 Aug 2024 15:25:10 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 /
ads.us.e-planning.net/uspd/1/ Frame C838 0
0 83ms
82ms Document
text/html 172.98.26.246

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 172.98.26.246 -, , ASN (),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch: sec-ch-ua,sec-ch-ua-mobile,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
cache-control: max-age=0, no-cache
content-encoding: gzip
content-type: text/html
date: Tue, 08 Oct 2024 12:43:32 GMT
expires: Tue, 08 Oct 2024 12:43:32 GMT
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server: openresty
x-sid: IAD-1222

GET
H2 200 sync
eb2.3lift.com/ Frame EF51 0
0 73ms
72ms Document
text/html 52.223.22.214

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.223.22.214 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 793
content-type: text/html; charset=utf-8
date: Tue, 08 Oct 2024 12:43:32 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 /
ads.us.e-planning.net/uspd/1/ Frame 8E54 0
0 129ms
123ms Document
text/html 172.98.26.246

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 172.98.26.246 -, , ASN (),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch: sec-ch-ua,sec-ch-ua-mobile,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
cache-control: max-age=0, no-cache
content-encoding: gzip
content-type: text/html
date: Tue, 08 Oct 2024 12:43:32 GMT
expires: Tue, 08 Oct 2024 12:43:32 GMT
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server: openresty
x-sid: IAD-1222

GET
H2

200

setuid
prebid-stag.setupad.net/ Frame B081
Redirect Chain

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsmartadserver%26gdpr%3D%26gdpr_con...
https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441

86 B
906 B

152ms
151ms

Image
image/png

104.26.8.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441
Protocol: H2
Server: 104.26.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4hWtLuFhU6oQgLVVmn5teEyysKy0b3BcmkHMDJqhR4nyWWOdGjTvMySTp8wtD79wcfhms%2FUeyK7MS2f6ZEHZJz8giBSjlPGOiMUzFZtOja2DWtpxjTeLgV8DGhcMxKw7aI2ZjFkhsQ98"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf637990c4036fe-YYZ
expires: 0
content-length: 86
date: Tue, 08 Oct 2024 12:43:32 GMT
content-type: image/png
vary: Origin
server: cloudflare

Redirect headers

date: Tue, 08 Oct 2024 12:43:32 GMT
location: https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441
content-length: 0

GET
H2

200

setuid
prebid-stag.setupad.net/ Frame FFC6
Redirect Chain

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsmartadserver%26gdpr%3D%26gdpr_con...
https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441

86 B
797 B

159ms
150ms

Image
image/png

104.26.8.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441
Protocol: H2
Server: 104.26.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4lwv8PrY2aNMqvO%2F9OjSbrKatqwvPXdZlkpvlS%2Bn6AXbqQTaS2e1zy6SyBEIl4EvUYvZekKMAcg5LUG7hjdzOHq4rGXuk8gDy5hlkKtBbuQ2gzwoWIIj0tiDHs2YYxIAHoTG1cEDUa%2FX"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf63799fceb36fe-YYZ
expires: 0
content-length: 86
date: Tue, 08 Oct 2024 12:43:32 GMT
content-type: image/png
vary: Origin
server: cloudflare

Redirect headers

date: Tue, 08 Oct 2024 12:43:32 GMT
location: https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1534546851490544441
content-length: 0

GET
H2

200

setuid
prebid-stag.setupad.net/ Frame 0274
Redirect Chain

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID
https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=4808694100205090752

86 B
900 B

191ms
191ms

Image
image/png

104.26.8.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=4808694100205090752
Protocol: H2
Server: 104.26.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ivp8jtg1NV39H%2B1Img7hgUswaePArZj3Awu%2BJ9tZSQywPHEcmCef5H0XpZZIpRAwPzGeIjeQLkJk%2F%2BYcidKra38zSJfxW0VXcCY3L3uqaJr1IBGa1xzHni1B3EgwptU4ZPXoChBkBOb"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cf6379fa8e536fe-YYZ
expires: 0
content-length: 86
date: Tue, 08 Oct 2024 12:43:33 GMT
content-type: image/png
vary: Origin
server: cloudflare

Redirect headers

access-control-max-age: 86400
location: https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=4808694100205090752
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: *
content-length: 0
date: Tue, 08 Oct 2024 12:43:33 GMT
server: nginx
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: gum.criteo.com
URL: https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.onworks.net%2F&domain=www.onworks.net&cw=1&lsw=1

Domain: gum.criteo.com
URL: https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.onworks.net%2F&domain=www.onworks.net&cw=1&lsw=1

Domain: gum.criteo.com
URL: https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.onworks.net%2F&domain=www.onworks.net&cw=1&lsw=1

Domain: gum.criteo.com
URL: https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.onworks.net%2F&domain=www.onworks.net&cw=1&lsw=1

Domain: gum.criteo.com
URL: https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.onworks.net%2F&domain=www.onworks.net&cw=1&lsw=1

Domain: gum.criteo.com
URL: https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.onworks.net%2F&domain=www.onworks.net&cw=1&lsw=1

Domain: prebid-stag.setupad.net
URL: https://prebid-stag.setupad.net/openrtb2/auction

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/gampad/ads?pvsid=562792034704427&correlator=1179833254498630&eid=31083342%2C31087863&output=ldjh&gdfp_req=1&vrg=202410070101&ptt=17&impl=fifs&iu_parts=147246189%3A22385467611%2Conworks.net_200x600_sidebar_right_desktop&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600%7C200x600%7C120x600&ifi=1&sfv=1-0-40&eri=1&sc=1&abxe=1&dt=1728391408911&lmt=1728391408&adxs=1350&adys=400&biw=1600&bih=1200&isw=300&ish=150&scr_x=0&scr_y=0&btvi=0&ucis=penj3pl2ijr&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=1&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&ref=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&top=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&vis=1&psz=300x150&msz=300x0&fws=256&ohw=0&td=1&egid=38759&tan=eba153f1-8fa5-4ff1-ac47-dabf390e6e35&tdf=2&topics=5&tps=5&htps=5&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1728391405351&idt=1632&prev_scp=pbsd%3D1&cust_params=origin%3Ddirect%26ECT%3D4g%26hb_rf%3D0&adks=481353401&frm=23&eoidce=1

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202410070101&st=env

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202410070101&st=env

Domain: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26it%3Dadg-pb-clt%26uid%3D33XUSERID33X

Domain: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID

Domain: pbs-cs.yellowblue.io
URL: https://pbs-cs.yellowblue.io/pbs-iframe?gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Drise%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BPBS_UID%5D

Domain: pbs-cs.yellowblue.io
URL: https://pbs-cs.yellowblue.io/pbs-iframe?gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Drise%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BPBS_UID%5D

Domain: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/b-904ac2d-53355591.js

Domain: node.setupad.com
URL: https://node.setupad.com/node/node.php

Domain: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/b-904ac2d-53355591.js

Domain: node.setupad.com
URL: https://node.setupad.com/node/node.php

Domain: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/b-904ac2d-53355591.js

Domain: node.setupad.com
URL: https://node.setupad.com/node/node.php

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Domain: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/b-904ac2d-53355591.js

Domain: node.setupad.com
URL: https://node.setupad.com/node/node.php

Domain: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D33%26partneruserid%3D&gdpr=0&gdpr_consent=&s=179394&C=1

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=232&t=2&li=gpt_m202410070101&jk=3478119220964076&bg=!w8ClwI_NAAax3igvkd47ADQBe5WfONtpTIin1lyhf0s2j3CAhA0kLrN-nva-UHB0bMfRAGSgzl2E1pBf1kdBZAYZGG4OAgAAAMJSAAAABGgBB34ANvFk5qIB7FeX2AQukffnlqKfKMGzgPMtgpraiqF20s6SeOyVVjvMgJ01qBpbQ-K_h-ft_iurUpkCwD9kG8H9K1_y4mf1-PB6fo1D4DKQ-jDsI5EOo51COGCPJUE-srEyJ2EFSGT-r1NNn6L9Z-J-jJgvAVhawglFqWtOickmbtxQ8J1zd-jyz7unDyWIGeZETYOJMobIY4Er6jNUeWBq4eVWDYcMCDQDy8S2QAYNKtUb5lPtlp9NHQfIFzJy2qdmQERLnjNGI_zktIfiw_TwqxVp4eevce51na6LK4SR8YeVW_BPfyRxl-XAu9qprP2IQx5OupmyD-udu0Ye7orTy5BJs7vscoAqz02dSvLL-_JeooUM4eNUH4xRo9PaqnSU2qh2dG3hvKlURDqhFYZSr5tTHh1w87CJD-VQ1_vf-9yIqGLE_4aoJ5REcvHeRRwhbKkTYRDb5ul6Z48Qu197pNW6Up9MrQm_HcAJC719Z-BKC_dBkkB2gtwLbma1Jflye0Tvv57hsU1HHEt8SYytcIeX5VXZl0PYtUYcz8L1nrzDKAQHhGEiJ93ewsavLeepY7er-feszBhNyj8ytZWa_H0NSc77mComPvb06unNSP8b-o7Ufwno9oaiXZJpxzZVyjRgixp9QlDS_PFxU24EZJRQ3VoQJa8eruPd8c8f0orvXqAFIjchO42KR0vLdoh_wlWeLxBCQziuZfPccQw-jt6sI87rreTc1GSfrdjM7WJaMAy_2SoBG5dxPANUV5846TzaQVQOyOusvfsur5BY8HnDUgyMDuS5R35_E54eNlIkSHvQ5v0lQZFZI8z7--VqP7vkNHfsXEtqVrp_5fLXYyh4qPAOlDN4UMcFc45aX6gNrWOxvPb-SsYgaZdetUVsyXsAesPcR6IdO1rF8VJvYaKMs202p-_JcKTBydXct-awb9u2QrabkvqR-If67xd6kVbuQhxCH3zGQrt8s-pShzQyk3NisiZfpS96ObCTRMwRfYBQh4VSH4EF

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=232&t=2&li=gpt_m202410070101&jk=3511976595640016&bg=!b2ylbCPNAAax3igvkd47ADQBe5WfOLN_4PdEFsot_SS_4cZDRCPb9UWK9bgT-Yv1pk4N4ZZCFZ2wHa5AQ_ZvDxssmBvIAgAAANZSAAAAA2gBB34ANsIFy7ccYwKBn3BQYaNe1jgF5jz1d8V8egjtBcXgK-N628-c1AOI7pppnhCxKuOX5kDlPo0pFpkCniytLLsA_tobMKSwFrkWLG0z8GRSOuTNxdHzyiNHw8A7lD9_VQGlf5t4fFrhnfo06mocQIOYBDwYjoY2ziIQZuORLYjc-38DuIi6XFgfObNRUMlHPvRy_fw8csfkoccbFQYYYwtWNT1d7z_i2_lK3FUp9UKpgLni9NWzEfN9oKGoSimcswlxnOebhqs63SSsWoVPBGgiirdowLJ3OcGz36rXow7eXKIgSawDVGIZg5krugEiB0_RVTh2DyNfJ7sJFeyuVy7-lmzy_tOjAjYgrgvIb4zcy74Pt4OkZX09UtNEpli7YuQNIYtCu5b6OXEQu3arl-SqkEweEdzW6QEqxzjcu4lWeGtYIzwrMpTo2bKpQYrse8mLEeI8dKFUq2m0d-1pTh5ngV-36YsM5b2qqc8hzjKP42clilsYscg7MBpXzDaTywkj7vpJURBmDrP-hrDvLOOYSSQShfDXFtqwa3a5ERFHw33ORBEuKqBp0ccMzumMSCz7oCc2L4xz5YivbsYPhSJvb8p4wE-kfGhZ80UVCxCrfye9-6fxiDL8dy_x4OEnZ-3wBxtk52uUf0xBLGTu0bXZjXRWf3WY9zrBVNk8OBS3EMjjT_9QcWHxKGgA-NqaOgbnZrXirStKMX30GHgurHE_PvlFuLBn16DEMz41liF9f_F6HzxHJPGcOOJwwuELa9ZVSl4Mg1zrYcxnMbVXZPQvlp0J4BcdgIsxXmgOlY3oiDWNP1mPojVSyH0FAKahdmjhv9Pes2D9cRVmYtFfk-Qic-rzsit-03NmHCmthFZ8PUYDMPlzZ8DQ4x-g0wbAUAv4tncoLuej_i4wOw1arepjQhPALkxjok8KKqMPBSe0-1dLfhJjMH2HYcKwMUGqd9ZEqGkL083W04M

Domain: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=179394&cb=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D33%26partneruserid%3D&gdpr=0&gdpr_consent=

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

53 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.onworks.net/	1970-01-21 09:42:31	Name: _ga_DN38F0DWYD Value: GS1.1.1728391405.1.0.1728391405.0.0.0
.onworks.net/	1970-01-21 09:42:31	Name: _ga Value: GA1.2.1907463751.1728391405
.onworks.net/	1970-01-21 00:07:57	Name: _gid Value: GA1.2.822639989.1728391406
.onworks.net/	1970-01-21 00:06:31	Name: _gat_gtag_UA_117545413_4 Value: 1
.onworks.net/	1970-01-21 08:52:07	Name: _sharedID Value: 5d3fbc71-436f-4930-80d9-deacfe47471f
.onworks.net/	1970-01-21 08:52:07	Name: _sharedID_cst Value: zix7LPQsHA%3D%3D
www.onworks.net/	1970-01-21 00:06:33	Name: stpdOrigin Value: {"origin":"direct"}
.prebid.a-mo.net/	1970-01-21 08:52:07	Name: __amc Value: 1_1728391408_1728391408
.adnxs.com/	1970-01-21 09:42:31	Name: receive-cookie-deprecation Value: 1
.3lift.com/	1970-01-21 02:16:07	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-21 02:16:07	Name: icu Value: ChgIuJJ8EAoYASABKAEw8NGUuAY4AUABSAEQ8NGUuAYYAA..
.criteo.com/	1970-01-21 09:28:07	Name: cto_bundle Value: SIg3B19hc0wxSnBsUDY1SHIyRXB1d1paWDBCR0Jwc1NrU0ZhVmt0QVE2eGk0T1RPZUFlRk9hQjklMkZnelV1azFYM3F1VHlLT3oyNGJ4NzZQcE02TGNLTVNkTkJsQVk1TjBZMllVMUxSbHFBNGFzWXBrJTNE
.3lift.com/	1970-01-21 02:16:07	Name: tluid Value: 1559585716405752926402
.adnxs.com/	1970-01-21 02:16:07	Name: XANDR_PANID Value: qHl3LABkt-19QJZcPDDpU-rgMCPgHmbY30wcNWaVQ1jPPU8yLgI2V2zCS1lBVcaMukTOiGLvUXYQKi9atefuQEUVU7K9HgVWMYzdkOV2-eI.
.adnxs.com/	1970-01-21 02:16:07	Name: uuid2 Value: 642459759305403779
.a-mo.net/	1970-01-21 08:52:07	Name: amuid2 Value: b1537cbb-22bd-4179-b477-4457c2184026
.a-mo.net/	1970-01-21 08:52:07	Name: pamuid2 Value: b1537cbb-22bd-4179-b477-4457c2184026
.prebid.a-mo.net/	1970-01-21 08:52:07	Name: psd_amuid2 Value: b1537cbb-22bd-4179-b477-4457c2184026
.prebid.a-mo.net/	1970-01-21 08:52:07	Name: sd_amuid2 Value: b1537cbb-22bd-4179-b477-4457c2184026
.smartadserver.com/	1970-01-21 08:52:07	Name: pbw Value: %24b%3d16999%3b%24o%3d99999
.smartadserver.com/	1970-01-21 08:52:07	Name: TestIfCookieP Value: ok
.smartadserver.com/	1970-01-21 00:07:57	Name: sasd Value: %24qc%3D1307149725%3B%24ql%3DUnknown%3B%24qpc%3Dm3h+6a7%3B%24qt%3D93_2124_19080t%3B%24dma%3D0%3B%24qo%3D6
.smartadserver.com/	1970-01-21 08:52:07	Name: pid Value: 1534546851490544441
.smartadserver.com/	1970-01-21 00:07:57	Name: sasd2 Value: q=%24qc%3D1307149725%3B%24ql%3DUnknown%3B%24qpc%3Dm3h+6a7%3B%24qt%3D93_2124_19080t%3B%24dma%3D0%3B%24qo%3D6&c=1&l&lo&lt=638639882082286055&o=1
.4dex.io/	1970-01-21 01:32:55	Name: uids Value: eyJzeW5jcyI6eyIzM2Fjcm9zcyI6IjIwMjQtMTAtMDhUMTI6NDM6MjguNDgyOTc3NjM0WiIsInB1Ym1hdGljIjoiMjAyNC0xMC0wOFQxMjo0MzoyOC40ODMwMzkzNDRaIiwicnViaWNvbiI6IjIwMjQtMTAtMDhUMTI6NDM6MjguNDgyOTk3ODU0WiIsInNtYXJ0IjoiMjAyNC0xMC0wOFQxMjo0MzoyOC40ODMwMzAwOTRaIn0sInVpZHMiOnsiYWRhZ2lvIjp7InVpZCI6IjBiZTcyMGI2LWYxNTgtNGExZS1iOGE1LTExZWE2NTk0ZWFhZSIsImV4cGlyZXMiOiIyMDI0LTEyLTA3VDEyOjQzOjI4LjExNTQyMjg3MVoifX0sImJkYXkiOiIyMDI0LTEwLTA4VDEyOjQzOjI4LjExNTMwNjgzMVoifQ==
.yellowblue.io/	1970-01-21 00:49:43	Name: wrvUserID Value: EeYU_IMrkH
.33across.com/	1970-01-21 08:52:07	Name: 33x_ps Value: u%3D212827072628119%3As1%3D1728391409527%3Ats%3D1728391409527
.adform.net/	1970-01-21 01:32:55	Name: uid Value: 4808694100205090752
.id5-sync.com/	1970-01-21 02:16:07	Name: id5 Value: 82bc34f5-127c-780d-ba80-ddded0d21f25#1728391409638#1
.lijit.com/	1970-01-21 08:52:07	Name: ljt_reader Value: Jdk7ALZH1zFu5nGCRiqXSCoa
.onetag-sys.com/	1970-01-21 09:36:18	Name: OTP Value: chaYLCiD6eciAlz57FzTnoEAGWrDOA37k6X7iWGvxAw
.smaato.net/	1970-01-21 00:36:45	Name: SCM Value: a3741dbdcc
.smaato.net/	1970-01-21 00:36:45	Name: SCMrise Value: a3741dbdcc
.pubmatic.com/	1970-01-21 00:07:57	Name: KTPCACOOKIE Value: YES
.go.sonobi.com/	1970-01-21 08:52:07	Name: __uis Value: c1522d96-4ce1-4c65-8735-494ab296c6fd
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB8G Value: s86188\|ZwUo9
.contextweb.com/	1970-01-21 08:52:07	Name: pb_rtb_ev Value: 3-1u2v\|8i8.0.1
.contextweb.com/	1970-01-21 08:52:07	Name: pb_rtb_ev_part Value: 3-1u2v\|8i8.0.1
.bidswitch.net/	1970-01-21 08:52:07	Name: c Value: 1728391409
.bidswitch.net/	1970-01-21 08:52:07	Name: tuuid_lu Value: 1728391409
prebid-stag.setupad.net/	1970-01-21 02:16:07	Name: uids Value: eyJ0ZW1wVUlEcyI6eyJzbWFydGFkc2VydmVyIjp7InVpZCI6IjE1MzQ1NDY4NTE0OTA1NDQ0NDEiLCJleHBpcmVzIjoiMjAyNC0xMC0yMlQxMjo0MzoyOS43OTcxMTYxODFaIn19fQ==
.pubmatic.com/	1970-01-21 02:16:07	Name: SyncRTB4 Value: 1729555200%3A220
.pubmatic.com/	1970-01-21 02:16:07	Name: chkChromeAb67Sec Value: 1
.pubmatic.com/	1970-01-21 00:06:31	Name: ipc Value: 160295^https%3A%2F%2Fcs.yellowblue.io%2Fcs%3Faid%3D11576%26id%3D%23PMUID^1^0
.pubmatic.com/	1970-01-21 00:07:57	Name: pi Value: 160295:2
.pubmatic.com/	1970-01-21 08:52:07	Name: KADUSERCOOKIE Value: 45B74515-02D5-42AF-995E-FB515CFAC66F
.media.net/	1970-01-21 08:52:07	Name: visitor-id Value: 3713930098174535000V10
.media.net/	1970-01-21 08:52:07	Name: data-ris Value: {{APID}}~~25
.contextweb.com/	1970-01-21 08:44:55	Name: V Value: 73nc1fLu6GnV
.contextweb.com/	1970-01-21 08:44:55	Name: VP Value: part_73nc1fLu6GnV
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: 891508bad3564ea2
.onworks.net/	1970-01-21 04:25:43	Name: __eoi Value: ID=8e1f64fffbc9c7a4:T=1728391409:RT=1728391409:S=AA-Afjbq5Zy9GwTHymTALq3sVDC8
.bidswitch.net/	1970-01-21 08:52:07	Name: tuuid Value: a438df86-f561-4abb-b2cb-d945c8ceab4a

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	Message: A bad HTTP response code (500) was received when fetching the script.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1x1.a-mo.net
2bcb5971552bb1856828998e6214d35c.safeframe.googlesyndication.com
73b1b441d5ec8fd6214674ef4bf3f201.safeframe.googlesyndication.com
78f2b2ba7cc9a97790316455cc353d46.safeframe.googlesyndication.com
89779d4c66cc9b079384e6f80d961ffc.safeframe.googlesyndication.com
acdn.adnxs.com
ad.turn.com
ads.pubmatic.com
ads.us.e-planning.net
adx2.adform.net
adxbid.info
b1sync.zemanta.com
bh.contextweb.com
bidder.criteo.com
c0bac51ae654068e113256cdd860875d.safeframe.googlesyndication.com
c1.adform.net
cadmus.script.ac
cdn.jsdelivr.net
cm.adform.net
cms.quantserve.com
cs.admanmedia.com
de.tynt.com
downloads.uptoplay.net
e2150ba3f730e7b92f78b8fa68990e59.safeframe.googlesyndication.com
eb2.3lift.com
eus.rubiconproject.com
gum.criteo.com
hde.tynt.com
ib.adnxs.com
id5-sync.com
image6.pubmatic.com
images.onworks.net
lb.eu-1-id5-sync.com
match.sharethrough.com
mp.4dex.io
ms-cookie-sync.presage.io
node.setupad.com
onetag-sys.com
pagead2.googlesyndication.com
pbs-cs.yellowblue.io
prebid-eu.creativecdn.com
prebid-stag.setupad.net
prebid.a-mo.net
prg.smartadserver.com
region1.google-analytics.com
rtb-csync.smartadserver.com
rtb.adxpremium.services
s.ad.smaato.net
s.company-target.com
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
ssbsync-global.smartadserver.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssum-sec.casalemedia.com
static.criteo.net
stpd.cloud
stream.onworks.net
sync-tm.everesttech.net
sync.1rx.io
sync.a-mo.net
sync.mathtag.com
sync.targeting.unrulymedia.com
tagan.adlightning.com
tlx.3lift.com
tpc.googlesyndication.com
web.hb.ad.cpe.dotomi.com
wt.rqtrk.eu
www.google-analytics.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.onworks.net
de.tynt.com
eb2.3lift.com
gum.criteo.com
node.setupad.com
pagead2.googlesyndication.com
pbs-cs.yellowblue.io
prebid-stag.setupad.net
ssum-sec.casalemedia.com
tagan.adlightning.com
tpc.googlesyndication.com
104.26.8.178
107.22.180.23
147.28.129.37
147.28.146.89
151.101.130.49
151.101.65.108
162.19.138.118
162.19.138.119
172.98.26.246
18.211.45.190
185.106.140.18
185.167.164.39
185.167.164.52
185.184.8.90
2001:4860:4802:32::36
216.200.232.253
216.22.16.49
216.22.16.9
23.105.12.143
23.105.14.100
23.21.219.138
23.220.140.208
23.55.205.215
2600:9000:2840:e200:1b:5138:8a40:93a1
2606:4700:20::681a:caa
2606:4700:20::ac43:4bf1
2606:4700:3035::6815:30d7
2606:4700:4400::6812:22b2
2606:4700::6812:1691
2606:4700::6812:1f31
2606:ae80:1451:22::820
2607:f8b0:4004:c06::8a
2607:f8b0:4004:c08::84
2607:f8b0:4004:c08::9c
2607:f8b0:4004:c0b::84
2607:f8b0:400d:c03::9a
2607:f8b0:400d:c04::61
2607:f8b0:400d:c07::5e
2607:f8b0:400d:c1d::9c
2620:100:a00b::12
2620:100:a00b::30
2620:100:a00b::4
2620:112:f008:200::101
2620:116:800b:21:a021:b886:81cc:55cf
2a02:c206:2202:9398::1
2a02:c206:2217:8560::1
2a04:4e42::485
3.171.139.122
34.96.71.22
37.157.6.237
51.222.241.100
51.222.39.186
52.223.22.214
54.224.103.108
64.202.112.63
67.202.105.24
67.202.105.31
67.202.105.33
68.67.160.184
69.194.240.13
74.214.194.131
8.28.7.81
80.77.87.163
96.7.19.48
98.82.49.249
00c494dd621108466391a1f0b5f0e4a4364827ef278ed5845a7ae9f8ec62aa25
024579c651e5d74179c63f40704da36e8b9b6f2ebc3e81ab0f181729a2cc7ed0
0b68dbe6d6ebd20e32cabe65a224b16c76d89fab12c0e83fa5db6178b7bfb3d4
0f80df68d881718fb56d2da30083ef4621ea5a2e1c1089c6c381bbfc4d59d1c6
101ead936a2281d53dcc064b7e2a2ab0d53b92ef3ef7b34b668673007895c860
101ffbc58574cf8ad9080605fe602a65cdc54445b6eebf60c87bac3fe31bf636
11fefb9c374d241b645ab5030176d8d2af1b3d362b31f20620848af9e0835ec4
14f29c0d1d5cb9f8871c929af419262d5b724aa2264ba2f47ee774c7b1740e0e
15519579dfb97d7b504f1ec7d1f8dfad66d8776dc43a8398588c60b472658af1
160fa14d2da3609027c603b4244ed70135be6e98e7a92f1c74e5bba933f0ce11
1771e8f12bcde7a173e0a9b2bf632a8f6f0e777805828d18a61b3f764a3a9b9e
182901173164e8dab8bf166b02eb0baaa06bc448e1b3508f8a0b3180fa316964
20a63647f84641ff98bf7d7fd811e8ef2209398899869e991641c31ef9782241
216105c908b74921c3b3e6074772cc9044ab0b073e632127394fc3d166832fba
23b600611c1b9a6be580de581684525195699978ba0e20dce969276ff4f115dc
2419d5df9c26372a71c881e16f8716d02ba9fa384074fcf0dc9ab526847eef61
2440da49abf00e2fc8e09c38bbb2ac1afca94303ead6974b746c79155c789b9b
246fef45b3c78c283fb603de040c9263bbb48532dcb057d4045a790b1b149318
24e077516b89f2a627c538ae9c18493ecd80f1fe367c0528c2cadc62d6601b6d
25377c3b5fdd6f4fe4b3e8f786d6e5a475b99f242487b52b81c0162e67ece722
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
25b8f3aefaa2bbab5d6a50fdb519e28c7c5e68296ae272beb4a75aa46cc298f8
28bac19e2c9954e907755a04a23f54e66d170896802b32937d02835afc1aa3ab
29e6a98677c0aabe77664382af9e096700712d7440aaeac49e5763ba76292893
2d9357b76a0cb2171d25a6b219d414ef5be94fb0d48473c6630e71a9f47a9327
2e789783f2d0e71b874cce13b7245a94e3adbb91c1236b1b22780e1e29b0e45a
308016e81bd77382e8b42ae6d157c88996eea869e1d7b428e555a4f14328b392
311249253152373d63f1d12933d663235435d11220e0d12f1bc7715e6f90d096
38103175aa8c9c66201969cb71ace5467027b47e521e656d7c1b44c2ee7d6113
388bf206c1a54aac2a0f643ea09aa7cd8735cb5eaa18632c4f88e44044f33e15
3a0dca7169911339781d551455a65bdedbd3380a34cb3196b24c055df049b8b3
3ad9292f7844d507f33f4de3bf19577c9115a8b7bc807f989ab26b19e3c97fe7
3adc3f26b11098da9ba4f2d50277c3de82e9267c26b8b4720cb5ed18e953728a
3aec57ffa5c31e185202ddaa3b5b9d9872d4504f4546ab4eea1298baaf3c7cc7
3b9767e5d0bea4d284bb1e624cc6ee3244b13efedfe5424eb5140ef326511eb7
3dc5c3307b9b9a11721bc963c6f44ba98bc586f2cd9740fb0b5064f5f79962cd
424ff918440a1f345821a6b19ccdeb406c8f6d096b87157407771aa0a8510bb2
43e15e9fb0ff6510b376bf164750100d0c923c05c767e16de2dc01de9f17705e
4514a8a8292e1ba83d5228118234a0a5becfd278c38ff12341afaf2254e1c9a2
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
4bc933b0514d3df33d2bdb4c0fae7a3882e08fb7093049c77145fb92b407d4d9
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
50f17262769a2476f090fd24ef33caffed8acd6caf684b20bdc90909c5c43758
51bb92eee7f8ca37d5403c9c89ba9b1557866a644da98e597a676c02f4539279
52de3fb37e167bc691b7233a515bda92daee4d136e081ec14876f571fa8355d1
543c5adf9bd8c3b8db6eb0e512248483b0d7317bb7ad46f152b5f7d0474914a8
54aa55fe66aee5e3abeb64d6548271ee501b95d1c406f8410ebf2ca3d9fa021d
54bc15c88c5d8f15e4a674ca1c644553c958e2eaa924dbaf55bfb4733adb40fe
56bba4538f2b95be5b25ff90145374b5bb2dc8bfc0f864408a84225a69ed5c0e
56fdceec363758833100b58312eb4993fe9f599ca70117325ccbabe03b7d6d26
57b1f990b48a00f2235ecbd8a0c16412edc495c5ced36c77b05446c733e738fb
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507
66ae203571e2c6f1ad128806e98e50328e7b6b9aba245b744f1e7994510dd5c6
6a3cf5192354f71615ac51034b3e97c20eda99643fcaf5bbe6d41ad59bd12167
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bb51490456d55a58dec094b26809621b787b6ebb391e1e36cc515dde65d39d7
6c3d28e10dadfe24cf245315922b3bc919be2102d6e315c19a1d915b529a08cc
6d2b8aae361c16b35ae1733ed7d46bd411157a6d5b0e349c3e4f37a03c7e9ab8
72826aebfbd36b0946d90411b2eb52e7e54d8b002030abce5ee27dd51eadfacd
7732243d95f6b7d9101f253cb61fd4d414bc2c27597e82ec582da14bf4f2dca2
773485acaee520be797ce2adbd1ae738c1c28b49b11e298ed784edbb11b08a2d
78816c7db1d2f1c7df5ac803c4fd206e9ab6a73a7da372faada03c266fd19ce7
7c69058459fdf0b4521ba057f595d6aa938265ccf3095e818150886a7bb5bf44
7d60a7836af26a09e916f6dc82ce2983482533d8b1f2467ac8940db22ca83539
7f23724578ef5fd406a791a5e03059827041c355d0ebd9081a5a740a16b95431
81e61b797a74b03d8f3d64ba472e1c8a77c20847aad72efc4fd5a18ac4b1a5cf
81ea22e6310b2238f0c937448a5e8b9f37c3e1aeee273dd3e4a5cff86bf34a6d
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83e02cfaa6d799e4ac4ebaad3f06ba2cdcc2e8debdff46031ece686660855a34
85316192962569e16c4a6150a86c7937ed7f38c0324b402699744c0fd893911d
85c9bd471f0b1d06869b279938aac0722c1f6ac64d326481b799a4928cb06db4
86d8d9e5f6a8e6fed383bbceaa0753648e1d6958dce7fc639b6a3c6c066163f4
87cc64769a62314612e92ffae77d8875a1efc1bbab37a294b336b7722aec9ef3
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
90909d259afbaaa73f4accf86af27e03040ec2540cf1aca4a0a0e5aa8fbdc133
96f9dd0f0614a4974ac2d5f2b8f86c1f556a4ceb384b7c07bbe89d373f269711
99436e758293048244cc712bb20f41e8cd4d8ebcbc9169d6f141bb1865185a4a
9a3272fdc40cb2636333e4ba1bd290adb9c78e01c7af4ae21da20a5cdf54b3b7
9bce51d88c56804217a207d5405e12b50c7ab74ed7a5e4e83a74e028a870b4d9
a2a072551d7bfedcd3f30e7ec384db850169352307e875ef9889fe8465bfcc0d
a40d694056966b1091b9a35758d28b22ee6daedeeea45053572ed19b78fa96f9
a5022f8842bcb168062f25b7d798cef1d3b6cb704c6fcad142483cfb7117ca7a
a6af212a886a5ecdddd750e6321e82ae3bd14ded4f2c54b43df0eaaa080a6f8b
aa5cb27025a480712c138ea9aa5f82c9cacfbc9e2f07663d5c3fab9edea7044a
aafd776ec37c9b47abb96dc3199c4dda7aff364fa6ec9f0458822793bee3e890
ab7a7f21b698e85357163acf7ff04515cb7ec4708e6860ad6b729d328e0b854e
abc59839a55601896a391b25ffd100e48d26dde3b0f291d58355be2ce5aeb1ea
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
ae47a1395cc27a32a97325b40eb8275bdf88a02cffc18b4eb82c69f522b986c2
b0b42c2e3b3612d2f17a00d14b4d9f7db2eeaa9f9a63a6cd29c703359d9b21a7
b4b5adbb406cb5bb2ca54244f7e28893551ab8e26c7226422b456be9835df0d8
b831ee2bbbdc5353833b35f1176feab0fe3d5a00c04c2576e7de866bced4a3c0
b87de489c3eda2d7cc12367ec2cd76c0bd53ff131e63b0068a92acab334a0227
bea0186efd68fef459a1b8756ed0922e3df0171624cccb7d351699aa67a3fbb7
c06f0ff3bff18094a91fb345b425c2d6cbac9fb8ea56f6db2e879cd49fa36510
c0bb478b61a1c97d3485a9075de3db15d34e1882a6af6c406516cb869097f859
c1fad0d0ad9fb1aa7a2306e7905f38030be3713f3fd5909182c62d40ceb024ff
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf
c3c4b0e674f9748a70088ef7af3b0cc9c2101693223d1ff988eea44058c36d30
c43215e6f6730b631984e017de69ceb1d335cd1a8e9d588c6e59db1ed7578338
c4efebed08b52a0c03c15b37b89ca19e20778df3f7c57f2f325027278eb14dc5
c509981282604f5d81e16d6e93a1a6e25f857c8f7d0e8c5a865a951ab17975a7
c7887c0f698d53558fa97c35fee57be8ef4c615a0b26d6d4f0daee6a6228c4bb
c7dda281b7289ad4d15c18180ecfa97d7c46a8e758cba49e9d1b4868cdd1ca45
c84c0e919ae72b8ef9abd4d5f8f38bddffd185e571a13c9ab0de6be1391c3c64
cb6874cc8ea1ab7f923b4bd1b5663f8e990ce4ac41f7d45e094d45ad48a29d43
cc9e22162bf0cd26f1c95b18ad0e6568567ce6446a44dc25c68f2010eb9f5798
cf7a26ecb0b35482b0f35ddd6e28fa91a0b109cf22a5953831c91234251651b3
d13d7a913e2188a046323739520cbfc683315c3a97e34204f5e0658c313967d3
d1bbb9cc0402bdee3c142cf351f607601c351f703220984c6c3a7bcb4b4816e7
d21fda9313882f6b242e73bb65b815a001efd10ed32d2a364935c11932054046
d8229499317a05ecd670f92bd16e6c3654e86be58644c5e0912eaf663344bed2
d85a2bd8e26fff9259eddca9e4ef0baaa1d7f649b6596f38dc8de9ed53334dde
d99c63b027537c5f0106dfe1d2b8d4ea02b526aca3cbc1e31e92b6c7f09dba8d
da061dafa2a13919ccbaca8e71e811fdfbc1af85142d7a7c09c71b0e47eaa80e
dc9b878d422a04bfe7f287d6b9bec8e3bbb2326890588799e1864a740f56431c
dd1924182441bbb68178a4eadc72a70377a236dc4a7e805243ee2d76263a813b
dd37b48c53e3dc321f75f5946b177dd9237ef23bafbf0916e2e4f66166318039
dda7e3b4f6aaf8bb41b5b7e14e4d224ce5b881116e48e04a9d3c6e91677ac805
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0fb02cce659b29f4e2671c72874ce3338965abe4499c1dc3122b5ab2cc75103
e2320f2452434b494e292e5a413126980c134215940ab091e9e496a0052d62f8
e27852f6ad1690271c67aab934e19a432a53447562e259d1621d49349bd0896a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e8da873efc457eddd7225cb873c7e8599435c22fa7b8070c398247416c94df
e4bf411611a715a5752d6e80345cd5fa56731a8ff96e54e5212024337a1c6984
e687ea2f0b101508eb42841e23a305148562e615919a5c646aca1b753bd518a5
e71694471196951f384b6d51c935c27d11e397d87418681a398172b7f57c7ee8
e717d751caf73dfb8e4110b45bbae60ef30ec2f2b66ed3cada9ff801811a03d2
efe6299dc5fe28c470e7580ba46ee67183750077983fb1a4f64714da4c9adb36
f1f626454412f470bb8c6448da913027124657eb9fbacefa1e79ee2ba86823c5
f2d1d5c12ba71939fe706e742abde97dc965a850331b534782814ed8d774f420
f6eacdcd42a648d37571434f1fd748b7a9e8ccb18c8c667a29850198d60e64f3
f9d58c8f6bdcd75c2aab42850bfb32b8eb0243b8d73c5ebc22a040b976974f74
fbc8abfa148a169d24c38b852c05d671be2f4d77cce4ee9968480da021b694a5
fef0ae74dc3bcf89260cfe9fe70df333bb482dc7e52f129aa73b177426c72152
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99
ff6257eadaa75fd78aa9600946ea2979c70a44e4b7d5598b6744002feec57b12

www.onworks.net Open in urlscan Pro 2606:4700:20::681a:caa Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

345 Requests

81 %HTTPS

38 %IPv6

50 Domains

75 Subdomains

51 IPs

5 Countries

1955 kBTransfer

11053 kBSize

53 Cookies

13 Outgoing links

Page URL History

Redirected requests

345 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.onworks.net Open in urlscan Pro
2606:4700:20::681a:caa Public Scan

Screenshot
Live screenshot

Full Image

345
Requests

81 %
HTTPS

38 %
IPv6

50
Domains

75
Subdomains

51
IPs

5
Countries

1955 kB
Transfer

11053 kB
Size

53
Cookies

345 HTTP transactions
0 data transactions