www.dreamies.de Open in urlscan Pro
46.4.15.228 Public Scan

726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx /

Resource Hash

4656df81d2e17b6010a132525aa1064162b50339a7663bf5e8d1a486f1b618ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as1.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
cache-control: no-cache
server: nginx
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: gzip
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8

GET
H2 200 cmp-v2.0.1.js Show response
assets.vlitag.com/plugins/cmptcf2/ 267 KB
72 KB 26ms
18ms Script
application/javascript 2606:4700:20::ac43:4597
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.vlitag.com/plugins/cmptcf2/cmp-v2.0.1.js

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v1/1629790415/9606a3996ea764c9859669b987170dc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4597 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

645c745c972fa286538b481ff3da9a58bf2a8b2fba6b8a195853f6d221a4775e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2642278
cf-polished: origSize=489839
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-robots-tag: noindex, nofollow
last-modified: Tue, 29 Dec 2020 02:18:12 GMT
server: cloudflare
etag: W/"5fea91e4-7796f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z9mKqfaUfKTOBfAuRqW%2BpY%2B%2Feh2nzhD2U7r%2Fq61OGocQu3pkSUvekoiElGukFIyyfFWWm2aj9IVc6Y3xIbyktQe0mX4eptPTbI6quMMrydVTir9mYnX8%2BheGReFjLmV6Scze4txwmrS29k95ljOu"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=16070400
cf-ray: 683c36614cd65be5-FRA
expires: Sat, 24 Jul 2021 21:56:09 GMT

GET
H2 200 prebid-v5.8.1.js Show response
assets.vlitag.com/prebid/default/ 453 KB
133 KB 37ms
30ms Script
application/javascript 2606:4700:20::ac43:4597
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.vlitag.com/prebid/default/prebid-v5.8.1.js

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v1/1629790415/9606a3996ea764c9859669b987170dc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4597 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d369310e2f3eeb64447ae8d7fd5128bbdd065d30d1384e8d839eae7a425b8fed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 875551
cf-polished: origSize=464441
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-robots-tag: noindex, nofollow
last-modified: Sat, 14 Aug 2021 06:26:25 GMT
server: cloudflare
etag: W/"61176211-71639"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tMdvlgp3YAdZYDIq2rbfavXPIiKZSt5ieyRIzuINKL%2BZe%2BMw0gSMZS%2B3gci5p%2FxSSoSha8LbYQoGQW7GKfJjwOv4M5I8FhochfVG7Q55SiGDKiPf%2BEG2YGrj4drbrW2MBRBkk2yY2f2CQPLQK7HW"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=16070400
cf-ray: 683c36614cd25be5-FRA
expires: Sat, 14 Aug 2021 08:41:36 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 71 KB
25 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v1/1629790415/9606a3996ea764c9859669b987170dc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2f48c7ec749615b151d850b3cdff84a677277db8fa20df3eb140fb5e4c6ded9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "968 / 393 of 1000 / last-modified: 1629803305"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25311
x-xss-protection: 0
expires: Tue, 24 Aug 2021 11:24:07 GMT

GET
H2 200 viPlayer_v47.min.js Show response
assets.vlitag.com/plugins/vlPlayer/ 14 KB
5 KB 20ms
13ms Script
application/javascript 2606:4700:20::ac43:4597
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.vlitag.com/plugins/vlPlayer/viPlayer_v47.min.js

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v1/1629790415/9606a3996ea764c9859669b987170dc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4597 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

820940626c8b0ea4d61278c472b9f3f4b02358cbba4c85c0bb22c1d14584b806

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2516717
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-robots-tag: noindex, nofollow
last-modified: Mon, 26 Jul 2021 08:09:01 GMT
server: cloudflare
etag: W/"60fe6d9d-3700"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jKV54w2UQ9aVgYYsACirVg%2FH3vK%2Fo2%2Fgt%2FKAsN%2BWVN%2FQo%2BCLj2GTM67l8Ge5G320ooVCTXMqlhO7ygX406pZ34EEstLauvQf2uB3DArihHru5u9DpFw2u2e%2BqI8whnZkZyXqNhjA3uD%2F9Qv9QyCn"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=16070400
cf-ray: 683c36614cd45be5-FRA
expires: Mon, 26 Jul 2021 08:48:50 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 344 KB
119 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v1/1629790415/9606a3996ea764c9859669b987170dc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10bda34b2a767f9313bab5797a0a7733d0366cbece27caf11860de930fdc180c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121547
x-xss-protection: 0
expires: Tue, 24 Aug 2021 11:24:07 GMT

GET
H2 200 sf_host.min.js Show response
assets.vlitag.com/plugins/safeframe/src/js/ 38 KB
17 KB 24ms
17ms Script
application/javascript 2606:4700:20::ac43:4597
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.vlitag.com/plugins/safeframe/src/js/sf_host.min.js

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v1/1629790415/9606a3996ea764c9859669b987170dc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4597 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1916cf4455a526aadafd82710bf7304154905dcdf69dd9e0b516a63cc82e27e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 758549
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-robots-tag: noindex, nofollow
last-modified: Fri, 01 Nov 2019 05:04:50 GMT
server: cloudflare
etag: W/"5dbbbcf2-9806"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A0LUcfVSIWlFhu9CmefAGMTTKEGCLcIAYyv%2BKkM7ahQkKTRkB4LmARDV6HrsSZdy6bRhJSVzbJYalEFFa7EHHC6wRndTpDeB1KJLxu7zeYhva54ys5ufxPz%2BGPS7152IxMfzeHCdxUt2LB0gr9cw"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=16070400
cf-ray: 683c36614cd55be5-FRA
expires: Sun, 15 Aug 2021 17:11:38 GMT

GET
H2 200 userconnect Show response
ih.adscale.de/ 214 B
375 B 145ms
50ms Script
application/javascript 54.93.80.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/userconnect?ssl=1&sid=9682701e-acf7-46d9-9d91-0fec4a25e31e&cbfn=stroeerCoreConnect&ts=1629804247301&umd=false&gdpr=1&gdpr_consent=&gdpr_version=2
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.80.4 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-80-4.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: bd2164fcd86275603353afdeddf2ba2174c0bb2e9a0a6a09fc66b3f4a4ce845c

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
content-length: 214
content-type: application/javascript

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
1 KB 20ms
5ms XHR
application/json 2a04:4e42:3::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20210824

Requested by

Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v5.8.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:3::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

056ca9e5ccf8bebe6f90ab7cfc6a3405d4185929f1b8361eea81d51f9e7a7dd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 29438
x-jsd-version: 1.0.1078
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 938
etag: W/"6a0-VlQrY62cAsNgXyAvKNCtpPKSNCo"
x-served-by: cache-fra19149-FRA
x-jsd-version-type: version
date: Tue, 24 Aug 2021 11:24:07 GMT
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

POST
H/1.1 200
OK prebid Show response
ib.adnxs-simple.com/ut/v3/ 254 B
942 B 179ms
66ms XHR
application/json 185.33.221.88
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs-simple.com/ut/v3/prebid

Requested by

Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v5.8.1.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.88 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

22442f30af95c4688cd07910960d1c655826b0d72f1111775ed560a508cafe6f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 24 Aug 2021 11:24:07 GMT
X-Proxy-Origin: 217.138.209.69; 217.138.209.69; 726.bm-nginx-loadbalancer.mgmt.ams1; adnxs-simple.com
AN-X-Request-Uuid: fe6ce772-ec3c-47ca-86cc-7faab45b9ddf
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.dreamies.de
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 254
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

ROS Show response
ads.us.e-planning.net/hb/1/2c995/1/www.dreamies.de/
Redirect Chain

https://ads.us.e-planning.net/pbjs/1/2c995/1/www.dreamies.de/ROS?rnd=0.8500178517811028&e=300x250_0%3A300x250%2C250x250%2C200x200%2C180x150&ur=https%3A%2F%2Fwww.dreamies.de%2F&pbv=5.8.0&ncb=1&vs=F&...
https://ads.us.e-planning.net/hb/1/2c995/1/www.dreamies.de/ROS?ct=1&r=pbjs&rnd=0.8500178517811028&e=300x250_0%3A300x250%2C250x250%2C200x200%2C180x150&ur=https%3A%2F%2Fwww.dreamies.de%2F&pbv=5.8.0&n...

460 B
875 B

104ms
104ms

XHR
application/json

5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/hb/1/2c995/1/www.dreamies.de/ROS?ct=1&r=pbjs&rnd=0.8500178517811028&e=300x250_0%3A300x250%2C250x250%2C200x200%2C180x150&ur=https%3A%2F%2Fwww.dreamies.de%2F&pbv=5.8.0&ncb=1&vs=F&crs=windows-1252&fr=https%3A%2F%2Fwww.dreamies.de%2F&gdpr=1&gdprcs=
Requested by: Host: www.dreamies.de
URL: https://www.dreamies.de/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.245 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: 007ceee6eabc62e6c12b4f6ec9e2b758795abab8727affb873f59c343f8b6614

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
server: openresty
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://www.dreamies.de
expires: Tue, 24 Aug 2021 11:24:07 GMT
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 460
x-sid: AMS-611

Redirect headers

date: Tue, 24 Aug 2021 11:24:07 GMT
server: openresty
access-control-allow-origin: https://www.dreamies.de
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location: /hb/1/2c995/1/www.dreamies.de/ROS?ct=1&r=pbjs&rnd=0.8500178517811028&e=300x250_0%3A300x250%2C250x250%2C200x200%2C180x150&ur=https%3A%2F%2Fwww.dreamies.de%2F&pbv=5.8.0&ncb=1&vs=F&crs=windows-1252&fr=https%3A%2F%2Fwww.dreamies.de%2F&gdpr=1&gdprcs=
access-control-allow-credentials: true
content-type: text/html; charset=iso-8859-1
x-sid: AMS-611

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
188 B 160ms
54ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=34&wv=5.8.0&cb=84656956813
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v5.8.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.dreamies.de
date: Tue, 24 Aug 2021 11:24:06 GMT
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Finatra
timing-allow-origin: *
vary: Origin

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
177 B 165ms
56ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v5.8.1.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.dreamies.de
date: Tue, 24 Aug 2021 11:24:07 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
377 B 385ms
129ms XHR
text/plain 147.75.38.124
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v5.8.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.38.124 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.dreamies.de
date: Tue, 24 Aug 2021 11:24:07 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 1
vary: origin, Accept-Encoding

POST
H2 204 quantumdex Show response
useast.quantumdex.io/auction/ 0
623 B 249ms
233ms XHR
text/plain 2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://useast.quantumdex.io/auction/quantumdex
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v5.8.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET
access-control-allow-origin: https://www.dreamies.de
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iH5fs0JSi9Bp%2FgUJz0oK0ltd6K%2F5jCwd707wNRbSHZ8QJgAlQOD7iHWlQ73xKbT4gA1Vfzuv9mmNCqoQAuZbcm7QccC6NjAzLaoajvDjUrgMxVCa6fbVUipqT8ss27dP8MRQMmYp9ODqZVZFmxAf9DjV"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 683c366228661766-FRA

GET
H2 200 b2.php Show response
view.webplexmedia.de/ Frame 0ABD 740 B
594 B 62ms
61ms Document
text/html 51.91.68.112
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://view.webplexmedia.de/b2.php?uid=333004898&e=0&s=0&p=0&w=728&h=90&sid=867&size=2

Requested by

Host: view.webplexmedia.de
URL: https://view.webplexmedia.de/banner.php?uid=333004898&e=0&p=0&s=0&sid=867&size=2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.91.68.112 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

c81f205080f2246a3cc61bbb3ee65cc7d390310c07a7e9e187be5e3c62c408bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: view.webplexmedia.de
:scheme: https
:path: /b2.php?uid=333004898&e=0&s=0&p=0&w=728&h=90&sid=867&size=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://as1.dreamies.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://as1.dreamies.de/

Response headers

server: nginx
date: Tue, 24 Aug 2021 11:24:07 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block
content-encoding: gzip

GET
H2 200 map Show response
ih.adscale.de/ Frame 309D 3 KB
3 KB 55ms
55ms Document
text/html 54.93.80.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/map?format=display&ssl=1
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.80.4 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-80-4.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 0fc8ac3d4ce3e706c6c023a19b5013cb1f86bdab7f77a437343fee756a71b6ae

Request headers

:method: GET
:authority: ih.adscale.de
:scheme: https
:path: /map?format=display&ssl=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.dreamies.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: uu=53cae32e59cf409a8cb8a1a65e2f15ba; cct=1629804247105; ng=2#2055489464#27163404#89381
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.dreamies.de/

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
content-type: text/html;charset=ISO-8859-1
content-length: 2736
set-cookie: tu=4#1119539949#48~~452723~452723~1#101~~452723~452723~1#38~~452723~452723~1#39~~452723~452723~1#40~~452723~452723~1#42~~452723~452723~1#108~~452723~452723~1#63~~452723~452723~1; Max-Age=31336000; Domain=ih.adscale.de; Path=/; Secure; SameSite=None

GET
H2 200 nuggad Show response
nugmw.userreport.com/rc-ap/0/si.nuggad.net/ 2 KB
2 KB 60ms
17ms Script
text/javascript 2600:9000:2156:2400:1f:a1b:34c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nugmw.userreport.com/rc-ap/0/si.nuggad.net/nuggad?nuggn=571289945&nuggsid=1029839715
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2400:1f:a1b:34c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e2de469af3dce2be23e44bf963479e1a105b9466ad7c587074786d7f64ad8619

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
via: 1.1 32e4d419823b7f8df8417a8b18c9602d.cloudfront.net (CloudFront)
server: nginx/1.18.0
x-amz-cf-pop: FRA50-C1
access-control-allow-methods: get, post, options
content-type: text/javascript
cache-control: s-maxage=0, max-age=0
access-control-allow-credentials: true
x-cache: Miss from cloudfront
access-control-allow-headers: accept
content-length: 1872
x-amz-cf-id: U0xaObw6f1YWZkNH8o9Bd6OqCEj0RC2RkiCn87TGKWMX2pbAIrtLKg==

GET
H2 200 lg0.jpg
view.webplexmedia.de/ Frame 0ABD 1 KB
2 KB 62ms
62ms Image
image/jpeg 51.91.68.112
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://view.webplexmedia.de/lg0.jpg

Requested by

Host: view.webplexmedia.de
URL: https://view.webplexmedia.de/b2.php?uid=333004898&e=0&s=0&p=0&w=728&h=90&sid=867&size=2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.91.68.112 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e7a21f00272ebf0c6b15973a9298b362917872a7ea7c882dd1d8593c19ef13ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
last-modified: Fri, 04 Dec 2020 00:56:23 GMT
server: nginx
etag: "5fc98937-5de"
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/jpeg
accept-ranges: bytes
content-length: 1502
x-xss-protection: 1; mode=block

GET
H2 200 in4.php Show response
view.webplexmedia.de/ Frame 9654 697 B
621 B 168ms
167ms Document
text/html 51.91.68.112
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://view.webplexmedia.de/in4.php?uid=333004898&e=0&s=0&p=0&sid=867&size=2&referrer=

Requested by

Host: view.webplexmedia.de
URL: https://view.webplexmedia.de/b2.php?uid=333004898&e=0&s=0&p=0&w=728&h=90&sid=867&size=2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.91.68.112 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

1be9f7fb2ebc5dbce83aff7e57f93c20645a10337741213cd103cf9ab950a644

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: view.webplexmedia.de
:scheme: https
:path: /in4.php?uid=333004898&e=0&s=0&p=0&sid=867&size=2&referrer=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

server: nginx
date: Tue, 24 Aug 2021 11:24:07 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block
content-encoding: gzip

GET
H2

200

e4cdf5dd94dd89ffba6792757d79fe09.jpg
media.adklick.net/cache/ Frame 63CB
Redirect Chain

https://partners.adklick.net/show_pay_per_x.php?id=1754&banner=10694&site=25684&user=24046&action=image
https://media.adklick.net/cache/e4cdf5dd94dd89ffba6792757d79fe09.jpg

31 KB
31 KB

26ms
12ms

Image
image/jpeg

2606:4700:20::ac43:4b7c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.adklick.net/cache/e4cdf5dd94dd89ffba6792757d79fe09.jpg
Requested by: Host: as1.dreamies.de
URL: https://as1.dreamies.de/rs_300250.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 049687db8e9a8496204a404b060a05030dd82d41fa62470ed07bbb038c06fe62

Request headers

Referer: https://as1.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
cf-cache-status: HIT
last-modified: Sun, 06 Mar 2016 17:22:53 GMT
server: cloudflare
age: 6906
etag: "7bd5-52d649926f540"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rSCXYFMwqq8QiH2sY%2F%2BTFE768eb5YJa9kFY7rzlGiM0D%2B1yDxLEufBwXBWb7X8ylPkcFSVtEXOlZc9XKHoG06CIBoMsczT4w6P3pr3%2BW%2B8V3cAmzApV8XLrmFuZuJBjg7l7E4pEoaMYxZ%2B5havwF"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 683c36633ada4e13-FRA
content-length: 31701
cf-bgj: h2pri

Redirect headers

cf-ray: 683c3662da1d4e13-FRA
date: Tue, 24 Aug 2021 11:24:07 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-cache-status: BYPASS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=prbn2YZL7DV2kgLRj00aPCRo8%2F6M9BXUJsdOwIedbryoDqO%2B%2FRLJuGtP3zNfyaiVG3ONY%2FWZKlD32mNDlISkfcP3WzrVag2XoqxhMdCjVL3%2BMdmjhngukjInQyLJQRFwO%2F2Qect%2FZuRf7%2F5G3v7bEowk"}],"group":"cf-nel","max_age":604800}
p3p: CP="NOI STP CUR OUR"
location: https://media.adklick.net/cache/e4cdf5dd94dd89ffba6792757d79fe09.jpg
content-type: image/jpeg
content-length: 0

GET
H2 200 match.js Show response
js.adscale.de/ Frame 309D 4 KB
2 KB 6ms
6ms Script
application/javascript 2600:9000:206f:4600:f:4f64:8940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adscale.de/match.js
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:4600:f:4f64:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 91b4eb09154d5ebef46352e922194ec6dbb9547b63f9776ae10133fe1ca66879

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:07:27 GMT
content-encoding: br
last-modified: Tue, 24 Aug 2021 11:07:21 GMT
server: AmazonS3
age: 1001
etag: W/"b75124846aec28a28b7a3441813682d5"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: zjcefpIZygm0BDU4EweMzN4uSs3WS4Ai
via: 1.1 b8fb5d47d5536b63dd25111404e6e2e4.cloudfront.net (CloudFront)
cache-control: max-age=7200
x-amz-cf-pop: FRA56-C1
content-type: application/javascript
x-amz-cf-id: FZePKYLto0FeBuLzl84jV_Pe_R5bYfrdma_jTWcfca4EXQepEgt0mA==

GET
H2 200 nuggad
ih.adscale.de/ 49 B
265 B 48ms
48ms Image
image/gif 54.93.80.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/nuggad?/nvars/d7=1&d10=2&d2=2&d4=3&d11=2&d8=1&d9=2&d12=5&d1=2&d3=2
Requested by: Host: www.dreamies.de
URL: https://www.dreamies.de/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.80.4 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-80-4.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

GET
H2

200

img
ih.adscale.de/sium/fff925104c08456a99f9b16528b18669/1629804247475/0/ Frame 309D
Redirect Chain

https://bbnaut.ibillboard.com/match/AdScale?partneruid=53cae32e59cf409a8cb8a1a65e2f15ba&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Ffff925104c08456a99f9b16528b18669%2F1629804247475%2F0%2Fimg%3Ftpid%...
https://ih.adscale.de/sium/fff925104c08456a99f9b16528b18669/1629804247475/0/img?tpid=101&tpuid=BBID-01-03045182476618971-16375356

49 B
464 B

49ms
48ms

Image
image/gif

54.93.80.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/fff925104c08456a99f9b16528b18669/1629804247475/0/img?tpid=101&tpuid=BBID-01-03045182476618971-16375356
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.80.4 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-80-4.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

Location: https://ih.adscale.de/sium/fff925104c08456a99f9b16528b18669/1629804247475/0/img?tpid=101&tpuid=BBID-01-03045182476618971-16375356
Date: Tue, 24 Aug 2021 11:24:07 GMT
Cache-Control: private, max-age=3600
Access-Control-Allow-Credentials: true
Server: nginx
Connection: close
Transfer-Encoding: chunked

GET
H2 200 57fgjj6v.js Show response
ad4m.at/ Frame 9654 50 KB
17 KB 35ms
19ms Script
application/javascript 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/57fgjj6v.js
Requested by: Host: view.webplexmedia.de
URL: https://view.webplexmedia.de/in4.php?uid=333004898&e=0&s=0&p=0&sid=867&size=2&referrer=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 243a84e34e82cdd8a43ae2d4d06fa7334ad32569553c0315e1c39c2d2c551b34

Request headers

Referer: https://view.webplexmedia.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-goog-hash: crc32c=6vA9Zg==, md5=AWMP6ZAOvEyW5qRyKHmY+w==
date: Tue, 24 Aug 2021 11:24:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 86119
cf-polished: origSize=51221
x-guploader-uploadid: ADPycdsrfTZf3dfOJGq3Z8YT8yOZQqKkX4kMMdo6xd4my7AN117g-cs8Z8TvLFPHAaKr9sSxLeYN1xumA47DHrUAhyE
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 11:27:02 GMT
server: cloudflare
etag: W/"01630fe9900ebc4c96e6a472287998fb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gpEYEjhGq9wF1is1qoxsTlCklf0ylMFebjG7z8lWJ1QjlffWqx9V2HfO5%2F2j1esNcAeWSgQc2s29CEm%2FTkHHrtThP2EYLJ%2FplQ%2FtW2ZaqStmpXkDAdlCXeWQMmWgdzDa5Iqi4w0%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1629718022278002
content-type: application/javascript; charset=utf-8
expires: Mon, 23 Aug 2021 11:28:48 GMT
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 16084
cf-ray: 683c3663f9094e25-FRA
cf-bgj: minify

GET
H2 200 api.php Show response
media.mmo-spy.de/ Frame CF4B 196 B
336 B 168ms
51ms Document
text/html 51.210.32.121
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://media.mmo-spy.de/api.php?size=1

Requested by

Host: view.webplexmedia.de
URL: https://view.webplexmedia.de/in4.php?uid=333004898&e=0&s=0&p=0&sid=867&size=2&referrer=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

51.210.32.121 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e278ed3de9dfee225b1c4eeaa9d425c2f9ee2d1fd47b597f47f673528a1c0983

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: media.mmo-spy.de
:scheme: https
:path: /api.php?size=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://view.webplexmedia.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://view.webplexmedia.de/

Response headers

server: nginx
date: Tue, 24 Aug 2021 11:24:07 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block
content-encoding: gzip

GET
H3-29 200 frame.html Show response
ad4m.at/ Frame DADA 2 KB
2 KB 35ms
25ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/57fgjj6v.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://view.webplexmedia.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://view.webplexmedia.de/

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
content-type: text/html
x-guploader-uploadid: ABg5-UyHG4nMyrBK5WNqT49HT3fkOWy09Qi7AMHmefEGKv6EedjpZshPX4m1mr0_df4AnWlv4nSV1j8tT1-PHgSflkckYhyoGQ
expires: Tue, 24 Aug 2021 12:24:07 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 2644089
cache-control: public, max-age=3600
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z60rccAMmwu5K736UEhWujbnuRovfR1OPFRd8ONjCRDPprHNEulAhdcFSbcZn5a%2BGIXLLSxTkVDG5XWzcgdrSGmkFuX6hdrXNtEr8ldgmVr773kCpeLDMnxIE10GCr5D0CVJjt4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 683c36643b612bf6-FRA
content-encoding: br

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame 309D
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=33e608e24ce9881b55a65db4a...
https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&cburl=https%3A%2F%2Fih.adscale.de%2Fsi...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=YSTW19MQ5ByiQfN4rEQr0gAA%261216

49 B
483 B

48ms
47ms

Image
image/gif

54.93.80.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=YSTW19MQ5ByiQfN4rEQr0gAA%261216
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.80.4 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-80-4.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:08 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Tue, 24 Aug 2021 11:24:07 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=YSTW19MQ5ByiQfN4rEQr0gAA%261216
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 299
Expires: Tue, 24 Aug 2021 11:24:07 GMT

POST
H3-29 200 rs Show response
ad4m.at/ Frame 9654 444 B
923 B 24ms
23ms XHR
text/plain 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/57fgjj6v.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d70e71bb0e206ff84dd055ea558a559a40d9645d99ad41738568b24b7545a0ca

Request headers

Referer: https://view.webplexmedia.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 683c3664adeedfe7-FRA
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HVKhfwHxp0OKoHBXMNxtScnPDbetmQ0Fg4Z7493J0CChHSRM0%2F3JuRMDQiVc95cCy%2BPIMimCw8n21rU8VxXCu%2BPoH4NPY2copcVONaY4PXn6VakjFrTYm%2FhG%2FcQP2eAfxl8%2F%2FBc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://view.webplexmedia.de
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-credentials: true
content-encoding: br
x-backend-server: rs-1tg8

OPTIONS
H3-29 200 rs
ad4m.at/ Frame 0
0 28ms
20ms Preflight
text/plain 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3-29
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://view.webplexmedia.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
content-type: text/plain
content-length: 24
access-control-allow-origin: https://view.webplexmedia.de
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-headers: content-type
allow: HEAD,POST,GET,OPTIONS
x-backend-server: rs-1tg8
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xeN8z1KvG091gBDzrC5lHyAevUA7oWziUGXUDpHQlLnpY11W6%2F%2F9Rg0XlyQEQpftm7oa89hzmKb9gsFlhK1bUDlcgBfiJFCJuILs3nDMwHPiPxm3EZGi%2BDImAtkOyHSdWGpML3U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 683c36648dc9dfe7-FRA

GET
H3-29 200 / Show response
tag.vlitag.com/passbacktarget/1629790415/ Frame 083D 312 B
832 B 268ms
257ms Script
application/javascript 2606:4700:20::681a:eee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.vlitag.com/passbacktarget/1629790415/?t=iframe&pbID=7&d=12294&z=47580&divID=vi_1229447580_741&w=300&h=250

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v1/1629790415/9606a3996ea764c9859669b987170dc2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:eee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81f35bbf1d9427c1b3f45716b3f3f24294656f89389f78c0fc3ade6a3dcac3bd

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:08 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 24 Aug 2021 11:24:08 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ioUPtu4Rgv90yFq0ZeEYVt0Cz3M%2BLNWCHVEEJQ%2Bgal%2BUqHPB7w1PLJ15eJeubdPPLF3mQY00vo%2BBuneXq0L0GwweROApwr18Kt38eSXRN%2BMaQA894l8csY%2FVG8dgcvXvtloMcI2aYCoLQLdl"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 683c366488171f19-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block

GET
H2 200 /
stats.vlitag.com/pi/ Frame 083D 0
310 B 104ms
96ms Image
image/jpeg 2606:4700:20::ac43:4597
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stats.vlitag.com/pi/?e=zdNTyUyayeM-aAqw-PqBZ-qMMU-KTeMTBAaMTUTRzNhqllwqe0RrNTYYaPRmNPKZMARrtNRcsokty_orN
Requested by: Host: tag.vlitag.com
URL: https://tag.vlitag.com/v1/1629790415/9606a3996ea764c9859669b987170dc2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4597 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HWcQ0pkW6DgQO1glwsPU9F5HHpvvfskBVuOhTxpj4ztSsuUzPC1rL4CKAodUsEQx5jg%2BTQU2ILKMMa6y6W16%2B1sWzP%2BtpvsuyRUpjIIMKAIK5BopwQS8ZH4j7eUdZj5Cl8wO87dud%2BGZ0TH9%2FvA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: no-cache, no-store, must-revalidate
cf-ray: 683c36648a775be5-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
px.vliplatform.com/bi/ 0
598 B 161ms
136ms Image
image/jpeg 2606:4700:21::681b:cf5c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://px.vliplatform.com/bi/?e=zdNMewMKqKT-BtBq-PPaY-qyqa-BatAAqPPwaTwRrNTYYaPRmNPKZMARrtNheRlmNBAAbYZARdzNwqfftkRkjmNBAAbYZA,YZAbYZA,YAAbYAA,TMAbTZARwlNjxqfzxdrtb,qhhftbxl,ekoztg,kzwigxlt,thsqffofu,qdbRwkNRswyNRws0N

Requested by

Host: www.dreamies.de
URL: https://www.dreamies.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:21::681b:cf5c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XkRR2AgMy0GfcGGssDTsagrLXf0oIsi2byKTYSId%2FRAMCsjpA%2Fo3pCHcrNfu5CNFJgzA%2BnzDSiSINNPagZKDV13EAfojuTm9IlppMic5YUcg6A5rm2MQViOOo0raUWVaeHjUr9KgxO9yDxS5LF%2FFQw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: no-cache, no-store, must-revalidate
cf-ray: 683c3664ae0a5373-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block

GET
H2 200 /
px.vliplatform.com/bi/ 0
272 B 162ms
137ms Image
image/jpeg 2606:4700:21::681b:cf5c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://px.vliplatform.com/bi/?e=zdNPeArTaew-Tyqt-PMtr-qBKT-qAywUtByaAMARrNTYYaPRmNPKZMARrtNheRlmNBAAbTUMRdzNcortgRkjmNBAAbTUMRwlNjxqfzxdrtb,qhhftbxl,qdb,ekoztgRwkNRswyNRws0N

Requested by

Host: www.dreamies.de
URL: https://www.dreamies.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:21::681b:cf5c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1R2xO5dZsMmwheK2Wv3B4zwU8U8v0KtG3bI1mJg2RNr1bSVNGTXPp%2F%2B%2FyvMDLImmcUwWa9KK%2Bt4j55xGRuhLjopqApAf0po9vkzN1vNgwGDK%2BuJ2bfUEgNFRyv%2FEI9ppXU6ziCQRupy1swppUDeyPA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: no-cache, no-store, must-revalidate
cf-ray: 683c3664ae0b5373-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 96B4 101 KB
40 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-128776493-31

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v1/1629790415/9606a3996ea764c9859669b987170dc2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3c43a65c53da626dd8cf4d103cbad0a4c885b1d17819ae28afaf43024f23be5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41132
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 24 Aug 2021 11:24:07 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 96B4 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-128776493-31

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 6453
date: Tue, 24 Aug 2021 09:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Tue, 24 Aug 2021 11:36:34 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ Frame 96B4 1 B
21 B 15ms
15ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=1088308684&t=pageview&_s=1&dl=https%3A%2F%2Fwww.dreamies.de%2F&ul=en-us&de=UTF-8&dt=noBid_dreamies.de_0.00_Default&sd=24-bit&sr=1600x1200&vp=&je=0&cn=0.00&cs=dreamies.de&cm=noBid&cc=Default&_u=YEBAAUABAAAAAC~&jid=678578651&gjid=339181305&cid=731312921.1629804248&tid=UA-128776493-31&_gid=220666006.1629804248&_r=1&gtm=2ou8n0&z=1017959170

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.dreamies.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Aug 2021 11:24:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.dreamies.de
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rar Show response
as.ad4m.at/ad/ Frame A68C 6 KB
4 KB 19ms
18ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=823%2C15579%2C24673&b=ZkVuwfBfEpSmHDHDt3tDrxCVTJtxej%2C391Fpf4fkY8T7HrHAtEt1E7f8TztAMp%2CJ6zuzf5fK3YaBH6H7tptpPxTXTdtbJ2&f=9EzTMfmfg9tKHBH2tzC16jtwTRtZmw%2CWwEUrfdf2z1FYH5HjtDC3eGtPTwtJm5%2CGzXtBfpfkXRsKHeHGtBCpPDT2Tjtekm&c=728&d=90&e=&g=b944040a502d41d81dfdf7c775a875a4%2F1983649081673598024&i=9719%2C26474%2C20430&j=16%2C41%2C21&k=0&l=0&m=0&n=&p=&q=&o=webplexmedia_advancedad_Desktop_728x90&r=1629804247794&y=0&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/57fgjj6v.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

730332252dd0a2ebe0d166a377660de3510035971c0fd3ac18534b4d16da5d51

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/rar?a=823%2C15579%2C24673&b=ZkVuwfBfEpSmHDHDt3tDrxCVTJtxej%2C391Fpf4fkY8T7HrHAtEt1E7f8TztAMp%2CJ6zuzf5fK3YaBH6H7tptpPxTXTdtbJ2&f=9EzTMfmfg9tKHBH2tzC16jtwTRtZmw%2CWwEUrfdf2z1FYH5HjtDC3eGtPTwtJm5%2CGzXtBfpfkXRsKHeHGtBCpPDT2Tjtekm&c=728&d=90&e=&g=b944040a502d41d81dfdf7c775a875a4%2F1983649081673598024&i=9719%2C26474%2C20430&j=16%2C41%2C21&k=0&l=0&m=0&n=&p=&q=&o=webplexmedia_advancedad_Desktop_728x90&r=1629804247794&y=0&z=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://view.webplexmedia.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://view.webplexmedia.de/

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 683c3664daad4e25-FRA
content-encoding: br

GET
H2 200 / Show response
media.mmo-spy.de/ Frame CF4B 440 B
427 B 51ms
51ms Document
text/html 51.210.32.121
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://media.mmo-spy.de/?sess=RE3qWF3wSA8H5N44%2BzJ6G1cTTtnGP692%2FiOQUcgf4UA%3D

Requested by

Host: view.webplexmedia.de
URL: https://view.webplexmedia.de/in4.php?uid=333004898&e=0&s=0&p=0&sid=867&size=2&referrer=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

51.210.32.121 , France, ASN16276 (OVH, FR),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

28f3d26498634604b2850300b6c898ac96b399208fa350a1c371b51ab886f3f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: media.mmo-spy.de
:scheme: https
:path: /?sess=RE3qWF3wSA8H5N44%2BzJ6G1cTTtnGP692%2FiOQUcgf4UA%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

server: nginx
date: Tue, 24 Aug 2021 11:24:07 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block
content-encoding: gzip

GET
H3-29 200 default.css
as.ad4m.at/ad/style/0.1.8/one-ad/ Frame A68C 64 KB
8 KB 16ms
16ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.8/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=823%2C15579%2C24673&b=ZkVuwfBfEpSmHDHDt3tDrxCVTJtxej%2C391Fpf4fkY8T7HrHAtEt1E7f8TztAMp%2CJ6zuzf5fK3YaBH6H7tptpPxTXTdtbJ2&f=9EzTMfmfg9tKHBH2tzC16jtwTRtZmw%2CWwEUrfdf2z1FYH5HjtDC3eGtPTwtJm5%2CGzXtBfpfkXRsKHeHGtBCpPDT2Tjtekm&c=728&d=90&e=&g=b944040a502d41d81dfdf7c775a875a4%2F1983649081673598024&i=9719%2C26474%2C20430&j=16%2C41%2C21&k=0&l=0&m=0&n=&p=&q=&o=webplexmedia_advancedad_Desktop_728x90&r=1629804247794&y=0&z=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

611d8874cd6a661e6779751ba6a62bfbb7fa496d36b847c4e7fcf69279c70f44

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/rar?a=823%2C15579%2C24673&b=ZkVuwfBfEpSmHDHDt3tDrxCVTJtxej%2C391Fpf4fkY8T7HrHAtEt1E7f8TztAMp%2CJ6zuzf5fK3YaBH6H7tptpPxTXTdtbJ2&f=9EzTMfmfg9tKHBH2tzC16jtwTRtZmw%2CWwEUrfdf2z1FYH5HjtDC3eGtPTwtJm5%2CGzXtBfpfkXRsKHeHGtBCpPDT2Tjtekm&c=728&d=90&e=&g=b944040a502d41d81dfdf7c775a875a4%2F1983649081673598024&i=9719%2C26474%2C20430&j=16%2C41%2C21&k=0&l=0&m=0&n=&p=&q=&o=webplexmedia_advancedad_Desktop_728x90&r=1629804247794&y=0&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:07 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 502409
cf-polished: origSize=65497
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
expires: 0
last-modified: Wed, 18 Aug 2021 15:50:38 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 683c36650cb62bf6-FRA
cf-bgj: minify

GET
H2 200 092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
assets.ad4m.at/logo/ Frame A68C 38 KB
39 KB 32ms
24ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=823%2C15579%2C24673&b=ZkVuwfBfEpSmHDHDt3tDrxCVTJtxej%2C391Fpf4fkY8T7HrHAtEt1E7f8TztAMp%2CJ6zuzf5fK3YaBH6H7tptpPxTXTdtbJ2&f=9EzTMfmfg9tKHBH2tzC16jtwTRtZmw%2CWwEUrfdf2z1FYH5HjtDC3eGtPTwtJm5%2CGzXtBfpfkXRsKHeHGtBCpPDT2Tjtekm&c=728&d=90&e=&g=b944040a502d41d81dfdf7c775a875a4%2F1983649081673598024&i=9719%2C26474%2C20430&j=16%2C41%2C21&k=0&l=0&m=0&n=&p=&q=&o=webplexmedia_advancedad_Desktop_728x90&r=1629804247794&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a636d2c8ace706866349aaf2d1661b25c94a9523ab602e32d106fbba2a2b23

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-goog-hash: crc32c=EKOc3w==, md5=wqT4IuWoMfO1yrOci8rmHQ==
date: Tue, 24 Aug 2021 11:24:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 487602
cf-polished: origFmt=png, origSize=44613
x-guploader-uploadid: ADPycdutskbNwQUtE4yJR_IfkxwIZQCKxWAx5FuAxSG_6lIUWFWM0OebZ0dDVYDizjhDfwGiCWerGud1zIhymA2bEUU
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 39202
last-modified: Wed, 22 Jan 2020 13:11:41 GMT
server: cloudflare
etag: "c2a4f822e5a831f3b5cab39c8bcae61d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FSfVitJ8Gc5oWKXYDXWa6wQxOStPhCKOfBGmAmuGvcqjD61pzpiU%2F9te%2FP9u2KxBWQ4MpybUfBiVYopFvYFJSnpgTZwtQxElbevokJanVAVtQ7Z1%2F6LJ%2Fb1a4qDKYx%2ByzVKoIP60Pa0RRlk5"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698701189315
content-type: image/webp
expires: Wed, 25 Aug 2021 11:24:07 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 44613
accept-ranges: bytes
cf-ray: 683c36651b684e25-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
assets.ad4m.at/ Frame A68C 113 KB
113 KB 33ms
25ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=823%2C15579%2C24673&b=ZkVuwfBfEpSmHDHDt3tDrxCVTJtxej%2C391Fpf4fkY8T7HrHAtEt1E7f8TztAMp%2CJ6zuzf5fK3YaBH6H7tptpPxTXTdtbJ2&f=9EzTMfmfg9tKHBH2tzC16jtwTRtZmw%2CWwEUrfdf2z1FYH5HjtDC3eGtPTwtJm5%2CGzXtBfpfkXRsKHeHGtBCpPDT2Tjtekm&c=728&d=90&e=&g=b944040a502d41d81dfdf7c775a875a4%2F1983649081673598024&i=9719%2C26474%2C20430&j=16%2C41%2C21&k=0&l=0&m=0&n=&p=&q=&o=webplexmedia_advancedad_Desktop_728x90&r=1629804247794&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85a096c073faa7b2f0cd16adf42aef4c64f0e2b34dedcd1379b6cc48e126f7fa

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-goog-hash: crc32c=UWAYGw==, md5=A1esecs/9FudVn6rgMfjTA==
date: Tue, 24 Aug 2021 11:24:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 33998
cf-polished: origFmt=png, origSize=136328
x-guploader-uploadid: ADPycduvx0py-Lj3pP0GPDtL2qSwEYj1DcPveprXT5NY_nW1G5lfQYuY5PrsMqJANxe7qLTaU1ife4rmOv4-JAAkDA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 115268
last-modified: Tue, 29 Oct 2019 09:42:57 GMT
server: cloudflare
etag: "0357ac79cb3ff45b9d567eab80c7e34c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nXCy1dRFf7wm5d0A4QVbqJUGJay2HpQCLtnunO700J4s6jxOv4B1etnpjT1nCrf2uNHHYSJsGKBX%2BisrEd3czi2OXdgDhoc9eZ0CgVUjJIwRXzkut9xofGYqMurFLNBKXVZ4Vryn1vnsqptl"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1572342177666668
content-type: image/webp
expires: Wed, 25 Aug 2021 11:24:07 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 136328
accept-ranges: bytes
cf-ray: 683c36651b624e25-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame A68C 43 B
704 B 230ms
94ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2338586&v=11830&q=357066&r=412871&pv=1&pref3=oneidZkVuwfBfEpSmHDHDt3tDrxCVTJtxejoneid__webplexmedia_advancedad_Desktop_728x90&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 24 Aug 2021 11:24:08 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 A936526A7BBD1A3667304FF9801CD69D64491F536141498A04EE917B95C4F41805FB0684491C85587102A447B68BEB66A82BA2BA68F7C41066BBF7DD19871BB8
assets.ad4m.at/logo/ Frame A68C 15 KB
15 KB 41ms
34ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/A936526A7BBD1A3667304FF9801CD69D64491F536141498A04EE917B95C4F41805FB0684491C85587102A447B68BEB66A82BA2BA68F7C41066BBF7DD19871BB8
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=823%2C15579%2C24673&b=ZkVuwfBfEpSmHDHDt3tDrxCVTJtxej%2C391Fpf4fkY8T7HrHAtEt1E7f8TztAMp%2CJ6zuzf5fK3YaBH6H7tptpPxTXTdtbJ2&f=9EzTMfmfg9tKHBH2tzC16jtwTRtZmw%2CWwEUrfdf2z1FYH5HjtDC3eGtPTwtJm5%2CGzXtBfpfkXRsKHeHGtBCpPDT2Tjtekm&c=728&d=90&e=&g=b944040a502d41d81dfdf7c775a875a4%2F1983649081673598024&i=9719%2C26474%2C20430&j=16%2C41%2C21&k=0&l=0&m=0&n=&p=&q=&o=webplexmedia_advancedad_Desktop_728x90&r=1629804247794&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5661858a1ac96084163595f8a5da3f9c0208037dbe609d6a8bbe48ada46c3b5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-goog-hash: crc32c=i1Ff/Q==, md5=AYpfNzYzK/oFCZjsj3K+tA==
date: Tue, 24 Aug 2021 11:24:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34005
cf-polished: origFmt=png, origSize=26777
x-guploader-uploadid: ADPycdv7X51AmkEUtH1_gl-A0CgDAw348KLzYmFzLhmM_g1fGpNTfmO4ci_pLgQ8YhWAKA8JGEPkFmthFhhCmf4Tm5HVtgcdhg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 15238
last-modified: Tue, 07 Jul 2020 09:20:40 GMT
server: cloudflare
etag: "018a5f3736332bfa050998ec8f72beb4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mJKmqST5dRmrrXSgyBWz9rhGl9CYZ6mWpAj8je%2BpIloeeIUQpgjDiwUY6mx7SBsptlI3XmRVKDWWmCUTgQgZcCSaLdelcJgGdlAsCHEJFRm8WQMMmCCFZXg0g23QU4uE7%2F7mUCL1tFnX0WoY"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1594113640078278
content-type: image/webp
expires: Wed, 25 Aug 2021 11:24:07 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 26777
accept-ranges: bytes
cf-ray: 683c36651b674e25-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 50270FD72C446983BEB21B8530CF7FFBE962FE2F43651A11D0A8FEBB3609FEEA311FBBDD45019DBDBBE9392739119AFD9E15B3F6D7305E11B283370B610DD798.
assets.ad4m.at/product_image/ Frame A68C 489 KB
490 KB 31ms
25ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/50270FD72C446983BEB21B8530CF7FFBE962FE2F43651A11D0A8FEBB3609FEEA311FBBDD45019DBDBBE9392739119AFD9E15B3F6D7305E11B283370B610DD798.
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=823%2C15579%2C24673&b=ZkVuwfBfEpSmHDHDt3tDrxCVTJtxej%2C391Fpf4fkY8T7HrHAtEt1E7f8TztAMp%2CJ6zuzf5fK3YaBH6H7tptpPxTXTdtbJ2&f=9EzTMfmfg9tKHBH2tzC16jtwTRtZmw%2CWwEUrfdf2z1FYH5HjtDC3eGtPTwtJm5%2CGzXtBfpfkXRsKHeHGtBCpPDT2Tjtekm&c=728&d=90&e=&g=b944040a502d41d81dfdf7c775a875a4%2F1983649081673598024&i=9719%2C26474%2C20430&j=16%2C41%2C21&k=0&l=0&m=0&n=&p=&q=&o=webplexmedia_advancedad_Desktop_728x90&r=1629804247794&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c541cd5f041147f67b3fb70550fc735265c3e5930bb8db2716d5cd7aa22dd6f6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-goog-hash: crc32c=lIUygg==, md5=fLfh5GRv46g5qemv56lBaA==
date: Tue, 24 Aug 2021 11:24:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 487099
cf-polished: origFmt=png, origSize=770312
x-guploader-uploadid: ADPycdvXzAyvK0z6HukOxsXCq-nYVxZ8CEDQxPKHdJV-JbeZa8Nc9gHty6YOqKuy1b070cDl0TZtJQaG2y2zUxrjo66PeQdoOw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename="50270FD72C446983BEB21B8530CF7FFBE962FE2F43651A11D0A8FEBB3609FEEA311FBBDD45019DBDBBE9392739119AFD9E15B3F6D7305E11B283370B610DD798.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 500762
last-modified: Mon, 17 May 2021 13:20:36 GMT
server: cloudflare
etag: "7cb7e1e4646fe3a839a9e9afe7a94168"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X2HAiefFe5cDfhRn31lmCZ07rOxRjGlPxMpJlauamP77ex4PfE4VDdErcjyA6pFzv7iNIZc5W0rZtHJVihBF6et2VsS9J1ZZIMXJ1x6SFkwXCCzOCbDOKMGtdmQ9%2BvE6tzu9yPYg7u4N3cXK"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1621257635998488
content-type: image/webp
expires: Wed, 25 Aug 2021 11:24:07 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 770312
accept-ranges: bytes
cf-ray: 683c36651b664e25-FRA
cf-bgj: imgq:85,h2pri

GET
H2

200

view.aspx
pb.media01.eu/ Frame A68C
Redirect Chain

https://pv.medialead.de/trck/epv/2aed39855b5f46b7d90f959867be60f8?t=htlp&subid=oneid391Fpf4fkY8T7HrHAtEt1E7f8TztAMponeid__webplexmedia_advancedad_Desktop_728x90&gdpr_consent=&gdpr=0&gdpr_pd=0
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=57372&dt_subid2=oneid391Fpf4fkY8T7HrHAtEt1E7f8TztAMponeid__webplexmedia_advancedad_Desktop_728x90&actionid=879111&...

0
607 B

242ms
137ms

Image
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=57372&dt_subid2=oneid391Fpf4fkY8T7HrHAtEt1E7f8TztAMponeid__webplexmedia_advancedad_Desktop_728x90&actionid=879111&produktid=ratenkredit&dt_url=

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 Bad Schwalbach, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:08 GMT
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Tue, 24 Aug 2021 01:24:08 GMT
server: Microsoft-IIS/10.0
access-control-allow-methods: GET,POST
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Tue, 24 Aug 2021 11:24:08 GMT
Server: nginx/1.19.7
X-IPLB-Request-ID: D98AD145:2DB8_91EFC182:01BB_6124D6D7_18D6B3:2ECA3
X-Powered-By: PHP/7.2.34
X-IPLB-Instance: 40028
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
Content-Type: text/html; charset=UTF-8
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=57372&dt_subid2=oneid391Fpf4fkY8T7HrHAtEt1E7f8TztAMponeid__webplexmedia_advancedad_Desktop_728x90&actionid=879111&produktid=ratenkredit&dt_url=
Cache-control: private
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload, max-age=15768000
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization
Keep-Alive: timeout=20

GET
H2 200 E8A0B3404CF65D67FABF74F38D2E787E97D75F650E6720B8A047EFE226A7A598DA94FFCF3CDCC52A3B206A422DD3D5082778689277BC79BF962DEE607C6331D8
assets.ad4m.at/logo/ Frame A68C 38 KB
38 KB 31ms
25ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/E8A0B3404CF65D67FABF74F38D2E787E97D75F650E6720B8A047EFE226A7A598DA94FFCF3CDCC52A3B206A422DD3D5082778689277BC79BF962DEE607C6331D8
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=823%2C15579%2C24673&b=ZkVuwfBfEpSmHDHDt3tDrxCVTJtxej%2C391Fpf4fkY8T7HrHAtEt1E7f8TztAMp%2CJ6zuzf5fK3YaBH6H7tptpPxTXTdtbJ2&f=9EzTMfmfg9tKHBH2tzC16jtwTRtZmw%2CWwEUrfdf2z1FYH5HjtDC3eGtPTwtJm5%2CGzXtBfpfkXRsKHeHGtBCpPDT2Tjtekm&c=728&d=90&e=&g=b944040a502d41d81dfdf7c775a875a4%2F1983649081673598024&i=9719%2C26474%2C20430&j=16%2C41%2C21&k=0&l=0&m=0&n=&p=&q=&o=webplexmedia_advancedad_Desktop_728x90&r=1629804247794&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d997fba7832cb78b0933a9eb2ce191d53234c978e25c6c8fc50c75923ea8405e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-goog-hash: crc32c=RkBJ3g==, md5=Kw4C6d3nfjHTjXjXPcaeTw==
date: Tue, 24 Aug 2021 11:24:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34002
cf-polished: origFmt=png, origSize=77267
x-guploader-uploadid: ADPycdsNEkgbPrwR9yVr9FQ2iM1HACT-gNtH6gPtSLHR_NFgYHNL4PxKtXzXdKnYXMmP-MQ_N8B2RxtlSULthh2coQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 38696
last-modified: Wed, 22 Jan 2020 13:11:48 GMT
server: cloudflare
etag: "2b0e02e9dde77e31d38d78d73dc69e4f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k1fX2CIK1mqaCSb7Sb43AyQ0Gv0hnIY%2FxPsQKIavMtZgBSPw9WIvFDqUAgJXpksp6Q7O8toqt97MwmauMhvyhQOf4jeJKNUr0bIUXLBqiJgbPbzY5O6Sgq3gRVN8XnexcCOrvP3r37Oj9cRm"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698708801217
content-type: image/webp
expires: Wed, 25 Aug 2021 11:24:07 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 77267
accept-ranges: bytes
cf-ray: 683c36651b654e25-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 B45F893E9FFC024BF63F31BCCBD125167CBC3446F3678FC31F706A695A83CDCA7427229BCA4C5992B83E2F60A147FCD1B6148725AA0AF3ABB801A6BB7EA78390
assets.ad4m.at/ Frame A68C 84 KB
84 KB 23ms
17ms Image
image/jpeg 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/B45F893E9FFC024BF63F31BCCBD125167CBC3446F3678FC31F706A695A83CDCA7427229BCA4C5992B83E2F60A147FCD1B6148725AA0AF3ABB801A6BB7EA78390
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=823%2C15579%2C24673&b=ZkVuwfBfEpSmHDHDt3tDrxCVTJtxej%2C391Fpf4fkY8T7HrHAtEt1E7f8TztAMp%2CJ6zuzf5fK3YaBH6H7tptpPxTXTdtbJ2&f=9EzTMfmfg9tKHBH2tzC16jtwTRtZmw%2CWwEUrfdf2z1FYH5HjtDC3eGtPTwtJm5%2CGzXtBfpfkXRsKHeHGtBCpPDT2Tjtekm&c=728&d=90&e=&g=b944040a502d41d81dfdf7c775a875a4%2F1983649081673598024&i=9719%2C26474%2C20430&j=16%2C41%2C21&k=0&l=0&m=0&n=&p=&q=&o=webplexmedia_advancedad_Desktop_728x90&r=1629804247794&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e44684a48d596b56cba6492df2821b18b56fd0b488a77240d415f0eae918abe1

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-goog-hash: crc32c=e08Zuw==, md5=psibsHmVB2WUau7aQuE9AQ==
date: Tue, 24 Aug 2021 11:24:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 897063
cf-polished: origSize=90165, status=webp_bigger
x-guploader-uploadid: ADPycdt0auuVYXxKcOeI32Nv-fvSJQzYQvFVwatuzPsEZD0eRaq_pBpNbp-MnA5kVrbBdCHt3HyAtodlGclxYmOQ7A
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 85737
last-modified: Wed, 09 Oct 2019 16:06:53 GMT
server: cloudflare
etag: "a6c89bb079950765946aeeda42e13d01"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X8MEz5J4nITFCXAHQJi%2FLJLCy%2B8j%2FyxIgfK%2ByYydPeEmhhhdwKbFbRe7X89Ulb69K9jWMkAQEQUCBsgwH0RCDsrd%2B0egnoDwXkaq8eqp%2Fmu17WxiBxWS7JpgbLas9gu7uvZh%2B6x4lVn9tkAw"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1570637213281727
content-type: image/jpeg
expires: Wed, 25 Aug 2021 11:24:07 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 90165
accept-ranges: bytes
cf-ray: 683c36651b644e25-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame A68C 12 KB
12 KB 349ms
136ms Script
text/html 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=713569&wgcampaignid=1384975&js=1&nw=1&clickref=oneidGzXtBfpfkXRsKHeHGtBCpPDT2Tjtekmoneid__webplexmedia_advancedad_Desktop_728x90&viewref=oneidJ6zuzf5fK3YaBH6H7tptpPxTXTdtbJ2oneid__webplexmedia_advancedad_Desktop_728x90
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=823%2C15579%2C24673&b=ZkVuwfBfEpSmHDHDt3tDrxCVTJtxej%2C391Fpf4fkY8T7HrHAtEt1E7f8TztAMp%2CJ6zuzf5fK3YaBH6H7tptpPxTXTdtbJ2&f=9EzTMfmfg9tKHBH2tzC16jtwTRtZmw%2CWwEUrfdf2z1FYH5HjtDC3eGtPTwtJm5%2CGzXtBfpfkXRsKHeHGtBCpPDT2Tjtekm&c=728&d=90&e=&g=b944040a502d41d81dfdf7c775a875a4%2F1983649081673598024&i=9719%2C26474%2C20430&j=16%2C41%2C21&k=0&l=0&m=0&n=&p=&q=&o=webplexmedia_advancedad_Desktop_728x90&r=1629804247794&y=0&z=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 4a9312862de278a6888875c6dc8692189362a4600cd0860abca964f0aa9defc0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 24 Aug 2021 11:24:08 GMT
Last-Modified: Tue, 24 Aug 2021 11:24:08 GMT
Server: Apache
Transfer-Encoding: chunked
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 / Show response
media.mmo-spy.de/ Frame CF4B 288 B
364 B 52ms
51ms Document
text/html 51.210.32.121
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://media.mmo-spy.de/?sess=RE3qWF3wSA8H5N44%2BzJ6G8%2BStH7rQsX5bUkZE5iW5Rw%3D

Requested by

Host: media.mmo-spy.de
URL: https://media.mmo-spy.de/?sess=RE3qWF3wSA8H5N44%2BzJ6G1cTTtnGP692%2FiOQUcgf4UA%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

51.210.32.121 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e6ffbd5069d88d01fda90f281977e7c3e43f50f5c0a653ba31c84ab8a6381e08

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: media.mmo-spy.de
:scheme: https
:path: /?sess=RE3qWF3wSA8H5N44%2BzJ6G8%2BStH7rQsX5bUkZE5iW5Rw%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

server: nginx
date: Tue, 24 Aug 2021 11:24:07 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block
content-encoding: gzip

GET
H2 200 index.html Show response
media.mmo-spy.de/tags/728/ Frame E2B7 175 B
319 B 51ms
51ms Document
text/html 51.210.32.121
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://media.mmo-spy.de/tags/728/index.html

Requested by

Host: media.mmo-spy.de
URL: https://media.mmo-spy.de/?sess=RE3qWF3wSA8H5N44%2BzJ6G8%2BStH7rQsX5bUkZE5iW5Rw%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

51.210.32.121 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

fa7579b7a90e6314e1b58a722814267b6b58938222d3c7b563b67414a4e3d968

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: media.mmo-spy.de
:scheme: https
:path: /tags/728/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://media.mmo-spy.de/?sess=RE3qWF3wSA8H5N44%2BzJ6G8%2BStH7rQsX5bUkZE5iW5Rw%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://media.mmo-spy.de/?sess=RE3qWF3wSA8H5N44%2BzJ6G8%2BStH7rQsX5bUkZE5iW5Rw%3D

Response headers

server: nginx
date: Tue, 24 Aug 2021 11:24:07 GMT
content-type: text/html
last-modified: Thu, 17 Jun 2021 17:12:21 GMT
etag: W/"60cb8275-af"
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block
content-encoding: gzip

GET
H2 200 gen.js Show response
ads.themoneytizer.com/s/ Frame E2B7 4 KB
2 KB 149ms
44ms Script
text/html 151.139.241.23
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.themoneytizer.com/s/gen.js?type=1
Requested by: Host: media.mmo-spy.de
URL: https://media.mmo-spy.de/tags/728/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.241.23 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: b780c05b9b8e1f7acff640ef794ca777ffa43e5d4354a84eebf3dd98975f8675

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:08 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
x-cache: HIT
content-type: text/html; charset=UTF-8
cache-control: max-age=86400
accept-ranges: bytes
content-length: 2127
expires: Wed, 25 Aug 2021 11:23:29 GMT

GET
H2 200 requestform.js Show response
ads.themoneytizer.com/s/ Frame E2B7 135 KB
17 KB 176ms
71ms Script
text/html 151.139.241.23
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.themoneytizer.com/s/requestform.js?siteId=16627&formatId=1
Requested by: Host: media.mmo-spy.de
URL: https://media.mmo-spy.de/tags/728/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.241.23 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: a052e6933e8546e3d30a47a458d09078af55b6bffd7cf4bcdc366905fd259cfc

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:08 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
x-cache: HIT
content-type: text/html; charset=UTF-8
cache-control: max-age=86400
accept-ranges: bytes
expires: Wed, 25 Aug 2021 11:24:08 GMT

GET
H2 200 bn.php Show response
worldstatistics.live/ Frame 6674 498 B
876 B 199ms
173ms Document
text/html 2606:4700:3037::ac43:c79d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://worldstatistics.live/bn.php?size=300x250
Requested by: Host: tag.vlitag.com
URL: https://tag.vlitag.com/passbacktarget/1629790415/?t=iframe&pbID=7&d=12294&z=47580&divID=vi_1229447580_741&w=300&h=250
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:c79d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.3.24
Resource Hash: 30b410b83af8676ba33a86cce11abe9db8e5c660b3ec379502ceb32cc014ccb7

Request headers

:method: GET
:authority: worldstatistics.live
:scheme: https
:path: /bn.php?size=300x250
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.dreamies.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.dreamies.de/

Response headers

date: Tue, 24 Aug 2021 11:24:08 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.3.24
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pllz0m0lqzMJ64U5i%2Bjt1ykbOf%2B4o7rZOthdI7pgCvtZVLUiqfjfr2ItiLpCSRk2xvMs8CG%2BpEoaVWpOzom7A934kmpSx%2FQ6C7UysuEFXSSyV67VlH1povcvuHFWeH8od2eRQHzjEJT7v5VD5EuVtMK4Ng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 683c36665b7b5c20-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame 309D
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D108%26tpuid%3D%5BMM_UUID%5D&uid=f1d24a5b641ce19120a3590...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=22206124-d6d8-4a00-b49c-41fe6b60d577

49 B
505 B

56ms
56ms

Image
image/gif

54.93.80.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=22206124-d6d8-4a00-b49c-41fe6b60d577
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.80.4 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-80-4.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:08 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

Date: Tue, 24 Aug 2021 11:24:04 GMT
Server: MT3 3865 cc0e612 master cdg-pixel-x5
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=22206124-d6d8-4a00-b49c-41fe6b60d577
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 24 Aug 2021 11:24:03 GMT

GET
H/1.1 200
OK / Show response
g.themoneytizer.net/g/ Frame E2B7 26 B
271 B 253ms
97ms Script
text/html 145.239.193.145
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.themoneytizer.net/g/
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/gen.js?type=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 145.239.193.145 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: f2af6a03599a30f21216920acbab05ce2903a5f62b4a6b4f9b0a2b234004e53e

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 24 Aug 2021 11:24:08 GMT
Server: nginx
X-IPLB-Request-ID: D98AD145:BDA8_91EFC191:01BB_6124D6D8_58EF6E2:27DB6
X-IPLB-Instance: 29895
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 moneybile.js Show response
ads.themoneytizer.com/ Frame E2B7 38 KB
16 KB 53ms
52ms Script
application/javascript 151.139.241.23
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.themoneytizer.com/moneybile.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/gen.js?type=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.241.23 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: 4006e0481f9cfffd3a579c3dcbdad1b6953e844c1e3c76a8d9f86844c98d87a3

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: public
date: Tue, 24 Aug 2021 11:24:08 GMT
content-encoding: gzip
last-modified: Fri, 12 Mar 2021 17:07:19 GMT
server: nginx
etag: "604b9fc7-981e"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 16267
expires: Wed, 25 Aug 2021 11:23:56 GMT

GET
H/1.1

200
OK

smart.js Show response
ced-ns.sascdn.com/diff/js/ Frame E2B7
Redirect Chain

https://ww1097.smartadserver.com/config.js?nwid=1097
https://ced-ns.sascdn.com/diff/js/smart.js

71 KB
21 KB

33ms
14ms

Script
application/x-javascript

2a02:26f0:6c00::210:ba0b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ced-ns.sascdn.com/diff/js/smart.js
Requested by: Host: media.mmo-spy.de
URL: https://media.mmo-spy.de/tags/728/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: fbc18d8db6012565449eef0a113333f5b8d04c86bd3b3492439b9907fc7f5ad6

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 24 Aug 2021 11:24:08 GMT
Content-Encoding: gzip
Last-Modified: Thu, 12 Aug 2021 08:07:38 GMT
Server: AkamaiNetStorage
ETag: "e8f732091957bed1c7bcdd3debf0feba:1628755660.913415"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21457

Redirect headers

location: https://ced-ns.sascdn.com/diff/js/smart.js
date: Tue, 24 Aug 2021 11:24:08 GMT
content-length: 0

GET
H/1.1 200
OK / Show response
c.tmyzer.com/c/ Frame E2B7 0
271 B 252ms
63ms XHR
text/html 54.38.64.100
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://c.tmyzer.com/c/?s=16627&f=1&fi=99
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=16627&formatId=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.38.64.100 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 24 Aug 2021 11:24:08 GMT
Server: nginx
X-IPLB-Request-ID: D98AD145:F040_36264064:01BB_6124D6D8_7B10DD6:2E4C0
X-IPLB-Instance: 38431
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 sync Show response
gum.criteo.com/ Frame E2B7 49 B
362 B 69ms
22ms Script
text/javascript 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sync?c=147&r=2&j=criteoCallback

Requested by

Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=16627&formatId=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

005c3133bf387e1b00a5ec25effc468f7752591adac19a3782d200bf68a970f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
date: Tue, 24 Aug 2021 11:24:08 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=3600
server-processing-duration-in-ticks: 1530
content-length: 165
expires: 60

GET
H/1.1 200
OK libJsLP.js Show response
tag.leadplace.fr/ Frame E2B7 4 KB
4 KB 463ms
57ms Script
application/javascript 145.239.192.166
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.leadplace.fr/libJsLP.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=16627&formatId=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 145.239.192.166 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 8da935c18168ab5561137d875449b7b5b4e38ec854c5f3d2296823cf0b93a3f9

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 24 Aug 2021 11:24:08 GMT
Last-Modified: Mon, 31 May 2021 09:07:48 GMT
Server: nginx/1.14.2
X-IPLB-Request-ID: D98AD145:E982_91EFC0A6:01BB_6124D6D8_4B41E2B2:BE9C
ETag: "60b4a764-10b7"
X-IPLB-Instance: 30195
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 4279

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 0337 2 KB
823 B 151ms
49ms Document
text/html 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1629804248185

Requested by

Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=16627&formatId=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?pubId=2a897e3f18e6769&cb=1629804248185
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://media.mmo-spy.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://media.mmo-spy.de/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
strict-transport-security: max-age=15552000

GET
H2 200 / Show response
spl.zeotap.com/ Frame 91FA 2 KB
1 KB 55ms
39ms Document
text/html 2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=16627&formatId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 23f683ea8b9bb9748abf339dfb0592ebe93b49d15f86a3dbe37d2d155d52b102

Request headers

:method: GET
:authority: spl.zeotap.com
:scheme: https
:path: /?env=mWeb&uc=2&zdid=1258&eventType=map
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://media.mmo-spy.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://media.mmo-spy.de/

Response headers

date: Tue, 24 Aug 2021 11:24:08 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://media.mmo-spy.de
set-cookie: zc=7e3cf5ca-60e7-4985-698d-f80042cec84c; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure zsc=g%E5%B1%D3%8B%FB%02%FC%94%1E%A5V%FC%E8%F1%03%8E%E5%14%D3Q%60%81%FC%17Ta%88%A3E%08%A7%8Av%C7%7D%21%97%E1%1Bo%08Y%C8%C7-GS6%C1%1E%0E%90%B3%01%B1%99%D7%8E%D2%C6%5B%AF%9C%87F%28%F5%0A%5B%C6Rf%E8%8F%EB%C6%27%E5%C6%D4%BC%EF%C2P%DEW%BA%82%90v~%8E%0C%F4%21i%25%B5%5C%DB%E1t%04%95; Path=/; Domain=.zeotap.com; Max-Age=86400; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 683c366748324e5c-FRA
content-encoding: br

GET
H2 200 quant.js Show response
secure.quantserve.com/ Frame E2B7 24 KB
9 KB 26ms
8ms Script
application/javascript 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=16627&formatId=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 95b17ad661699c049d42195b8ccd1d855045a1fcfbd20d8609a6d87fa5703810

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:08 GMT
content-encoding: gzip
etag: "lp772EpWKwf8Kq7YKMhbuw=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Tue, 31 Aug 2021 11:24:08 GMT

GET
H/1.1 200
OK px.js Show response
p.cpx.to/p/12763/ Frame E2B7 3 KB
3 KB 515ms
65ms Script
application/javascript 54.246.143.132
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://p.cpx.to/p/12763/px.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=16627&formatId=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.143.132 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-143-132.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 7458b398b6bdb94abc1699144ff8a0bc7ba2abda0d0ab04f6a6fa2b3f8732e5b

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 24 Aug 2021 11:24:08 GMT
Cache-Control: max-age=2419200, public
Connection: keep-alive
Content-Length: 3010
Content-Type: application/javascript; charset=UTF-8

GET
H/1.1 200
OK notifyme.js Show response
d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/ Frame E2B7 25 KB
26 KB 665ms
60ms Script
text/javascript 13.224.89.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=16627&formatId=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.89.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-89-6.zrh50.r.cloudfront.net
Software: Apache /
Resource Hash: b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 23 Aug 2021 17:05:58 GMT
Via: 1.1 af287426c130b47dba79bf825f91ebbb.cloudfront.net (CloudFront)
Last-Modified: Mon, 18 Feb 2019 16:54:28 GMT
Server: Apache
Age: 65891
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Connection: keep-alive
X-Amz-Cf-Pop: ZRH50-C1
Accept-Ranges: bytes
Content-Length: 25704
X-Amz-Cf-Id: eYs1frMfpcTeYsTtN7F48934rhpyikkn-kL9W-pivWKSd2xXHcmokQ==

GET
H/1.1 200
OK 186329-261067657875242.js Show response
js-sec.indexww.com/ht/p/ Frame E2B7 37 KB
13 KB 2440ms
66ms Script
text/javascript 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/ht/p/186329-261067657875242.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=16627&formatId=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7e176e51c1dff07522d527754e78745b4fe73db4b875ab85be5ec57e2e35346c

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 24 Aug 2021 11:24:10 GMT
Content-Encoding: gzip
Last-Modified: Tue, 24 Aug 2021 10:56:52 GMT
Server: Apache
ETag: "da46e6-930b-5ca4bfdc34fd6"
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=1993
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 12788
Expires: Tue, 24 Aug 2021 11:57:23 GMT

GET
H2 200 prebid.js Show response
ads.themoneytizer.com/moneybid4_40/build_rb_noconsent/dist/ Frame E2B7 544 KB
169 KB 52ms
51ms Script
application/javascript 151.139.241.23
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.themoneytizer.com/moneybid4_40/build_rb_noconsent/dist/prebid.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=16627&formatId=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.241.23 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: 8c4e529192aca25fa4a5e73816ac45c2cf549901ec142584089488bec55bdc09

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: public
date: Tue, 24 Aug 2021 11:24:08 GMT
content-encoding: gzip
last-modified: Tue, 17 Aug 2021 09:54:56 GMT
server: nginx
etag: "611b8770-87f99"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 172702
expires: Wed, 25 Aug 2021 11:23:13 GMT

GET
H/1.1

200

5.gif
id5-sync.com/c/12/108/5/ Frame E2B7
Redirect Chain

https://id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent=
https://id5-sync.com/c/12/0/9/1.gif?gdpr=1&gdpr_consent=
https://cookie-matching.mediarithmics.com/v1/get_user_agent_id?dom_token=id517&sd=Y2FzY2FkZXNSZW1haW5pbmc9OCZjYXNjYWRlc0RvbmU9MiZpbml0aWF0aW5nUGFydG5lcj0xMiZmb3JtYXQ9Z2lmJg
https://cookie-matching.mediarithmics.com/v1/get_or_create?sd=Y2FzY2FkZXNSZW1haW5pbmc9OCZjYXNjYWRlc0RvbmU9MiZpbml0aWF0aW5nUGFydG5lcj0xMiZmb3JtYXQ9Z2lmJg&domid=1033
https://cm.g.doubleclick.net/pixel?google_nid=medr&google_cm&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9OCZjYXNjYWRlc0RvbmU9MiZpbml0aWF0aW5nUGFydG5lcj0xMiZmb3JtYXQ9Z2lmJg&action=GET_ID&opid=goo&etid=&domid...
https://cm.g.doubleclick.net/pixel?google_nid=medr&google_cm=&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9OCZjYXNjYWRlc0RvbmU9MiZpbml0aWF0aW5nUGFydG5lcj0xMiZmb3JtYXQ9Z2lmJg&action=GET_ID&opid=goo&etid=&domi...
https://cookie-matching.mediarithmics.com/input?key=GOO&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9OCZjYXNjYWRlc0RvbmU9MiZpbml0aWF0aW5nUGFydG5lcj0xMiZmb3JtYXQ9Z2lmJg&action=GET_ID&opid=goo&etid=&domid=1033...
https://ib.adnxs.com/getuid?https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=$UID&opid=apx&ops=&utidl=tech:goo:CAESEEeP2x24P7qCIcuzRKdm7PM&sd=Y2FzY2FkZXNSZW1haW5pbmc9OCZjYXNjYWRlc0Rv...
https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=1698764582419383091&opid=apx&ops=&utidl=tech:goo:CAESEEeP2x24P7qCIcuzRKdm7PM&sd=Y2FzY2FkZXNSZW1haW5pbmc9OCZjYXNjYWRlc0RvbmU9MiZpbml0a...
https://id5-sync.com/qp/18.gif?puid=vec%3A20125969931&sd=Y2FzY2FkZXNSZW1haW5pbmc9OCZjYXNjYWRlc0RvbmU9MiZpbml0aWF0aW5nUGFydG5lcj0xMiZmb3JtYXQ9Z2lmJg
https://sync.crwdcntrl.net/map/c=13953/tp=IDFI/gdpr=1/gdpr_consent=?https://id5-sync.com/c/12/19/7/3.gif?puid=${profile_id}&gdpr=1&gdpr_consent=
https://sync.crwdcntrl.net/map/ct=y/c=13953/tp=IDFI/gdpr=1/gdpr_consent=?https://id5-sync.com/c/12/19/7/3.gif?puid=${profile_id}&gdpr=1&gdpr_consent=
https://id5-sync.com/c/12/19/7/3.gif?puid=f83349cfb5fa54c0d7011040d3bf48d1&gdpr=1&gdpr_consent=
https://ads.creative-serving.com/id5_cm?callback=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F101%2F6%2F4.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D1%26gdpr_consent%3D
https://ads.creative-serving.com/ul_cb/id5_cm?callback=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F101%2F6%2F4.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D1%26gdpr_consent%3D
https://id5-sync.com/c/12/101/6/4.gif?puid=702358f1-b271-46b4-a756-666b6568e76d&gdpr=1&gdpr_consent=
https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F108%2F5%2F5.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D1%26gdpr_consent%3D&gdpr=1&gdpr_cons...
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F108%2F5%2F5.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D1%26gdpr_consent%3D&gdpr=1&gdp...
https://id5-sync.com/c/12/108/5/5.gif?puid=4f9804e6-1308-4ce4-b823-44c724a82a1d&gdpr=1&gdpr_consent=

43 B
1 KB

53ms
52ms

Image
image/gif

51.89.7.110
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/c/12/108/5/5.gif?puid=4f9804e6-1308-4ce4-b823-44c724a82a1d&gdpr=1&gdpr_consent=

Requested by

Host: media.mmo-spy.de
URL: https://media.mmo-spy.de/tags/728/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.7.110 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

p23.id5-sync.com

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 24 Aug 2021 11:24:12 GMT
Transfer-Encoding: chunked
Content-Type: image/gif;charset=UTF-8
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
P3P: CP="CAO PSA OUR"

Redirect headers

location: https://id5-sync.com/c/12/108/5/5.gif?puid=4f9804e6-1308-4ce4-b823-44c724a82a1d&gdpr=1&gdpr_consent=
date: Tue, 24 Aug 2021 11:24:13 GMT
via: 1.1 google
alt-svc: clear
content-length: 0
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2 200 rules-p-6Fv0cGNfc_bw8.js Show response
rules.quantcount.com/ Frame E2B7 1 KB
1 KB 41ms
11ms Script
application/javascript 2600:9000:2190:b800:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:b800:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 46d5273d735391f5c05f0fb82df9a363a290419c3aeea2d64dfc0d46de9a9681

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:18:44 GMT
content-encoding: gzip
age: 325
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
last-modified: Mon, 19 Mar 2018 22:28:36 GMT
server: AmazonS3
etag: W/"9a93052877e57b42aeefaab6e7ec5f90"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 a63182cf51dce7998774e112bf9ee7c6.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: aKPZAAJWpTpPYS7l8ifUoWB4J1PwR3kwlIzGs9lhZbpkwQGAM4MvWg==

GET
H3-29 200 banner300x250.png
worldstatistics.live/img/baner/ Frame 6674 52 KB
53 KB 30ms
12ms Image
image/png 2606:4700:3037::ac43:c79d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://worldstatistics.live/img/baner/banner300x250.png
Requested by: Host: worldstatistics.live
URL: https://worldstatistics.live/bn.php?size=300x250
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:c79d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: edd010405afcf7f11562b847e3295cd2d9d12bcc1c90a30ef6321a38ea4758fe

Request headers

Referer: https://worldstatistics.live/bn.php?size=300x250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 35406
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 53730
pragma: public
last-modified: Tue, 25 May 2021 10:24:41 GMT
server: cloudflare
etag: "60acd069-d1e2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NZsZZf56j1f8vUcRIgrsKpNVSMn67SGUXDuXnNr5HhyBM5cnizbn%2FP%2BYADVvPsjiazXzfvpWRqRW6occ5tCGZOPayqGdeWLk80RJzTGGkww8ZDyuIopK7k0GdGjEA2GF0Zw1u60Tqbenk%2BYuM3wkXpHgAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 683c36679c575c7a-FRA
expires: Thu, 23 Sep 2021 01:34:02 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame A68C 60 KB
61 KB 165ms
58ms Script
application/javascript 13.224.102.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=713569&wgcampaignid=1384975&js=1&nw=1&clickref=oneidGzXtBfpfkXRsKHeHGtBCpPDT2Tjtekmoneid__webplexmedia_advancedad_Desktop_728x90&viewref=oneidJ6zuzf5fK3YaBH6H7tptpPxTXTdtbJ2oneid__webplexmedia_advancedad_Desktop_728x90
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.102.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-88.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 056581eb31e79e98718114a4bd8c104cb64eec86bc5a996a28e61220f3aad189

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: zmpZOOhCPWgwSGI0KhEOhezEiMOIyjV9
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
last-modified: Wed, 28 Jul 2021 09:15:25 GMT
server: AmazonS3
age: 84257
etag: "a36c650003d82cecddad8f5c37f2cc75"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 23 Aug 2021 11:59:52 GMT
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 61522
x-amz-cf-id: uIz7qyls9MbPtMfyfX2-mNv8GjigJHVDcAYlG5noGjuIb1wjjcGZSA==

GET
H/1.1 200
OK hit Show response
diapi.webgains.com/2.0/ Frame A68C 79 B
374 B 2490ms
72ms Script
text/javascript 81.29.72.47
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://diapi.webgains.com/2.0/hit?callback=hitCallback&wgpayload=.8a44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6S_Lwka9PnCqxf7_OLgiPFMJhHFW_jftckkCoqAkCoq4ly_0x0uVMV0jftckcKyAd65hz74WySXvOxwawgCgIlNU.3Io3.Nzl998tp7ppfAaZ6m1CdC5MQjGejuTDRNziCvTDfWrOKjB8XagnSjPm8LKfAaZ4ySy.aPjftcktBttIVugwcAuyPBDjaY2ftckuyPBB2SCX0iakJ1irL39VxK.CRhk6Hb9LarUqUdHz16rgPtFFg4Jh5DtFMk.Nk4JlpDJ3tJ9Xvj9zJ4z2pxv5icCmVWN9e4WX3NlY5DtFMfs.0OM&wgcookie=%7B%22wgifp12607%22%3A%5B%221384975%22%2C%2212607%22%2C%22713569%22%2C%22%22%2C%221629804248%22%2C%22%22%2C%22%22%2C%22%22%2C%221785324248%22%2C%22oneidJ6zuzf5fK3YaBH6H7tptpPxTXTdtbJ2oneid__webplexmedia_advancedad_Desktop_728x90%22%5D%7D&wgchecksum=fad5e236d2cd76a6dd5cb7455551ee81&userIP=217.138.209.69&doAffectv=1&wgtime=1629804248
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=713569&wgcampaignid=1384975&js=1&nw=1&clickref=oneidGzXtBfpfkXRsKHeHGtBCpPDT2Tjtekmoneid__webplexmedia_advancedad_Desktop_728x90&viewref=oneidJ6zuzf5fK3YaBH6H7tptpPxTXTdtbJ2oneid__webplexmedia_advancedad_Desktop_728x90
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.29.72.47 Epsom, United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS
Software: Apache /
Resource Hash: 182f788d8b2820cea77393073d5b8d51ce47c66dfc75c74e9cd4a6ff2b4210f9

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 24 Aug 2021 11:24:10 GMT
Server: Apache
Connection: close
Content-Length: 79
Content-Type: text/javascript;charset=utf-8

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame A68C 85 KB
85 KB 2446ms
67ms Image
image/png 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=1384975&viewref=oneidAbRSYfqfK2PawCRH4tktMA2T7T4T2Yoneid__asuids1AmwUP5HxRgJC5jcdc3DWvKvX1jHcxQasuid__Stroeer_RON_mobile+300x250_2&wglinkid=713569
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=823%2C15579%2C24673&b=ZkVuwfBfEpSmHDHDt3tDrxCVTJtxej%2C391Fpf4fkY8T7HrHAtEt1E7f8TztAMp%2CJ6zuzf5fK3YaBH6H7tptpPxTXTdtbJ2&f=9EzTMfmfg9tKHBH2tzC16jtwTRtZmw%2CWwEUrfdf2z1FYH5HjtDC3eGtPTwtJm5%2CGzXtBfpfkXRsKHeHGtBCpPDT2Tjtekm&c=728&d=90&e=&g=b944040a502d41d81dfdf7c775a875a4%2F1983649081673598024&i=9719%2C26474%2C20430&j=16%2C41%2C21&k=0&l=0&m=0&n=&p=&q=&o=webplexmedia_advancedad_Desktop_728x90&r=1629804247794&y=0&z=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 272d25a3bc4e780b90797dc968a382dbccaa40157d7612ace2f59f2768a6bb86

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 24 Aug 2021 11:24:10 GMT
Last-Modified: Tue, 24 Aug 2021 11:24:10 GMT
Server: Apache
Transfer-Encoding: chunked
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/png
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 pixel;r=2133004930;labels=Categories.artsandentertainment;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Fmedia.mmo-spy.de%2Ftags%2F728%2Findex.html;ref=https%3A%2F%2Fmedia.mmo-spy.de%2F%3Fsess%3DRE3qWF3w...
pixel.quantserve.com/ Frame E2B7 35 B
372 B 17ms
12ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=2133004930;labels=Categories.artsandentertainment;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Fmedia.mmo-spy.de%2Ftags%2F728%2Findex.html;ref=https%3A%2F%2Fmedia.mmo-spy.de%2F%3Fsess%3DRE3qWF3wSA8H5N44%252BzJ6G8%252BStH7rQsX5bUkZE5iW5Rw%253D;uht=2;fpan=1;fpa=P0-1148887305-1629804248271;pbcn=u;pbc=;ns=1;ce=1;qjs=1;qv=eccc2c00-20210811224039;cm=;gdpr=0;d=media.mmo-spy.de;je=0;sr=1600x1200x24;dst=1;et=1629804248271;tzo=-120;ogl=

Requested by

Host: media.mmo-spy.de
URL: https://media.mmo-spy.de/tags/728/index.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Aug 2021 11:24:08 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 91FA
Redirect Chain

https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb53cd2fdab&...
https://mwzeom.zeotap.com/mw?adnxs_uid=6677973845052548649&zpartnerid=2&env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb53cd2fdab&uc=2&zdid=1258

95 B
164 B

35ms
28ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?adnxs_uid=6677973845052548649&zpartnerid=2&env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb53cd2fdab&uc=2&zdid=1258
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:08 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 683c36683a0f4e5c-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

Pragma: no-cache
Date: Tue, 24 Aug 2021 11:24:08 GMT
X-Proxy-Origin: 217.138.209.69; 217.138.209.69; 725.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 98960ee1-df1b-47e2-8325-a63256956abb
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://mwzeom.zeotap.com/mw?adnxs_uid=6677973845052548649&zpartnerid=2&env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb53cd2fdab&uc=2&zdid=1258
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 91FA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb53cd2fdab&uc=2&...
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb53cd2fdab&uc=2...
https://mwzeom.zeotap.com/mw?google_gid=CAESEEOKUuM6HT_g3MYOtBK9ycw&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb...

95 B
176 B

35ms
34ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESEEOKUuM6HT_g3MYOtBK9ycw&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb53cd2fdab&uc=2&zdid=1258
Requested by: Host: media.mmo-spy.de
URL: https://media.mmo-spy.de/tags/728/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:09 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 683c366e9ee04e5c-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Tue, 24 Aug 2021 11:24:09 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://mwzeom.zeotap.com/mw?google_gid=CAESEEOKUuM6HT_g3MYOtBK9ycw&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb53cd2fdab&uc=2&zdid=1258
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 450
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 91FA
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26id_mid_4%3D7e3cf5ca-60e7-4985-698d-f80042cec84c%26reqId%3Db382979a-760e-4575-48f0-adb53c...
https://match.adsrvr.org/track/cmb/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26id_mid_4%3D7e3cf5ca-60e7-4985-698d-f80042cec84c%26reqId%3Db382979a-760e-4575-48f0-adb53c...
https://mwzeom.zeotap.com/mw?cid=82139bcc-390f-44bb-8273-51e1905df345&zpartnerid=6&env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb53cd2fdab&uc...

95 B
153 B

28ms
27ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=82139bcc-390f-44bb-8273-51e1905df345&zpartnerid=6&env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb53cd2fdab&uc=2&zdid=1258
Requested by: Host: media.mmo-spy.de
URL: https://media.mmo-spy.de/tags/728/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:09 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 683c366effbb4e5c-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Tue, 24 Aug 2021 11:24:09 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://mwzeom.zeotap.com/mw?cid=82139bcc-390f-44bb-8273-51e1905df345&zpartnerid=6&env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb53cd2fdab&uc=2&zdid=1258
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 449

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 91FA
Redirect Chain

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=7e3cf5ca-60e7-4985-698d-f80042cec84c&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=7e3cf5ca-60e7-4985-698d-f80042cec84c&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
https://mwzeom.zeotap.com/mw?cid=49816140519648987451379899569076068482&zpartnerid=314&env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb53cd2fda...

95 B
233 B

40ms
40ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=49816140519648987451379899569076068482&zpartnerid=314&env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb53cd2fdab&uc=2&zdid=1258
Requested by: Host: media.mmo-spy.de
URL: https://media.mmo-spy.de/tags/728/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:08 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 683c3669ddc94e5c-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

DCS: dcs-prod-irl1-2-v014-091182b86.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: R++N8i4BQoI=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://mwzeom.zeotap.com/mw?cid=49816140519648987451379899569076068482&zpartnerid=314&env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb53cd2fdab&uc=2&zdid=1258
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 91FA
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb53cd2fdab&uc=2&zdid=1258
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1258&cid=HI0y5K%2BpxWV%2BkpG6xjuuwWXvkBY7x3By%2BS41iYitP1U%3D

95 B
153 B

31ms
30ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1258&cid=HI0y5K%2BpxWV%2BkpG6xjuuwWXvkBY7x3By%2BS41iYitP1U%3D
Requested by: Host: media.mmo-spy.de
URL: https://media.mmo-spy.de/tags/728/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:09 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 683c36722de54e5c-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Tue, 24 Aug 2021 11:24:09 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1258&cid=HI0y5K%2BpxWV%2BkpG6xjuuwWXvkBY7x3By%2BS41iYitP1U%3D
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 91FA
Redirect Chain

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26id_mid_4%3D7e3cf5c...
https://mwzeom.zeotap.com/mw?cid=22206124-d6d8-4a00-b49c-41fe6b60d577&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb5...

95 B
256 B

32ms
31ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=22206124-d6d8-4a00-b49c-41fe6b60d577&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb53cd2fdab&uc=2&zdid=1258
Requested by: Host: media.mmo-spy.de
URL: https://media.mmo-spy.de/tags/728/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:11 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 683c3678a9fd4e5c-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

Date: Tue, 24 Aug 2021 11:24:10 GMT
Server: MT3 3865 cc0e612 master cdg-pixel-x6
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://mwzeom.zeotap.com/mw?cid=22206124-d6d8-4a00-b49c-41fe6b60d577&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb53cd2fdab&uc=2&zdid=1258
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 0
Expires: Tue, 24 Aug 2021 11:26:54 GMT

GET
H2 200 cmp.min.js Show response
spl.zeotap.com/ Frame 91FA 541 B
474 B 38ms
36ms Script
text/plain 2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb53cd2fdab&uc=2&zdid=1258
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9fc154002f5e5ce17caf51d156d1f36a29cee89570dd52f4b531d82919b3dd6b

Request headers

Referer: https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

cf-ray: 683c3667b9144e5c-FRA
date: Tue, 24 Aug 2021 11:24:08 GMT
via: 1.1 google
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
content-encoding: br
access-control-allow-headers: *

GET
H2 204 cmp
spl.zeotap.com/ Frame 91FA 0
0 31ms
30ms Document
text/plain 2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb53cd2fdab&uc=2&zdid=1258&cmp=0
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb53cd2fdab&uc=2&zdid=1258
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: spl.zeotap.com
:scheme: https
:path: /cmp?env=mWeb&eventType=map&id_mid_4=7e3cf5ca-60e7-4985-698d-f80042cec84c&reqId=b382979a-760e-4575-48f0-adb53cd2fdab&uc=2&zdid=1258&cmp=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: zc=7e3cf5ca-60e7-4985-698d-f80042cec84c; zsc=g%E5%B1%D3%8B%FB%02%FC%94%1E%A5V%FC%E8%F1%03%8E%E5%14%D3Q%60%81%FC%17Ta%88%A3E%08%A7%8Av%C7%7D%21%97%E1%1Bo%08Y%C8%C7-GS6%C1%1E%0E%90%B3%01%B1%99%D7%8E%D2%C6%5B%AF%9C%87F%28%F5%0A%5B%C6Rf%E8%8F%EB%C6%27%E5%C6%D4%BC%EF%C2P%DEW%BA%82%90v~%8E%0C%F4%21i%25%B5%5C%DB%E1t%04%95
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map

Response headers

date: Tue, 24 Aug 2021 11:24:08 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://spl.zeotap.com
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 683c36683a094e5c-FRA

GET
H2

200

img
ih.adscale.de/sium/fff925104c08456a99f9b16528b18669/1629804247475/0/ Frame 309D
Redirect Chain

https://track.adform.net/serving/cookie/match/?party=9&uid=3537cbb14c423650acdffd1a218c2ea03414a1eee1025f3a94290fdc95bc068d&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Ffff925104c08456a99f9b1...
https://track.adform.net/serving/cookie/match/?CC=1&party=9&uid=3537cbb14c423650acdffd1a218c2ea03414a1eee1025f3a94290fdc95bc068d&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Ffff925104c08456a9...
https://ih.adscale.de/sium/fff925104c08456a99f9b16528b18669/1629804247475/0/img?tpid=42&tpuid=4999568035551378382

49 B
516 B

54ms
54ms

Image
image/gif

54.93.80.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/fff925104c08456a99f9b16528b18669/1629804247475/0/img?tpid=42&tpuid=4999568035551378382
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.80.4 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-80-4.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:08 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 24 Aug 2021 11:24:08 GMT
server: nginx
location: https://ih.adscale.de/sium/fff925104c08456a99f9b16528b18669/1629804247475/0/img?tpid=42&tpuid=4999568035551378382
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1 200
OK fp_decode.html Show response
track.webgains.com/ Frame A68C 63 B
270 B 772ms
75ms Fetch
application/json 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/fp_decode.html?wgpayload=s0a44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6S_Lwka9PnCqxf7_OLgiPFMJhHFW_jftckkCoqAkCoq4ly_0x0uVMV0jftckcKyAd65hz74WySXvOxwawgCgIlNU.3Io3.Nzl998tp7ppfAaZ6m1CdC5MQjGejuTDRNziCvTDfWrOKjB8XagnSjPm8LKfAaZ4ySy.aPjftcktBttIVugwcAuyPBDjaY2ftckuyPBB2SCX0iakJ1irL39VxFavMAR0odm_dhrxbuJjkWxv5iJ3A0KAGYiLy.25.eaDdmVb9WJMStMuVjsTjjNpp0iJ3A0KFgBFY5BNlr91xU..E9b
Requested by: Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 0b31bf63cfe33911b803b85996a8e5fd6f161b63f107531b74f6427488efa6e0

Request headers

Accept: application/json
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 24 Aug 2021 11:24:09 GMT
Server: Apache
Connection: close
Keep-Alive: timeout=1, max=100
Content-Length: 63
Content-Type: application/json

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame 309D
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&u...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=d5102dad-9ae1-4b19-954c-09d182a08829

49 B
609 B

53ms
53ms

Image
image/gif

54.93.80.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=d5102dad-9ae1-4b19-954c-09d182a08829
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.80.4 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-80-4.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:08 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
x-errorlevel: 0
server: Microsoft-IIS/10.0
date: Tue, 24 Aug 2021 11:24:08 GMT
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=d5102dad-9ae1-4b19-954c-09d182a08829
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3861
content-type: text/html; charset=utf-8
content-length: 237
expires: Tue, 24 Aug 2021 00:00:00 GMT

GET
H/1.1 200
OK fire.js Show response
s.cpx.to/ Frame E2B7 1 KB
2 KB 268ms
66ms Script
application/javascript 54.77.182.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.cpx.to/fire.js?pid=12763&ref=https%3A%2F%2Fmedia.mmo-spy.de%2F%3Fsess%3DRE3qWF3wSA8H5N44%252BzJ6G8%252BStH7rQsX5bUkZE5iW5Rw%253D&hn_ver=18&fid=483fb3b3-21d5-4bbc-a4c0-226d7e72dcd0

Requested by

Host: p.cpx.to
URL: https://p.cpx.to/p/12763/px.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.77.182.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

470b48cd106b7c5b722aa6f29c9bdcc8f4f23cc9abb682bb7b5396e68952d193

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Tue, 24 Aug 2021 11:24:08 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript; charset=UTF-8
Content-Length: 1074
Expires: Wed, 18 Aug 2021 17:09:57 GMT

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame 309D
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=db14411ed26fda7622285781...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=06c76124-d6d8-4e00-ad7b-2714bf0e6a3e

49 B
559 B

50ms
50ms

Image
image/gif

54.93.80.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=06c76124-d6d8-4e00-ad7b-2714bf0e6a3e
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.80.4 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-80-4.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:08 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

Date: Tue, 24 Aug 2021 11:24:05 GMT
Server: MT3 3865 cc0e612 master cdg-pixel-x30
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=06c76124-d6d8-4e00-ad7b-2714bf0e6a3e
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 24 Aug 2021 11:24:04 GMT

GET
H2

200

img
ih.adscale.de/sium/fff925104c08456a99f9b16528b18669/1629804247475/0/ Frame 309D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_sc&uid=6838af9b2455ce4000dd3fb758122b95f4f2dade3e2df26921dcafce19f90489&tpid=38&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Ffff...
https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm=&google_sc=&uid=6838af9b2455ce4000dd3fb758122b95f4f2dade3e2df26921dcafce19f90489&tpid=38&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Ff...
https://ih.adscale.de/sium/fff925104c08456a99f9b16528b18669/1629804247475/0/img?uid=6838af9b2455ce4000dd3fb758122b95f4f2dade3e2df26921dcafce19f90489&tpid=38&tpuid=CAESEAvgMukeerVkeXn_ZlB6cm4&google...

49 B
577 B

50ms
50ms

Image
image/gif

54.93.80.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/fff925104c08456a99f9b16528b18669/1629804247475/0/img?uid=6838af9b2455ce4000dd3fb758122b95f4f2dade3e2df26921dcafce19f90489&tpid=38&tpuid=CAESEAvgMukeerVkeXn_ZlB6cm4&google_cver=1
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.80.4 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-80-4.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 11:24:09 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 24 Aug 2021 11:24:09 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ih.adscale.de/sium/fff925104c08456a99f9b16528b18669/1629804247475/0/img?uid=6838af9b2455ce4000dd3fb758122b95f4f2dade3e2df26921dcafce19f90489&tpid=38&tpuid=CAESEAvgMukeerVkeXn_ZlB6cm4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 413
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.0.0/ Frame E2B7 84 KB
30 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js

Requested by

Host: d2zur9cc2gf1tx.cloudfront.net
URL: https://d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 08:04:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 530403
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30186
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Aug 2022 08:04:05 GMT

GET
H/1.1 200
OK notifyme.php Show response
adtrack.adleadevent.com/ Frame E2B7 0
527 B 293ms
70ms XHR
application/x-javascript 176.34.121.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adtrack.adleadevent.com/notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 176.34.121.94 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-176-34-121-94.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 24 Aug 2021 11:24:09 GMT
Content-Encoding: gzip
Last-Modified: Tue, 24 Aug 2021 11:24:09 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: https://media.mmo-spy.de
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

sync
s.cpx.to/ Frame E2B7
Redirect Chain

https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D483fb3b3-21d5-4bbc-a4c0-226d7e72dcd0
https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D483fb3b3-21d5-4bbc-a4c0-226d7e72dcd0
https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=25A00450-CDD4-4003-B459-DA0CF8B2541B&fid=483fb3b3-21d5-4bbc-a4c0-226d7e72dcd0

95 B
881 B

172ms
66ms

Image
image/png

54.77.182.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=25A00450-CDD4-4003-B459-DA0CF8B2541B&fid=483fb3b3-21d5-4bbc-a4c0-226d7e72dcd0

Requested by

Host: media.mmo-spy.de
URL: https://media.mmo-spy.de/tags/728/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.77.182.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Tue, 24 Aug 2021 11:24:09 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Tue, 24 Aug 2021 11:24:09 GMT

Redirect headers

location: https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=25A00450-CDD4-4003-B459-DA0CF8B2541B&fid=483fb3b3-21d5-4bbc-a4c0-226d7e72dcd0
date: Tue, 24 Aug 2021 11:24:09 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1 204
No Content token
token.rubiconproject.com/ Frame E2B7 0
214 B 294ms
49ms Image
text/plain 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/token?pid=34010&puid=516d5037eb03a7ca&gdpr=0
Requested by: Host: media.mmo-spy.de
URL: https://media.mmo-spy.de/tags/728/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

an_fire
s.cpx.to/ Frame E2B7
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12763%26ref%3Dhttps%253A%252F%252Fmedia.mmo-spy.de%252F%253Fsess%253DRE3qWF3wSA8H5N44%25252BzJ6G8%2...
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12763%2526ref%253Dhttps%25253A%25252F%25252Fmedia.mmo-spy.de%25252F%2...
https://s.cpx.to/an_fire?app_nexus_uid=8583222021959459149&pid=12763&ref=https%3A%2F%2Fmedia.mmo-spy.de%2F%3Fsess%3DRE3qWF3wSA8H5N44%252BzJ6G8%252BStH7rQsX5bUkZE5iW5Rw%253D&hn_ver=18&fid=483fb3b3-2...

95 B
865 B

86ms
65ms

Image
image/png

54.77.182.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/an_fire?app_nexus_uid=8583222021959459149&pid=12763&ref=https%3A%2F%2Fmedia.mmo-spy.de%2F%3Fsess%3DRE3qWF3wSA8H5N44%252BzJ6G8%252BStH7rQsX5bUkZE5iW5Rw%253D&hn_ver=18&fid=483fb3b3-21d5-4bbc-a4c0-226d7e72dcd0

Requested by

Host: media.mmo-spy.de
URL: https://media.mmo-spy.de/tags/728/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.77.182.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Tue, 24 Aug 2021 11:24:09 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Tue, 24 Aug 2021 11:24:09 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 24 Aug 2021 11:24:09 GMT
X-Proxy-Origin: 217.138.209.69; 217.138.209.69; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: ca523a3e-8d5e-4b37-aa0e-d093662b8b19
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://s.cpx.to/an_fire?app_nexus_uid=8583222021959459149&pid=12763&ref=https%3A%2F%2Fmedia.mmo-spy.de%2F%3Fsess%3DRE3qWF3wSA8H5N44%252BzJ6G8%252BStH7rQsX5bUkZE5iW5Rw%253D&hn_ver=18&fid=483fb3b3-21d5-4bbc-a4c0-226d7e72dcd0
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

getuid
sync.smartadserver.com/ Frame E2B7
Redirect Chain

https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3D483fb3b3-21d5-4bbc-a4c0-226d7e72dcd0&gdpr=0
https://sync.smartadserver.com/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=483fb3b3-21d5-4bbc-a4c0-226d7e72dcd0&gdpr=0&cklb=1

0
434 B

61ms
60ms

Image
text/plain

185.86.138.143
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.smartadserver.com/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=483fb3b3-21d5-4bbc-a4c0-226d7e72dcd0&gdpr=0&cklb=1
Requested by: Host: media.mmo-spy.de
URL: https://media.mmo-spy.de/tags/728/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.143 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Aug 2021 11:24:09 GMT
cache-control: no-cache,no-store
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

location: https://sync.smartadserver.com:443/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=483fb3b3-21d5-4bbc-a4c0-226d7e72dcd0&gdpr=0&cklb=1
pragma: no-cache
date: Tue, 24 Aug 2021 11:24:10 GMT
cache-control: no-cache,no-store
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H/1.1

200
OK

ca.png
s.cpx.to/ Frame E2B7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=483fb3b3-21d5-4bbc-a4c0-226d7e72dcd0
https://s.cpx.to/ca.png?dsp=dbm&fid=483fb3b3-21d5-4bbc-a4c0-226d7e72dcd0&google_gid=CAESEBVJOa8vVY90BppYWppiQCU&google_cver=1

95 B
804 B

66ms
65ms

Image
image/png

54.77.182.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/ca.png?dsp=dbm&fid=483fb3b3-21d5-4bbc-a4c0-226d7e72dcd0&google_gid=CAESEBVJOa8vVY90BppYWppiQCU&google_cver=1

Requested by

Host: media.mmo-spy.de
URL: https://media.mmo-spy.de/tags/728/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.77.182.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://media.mmo-spy.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Tue, 24 Aug 2021 11:24:09 GMT
X-Frame-Options: sameorigin
Content-Type: image/png
Cache-Control: no-store, must-revalidate, private, max-age=0
Connection: keep-alive
Content-Length: 95

Redirect headers

pragma: no-cache
date: Tue, 24 Aug 2021 11:24:09 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://s.cpx.to/ca.png?dsp=dbm&fid=483fb3b3-21d5-4bbc-a4c0-226d7e72dcd0&google_gid=CAESEBVJOa8vVY90BppYWppiQCU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

sync
s.cpx.to/ Frame E2B7
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=0fkciot&ttd_tpi=1
https://s.cpx.to/sync?dsp_uid=82139bcc-390f-44bb-8273-51e1905df345&dsp=TTD

95 B
876 B

129ms
65ms

Image
image/png

54.77.182.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/sync?dsp_uid=82139bcc-390f-44bb-8273-51e1905df345&dsp=TTD

Requested by

Host: media.mmo-spy.de
URL: https://media.mmo-spy.de/tags/728/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.77.182.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS