banten.hallo.id Open in urlscan Pro
13.224.214.72 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/a3sv0Pk4RW
Effective URL:
https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Submission: On July 06 via manual (July 6th 2022, 8:47:57 am UTC) from CA — Scanned from CA

Summary HTTP 546 Redirects Links 33 Behaviour Indicators

Summary

This website contacted 88 IPs in 12 countries across 121 domains to perform 546 HTTP transactions. The main IP is 13.224.214.72, located in United States and belongs to AMAZON-02, US. The main domain is banten.hallo.id.
TLS certificate: Issued by Amazon on July 17th 2021. Valid for: a year.

This is the only time banten.hallo.id was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1	13.224.214.72 13.224.214.72	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:400... 2607:f8b0:4006:809::200a	15169 (GOOGLE) (GOOGLE)
35	13.224.214.83 13.224.214.83	16509 (AMAZON-02) (AMAZON-02)
1	2a02:6ea0:d13... 2a02:6ea0:d137::1	60068 (CDN77 ^_^) (CDN77 ^_^)
11	2607:f8b0:400... 2607:f8b0:4006:809::2002	15169 (GOOGLE) (GOOGLE)
70	2607:f8b0:400... 2607:f8b0:4006:820::2002	15169 (GOOGLE) (GOOGLE)
1	139.99.126.163 139.99.126.163	16276 (OVH) (OVH)
49	104.19.136.78 104.19.136.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:1400:d:5... 2600:1400:d:58c::7ca	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2607:f8b0:400... 2607:f8b0:4006:80e::2003	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:80b::2008	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:80c::2003	15169 (GOOGLE) (GOOGLE)
3	119.63.193.220 119.63.193.220	38627 (BAIDUJP B...) (BAIDUJP Baidu)
28	142.251.35.162 142.251.35.162	15169 (GOOGLE) (GOOGLE)
26	2607:f8b0:400... 2607:f8b0:4006:81d::2002	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:80d::200e	15169 (GOOGLE) (GOOGLE)
1	13.224.214.11 13.224.214.11	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:400... 2607:f8b0:4006:824::2002	15169 (GOOGLE) (GOOGLE)
11	2607:f8b0:400... 2607:f8b0:4006:822::2001	15169 (GOOGLE) (GOOGLE)
1	13.224.214.22 13.224.214.22	16509 (AMAZON-02) (AMAZON-02)
1	34.216.244.244 34.216.244.244	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4004:c09::9b	15169 (GOOGLE) (GOOGLE)
37	2607:f8b0:400... 2607:f8b0:4006:81c::2001	15169 (GOOGLE) (GOOGLE)
1	139.99.126.164 139.99.126.164	16276 (OVH) (OVH)
1	119.63.197.150 119.63.197.150	38627 (BAIDUJP B...) (BAIDUJP Baidu)
5	119.63.198.143 119.63.198.143	38627 (BAIDUJP B...) (BAIDUJP Baidu)
11	104.19.133.78 104.19.133.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2607:f8b0:400... 2607:f8b0:4006:809::2004	15169 (GOOGLE) (GOOGLE)
6	2a06:8640:683... 2a06:8640:683:0:ae1f:6bff:fec1:b062	55081 (24SHELLS) (24SHELLS)
3 3	34.193.2.214 34.193.2.214	14618 (AMAZON-AES) (AMAZON-AES)
11 12	8.28.7.82 8.28.7.82	62713 (AS-PUBMATIC) (AS-PUBMATIC)
14 19	142.250.80.98 142.250.80.98	15169 (GOOGLE) (GOOGLE)
9 34	8.28.7.83 8.28.7.83	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 4	104.36.115.114 104.36.115.114	62713 (AS-PUBMATIC) (AS-PUBMATIC)
7 12	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
14 14	35.211.178.172 35.211.178.172	19527 (GOOGLE-2) (GOOGLE-2)
1	35.169.213.151 35.169.213.151	14618 (AMAZON-AES) (AMAZON-AES)
2 2	109.206.161.21 109.206.161.21	50245 (SERVEREL-AS) (SERVEREL-AS)
2 2	199.187.193.197 199.187.193.197	47043 (SMARTADSE...) (SMARTADSERVER)
4 4	35.212.212.222 35.212.212.222	15169 (GOOGLE) (GOOGLE)
10 10	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
7 14	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
2 2	107.178.254.65 107.178.254.65	15169 (GOOGLE) (GOOGLE)
1 1	34.98.67.3 34.98.67.3	15169 (GOOGLE) (GOOGLE)
2 2	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
2 2	35.207.24.140 35.207.24.140	15169 (GOOGLE) (GOOGLE)
1	104.16.199.73 104.16.199.73	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a06:8640:471... 2a06:8640:471:0:ec4:7aff:fe7e:dd90	55081 (24SHELLS) (24SHELLS)
2 2	2606:4700::68... 2606:4700::6813:ac6c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6 28	23.227.139.243 23.227.139.243	55081 (24SHELLS) (24SHELLS)
6	23.52.161.180 23.52.161.180	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	67.202.105.31 67.202.105.31	32748 (STEADFAST) (STEADFAST)
3	67.202.105.32 67.202.105.32	32748 (STEADFAST) (STEADFAST)
8	51.222.39.187 51.222.39.187	16276 (OVH) (OVH)
1 11	172.98.26.125 172.98.26.125	399668 (E-PLANNING-) (E-PLANNING-)
14 14	68.67.181.202 68.67.181.202	29990 (ASN-APPNEX) (ASN-APPNEX)
3 3	63.251.86.51 63.251.86.51	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
3 3	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
1 1	51.83.220.94 51.83.220.94	16276 (OVH) (OVH)
3	2a02:6ea0:c40... 2a02:6ea0:c400::11	60068 (CDN77 ^_^) (CDN77 ^_^)
3 3	23.211.130.59 23.211.130.59	16625 (AKAMAI-AS) (AKAMAI-AS)
6	23.73.244.44 23.73.244.44	16625 (AKAMAI-AS) (AKAMAI-AS)
3	8.28.7.81 8.28.7.81	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	207.198.113.230 207.198.113.230	13768 (COGECO-PEER1) (COGECO-PEER1)
3 3	52.0.156.250 52.0.156.250	14618 (AMAZON-AES) (AMAZON-AES)
2 2	107.178.246.49 107.178.246.49	15169 (GOOGLE) (GOOGLE)
9 10	199.127.204.142 199.127.204.142	26120 (RHYTHMONE) (RHYTHMONE)
2 6	18.205.54.230 18.205.54.230	14618 (AMAZON-AES) (AMAZON-AES)
2	172.98.26.121 172.98.26.121	399668 (E-PLANNING-) (E-PLANNING-)
1 1	69.166.1.10 69.166.1.10	27630 (AS-XFERNET) (AS-XFERNET)
2 2	54.234.88.163 54.234.88.163	14618 (AMAZON-AES) (AMAZON-AES)
1	205.234.175.175 205.234.175.175	23352 (SERVERCEN...) (SERVERCENTRAL)
1	2606:4700:10:... 2606:4700:10::ac43:db6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14 14	67.202.105.23 67.202.105.23	32748 (STEADFAST) (STEADFAST)
14	34.117.239.71 34.117.239.71	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5 5	74.121.140.14 74.121.140.14	30419 (MEDIAMATH...) (MEDIAMATH-INC)
6 8	54.175.87.114 54.175.87.114	14618 (AMAZON-AES) (AMAZON-AES)
6 6	2606:ae80:145... 2606:ae80:1450:16::2010	26762 (CNVR-US-EAST) (CNVR-US-EAST)
1	119.63.198.188 119.63.198.188	38627 (BAIDUJP B...) (BAIDUJP Baidu)
3 4	185.167.164.39 185.167.164.39	198622 (ADFORM) (ADFORM)
4 4	151.101.130.49 151.101.130.49	54113 (FASTLY) (FASTLY)
6 6	3.224.19.68 3.224.19.68	14618 (AMAZON-AES) (AMAZON-AES)
1 1	198.148.27.140 198.148.27.140	19189 (PULSEPOINT) (PULSEPOINT)
2 2	132.226.63.138 132.226.63.138	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
5 17	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
3 3	108.168.159.145 108.168.159.145	36351 (SOFTLAYER) (SOFTLAYER)
4 4	2620:112:f002... 2620:112:f002:bbbb::21	6336 (TURN-US-ASN) (TURN-US-ASN)
1 4	2600:1f18:4e9... 2600:1f18:4e9:5a05:2903:4db6:5aa9:2a2	14618 (AMAZON-AES) (AMAZON-AES)
1	34.197.2.134 34.197.2.134	14618 (AMAZON-AES) (AMAZON-AES)
3	13.224.214.92 13.224.214.92	16509 (AMAZON-02) (AMAZON-02)
9	2606:4700:10:... 2606:4700:10::6816:2560	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	8.43.72.97 8.43.72.97	26667 (RUBICONPR...) (RUBICONPROJECT)
2 6	209.54.180.144 209.54.180.144	16509 (AMAZON-02) (AMAZON-02)
1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	23.52.167.93 23.52.167.93	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	34.201.85.55 34.201.85.55	14618 (AMAZON-AES) (AMAZON-AES)
2 2	141.95.98.71 141.95.98.71	16276 (OVH) (OVH)
1 1	2600:9000:20e... 2600:9000:20ed:ea00:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
2 2	96.46.183.20 96.46.183.20	7979 (SERVERS-COM) (SERVERS-COM)
1	51.158.28.82 51.158.28.82	12876 (Online SAS) (Online SAS)
3 10	104.18.19.126 104.18.19.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	3.209.55.159 3.209.55.159	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700:20:... 2606:4700:20::ac43:4a81	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	35.211.141.197 35.211.141.197	19527 (GOOGLE-2) (GOOGLE-2)
14 14	82.145.213.8 82.145.213.8	39832 (NO-OPERA) (NO-OPERA)
3 3	192.96.200.41 192.96.200.41	30633 (LEASEWEB-...) (LEASEWEB-USA-WDC)
2 2	141.226.224.48 141.226.224.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1 1	8.2.110.206 8.2.110.206	46636 (NATCOWEB) (NATCOWEB)
4 4	2a02:6b8::90 2a02:6b8::90	208722 (GLOBAL_DC) (GLOBAL_DC)
2 2	3.94.241.28 3.94.241.28	14618 (AMAZON-AES) (AMAZON-AES)
9 11	13.224.214.95 13.224.214.95	16509 (AMAZON-02) (AMAZON-02)
2 2	192.35.249.120 192.35.249.120	11742 (SPOTX-IAD) (SPOTX-IAD)
2 2	2620:116:800b... 2620:116:800b:21:b08a:1dc5:659b:4055	14618 (AMAZON-AES) (AMAZON-AES)
2 2	52.223.22.214 52.223.22.214	16509 (AMAZON-02) (AMAZON-02)
3 3	207.198.113.93 207.198.113.93	13768 (COGECO-PEER1) (COGECO-PEER1)
2 4	23.217.56.119 23.217.56.119	16625 (AKAMAI-AS) (AKAMAI-AS)
3 8	52.73.102.235 52.73.102.235	14618 (AMAZON-AES) (AMAZON-AES)
1 3	169.197.150.8 169.197.150.8	398989 (DEEPINTENT) (DEEPINTENT)
2 2	192.132.33.46 192.132.33.46	18568 (BIDTELLECT) (BIDTELLECT)
1 2	3.234.8.37 3.234.8.37	14618 (AMAZON-AES) (AMAZON-AES)
3 3	37.157.4.39 37.157.4.39	198622 (ADFORM) (ADFORM)
2	52.1.175.157 52.1.175.157	14618 (AMAZON-AES) (AMAZON-AES)
1	104.16.112.154 104.16.112.154	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.205.48.68 52.205.48.68	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2620:112:f002... 2620:112:f002:bbbb::23	6336 (TURN-US-ASN) (TURN-US-ASN)
2	8.28.7.84 8.28.7.84	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	74.119.119.150 74.119.119.150	19750 (AS-CRITEO) (AS-CRITEO)
2 2	173.231.178.85 173.231.178.85	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1 1	23.23.94.10 23.23.94.10	14618 (AMAZON-AES) (AMAZON-AES)
2 2	54.198.132.111 54.198.132.111	14618 (AMAZON-AES) (AMAZON-AES)
1 2	3.215.99.170 3.215.99.170	14618 (AMAZON-AES) (AMAZON-AES)
1 1	69.90.254.78 69.90.254.78	13768 (COGECO-PEER1) (COGECO-PEER1)
2 2	75.101.196.240 75.101.196.240	14618 (AMAZON-AES) (AMAZON-AES)
1 2	2606:4700:440... 2606:4700:4400::ac40:98f5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	23.217.18.198 23.217.18.198	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	2a04:4e42::300 2a04:4e42::300	54113 (FASTLY) (FASTLY)
1	151.101.1.44 151.101.1.44	54113 (FASTLY) (FASTLY)
1 1	172.104.64.149 172.104.64.149	63949 (LINODE-AP...) (LINODE-AP Linode)
1	162.55.120.196 162.55.120.196	24940 (HETZNER-AS) (HETZNER-AS)
1	195.5.165.20 195.5.165.20	44968 (IPROM-AS) (IPROM-AS)
1 1	104.45.178.220 104.45.178.220	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3 3	38.27.122.158 38.27.122.158	174 (COGENT-174) (COGENT-174)
5 5	146.59.148.16 146.59.148.16	16276 (OVH) (OVH)
2 2	35.201.96.126 35.201.96.126	15169 (GOOGLE) (GOOGLE)
1	162.248.18.10 162.248.18.10	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	50.57.31.206 50.57.31.206	19994 (RACKSPACE) (RACKSPACE)
1	13.224.214.59 13.224.214.59	16509 (AMAZON-02) (AMAZON-02)
2 2	44.201.217.92 44.201.217.92	14618 (AMAZON-AES) (AMAZON-AES)
1 2	204.2.255.233 204.2.255.233	2914 (NTT-LTD-2914) (NTT-LTD-2914)
1 1	45.35.192.162 45.35.192.162	40676 (AS40676) (AS40676)
1 1	34.102.253.54 34.102.253.54	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	178.62.202.251 178.62.202.251	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	23.22.176.202 23.22.176.202	14618 (AMAZON-AES) (AMAZON-AES)
1 2	52.2.65.122 52.2.65.122	14618 (AMAZON-AES) (AMAZON-AES)
546	88

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.214.72 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-214-72.phl50.r.cloudfront.net

banten.hallo.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:809::200a (New York, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 13.224.214.83 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-214-83.phl50.r.cloudfront.net

assets.promediateknologi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:d137::1 (Singapore, Singapore)

ASN60068 (CDN77 ^_^, GB)

propsid.b-cdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2607:f8b0:4006:809::2002 (New York, United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

70 2607:f8b0:4006:820::2002 (New York, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.99.126.163 (Singapore, Singapore)

ASN16276 (OVH, FR)
PTR: tinong247.vn

click.advertnative.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

49 104.19.136.78 (None, )

ASN13335 (CLOUDFLARENET, US)

jsc.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
servicer.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1400:d:58c::7ca (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

js.rfp.fout.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80e::2003 (New York, United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80b::2008 (New York, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80c::2003 (New York, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 119.63.193.220 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)

api.popin.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 142.251.35.162 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s78-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2607:f8b0:4006:81d::2002 (New York, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:80d::200e (New York, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.214.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-214-11.phl50.r.cloudfront.net

certify-js.alexametrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:824::2002 (New York, United States)

ASN15169 (GOOGLE, US)

adservice.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2607:f8b0:4006:822::2001 (New York, United States)

ASN15169 (GOOGLE, US)

33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.214.22 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-214-22.phl50.r.cloudfront.net

certify.alexametrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.216.244.244 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-216-244-244.us-west-2.compute.amazonaws.com

redirect.prod.experiment.routing.cloudfront.aws.a2z.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c09::9b (Ashburn, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 2607:f8b0:4006:81c::2001 (New York, United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.99.126.164 (Singapore, Singapore)

ASN16276 (OVH, FR)
PTR: ip164.ip-139-99-126.net

advertnative.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 119.63.197.150 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)

id.popin.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 119.63.198.143 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)

log.popin.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 104.19.133.78 (None, )

ASN13335 (CLOUDFLARENET, US)

s-img.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2607:f8b0:4006:809::2004 (New York, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a06:8640:683:0:ae1f:6bff:fec1:b062 (Piscataway, United States)

ASN55081 (24SHELLS, US)

s.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.193.2.214 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-193-2-214.compute-1.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 8.28.7.82 (United States) 11 redirects

ASN62713 (AS-PUBMATIC, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 142.250.80.98 (United States) 14 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s36-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 8.28.7.83 (United States) 9 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.36.115.114 (United States) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 69.173.151.100 (United States) 7 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 35.211.178.172 (North Charleston, United States) 14 redirects

ASN19527 (GOOGLE-2, US)
PTR: 172.178.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.169.213.151 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-169-213-151.compute-1.amazonaws.com

jadserve.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 109.206.161.21 (Netherlands) 2 redirects

ASN50245 (SERVEREL-AS, NL)
PTR: 109.206.161.21.serverel.net

sync.e-volution.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.187.193.197 (Canada) 2 redirects

ASN47043 (SMARTADSERVER, CA)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.212.212.222 (The Dalles, United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: 222.212.212.35.bc.googleusercontent.com

rtb-usw.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 35.71.131.137 (United States) 10 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 35.190.60.146 (Kansas City, United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.254.65 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 65.254.178.107.bc.googleusercontent.com

pippio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.3 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 3.67.98.34.bc.googleusercontent.com

tags.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.90 (Amsterdam, Netherlands) 2 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.207.24.140 (North Charleston, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 140.24.207.35.bc.googleusercontent.com

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.199.73 (None, )

ASN13335 (CLOUDFLARENET, US)

cm.idealmedia.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a06:8640:471:0:ec4:7aff:fe7e:dd90 (Piscataway, United States)

ASN55081 (24SHELLS, US)

s.console.adtarget.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:ac6c (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 23.227.139.243 (Piscataway, United States) 6 redirects

ASN55081 (24SHELLS, US)

sync.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.console.adtarget.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.52.161.180 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-161-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 67.202.105.31 (United States) 3 redirects

ASN32748 (STEADFAST, US)
PTR: ip31.67-202-105.static.steadfastdns.net

ic.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 67.202.105.32 (United States)

ASN32748 (STEADFAST, US)
PTR: ip32.67-202-105.static.steadfastdns.net

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 51.222.39.187 (Canada)

ASN16276 (OVH, FR)
PTR: ip187.ip-51-222-39.net

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 172.98.26.125 (Ashburn, United States) 1 redirects

ASN399668 (E-PLANNING-, US)
PTR: ads.us.e-planning.net

ads.us.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u-iad04.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 68.67.181.202 (Secaucus, United States) 14 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 555.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 63.251.86.51 (United States) 3 redirects

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.252.103 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.83.220.94 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: app-ngx-pl-03.adpartner.pro

a4p.adpartner.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:6ea0:c400::11 (New York, United States)

ASN60068 (CDN77 ^_^, GB)

vid.vidoomy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.211.130.59 (New York, United States) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-211-130-59.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.73.244.44 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-73-244-44.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 8.28.7.81 (United States)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 207.198.113.230 (Herndon, United States) 2 redirects

ASN13768 (COGECO-PEER1, CA)

pixel.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.0.156.250 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-156-250.compute-1.amazonaws.com

loadm.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
loada.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.246.49 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 49.246.178.107.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 199.127.204.142 (United States) 9 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
usermatch.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.205.54.230 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-205-54-230.compute-1.amazonaws.com

a.audrte.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.98.26.121 (Ashburn, United States)

ASN399668 (E-PLANNING-, US)
PTR: s.e-planning.net

s.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.166.1.10 (United States) 1 redirects

ASN27630 (AS-XFERNET, US)

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.234.88.163 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-234-88-163.compute-1.amazonaws.com

cs.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.234.175.175 (Leesburg, United States)

ASN23352 (SERVERCENTRAL, US)
PTR: vip1.G-anycast1.cachefly.net

i.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:db6 (United States)

ASN13335 (CLOUDFLARENET, US)

spl.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 67.202.105.23 (United States) 14 redirects

ASN32748 (STEADFAST, US)
PTR: ip23.67-202-105.static.steadfastdns.net

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 34.117.239.71 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 71.239.117.34.bc.googleusercontent.com

events-ssc.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cms-xch-chicago.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 74.121.140.14 (Reston, United States) 5 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 54.175.87.114 (Ashburn, United States) 6 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-175-87-114.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:ae80:1450:16::2010 (United States) 6 redirects

ASN26762 (CNVR-US-EAST, US)

33across-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 119.63.198.188 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)

r.popin.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.167.164.39 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dmp.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.130.49 (United States) 4 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.224.19.68 (Ashburn, United States) 6 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-224-19-68.compute-1.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.140 (New York, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 132.226.63.138 (Ashburn, United States) 2 redirects

ASN31898 (ORACLE-BMC-31898, US)

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 35.244.159.8 (Kansas City, United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.168.159.145 (Dallas, United States) 3 redirects

ASN36351 (SOFTLAYER, US)
PTR: 91.9f.a86c.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:112:f002:bbbb::21 (United States) 4 redirects

ASN6336 (TURN-US-ASN, US)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1f18:4e9:5a05:2903:4db6:5aa9:2a2 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.197.2.134 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-197-2-134.compute-1.amazonaws.com

rtb.adentifi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.214.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-214-92.phl50.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:10::6816:2560 (United States)

ASN13335 (CLOUDFLARENET, US)

sync.quantumdex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 8.43.72.97 (United States) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel-us-east.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 209.54.180.144 (Ashburn, United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.52.167.93 (New York, United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-167-93.deploy.static.akamaitechnologies.com

hbx.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.201.85.55 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-201-85-55.compute-1.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.95.98.71 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: ns3216577.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20ed:ea00:1b:5138:8a40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 96.46.183.20 (United States) 2 redirects

ASN7979 (SERVERS-COM, US)

ads.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.158.28.82 (Paris, France)

ASN12876 (Online SAS, FR)
PTR: 51-158-28-82.rev.poneytelecom.eu

js.cookieless-data.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.18.19.126 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.209.55.159 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-209-55-159.compute-1.amazonaws.com

sync.extend.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4a81 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.211.141.197 (North Charleston, United States) 2 redirects

ASN19527 (GOOGLE-2, US)
PTR: 197.141.211.35.bc.googleusercontent.com

m.fg8dgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 82.145.213.8 (Norway) 14 redirects

ASN39832 (NO-OPERA, NO)
PTR: n-sysadmin-jumpbox-03.feednews.opera.technology

t.adx.opera.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.96.200.41 (Norfolk, United States) 3 redirects

ASN30633 (LEASEWEB-USA-WDC, US)

sync.aralego.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.226.224.48 (United States) 2 redirects

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.2.110.206 (United States) 1 redirects

ASN46636 (NATCOWEB, US)

cs.mobfox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:6b8::90 (Moscow, Russian Federation) 4 redirects

ASN208722 (GLOBAL_DC, FI)

an.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.94.241.28 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-94-241-28.compute-1.amazonaws.com

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 13.224.214.95 (United States) 9 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-224-214-95.phl50.r.cloudfront.net

sync.intentiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync1.intentiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.35.249.120 (Ashburn, United States) 2 redirects

ASN11742 (SPOTX-IAD, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800b:21:b08a:1dc5:659b:4055 (United States) 2 redirects

ASN14618 (AMAZON-AES, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.223.22.214 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 207.198.113.93 (Herndon, United States) 3 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.217.56.119 (New York, United States) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-217-56-119.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 52.73.102.235 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-73-102-235.compute-1.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 169.197.150.8 (United States) 1 redirects

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.132.33.46 (United States) 2 redirects

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.234.8.37 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-234-8-37.compute-1.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.4.39 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.1.175.157 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-1-175-157.compute-1.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.112.154 (None, )

ASN13335 (CLOUDFLARENET, US)

dmp.truoptik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.205.48.68 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-48-68.compute-1.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:112:f002:bbbb::23 (United States) 1 redirects

ASN6336 (TURN-US-ASN, US)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 8.28.7.84 (United States)

ASN62713 (AS-PUBMATIC, US)

simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.119.150 (United States)

ASN19750 (AS-CRITEO, US)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 173.231.178.85 (United States) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.23.94.10 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-23-94-10.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.198.132.111 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-198-132-111.compute-1.amazonaws.com

ads.creative-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.215.99.170 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-215-99-170.compute-1.amazonaws.com

beacon.lynx.cognitivlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.90.254.78 (Herndon, United States) 1 redirects

ASN13768 (COGECO-PEER1, CA)

ums.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 75.101.196.240 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-75-101-196-240.compute-1.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::ac40:98f5 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.217.18.198 (New York, United States) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-217-18-198.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::300 (United States) 1 redirects

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.44 (United States)

ASN54113 (FASTLY, US)

match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.104.64.149 (Tokyo, Japan) 1 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1674-149.members.linode.com

gocm.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.55.120.196 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.196.120.55.162.clients.your-server.de

matching.truffle.bid	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.5.165.20 (Slovenia)

ASN44968 (IPROM-AS, SI)

core.iprom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.45.178.220 (Tappahannock, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

mweb.ck.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 38.27.122.158 (Chestertown, United States) 3 redirects

ASN174 (COGENT-174, US)

match.bnmla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 146.59.148.16 (France) 5 redirects

ASN16276 (OVH, FR)
PTR: pikafka-eu-2.cloudy.ovh

pixel.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.96.126 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 126.96.201.35.bc.googleusercontent.com

visitor.fiftyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.248.18.10 (United States)

ASN62713 (AS-PUBMATIC, US)

aud.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.57.31.206 (United States) 1 redirects

ASN19994 (RACKSPACE, US)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.214.59 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-214-59.phl50.r.cloudfront.net

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.201.217.92 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-201-217-92.compute-1.amazonaws.com

ads.avct.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 204.2.255.233 (Fort Lauderdale, United States) 1 redirects

ASN2914 (NTT-LTD-2914, US)

pmp.mxptint.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.35.192.162 (United States) 1 redirects

ASN40676 (AS40676, US)

sync.resetdigital.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.253.54 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 54.253.102.34.bc.googleusercontent.com

ads.playground.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.62.202.251 (Amsterdam, Netherlands) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.22.176.202 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-22-176-202.compute-1.amazonaws.com

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.2.65.122 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-2-65-122.compute-1.amazonaws.com

io.narrative.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
108	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 120 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 160	2 MB
65	doubleclick.net 14 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 209 googleads.g.doubleclick.net — Cisco Umbrella Rank: 54 stats.g.doubleclick.net — Cisco Umbrella Rank: 119 cm.g.doubleclick.net — Cisco Umbrella Rank: 205	185 KB
62	pubmatic.com 22 redirects image8.pubmatic.com — Cisco Umbrella Rank: 590 image2.pubmatic.com — Cisco Umbrella Rank: 865 image4.pubmatic.com — Cisco Umbrella Rank: 882 ads.pubmatic.com — Cisco Umbrella Rank: 488 image6.pubmatic.com — Cisco Umbrella Rank: 629 simage2.pubmatic.com — Cisco Umbrella Rank: 611 simage4.pubmatic.com — Cisco Umbrella Rank: 1202 aud.pubmatic.com — Cisco Umbrella Rank: 5409	66 KB
60	mgid.com jsc.mgid.com — Cisco Umbrella Rank: 7521 c.mgid.com — Cisco Umbrella Rank: 4843 cdn.mgid.com — Cisco Umbrella Rank: 9757 servicer.mgid.com — Cisco Umbrella Rank: 7655 s-img.mgid.com — Cisco Umbrella Rank: 6482 cm.mgid.com — Cisco Umbrella Rank: 2048	407 KB
35	promediateknologi.com assets.promediateknologi.com — Cisco Umbrella Rank: 35874	318 KB
28	33across.com 14 redirects ssc-cms.33across.com — Cisco Umbrella Rank: 953 events-ssc.33across.com — Cisco Umbrella Rank: 1887 cms-xch-chicago.33across.com — Cisco Umbrella Rank: 6356	10 KB
28	adtelligent.com 3 redirects s.adtelligent.com — Cisco Umbrella Rank: 4966 sync.adtelligent.com — Cisco Umbrella Rank: 4149	15 KB
23	rubiconproject.com 12 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 336 secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1036 eus.rubiconproject.com — Cisco Umbrella Rank: 573 pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 993 token.rubiconproject.com — Cisco Umbrella Rank: 711	40 KB
20	openx.net 8 redirects rtb.openx.net — Cisco Umbrella Rank: 1589 us-u.openx.net — Cisco Umbrella Rank: 387 u.openx.net — Cisco Umbrella Rank: 710	3 KB
19	google.com adservice.google.com — Cisco Umbrella Rank: 92 www.google.com — Cisco Umbrella Rank: 8	8 KB
14	opera.com 14 redirects t.adx.opera.com — Cisco Umbrella Rank: 2439	11 KB
14	adnxs.com 14 redirects ib.adnxs.com — Cisco Umbrella Rank: 244 secure.adnxs.com — Cisco Umbrella Rank: 408	13 KB
14	e-planning.net 1 redirects ads.us.e-planning.net — Cisco Umbrella Rank: 4899 u-iad04.e-planning.net — Cisco Umbrella Rank: 10584 sync.e-planning.net — Cisco Umbrella Rank: 6383 s.e-planning.net — Cisco Umbrella Rank: 7062 i.e-planning.net — Cisco Umbrella Rank: 7148	4 KB
14	rlcdn.com 7 redirects id.rlcdn.com — Cisco Umbrella Rank: 635 idsync.rlcdn.com — Cisco Umbrella Rank: 321	1 KB
14	bidswitch.net 14 redirects x.bidswitch.net — Cisco Umbrella Rank: 290	6 KB
13	crwdcntrl.net 3 redirects tags.crwdcntrl.net — Cisco Umbrella Rank: 1463 sync.crwdcntrl.net — Cisco Umbrella Rank: 716 bcp.crwdcntrl.net — Cisco Umbrella Rank: 863	22 KB
12	yahoo.com 7 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 299 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 479	5 KB
11	intentiq.com 9 redirects sync.intentiq.com — Cisco Umbrella Rank: 1410 sync1.intentiq.com — Cisco Umbrella Rank: 4687	12 KB
11	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 179	451 KB
10	casalemedia.com ssum.casalemedia.com — Cisco Umbrella Rank: 1349 Failed ssum-sec.casalemedia.com — Cisco Umbrella Rank: 576 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 608	8 KB
10	adsrvr.org 10 redirects match.adsrvr.org — Cisco Umbrella Rank: 367	5 KB
10	google.ca adservice.google.ca — Cisco Umbrella Rank: 11986	2 KB
10	popin.cc api.popin.cc — Cisco Umbrella Rank: 20157 id.popin.cc — Cisco Umbrella Rank: 45710 log.popin.cc — Cisco Umbrella Rank: 21129 r.popin.cc — Cisco Umbrella Rank: 22605	101 KB
9	quantumdex.io sync.quantumdex.io — Cisco Umbrella Rank: 4819	2 KB
9	adtarget.com.tr 3 redirects s.console.adtarget.com.tr — Cisco Umbrella Rank: 4211 sync.console.adtarget.com.tr — Cisco Umbrella Rank: 4601	5 KB
8	onetag-sys.com onetag-sys.com — Cisco Umbrella Rank: 820	6 KB
7	adform.net 6 redirects c1.adform.net — Cisco Umbrella Rank: 583 dmp.adform.net — Cisco Umbrella Rank: 4326 cm.adform.net — Cisco Umbrella Rank: 1594	2 KB
6	amazon-adsystem.com 2 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 286	5 KB
6	bidr.io 6 redirects match.prod.bidr.io — Cisco Umbrella Rank: 474	3 KB
6	dotomi.com 6 redirects 33across-match.dotomi.com — Cisco Umbrella Rank: 4168 pubmatic-match.dotomi.com — Cisco Umbrella Rank: 3635	2 KB
6	audrte.com 2 redirects a.audrte.com — Cisco Umbrella Rank: 2310	7 KB
6	1rx.io 6 redirects sync.1rx.io — Cisco Umbrella Rank: 540	4 KB
6	tynt.com 3 redirects ic.tynt.com — Cisco Umbrella Rank: 3999 de.tynt.com — Cisco Umbrella Rank: 1575	10 KB
6	mfadsrvr.com 6 redirects rtb-usw.mfadsrvr.com — Cisco Umbrella Rank: 8815 rtb.mfadsrvr.com — Cisco Umbrella Rank: 901	2 KB
5	onaudience.com 5 redirects pixel.onaudience.com — Cisco Umbrella Rank: 3729	2 KB
5	turn.com 5 redirects ad.turn.com — Cisco Umbrella Rank: 801 d.turn.com — Cisco Umbrella Rank: 909	2 KB
5	mathtag.com 5 redirects sync.mathtag.com — Cisco Umbrella Rank: 462	3 KB
5	sitescout.com 5 redirects pixel.sitescout.com — Cisco Umbrella Rank: 3264 pixel-sync.sitescout.com — Cisco Umbrella Rank: 587	4 KB
4	bluekai.com 2 redirects tags.bluekai.com — Cisco Umbrella Rank: 483	2 KB
4	taboola.com 3 redirects sync.taboola.com — Cisco Umbrella Rank: 947 trc.taboola.com — Cisco Umbrella Rank: 672 match.taboola.com — Cisco Umbrella Rank: 2357	1 KB
4	everesttech.net 4 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 612	919 B
4	unrulymedia.com 3 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1121 usermatch.targeting.unrulymedia.com — Cisco Umbrella Rank: 3080	2 KB
4	yandex.ru an.yandex.ru — Cisco Umbrella Rank: 2244 Failed	823 B
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 49	20 KB
4	gstatic.com www.gstatic.com fonts.gstatic.com	29 KB
3	bnmla.com 3 redirects match.bnmla.com — Cisco Umbrella Rank: 1970	2 KB
3	deepintent.com 1 redirects match.deepintent.com — Cisco Umbrella Rank: 922	721 B
3	aralego.com 3 redirects sync.aralego.com — Cisco Umbrella Rank: 2245	942 B
3	simpli.fi 3 redirects um.simpli.fi — Cisco Umbrella Rank: 851	1 KB
3	exelator.com 3 redirects loadm.exelator.com — Cisco Umbrella Rank: 1268 loada.exelator.com — Cisco Umbrella Rank: 19811	3 KB
3	vidoomy.com vid.vidoomy.com — Cisco Umbrella Rank: 4670
3	lijit.com 3 redirects ap.lijit.com — Cisco Umbrella Rank: 660 ce.lijit.com — Cisco Umbrella Rank: 963	2 KB
3	360yield.com 3 redirects ad.360yield.com — Cisco Umbrella Rank: 642	821 B
2	narrative.io 1 redirects io.narrative.io — Cisco Umbrella Rank: 4014	643 B
2	mxptint.net 1 redirects pmp.mxptint.net — Cisco Umbrella Rank: 5558	967 B
2	avct.cloud 2 redirects ads.avct.cloud — Cisco Umbrella Rank: 3099	894 B
2	semasio.net 1 redirects uipglob.semasio.net — Cisco Umbrella Rank: 1128	1 KB
2	fiftyt.com 2 redirects visitor.fiftyt.com — Cisco Umbrella Rank: 4768	625 B
2	owneriq.net 2 redirects px.owneriq.net — Cisco Umbrella Rank: 1004	1 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 802 s.tribalfusion.com — Cisco Umbrella Rank: 2209	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 790	1 KB
2	cognitivlabs.com 1 redirects beacon.lynx.cognitivlabs.com — Cisco Umbrella Rank: 1398	572 B
2	creative-serving.com 2 redirects ads.creative-serving.com — Cisco Umbrella Rank: 4268	1 KB
2	adgrx.com 2 redirects cm.adgrx.com — Cisco Umbrella Rank: 1459	1 KB
2	eyeota.net 1 redirects ps.eyeota.net — Cisco Umbrella Rank: 976	2 KB
2	bttrack.com 2 redirects bttrack.com — Cisco Umbrella Rank: 755	1 KB
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 410	733 B
2	quantserve.com 2 redirects pixel.quantserve.com — Cisco Umbrella Rank: 443	959 B
2	spotxchange.com 2 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 501	2 KB
2	ipredictive.com 2 redirects sync.ipredictive.com — Cisco Umbrella Rank: 1030	1 KB
2	fg8dgt.com 2 redirects m.fg8dgt.com — Cisco Umbrella Rank: 5263	763 B
2	betweendigital.com 2 redirects ads.betweendigital.com — Cisco Umbrella Rank: 2197	1 KB
2	id5-sync.com 2 redirects id5-sync.com — Cisco Umbrella Rank: 550	3 KB
2	technoratimedia.com 2 redirects sync.technoratimedia.com — Cisco Umbrella Rank: 1161	1 KB
2	emxdgt.com 2 redirects cs.emxdgt.com — Cisco Umbrella Rank: 950	614 B
2	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 444	636 B
2	loopme.me 2 redirects csync.loopme.me — Cisco Umbrella Rank: 908	610 B
2	creativecdn.com 2 redirects creativecdn.com — Cisco Umbrella Rank: 622	687 B
2	pippio.com 2 redirects pippio.com — Cisco Umbrella Rank: 809	613 B
2	smartadserver.com 2 redirects ssbsync.smartadserver.com — Cisco Umbrella Rank: 1255	523 B
2	e-volution.ai 2 redirects sync.e-volution.ai — Cisco Umbrella Rank: 2766	918 B
2	alexametrics.com certify-js.alexametrics.com — Cisco Umbrella Rank: 8655 certify.alexametrics.com — Cisco Umbrella Rank: 4935	5 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 89	81 KB
2	advertnative.com click.advertnative.com — Cisco Umbrella Rank: 36087 advertnative.com — Cisco Umbrella Rank: 32376	7 KB
1	gumgum.com rtb.gumgum.com — Cisco Umbrella Rank: 1247	209 B
1	bidtheatre.com 1 redirects match.adsby.bidtheatre.com — Cisco Umbrella Rank: 2661	534 B
1	playground.xyz 1 redirects ads.playground.xyz — Cisco Umbrella Rank: 4081	466 B
1	resetdigital.co 1 redirects sync.resetdigital.co — Cisco Umbrella Rank: 2597	485 B
1	agkn.com aa.agkn.com — Cisco Umbrella Rank: 445	656 B
1	inmobi.com 1 redirects mweb.ck.inmobi.com — Cisco Umbrella Rank: 4123	348 B
1	iprom.net core.iprom.net — Cisco Umbrella Rank: 6006	277 B
1	truffle.bid matching.truffle.bid — Cisco Umbrella Rank: 6426
1	appier.net 1 redirects gocm.c.appier.net — Cisco Umbrella Rank: 2352	394 B
1	acuityplatform.com 1 redirects ums.acuityplatform.com — Cisco Umbrella Rank: 1301	674 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 753	613 B
1	criteo.com dis.criteo.com — Cisco Umbrella Rank: 717	363 B
1	krxd.net beacon.krxd.net — Cisco Umbrella Rank: 457	338 B
1	truoptik.com dmp.truoptik.com — Cisco Umbrella Rank: 1735	546 B
1	mobfox.com 1 redirects cs.mobfox.com — Cisco Umbrella Rank: 7378	488 B
1	ad4m.at ad4m.at — Cisco Umbrella Rank: 2219
1	extend.tv 1 redirects sync.extend.tv — Cisco Umbrella Rank: 1739	546 B
1	cookieless-data.com js.cookieless-data.com — Cisco Umbrella Rank: 6819	535 B
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 659	528 B
1	sharethrough.com 1 redirects match.sharethrough.com — Cisco Umbrella Rank: 559	240 B
1	media.net 1 redirects hbx.media.net — Cisco Umbrella Rank: 1351	598 B
1	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 395	575 B
1	adentifi.com rtb.adentifi.com — Cisco Umbrella Rank: 1200	35 B
1	contextweb.com 1 redirects bh.contextweb.com — Cisco Umbrella Rank: 556	800 B
1	zeotap.com spl.zeotap.com — Cisco Umbrella Rank: 1705
1	sonobi.com 1 redirects sync.go.sonobi.com — Cisco Umbrella Rank: 1050	776 B
1	adpartner.pro 1 redirects a4p.adpartner.pro — Cisco Umbrella Rank: 8052	259 B
1	idealmedia.io cm.idealmedia.io — Cisco Umbrella Rank: 16983	173 B
1	linksynergy.com 1 redirects tags.rd.linksynergy.com — Cisco Umbrella Rank: 3984	393 B
1	postrelease.com jadserve.postrelease.com — Cisco Umbrella Rank: 1285	540 B
1	a2z.com redirect.prod.experiment.routing.cloudfront.aws.a2z.com	48 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 867	464 B
1	fout.jp js.rfp.fout.jp — Cisco Umbrella Rank: 39074	16 KB
1	b-cdn.net propsid.b-cdn.net — Cisco Umbrella Rank: 71269	4 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 71	1 KB
1	hallo.id banten.hallo.id	12 KB
1	t.co t.co — Cisco Umbrella Rank: 455	692 B
546	121

	Domain	Requested by
60	pagead2.googlesyndication.com	banten.hallo.id pagead2.googlesyndication.com 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com securepubads.g.doubleclick.net
37	tpc.googlesyndication.com	33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com banten.hallo.id securepubads.g.doubleclick.net
35	assets.promediateknologi.com	banten.hallo.id assets.promediateknologi.com
27	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com propsid.b-cdn.net
24	simage2.pubmatic.com	6 redirects ads.pubmatic.com
24	cm.mgid.com	jsc.mgid.com banten.hallo.id s.adtelligent.com
22	sync.adtelligent.com	3 redirects s.adtelligent.com eus.rubiconproject.com ads.pubmatic.com ads.us.e-planning.net s.console.adtarget.com.tr
19	cm.g.doubleclick.net	14 redirects eus.rubiconproject.com us-u.openx.net bcp.crwdcntrl.net
17	googleads.g.doubleclick.net	pagead2.googlesyndication.com
16	us-u.openx.net	4 redirects de.tynt.com us-u.openx.net
14	t.adx.opera.com	14 redirects
14	ssc-cms.33across.com	14 redirects
14	x.bidswitch.net	14 redirects
13	events-ssc.33across.com	de.tynt.com eus.rubiconproject.com us-u.openx.net
13	ib.adnxs.com	13 redirects
12	image8.pubmatic.com	11 redirects banten.hallo.id
11	s-img.mgid.com	banten.hallo.id
11	33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
11	www.googletagservices.com	banten.hallo.id 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
10	match.adsrvr.org	10 redirects
10	image2.pubmatic.com	3 redirects ads.pubmatic.com
10	cdn.mgid.com	banten.hallo.id jsc.mgid.com
10	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
10	adservice.google.ca	securepubads.g.doubleclick.net pagead2.googlesyndication.com
9	sync1.intentiq.com	7 redirects banten.hallo.id
9	sync.quantumdex.io	ads.us.e-planning.net sync.quantumdex.io ssum-sec.casalemedia.com
9	www.google.com	tpc.googlesyndication.com
8	sync.crwdcntrl.net	3 redirects de.tynt.com bcp.crwdcntrl.net
8	ups.analytics.yahoo.com	6 redirects us-u.openx.net
8	onetag-sys.com	s.adtelligent.com ads.us.e-planning.net sync.quantumdex.io
7	idsync.rlcdn.com	3 redirects banten.hallo.id ads.pubmatic.com us-u.openx.net
7	id.rlcdn.com	4 redirects banten.hallo.id cm.mgid.com
7	pixel.rubiconproject.com	3 redirects banten.hallo.id eus.rubiconproject.com
6	sync.console.adtarget.com.tr	3 redirects s.console.adtarget.com.tr
6	dsum-sec.casalemedia.com	1 redirects ssum-sec.casalemedia.com
6	s.amazon-adsystem.com	2 redirects eus.rubiconproject.com ssum-sec.casalemedia.com us-u.openx.net
6	match.prod.bidr.io	6 redirects
6	a.audrte.com	2 redirects ads.us.e-planning.net a.audrte.com s.adtelligent.com
6	sync.1rx.io	6 redirects
6	u-iad04.e-planning.net	ads.us.e-planning.net ads.pubmatic.com
6	eus.rubiconproject.com	s.adtelligent.com ads.us.e-planning.net eus.rubiconproject.com de.tynt.com
6	ads.pubmatic.com	s.adtelligent.com ads.us.e-planning.net ads.pubmatic.com
6	s.adtelligent.com	cm.mgid.com s.adtelligent.com
6	c.mgid.com	jsc.mgid.com banten.hallo.id
6	jsc.mgid.com	banten.hallo.id jsc.mgid.com 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
5	pixel.onaudience.com	5 redirects
5	token.rubiconproject.com	4 redirects eus.rubiconproject.com
5	sync.mathtag.com	5 redirects
5	log.popin.cc	banten.hallo.id
4	tags.bluekai.com	2 redirects bcp.crwdcntrl.net
4	pubmatic-match.dotomi.com	4 redirects
4	ssum-sec.casalemedia.com	2 redirects sync.quantumdex.io ssum-sec.casalemedia.com
4	pr-bh.ybp.yahoo.com	1 redirects ads.pubmatic.com us-u.openx.net
4	ad.turn.com	4 redirects
4	sync-tm.everesttech.net	4 redirects
4	rtb-usw.mfadsrvr.com	4 redirects
4	image4.pubmatic.com	2 redirects ads.pubmatic.com
4	an.yandex.ru	banten.hallo.id
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	match.bnmla.com	3 redirects
3	cm.adform.net	3 redirects
3	match.deepintent.com	1 redirects de.tynt.com
3	pixel-sync.sitescout.com	3 redirects
3	sync.aralego.com	3 redirects
3	tags.crwdcntrl.net	s.e-planning.net tags.crwdcntrl.net
3	um.simpli.fi	3 redirects
3	c1.adform.net	2 redirects ads.pubmatic.com
3	sync.e-planning.net	ads.us.e-planning.net eus.rubiconproject.com sync.quantumdex.io
3	sync.targeting.unrulymedia.com	3 redirects
3	image6.pubmatic.com	ads.pubmatic.com
3	secure-assets.rubiconproject.com	3 redirects
3	vid.vidoomy.com	s.adtelligent.com
3	rtb.openx.net	3 redirects
3	de.tynt.com	s.adtelligent.com
3	ic.tynt.com	3 redirects
3	s.console.adtarget.com.tr	s.adtelligent.com
3	ad.360yield.com	3 redirects
3	servicer.mgid.com	jsc.mgid.com
3	api.popin.cc	banten.hallo.id api.popin.cc
2	io.narrative.io	1 redirects
2	pmp.mxptint.net	1 redirects
2	ads.avct.cloud	2 redirects
2	uipglob.semasio.net	1 redirects
2	visitor.fiftyt.com	2 redirects
2	px.owneriq.net	2 redirects
2	pm.w55c.net	2 redirects
2	beacon.lynx.cognitivlabs.com	1 redirects ads.pubmatic.com
2	ads.creative-serving.com	2 redirects
2	cm.adgrx.com	2 redirects
2	simage4.pubmatic.com	ads.pubmatic.com
2	bcp.crwdcntrl.net	tags.crwdcntrl.net
2	ps.eyeota.net	1 redirects s.adtelligent.com
2	bttrack.com	2 redirects
2	eb2.3lift.com	2 redirects
2	pixel.quantserve.com	2 redirects
2	sync.search.spotxchange.com	2 redirects
2	sync.intentiq.com	2 redirects
2	sync.ipredictive.com	2 redirects
2	sync.taboola.com	2 redirects
2	m.fg8dgt.com	2 redirects
2	ads.betweendigital.com	2 redirects
2	id5-sync.com	2 redirects
2	pixel-us-east.rubiconproject.com	2 redirects
2	sync.technoratimedia.com	2 redirects
2	33across-match.dotomi.com	2 redirects
2	cs.emxdgt.com	2 redirects
2	s.e-planning.net	ads.us.e-planning.net
2	pixel.tapad.com	2 redirects
2	loadm.exelator.com	2 redirects
2	pixel.sitescout.com	2 redirects
2	ap.lijit.com	2 redirects
2	ads.us.e-planning.net	1 redirects s.adtelligent.com
2	csync.loopme.me	2 redirects
2	rtb.mfadsrvr.com	2 redirects
2	creativecdn.com	2 redirects
2	pippio.com	2 redirects
2	ssbsync.smartadserver.com	2 redirects
2	sync.e-volution.ai	2 redirects
2	stats.g.doubleclick.net	www.google-analytics.com
2	fonts.gstatic.com	fonts.googleapis.com
2	www.googletagmanager.com	banten.hallo.id
2	www.gstatic.com	banten.hallo.id
1	rtb.gumgum.com
1	match.adsby.bidtheatre.com	1 redirects
1	secure.adnxs.com	1 redirects
1	ads.playground.xyz	1 redirects
1	sync.resetdigital.co	1 redirects
1	aa.agkn.com
1	aud.pubmatic.com
1	loada.exelator.com	1 redirects
1	mweb.ck.inmobi.com	1 redirects
1	core.iprom.net	ads.pubmatic.com
1	matching.truffle.bid	ads.pubmatic.com
1	gocm.c.appier.net	1 redirects
1	match.taboola.com	ads.pubmatic.com
1	trc.taboola.com	1 redirects
1	s.tribalfusion.com	ads.pubmatic.com
1	a.tribalfusion.com	1 redirects
1	ums.acuityplatform.com	1 redirects
1	sync.srv.stackadapt.com	1 redirects
1	dis.criteo.com	ads.pubmatic.com
1	d.turn.com	1 redirects
1	beacon.krxd.net	bcp.crwdcntrl.net
1	dmp.truoptik.com	bcp.crwdcntrl.net
1	dmp.adform.net	1 redirects
1	ce.lijit.com	1 redirects
1	u.openx.net	1 redirects
1	cs.mobfox.com	1 redirects
1	ad4m.at	ssum-sec.casalemedia.com
1	sync.extend.tv	1 redirects
1	usermatch.targeting.unrulymedia.com	sync.quantumdex.io
1	js.cookieless-data.com	s.e-planning.net
1	s.ad.smaato.net	1 redirects
1	match.sharethrough.com	1 redirects
1	hbx.media.net	1 redirects
1	px.ads.linkedin.com	eus.rubiconproject.com
1	rtb.adentifi.com	ads.pubmatic.com
1	bh.contextweb.com	1 redirects
1	r.popin.cc	banten.hallo.id
1	cms-xch-chicago.33across.com	de.tynt.com
1	spl.zeotap.com	ads.us.e-planning.net
1	i.e-planning.net	ads.us.e-planning.net
1	sync.go.sonobi.com	1 redirects
1	a4p.adpartner.pro	1 redirects
1	cm.idealmedia.io	banten.hallo.id
1	tags.rd.linksynergy.com	1 redirects
1	jadserve.postrelease.com	banten.hallo.id
1	id.popin.cc	api.popin.cc
1	advertnative.com	banten.hallo.id
1	redirect.prod.experiment.routing.cloudfront.aws.a2z.com	banten.hallo.id
1	certify.alexametrics.com	banten.hallo.id
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	certify-js.alexametrics.com	t.co
1	js.rfp.fout.jp	banten.hallo.id
1	click.advertnative.com	banten.hallo.id
1	propsid.b-cdn.net	banten.hallo.id
1	fonts.googleapis.com	banten.hallo.id
1	banten.hallo.id	t.co
1	t.co
0	ssum.casalemedia.com Failed	ads.us.e-planning.net
546	180

This site contains links to these domains. Also see Links.

Domain
www.hallo.id
depok.hallo.id
seleb.hallo.id
sukabumi.hallo.id
tasik.hallo.id
jatim.hallo.id
lampung.hallo.id
malang.hallo.id
bisnis.hallo.id
madura.hallo.id
bogor.hallo.id
desanews.hallo.id
sulsel.hallo.id
sultra.hallo.id
sidoarjo.hallo.id
sport.hallo.id
lifestyle.hallo.id
ternate.hallo.id
jakarta.hallo.id
purwasuka.hallo.id
www.facebook.com
twitter.com
www.instagram.com
www.youtube.com
api.whatsapp.com
advertnative.com
widgets.mgid.com
www.mgid.com
clck.mgid.com
www.promediateknologi.com

Subject Issuer	Validity	Valid
t.co DigiCert TLS RSA SHA256 2020 CA1	`2022-02-22` - `2023-02-22`	a year	crt.sh
hallo.id Amazon	`2021-07-17` - `2022-08-15`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-06-20` - `2022-09-12`	3 months	crt.sh
promediateknologi.com Amazon	`2022-04-26` - `2023-05-25`	a year	crt.sh
*.b-cdn.net Sectigo RSA Domain Validation Secure Server CA	`2021-11-07` - `2022-11-11`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-06-20` - `2022-09-12`	3 months	crt.sh
click.advertnative.com R3	`2022-06-24` - `2022-09-22`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-11` - `2023-05-11`	a year	crt.sh
*.rfp.fout.jp DigiCert TLS RSA SHA256 2020 CA1	`2022-05-12` - `2023-05-14`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.popin.cc DigiCert Secure Site Pro CN CA G3	`2021-10-22` - `2022-10-22`	a year	crt.sh
certify-js.alexametrics.com Amazon	`2022-05-30` - `2023-06-27`	a year	crt.sh
*.google.ca GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
certify.alexametrics.com Amazon	`2022-05-30` - `2023-06-28`	a year	crt.sh
*.prod.experiment.routing.cloudfront.aws.a2z.com Amazon	`2021-10-13` - `2022-11-11`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
advertnative.com R3	`2022-05-29` - `2022-08-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-06-20` - `2022-09-12`	3 months	crt.sh
s.adtelligent.com ZeroSSL ECC Domain Secure Site CA	`2022-06-01` - `2022-08-30`	3 months	crt.sh
s.console.adtarget.com.tr ZeroSSL ECC Domain Secure Site CA	`2022-05-28` - `2022-08-26`	3 months	crt.sh
sync.adtelligent.com ZeroSSL ECC Domain Secure Site CA	`2022-05-29` - `2022-08-27`	3 months	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2022-02-04` - `2023-02-03`	a year	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-10` - `2023-01-03`	a year	crt.sh
ads.us.e-planning.net R3	`2022-05-04` - `2022-08-02`	3 months	crt.sh
*.vidoomy.com Sectigo RSA Domain Validation Secure Server CA	`2021-08-06` - `2022-09-05`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-17` - `2023-04-04`	a year	crt.sh
*.audrte.com Amazon	`2022-02-24` - `2023-03-24`	a year	crt.sh
*.e-planning.net R3	`2022-05-17` - `2022-08-15`	3 months	crt.sh
i.e-planning.net Sectigo RSA Domain Validation Secure Server CA	`2022-02-23` - `2023-02-03`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-06-14` - `2022-12-07`	6 months	crt.sh
adentifi.com Amazon	`2021-09-04` - `2022-10-03`	a year	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh
*.cookieless-data.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-23` - `2023-03-22`	a year	crt.sh
*.targeting.unrulymedia.com Sectigo RSA Domain Validation Secure Server CA	`2022-05-09` - `2023-05-09`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-21`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2022-05-02` - `2023-06-03`	a year	crt.sh
events-ssc.33across.com GTS CA 1D4	`2022-05-25` - `2022-08-23`	3 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-06-07` - `2022-11-30`	6 months	crt.sh
sync.console.adtarget.com.tr R3	`2022-05-27` - `2022-08-25`	3 months	crt.sh
*.truoptik.com Entrust Certification Authority - L1K	`2021-10-22` - `2022-10-22`	a year	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-11-03` - `2022-11-02`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-26` - `2023-03-01`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-15` - `2022-09-18`	3 months	crt.sh
beacon.lynx.cognitivlabs.com Amazon	`2022-04-13` - `2023-05-12`	a year	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
truffle.bid R3	`2022-06-13` - `2022-09-11`	3 months	crt.sh
*.iprom.net R3	`2022-06-19` - `2022-09-17`	3 months	crt.sh
*.agkn.com RapidSSL RSA CA 2018	`2020-07-25` - `2022-09-18`	2 years	crt.sh
*.gumgum.com Amazon	`2021-10-15` - `2022-11-12`	a year	crt.sh

This page contains 123 frames:

Primary Page: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Frame ID: 492217991C35193B0994FFD9BFC0F678
Requests: 114 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220630/r20190131/zrt_lookup.html
Frame ID: 16643A16D3F118743F5D1B92819A3B82
Requests: 1 HTTP requests in this frame

Frame: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 6A2047B1A0AA2C63FFC13C43BCCACDDD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3025194257&lmt=1657097261&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fbanten.hallo.id%2Fentertainment%2Fpr-563825832%2Flink-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097261704&bpp=2&bdt=286&idt=208&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6992565609965&frm=20&pv=2&ga_vid=801837761.1657097262&ga_sid=1657097262&ga_hid=852485102&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31060048%2C31062930&oid=2&pvsid=1953102225479114&tmod=646511475&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=228
Frame ID: E357D04AE30E90E42FF5209887474DED
Requests: 1 HTTP requests in this frame

Frame: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C2579EFAF80B2E4F30953F571924A6D4
Requests: 29 HTTP requests in this frame

Frame: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 1E119F7FF8A73AE5A8C09027918AAF00
Requests: 14 HTTP requests in this frame

Frame: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: F4B6DFABC1FC97A67ADCD8DD0658FEF3
Requests: 14 HTTP requests in this frame

Frame: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 51EBA96F5603802D155493EA12431F01
Requests: 14 HTTP requests in this frame

Frame: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C3F0EC411839D0E3B5608B5131181D9C
Requests: 14 HTTP requests in this frame

Frame: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: CD16C9A224ECDC464B6958AB4EB113A8
Requests: 30 HTTP requests in this frame

Frame: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 7CAE99E3FC847E4B676EC4EB7BFECAEF
Requests: 13 HTTP requests in this frame

Frame: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: AC77D0B33FAB0CDC27448B200C79851F
Requests: 13 HTTP requests in this frame

Frame: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: A6924FEC6ADBADC954B744FFEC347C35
Requests: 13 HTTP requests in this frame

Frame: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: F5788CE599D09D678142E0719C4BBCFD
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3987315829323386&output=html&h=600&slotname=6376952303&adk=3561574240&adf=3173046723&pi=t.ma~as.6376952303&w=160&psa=0&format=160x600&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262476&bpp=4&bdt=241&idt=305&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&correlator=8633881805651&frm=24&ife=3&pv=2&ga_vid=1531273622.1657097263&ga_sid=1657097263&ga_hid=1187029201&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=1718784746&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C31068227%2C42531605&oid=2&pvsid=1647480985394596&tmod=1489209223&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.80agmmw8hab4&fsb=1&dtd=326
Frame ID: 6CB9B517F4469E74AF11ACA0A7D2F7A7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3279755403&plat=1%3A66048%2C2%3A66048%2C8%3A66048%2C9%3A66048%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32&format=0x0&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262503&bpp=3&bdt=300&idt=329&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&nras=1&correlator=132331902761&frm=24&ife=3&pv=2&ga_vid=1962130849.1657097263&ga_sid=1657097263&ga_hid=152202474&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=1718784746&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=1639146198188895&tmod=518643943&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.aa386t6sgbxb&fsb=1&dtd=363
Frame ID: D66BB18CF3996E4A00185E3DF36AC28C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3987315829323386&output=html&adk=1812271804&adf=2751417942&plat=1%3A520%2C2%3A520%2C8%3A512%2C9%3A520%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32&format=0x0&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262545&bpp=3&bdt=293&idt=337&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&nras=1&correlator=879986742010&frm=24&ife=3&pv=2&ga_vid=194203518.1657097263&ga_sid=1657097263&ga_hid=543201119&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=336&ish=280&ifk=1897472162&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31067528%2C31060048%2C42531606&oid=2&pvsid=1983468088472933&tmod=681743710&uas=0&nvt=1&fsapi=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C336%2C280&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.dd9ph7g7fi2q&fsb=1&dtd=358
Frame ID: B123A157C9B7BCC0BDE32A14AC549A57
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046726&pi=t.ma~as.6224032654&w=160&fwrn=16&psa=0&format=160x600&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262506&bpp=1&bdt=303&idt=412&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=132331902761&frm=24&ife=3&pv=1&ga_vid=1962130849.1657097263&ga_sid=1657097263&ga_hid=152202474&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=1718784746&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=1639146198188895&tmod=518643943&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.atsut7tioz3k&fsb=1&dtd=421
Frame ID: 7FEE5AFE1FA79C96923577773ACE967F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3987315829323386&output=html&h=280&slotname=2293262597&adk=2203421171&adf=776186312&pi=t.ma~as.2293262597&w=336&fwrn=16&psa=0&format=336x280&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262548&bpp=2&bdt=297&idt=384&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=879986742010&frm=24&ife=3&pv=1&ga_vid=194203518.1657097263&ga_sid=1657097263&ga_hid=543201119&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=336&ish=280&ifk=1897472162&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31067528%2C31060048%2C42531606&oid=2&pvsid=1983468088472933&tmod=681743710&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C336%2C280&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.1xce2awnqqkp&fsb=1&dtd=391
Frame ID: 81B8BFC5972D7446CC517B43B88D48C5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3279755402&plat=1%3A520%2C2%3A520%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32&format=0x0&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262676&bpp=3&bdt=486&idt=273&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&nras=1&correlator=683759478344&frm=24&ife=3&pv=2&ga_vid=71494002.1657097263&ga_sid=1657097263&ga_hid=59249166&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=970&ish=90&ifk=678412312&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31065544%2C42531605&oid=2&pvsid=3794386596553352&tmod=901594290&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.ql018vwzncj5&fsb=1&dtd=292
Frame ID: 6A1A89F88132FBF64F4B4437C82812E4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=2751417943&plat=1%3A520%2C2%3A520%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32&format=0x0&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262697&bpp=3&bdt=437&idt=283&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&nras=1&correlator=6505539800373&frm=24&ife=3&pv=2&ga_vid=1721521432.1657097263&ga_sid=1657097263&ga_hid=110428013&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=468&ish=60&ifk=706620601&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C42531607%2C21065724&oid=2&pvsid=134187575876917&tmod=2012101857&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C468%2C60&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.82il2jw0ryzl&fsb=1&dtd=299
Frame ID: E701A3A9C6DABEED51D1FC9A2044B72A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=90&slotname=6406482591&adk=2197659081&adf=3173046725&pi=t.ma~as.6406482591&w=970&psa=0&format=970x90&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262679&bpp=1&bdt=489&idt=355&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=683759478344&frm=24&ife=3&pv=1&ga_vid=71494002.1657097263&ga_sid=1657097263&ga_hid=59249166&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=970&ish=90&ifk=678412312&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31065544%2C42531605&oid=2&pvsid=3794386596553352&tmod=901594290&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.90g1sugpd498&fsb=1&dtd=360
Frame ID: 8E31B0D0C0A6F12429D8A89544130FD6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=60&slotname=9643020029&adk=1186402075&adf=776186319&pi=t.ma~as.9643020029&w=468&fwrn=16&psa=0&format=468x60&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262700&bpp=1&bdt=440&idt=368&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=6505539800373&frm=24&ife=3&pv=1&ga_vid=1721521432.1657097263&ga_sid=1657097263&ga_hid=110428013&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=468&ish=60&ifk=706620601&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C42531607%2C21065724&oid=2&pvsid=134187575876917&tmod=2012101857&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C468%2C60&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.h7n3jwlbi47y&fsb=1&dtd=374
Frame ID: 67670A592A414D81C9866286D1A18828
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3279755400&plat=1%3A66048%2C2%3A66048%2C8%3A66048%2C9%3A66048%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32&format=0x0&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262713&bpp=2&bdt=498&idt=371&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&nras=1&correlator=4932762053698&frm=24&ife=3&pv=2&ga_vid=1490785742.1657097263&ga_sid=1657097263&ga_hid=1450052226&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=600&ifk=3698180427&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C31068105%2C42531608&oid=2&pvsid=1212025964126670&tmod=2107832472&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C600&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.uw97nib9zbtl&fsb=1&dtd=388
Frame ID: E0E6F2FDC6362440CD26BA4CC16F6780
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=2751417941&plat=1%3A66056%2C2%3A66056%2C8%3A66048%2C9%3A66056%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32&format=0x0&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262745&bpp=2&bdt=505&idt=373&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&nras=1&correlator=7085836056548&frm=24&ife=3&pv=2&ga_vid=472338359.1657097263&ga_sid=1657097263&ga_hid=275396807&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1938537551&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C44763506%2C31068106%2C31067983%2C42531606&oid=2&pvsid=4227453080290102&tmod=1199217021&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.kzstv4hx7ft8&fsb=1&dtd=390
Frame ID: 0DE94BA129DAEA3BEAD7ED270A2FA66B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3279755401&plat=1%3A66048%2C2%3A66048%2C8%3A66048%2C9%3A66048%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32&format=0x0&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262728&bpp=3&bdt=508&idt=425&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&nras=1&correlator=3271316582063&rume=1&frm=24&ife=3&pv=2&ga_vid=1761357178.1657097263&ga_sid=1657097263&ga_hid=1590838306&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=600&ifk=1939174102&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C44761793%2C44766558%2C42531606%2C42531608%2C31061691%2C31061693&oid=2&pvsid=2558309577735024&tmod=604674769&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C600&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.qnerr7wk2rvi&fsb=1&dtd=441
Frame ID: A39DAF1E21F85A318929B61A67EEA197
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=2983625799&adk=3046421175&adf=3173046727&pi=t.ma~as.2983625799&w=120&fwrn=16&psa=0&format=120x600&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262715&bpp=1&bdt=501&idt=485&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=4932762053698&frm=24&ife=3&pv=1&ga_vid=1490785742.1657097263&ga_sid=1657097263&ga_hid=1450052226&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=600&ifk=3698180427&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C31068105%2C42531608&oid=2&pvsid=1212025964126670&tmod=2107832472&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.dvsn6stq9lru&fsb=1&dtd=490
Frame ID: DC6F35582D758A1F572D32331E5E8B1D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=9060566096&adk=3807635426&adf=776186313&pi=t.ma~as.9060566096&w=300&fwrn=16&psa=0&format=300x250&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262747&bpp=2&bdt=507&idt=470&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7085836056548&frm=24&ife=3&pv=1&ga_vid=472338359.1657097263&ga_sid=1657097263&ga_hid=275396807&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1938537551&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C44763506%2C31068106%2C31067983%2C42531606&oid=2&pvsid=4227453080290102&tmod=1199217021&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.oxjgfw6tiif&fsb=1&dtd=474
Frame ID: 1864B549508578064C7CE53486B6C5D8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6242831060&adk=2345376669&adf=3173046728&pi=t.ma~as.6242831060&w=300&fwrn=16&psa=0&format=300x600&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262731&bpp=2&bdt=511&idt=501&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3271316582063&rume=1&frm=24&ife=3&pv=1&ga_vid=1761357178.1657097263&ga_sid=1657097263&ga_hid=1590838306&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=600&ifk=1939174102&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C44761793%2C44766558%2C42531606%2C42531608%2C31061691%2C31061693&oid=2&pvsid=2558309577735024&tmod=604674769&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.z0u1ng46v098&fsb=1&dtd=505
Frame ID: 65A3BF811A1A0541E468AB124CBF0F8F
Requests: 1 HTTP requests in this frame

Frame: https://cm.mgid.com/i-noref.js?cbuster=1657097263418799456711
Frame ID: F44DFCCF959E6BE4611E404FA50EE35D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: ABB2F7E8BD7416FCF3D725ED19623D1A
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F449A85E81F84A949E72359E552F6736
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 960D9BC27CBBABE45DF8E5E01050B8BF
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 2DC028474A6D21497D1E2F9892F52680
Requests: 2 HTTP requests in this frame

Frame: https://s.adtelligent.com/sync.html?aid=754484
Frame ID: 4D1C19669B4A2E51FDD860D79D1DB6CD
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: CDB0306F69BE06610AF5FB4E7F39D743
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 60BE78058978C305615F5C9C51351945
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 09D46EA05D66F2D6274CFCB9E0E6C140
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F93563203B3D01C9E5A6C4967F52096F
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 3984E68C0DFC54F21A7AE8BEEEDC1B79
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AB38B00CFEE1A6301DE5854CDE1334A4
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 03C97B01428E149B3CDA58405F69FD49
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6B8F224DFE067B64236EAEA213C84B30
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 891450E481A6061EBB6608B98D14147A
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E22809E4FEB7CB2AB09E32C78CBE0A2F
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: C87D0EE25485572BF3C3FBC269EE0BA7
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CEC4CC27FA90FCB991B14BF07953B8F2
Requests: 2 HTTP requests in this frame

Frame: https://s.console.adtarget.com.tr/sync.html?aid=755289
Frame ID: 88CE7DC6E12408A44BA9F83090D766D1
Requests: 2 HTTP requests in this frame

Frame: https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=2709fb28-e68c-4bdc-af39-4d72cf8bd176
Frame ID: 9DE2557B9ADEF0071F5B5EBE03F635F0
Requests: 1 HTTP requests in this frame

Frame: https://s.adtelligent.com/sync.html?aid=651796
Frame ID: 61182CDBF612FEEEAFB1ACEB5304F7A8
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr={gdpr]&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D558003%26extuid%3D
Frame ID: FBE6BAFFFBB0360BAC47C30D6E0A8C59
Requests: 13 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Frame ID: 8D7E5E55FB6332B6F10FBE3B95B0BEA5
Requests: 6 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=59a18369e249bfb
Frame ID: F8A442792DA36A590D3854CDE234A826
Requests: 1 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Frame ID: F972E2191C28DC6FEDCB965E51AAF640
Requests: 16 HTTP requests in this frame

Frame: https://sync.adtelligent.com/csync?t=a&ep=584890&extuid=3118761177084706340
Frame ID: 5F2D03448162B7578FD90EC18140DDB8
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Frame ID: BC91492824372BED17A40253A8B47A20
Requests: 15 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=17184-d
Frame ID: E00AC213F1960ADB27390BAA76ED2B97
Requests: 11 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=75a1922f904cc20
Frame ID: E0FD1C780253B4DC6E246F2395925C57
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Frame ID: B67A49850C503B807D98D05039DC14BF
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D9ae569c9d990f0cd%26uid%3D
Frame ID: 61DEF525CD1807F0EBFE7ECA459BC41F
Requests: 4 HTTP requests in this frame

Frame: https://ssum.casalemedia.com%2C%20r19.lb.indexww.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D9ae569c9d990f0cd%26uid%3D&s=190243&C=1
Frame ID: 881959A3B8724B0B89E3CAC2950B570A
Requests: 1 HTTP requests in this frame

Frame: https://i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/navegg_2022_01_br.html
Frame ID: 986ACAD2AD18B8CA33B637D881300409
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Frame ID: 27253683342593D974B3D10D432ACC5B
Requests: 1 HTTP requests in this frame

Frame: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Frame ID: 0EC118845743EA4C0601EA6FA58E36BB
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Frame ID: 910BECCEC710CD0A847D27F38DB53071
Requests: 3 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
Frame ID: 03CD287514E67CA75B5435C965128C7C
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YsVMMAAOOa2V7QAo&gdpr=0&gdpr_consent=&_test=YsVMMAAOOa2V7QAo
Frame ID: 0A0E175FFAF95963091EC65DC831FFAB
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:305c62c5-4c30-4200-9500-44bd64b53559&gdpr=0&gdpr_consent=
Frame ID: 7BE2F5052B7EBE3922D5C6F3A7302CD7
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AABu3k7FipgAABGGkTTQSg
Frame ID: AC90B951DA646D6628A4F029D2292907
Requests: 1 HTTP requests in this frame

Frame: https://sync.adtelligent.com/csync?t=a&ep=558003&extuid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
Frame ID: B14460C4C8C3AEFD3B2C0733813F8D3D
Requests: 1 HTTP requests in this frame

Frame: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Frame ID: 8BAA13649AF3C194860627C6D50366DC
Requests: 2 HTTP requests in this frame

Frame: https://sync.quantumdex.io/usersync/e-planning
Frame ID: 5F4908327E83FB402868CC48A508BAD0
Requests: 9 HTTP requests in this frame

Frame: https://sync.adtelligent.com/csync?t=a&ep=307971&extuid=AG3iQzRW0QztTdBk
Frame ID: A12B9C636094AE7665E172C6C227840A
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Frame ID: 79EBD31C8CE79A7379560CCB6064DF11
Requests: 1 HTTP requests in this frame

Frame: https://usermatch.targeting.unrulymedia.com/pbsync?gdpr=${GDPR}&consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&rurl=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%24UID
Frame ID: A927426D26ED199DD4D39EB3F3A255B3
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Frame ID: C5480B248000BCBC48826CE54626A1D9
Requests: 10 HTTP requests in this frame

Frame: https://cm.mgid.com/i-noref.js?cbuster=1657097264965250040457
Frame ID: F89E1718970A9A999D442679D4E28C37
Requests: 1 HTTP requests in this frame

Frame: https://cm.mgid.com/i-noref.js?cbuster=1657097264975730602969
Frame ID: 73F6EE014CFA04CF0D0F7C339136AED3
Requests: 1 HTTP requests in this frame

Frame: https://s.adtelligent.com/sync.html?aid=754484
Frame ID: 1FC718D3EAF825EE528F83C9BA6D6501
Requests: 3 HTTP requests in this frame

Frame: https://s.adtelligent.com/sync.html?aid=754484
Frame ID: 0456DC39AF49411F6B57D7D7F07E9F10
Requests: 3 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Frame ID: B7552DDD7DC8AA310B0ECB9F1CFE9E8E
Requests: 6 HTTP requests in this frame

Frame: https://s.console.adtarget.com.tr/sync.html?aid=755289
Frame ID: BA2CDBA1049B72B921C944C08D2956AB
Requests: 2 HTTP requests in this frame

Frame: https://s.adtelligent.com/sync.html?aid=651796
Frame ID: 71ADA6DEC985E21E020CCCE8DCB7F38A
Requests: 2 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=59a18369e249bfb
Frame ID: 94030A36FDED1D4067FF1526EF31FE11
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=59a18369e249bfb
Frame ID: 8F10A39FF6C5ECDA1487A03E662CD266
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Frame ID: FB116230F1928AC33E0BEABC2DC99DBD
Requests: 6 HTTP requests in this frame

Frame: https://s.console.adtarget.com.tr/sync.html?aid=755289
Frame ID: A4D9CABBEE2CA76982698FD6298C59C3
Requests: 2 HTTP requests in this frame

Frame: https://s.adtelligent.com/sync.html?aid=651796
Frame ID: 27FE275A11EAEF9363E4EDC18FB3CE1C
Requests: 2 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=75a1922f904cc20
Frame ID: 00502092A9B1B9314525A7A9E3E142FB
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Frame ID: 16B0B19E05DCF2B89BF8C1C0909BE590
Requests: 1 HTTP requests in this frame

Frame: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Frame ID: FE50D394EA5100AD922A672A8030A422
Requests: 12 HTTP requests in this frame

Frame: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Frame ID: CBF84DBF64882D5FFAB4E9430287315F
Requests: 12 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Frame ID: FA0F8382C59D10B07D067A297BC001FD
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=75a1922f904cc20
Frame ID: C35A4774366230E832FDA240AB0B59C6
Requests: 1 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=307457&extuid=3389439704098990724
Frame ID: DC23315A72362F0B5E106A57E5F9A52F
Requests: 1 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=307457&extuid=3389439704098990724
Frame ID: B89CFE004C8A3E510B82F3DCC5C89B28
Requests: 1 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=307457&extuid=3389439704098990724
Frame ID: 2B84FDAB2416A102F6AC8998759717EA
Requests: 1 HTTP requests in this frame

Frame: https://tags.crwdcntrl.net/lt/shared/2/lt.iframe.html?c=15238
Frame ID: 46297C0A58BB6E7D0D11EE54026AAD85
Requests: 1 HTTP requests in this frame

Frame: https://bcp.crwdcntrl.net/pixels?s=22%2C38%2C104%2C80%2C12%2C3&c=15238
Frame ID: 0D427BB030FA17F1168F2506C1E8F532
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: BC97DE06DCBAA1F22EAD8F2DBA773E4F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5D9C486ACBCA0FF906601287A2491322
Requests: 2 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzAmdGw9MTI5NjAw&piggybackCookie=di_36219b9470134ebfa1e5f
Frame ID: CC6F67FEDC4DF6305986254B47CDABDA
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: A43235CB88E8D7AE7D91A79E2324DA43
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=4f595dc4-fd08-11ec-a7aa-683779566213
Frame ID: 117B03147EA423827F5CF55E48888574
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=KElQabhlS19wIXE0Qn0NFpU4mbw
Frame ID: D5ABC82D6B164E77A9305419569168B9
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005
Frame ID: BB3B3B98981E53B47DF59279535CEED5
Requests: 1 HTTP requests in this frame

Frame: https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
Frame ID: 6FB695BD63919632DEFD50C8FBC3A654
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=679010260583
Frame ID: 9A6923BE7AF165A82C4C9364C2976C12
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:WL62lS3y1O90Hh5&gdpr=0&gdpr_consent=
Frame ID: 2C941BB2CEAC4ADAB31841B0FF92785F
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: C2161AB42FDFF823C572E334E8805D14
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7103836671686527548
Frame ID: A288D550E804430A83BE51CBE0365AF3
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=b30d8f4d-72b6-458e-8ecc-7c27b571c983-tuct9bed1b1&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: A0598B75CDB72E98FA782BF791099618
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=HNttt3EmC6GFyg9eM0zFYg
Frame ID: 8641DF89AF2E8C2BFA54357AF8ADBFDA
Requests: 1 HTTP requests in this frame

Frame: https://matching.truffle.bid/sync/pub?sid=161&suid=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDQmdGw9MjAxNjA=&piggybackCookie=$UID
Frame ID: 749969D0BECBFCD109C8DC2C6CCB397C
Requests: 1 HTTP requests in this frame

Frame: https://core.iprom.net/cookiesync
Frame ID: EBD5908DEDEF545B6E3FB4A7DE48D753
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Frame ID: 18A9D5CE01D2F6FB53D8AC2B549907E5
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=fa5ae6a3-8da4-4b55-8126-1b2ec63dce94
Frame ID: 33E21D071C37A0A51D8F992AC8700EA0
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw&piggybackCookie=7de9fb20-a6dd-402f-8b4f-12d864a17786
Frame ID: B388FAED2EADBA6207D74A1DC705F9E8
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:B242526CF2DB4B7AB8F295AB005A6121
Frame ID: BF328DFBF7D6EB4927A500AA90177A66
Requests: 1 HTTP requests in this frame

Frame: https://sync.adtelligent.com/csync?t=a&ep=281178&extuid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
Frame ID: 5E237DA9B4A3A2040A2C6303DCE26076
Requests: 1 HTTP requests in this frame

Frame: https://u-iad04.e-planning.net/um?dc=a208d9366469aa64&fi=9ae569c9d990f0cd&uid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
Frame ID: 9665AD696F58BFE81FB6AF30B130D91E
Requests: 1 HTTP requests in this frame

Frame: https://sync.adtelligent.com/csync?t=a&ep=281178&extuid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
Frame ID: 9047379ECF5F37EE652E9A5D8D32AB26
Requests: 1 HTTP requests in this frame

Frame: https://sync.adtelligent.com/csync?t=a&ep=281178&extuid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
Frame ID: C0F58C3ABA575EDA7EEB35DCCE33B4D4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

LINK NONTON Film Thor Love and Thunder, Melawan Gorr The God Butcher - Hallo Banten

Page URL History Show full URLs

https://t.co/a3sv0Pk4RW Page URL
https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-go... Page URL

Detected technologies

Firebase (Databases) Expand

Overall confidence: 100%
Detected patterns

/firebasejs/([\d.]+)/firebase

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

546
Requests

77 %
HTTPS

21 %
IPv6

121
Domains

180
Subdomains

88
IPs

12
Countries

3818 kB
Transfer

10246 kB
Size

248
Cookies

33 Outgoing links

These are links going to different origins than the main page.

URL: https://www.hallo.id/
Title: Hallo Id

Search URL Search Domain Scan URL

URL: https://depok.hallo.id/
Title: Hallo Depok

Search URL Search Domain Scan URL

URL: https://seleb.hallo.id/
Title: Hallo Seleb

Search URL Search Domain Scan URL

URL: https://sukabumi.hallo.id/
Title: Hallo Sukabumi

Search URL Search Domain Scan URL

URL: https://tasik.hallo.id/
Title: Hallo Tasik

Search URL Search Domain Scan URL

URL: https://jatim.hallo.id/
Title: Hallo Jatim

Search URL Search Domain Scan URL

URL: https://lampung.hallo.id/
Title: Hallo Lampung

Search URL Search Domain Scan URL

URL: https://malang.hallo.id/
Title: Hallo Malang

Search URL Search Domain Scan URL

URL: https://bisnis.hallo.id/
Title: Hallo Bisnis

Search URL Search Domain Scan URL

URL: https://madura.hallo.id/
Title: Hallo Madura

Search URL Search Domain Scan URL

URL: https://bogor.hallo.id/
Title: Hallo Bogor

Search URL Search Domain Scan URL

URL: https://desanews.hallo.id/
Title: Hallo Desa

Search URL Search Domain Scan URL

URL: https://sulsel.hallo.id/
Title: Hallo Sulsel

Search URL Search Domain Scan URL

URL: https://sultra.hallo.id/
Title: Hallo Sultra

Search URL Search Domain Scan URL

URL: https://sidoarjo.hallo.id/
Title: Hallo Sidoarjo

Search URL Search Domain Scan URL

URL: https://sport.hallo.id/
Title: Hallo Sport

Search URL Search Domain Scan URL

URL: https://lifestyle.hallo.id/
Title: Hallo Lifestyle

Search URL Search Domain Scan URL

URL: https://ternate.hallo.id/
Title: Hallo Ternate

Search URL Search Domain Scan URL

URL: https://jakarta.hallo.id/
Title: Hallo Jakarta

Search URL Search Domain Scan URL

URL: https://purwasuka.hallo.id/
Title: Hallo Purwasuka

Search URL Search Domain Scan URL

URL: https://www.facebook.com/profile.php?id=100070684393920

Search URL Search Domain Scan URL

URL: https://twitter.com/hallobantennews

Search URL Search Domain Scan URL

URL: https://www.instagram.com/hallobantennews/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC_EBiggEkxxBVIA8HOT7_aw

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=LINK%20NONTON%20Film%20Thor%20Love%20and%20Thunder%20%20Melawan%20Gorr%20The%20God%20Butcher%20https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher

Search URL Search Domain Scan URL

URL: https://advertnative.com/

Search URL Search Domain Scan URL

URL: https://widgets.mgid.com/?utm_source=banten.hallo.id&utm_medium=referral&utm_campaign=widgets&utm_content=1179904

Search URL Search Domain Scan URL

URL: https://www.mgid.com/services/privacy-policy

Search URL Search Domain Scan URL

URL: https://clck.mgid.com/ghits/3805428/i/57513127/0/pp/1/1?h=NpB1bEd496_AKvzP2i9R8YFX1fKnDYnxx_R3CGJxduhjFZkbG3bgMTIqLGFfd2Ol&rid=4c675494-fd08-11ec-a349-78ac440ce852&ts=t.co&tt=Social&att=1&afrd=8&iv=11&ct=1&gdpr=0&muid=m66GW8FclGL1&st=-240

Search URL Search Domain Scan URL

URL: https://clck.mgid.com/ghits/13404712/i/57513127/0/pp/2/1?h=NpB1bEd496_AKvzP2i9R8R_pTLkP-MbaXOIHCas2RK0UTl3Wyd9gNQ3OQSYevNSq&rid=4c675494-fd08-11ec-a349-78ac440ce852&ts=t.co&tt=Social&att=1&afrd=8&iv=11&ct=1&gdpr=0&muid=m66GW8FclGL1&st=-240

Search URL Search Domain Scan URL

URL: https://clck.mgid.com/ghits/13054683/i/57513127/0/pp/3/1?h=NpB1bEd496_AKvzP2i9R8Q-PxAPrQb-5gZ23R_fw9dHe7KlLZT8zWrO8Du6b6RP6&rid=4c675494-fd08-11ec-a349-78ac440ce852&ts=t.co&tt=Social&att=1&afrd=8&iv=11&ct=1&gdpr=0&muid=m66GW8FclGL1&st=-240

Search URL Search Domain Scan URL

URL: https://clck.mgid.com/ghits/3805619/i/57513127/0/pp/4/1?h=NpB1bEd496_AKvzP2i9R8dKBwJTNyx9rkkL3JyJrlfydEJARbPZPjzG9c5FTj_4f&rid=4c675494-fd08-11ec-a349-78ac440ce852&ts=t.co&tt=Social&att=1&afrd=8&iv=11&ct=1&gdpr=0&muid=m66GW8FclGL1&st=-240

Search URL Search Domain Scan URL

URL: https://www.promediateknologi.com/
Title: ProMedia Teknologi

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/a3sv0Pk4RW Page URL
https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 229

https://ad.360yield.com/server_match?partner_id=1944&r=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D665953%26c%3D%7BPUB_USER_ID%7D HTTP 302
https://ad.360yield.com/ul_cb/server_match?partner_id=1944&r=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D665953%26c%3D%7BPUB_USER_ID%7D HTTP 302
https://cm.mgid.com/m?cdsp=665953&c=ea078dcd-ed1b-4065-a7ae-c9bdf6241b93

Request Chain 230

https://t.adx.opera.com/pub/sync?pubid=pub6103523253312 HTTP 302
https://ib.adnxs.com/getuid?https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fvendor%3D60141%26uid%3D%24UID HTTP 302
https://t.adx.opera.com/sync?vendor=60141&uid=3118761177084706340 HTTP 302
https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fvendor%3D60158%26uid%3D%24UID&partner=opera_media HTTP 302
https://t.adx.opera.com/sync?vendor=60158&uid=86581681-90df-f7e2-9cc7-5e292fc99232 HTTP 302
https://creativecdn.com/cm-notify?pi=opera HTTP 302
https://t.adx.opera.com/sync?vendor=60039&uid=YG02ktO8Cn3rt9A3jqGj&pi=opera HTTP 302
https://cs.mobfox.com/7b8b188df2e2d757df67b198ed77e9f5.gif?puid=51d7215b4840f01c&redir=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fvendor%3D60058 HTTP 302
https://t.adx.opera.com/sync?vendor=60058 HTTP 302
https://sync.taboola.com/sg/OperaSCoD/1/cm HTTP 302
https://t.adx.opera.com/sync?vendor=60151&uid=b5abaf37-dff7-45d8-be78-4ba4a61156d3-tuct9bed1b1 HTTP 302
https://ups.analytics.yahoo.com/ups/58484/occ HTTP 302
https://t.adx.opera.com/sync?vendor=60112&uid=y-IgnWEnlE2uHLCsALo3yLKP9fzQ74yjTAWqKc1sw-~A HTTP 302
https://sync.aralego.com/idSync?ucf_nid=par-627D96DE43D94E241EAD99688E72B636&ucf_user_id=51d7215b4840f01c&redirect=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fuid%3DUCFUID%26vendor%3D60114 HTTP 302
https://t.adx.opera.com/sync?uid=511af5b5-388e-36cb-85ab-4482f54203bd&vendor=60114 HTTP 302
https://cs.mobfox.com/7b8b188df2e2d757df67b198ed77e9f5.gif?puid=51d7215b4840f01c&redir=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fvendor%3D60058 HTTP 302
https://t.adx.opera.com/sync?vendor=60058 HTTP 302
https://ssbsync.smartadserver.com/api/sync?callerId=14&gdpr=0&gdpr_consent= HTTP 302
https://t.adx.opera.com/sync?vendor=60140&uid=2541039644928651045&gdpr=0&gdpr_consent= HTTP 302
https://an.yandex.ru/mapuid/operacom/ HTTP 302
https://an.yandex.ru/mapuid/operacom/?redir-setuniq=1

Request Chain 231

https://image8.pubmatic.com/AdServer/ImgSync?p=161673&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D161673%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fcm.mgid.com%252Fm%253Fcdsp%253D712807%2526c%253D%2523PMUID HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=161673&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D161673%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fcm.mgid.com%252Fm%253Fcdsp%253D712807%2526c%253D%2523PMUID&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=N0U4QkI3ODgtRUMwRC00QUEwLThDMDgtNDQwRDY4RDU3OEIx&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=161673&pmc=1&pr=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D712807%26c%3D7E8BB788-EC0D-4AA0-8C08-440D68D578B1 HTTP 302
https://cm.mgid.com/m?cdsp=712807&c=7E8BB788-EC0D-4AA0-8C08-440D68D578B1

Request Chain 232

https://pixel.rubiconproject.com/exchange/sync.php?p=mgid HTTP 302
https://cm.mgid.com/m?cdsp=43070&c=L59CXBSV-3-4UE9

Request Chain 233

https://x.bidswitch.net/sync?dsp_id=303&user_id=m66GW8FclGL1 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=303&user_id=m66GW8FclGL1 HTTP 302
https://jadserve.postrelease.com/suid/1011?vk=09b3299d-acd9-44cb-8002-aa2609ca1291

Request Chain 234

https://cm.g.doubleclick.net/pixel?google_nid=marketgid&google_cm=&google_ula={guid}&google_hm=bTY2R1c4RmNsR0wx&muidn=m66GW8FclGL1 HTTP 302
https://cm.mgid.com/google?muidn=m66GW8FclGL1&google_ula={guid},5&google_gid=CAESEDwVMn3L4h95VtutbXyfXiM&google_cver=1

Request Chain 235

https://sync.e-volution.ai/34b9aae5baa016b251b9fc488f4a97cd.gif?puid=m66GW8FclGL1 HTTP 302
https://ssbsync.smartadserver.com/api/sync?callerId=24&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://sync.e-volution.ai/a02d62607dea0c97e41ff36ebd422945.gif?puid=2541039644928651045&gdpr=0&gdpr_consent= HTTP 302
https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-pashadv&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 236

https://rtb-usw.mfadsrvr.com/sync?ssp=mgid HTTP 302
https://rtb-usw.mfadsrvr.com/ul_cb/sync?ssp=mgid HTTP 302
https://cm.mgid.com/m?cdsp=287839&c=6d18d6d8-458c-4f27-b8a4-9765be99ae76

Request Chain 237

https://match.adsrvr.org/track/cmf/generic?ttd_pid=omn67hl&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=omn67hl&ttd_tpi=1 HTTP 302
https://cm.mgid.com/m?cdsp=371158&c=8c96384d-bd43-4ecf-8a87-9d923f86652d&ttl=1659689264

Request Chain 238

https://id.rlcdn.com/712056.gif HTTP 307
https://id.rlcdn.com/1000.gif?memo=CPi6KxoNCLCYlZYGEgUI6AcQAEIASgA

Request Chain 239

https://idsync.rlcdn.com/712107.gif?partner_uid=m66GW8FclGL1& HTTP 307
https://pippio.com/api/sync?pid=5324&_=2 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpGgwIsJiVlgYSBAgCEABCAEoA HTTP 302
https://pippio.com/api/sync/ddp?pid=2&m=CMwpGgwIsJiVlgYSBAgCEABCAEoA&google_gid=CAESECVcHgcC-6I-9FuPxasExRo&google_cver=1 HTTP 307
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3= HTTP 303
https://idsync.rlcdn.com/458249.gif?partner_uid=05419d98-7d48-47e4-8c05-60b38b69e503

Request Chain 240

https://creativecdn.com/cm-notify?pi=mgid HTTP 302
https://creativecdn.com/cm-notify?pi=mgid&tc=1 HTTP 302
https://cm.mgid.com/m?cdsp=501037&c=YG02ktO8Cn3rt9A3jqGj&pi=mgid&tc=1

Request Chain 241

https://x.bidswitch.net/sync?ssp=mgid HTTP 302
https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=mgid&bsw_user_id=09b3299d-acd9-44cb-8002-aa2609ca1291 HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=mgid&bsw_user_id=09b3299d-acd9-44cb-8002-aa2609ca1291 HTTP 302
https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=d2238a2e-fc11-4134-b5f6-d623209392df&ssp=mgid HTTP 302
https://cm.mgid.com/m?cdsp=433145&c=09b3299d-acd9-44cb-8002-aa2609ca1291&gdpr=&consentData=&uspString=

Request Chain 261

https://csync.loopme.me/?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D319130%26extuid%3D%7Bdevice_id%7D HTTP 307
https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=2709fb28-e68c-4bdc-af39-4d72cf8bd176

Request Chain 264

https://ic.tynt.com/r/d?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X HTTP 307
https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X

Request Chain 266

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID HTTP 302
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID

Request Chain 267

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D584890%26extuid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.adtelligent.com%252Fcsync%253Ft%253Da%2526ep%253D584890%2526extuid%253D%2524UID HTTP 302
https://sync.adtelligent.com/csync?t=a&ep=584890&extuid=3118761177084706340

Request Chain 268

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D310570%26extuid%3D%24UID HTTP 307
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D310570%26extuid%3D%24UID&sovrn_retry=true HTTP 307
https://sync.adtelligent.com/csync?t=a&ep=310570&extuid=E7evjLZHduBErJVZTJiI06fm

Request Chain 269

https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D309255%26extuid%3D%24%7BUID%7D HTTP 302
https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D309255%26extuid%3D%24%7BUID%7D&ox_sc=1 HTTP 302
https://sync.adtelligent.com/csync?t=a&ep=309255&extuid=ca045de8-7410-4045-bbd5-02e820b876f1

Request Chain 270

https://ad.360yield.com/server_match?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D289656%26extuid%3D%7BPUB_USER_ID%7D HTTP 302
https://sync.adtelligent.com/csync?t=a&ep=289656&extuid=ea078dcd-ed1b-4065-a7ae-c9bdf6241b93

Request Chain 271

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D297253%26extuid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.adtelligent.com%252Fcsync%253Ft%253Da%2526ep%253D297253%2526extuid%253D%2524UID HTTP 302
https://sync.adtelligent.com/csync?t=a&ep=297253&extuid=3118761177084706340

Request Chain 272

https://a4p.adpartner.pro/ssp/match?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307558%26extuid%3D%7Buser_id%7D HTTP 302
https://sync.adtelligent.com/csync?t=a&ep=307558&extuid=08e91465-96f4-4292-bbbb-b8c2373e2484

Request Chain 274

https://sync.adtelligent.com/csync?redir=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D617666%26c%3D%7Buid%7D HTTP 302
https://cm.mgid.com/m?cdsp=617666&c=86a13ba6ab56d298

Request Chain 287

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17184-d HTTP 301
https://eus.rubiconproject.com/usync.html?p=17184-d

Request Chain 301

https://pixel.sitescout.com/dmp/pixelSync?network=EPLANNING&rurl=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3D9ae569c9d990f0cd HTTP 302
https://pixel.sitescout.com/dmp/pixelSync?cookieQ=1&network=EPLANNING&rurl=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3D9ae569c9d990f0cd HTTP 302
https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&gdpr=0&gdpr_consent=&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3D7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341%26partner_url%3Dhttps%253A%252F%252Fu-iad04.e-planning.net%252Fum%253Fuid%253D7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341%2526dc%253D0abbcb4eba840e59%2526fi%253D9ae569c9d990f0cd HTTP 302
https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&gdpr=0&gdpr_consent=&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3D7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341%26partner_url%3Dhttps%253A%252F%252Fu-iad04.e-planning.net%252Fum%253Fuid%253D7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341%2526dc%253D0abbcb4eba840e59%2526fi%253D9ae569c9d990f0cd&xl8blockcheck=1 HTTP 302
https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&partner_url=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3D7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341%26dc%3D0abbcb4eba840e59%26fi%3D9ae569c9d990f0cd HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&partner_url=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3D7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341%26dc%3D0abbcb4eba840e59%26fi%3D9ae569c9d990f0cd HTTP 302
https://u-iad04.e-planning.net/um?uid=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&dc=0abbcb4eba840e59&fi=9ae569c9d990f0cd

Request Chain 302

https://sync.1rx.io/usersync2/eplanning HTTP 302
https://sync.1rx.io/usersync2/eplanning?zcc=1&cb=1657097264148 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4980588797 HTTP 302
https://sync.1rx.io/usersync/tradedesk/8c96384d-bd43-4ecf-8a87-9d923f86652d HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005?redir=https%3A%2F%2Fsync.e-planning.net%2Fum%3Fuid%3DRX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005%26dc%3D1079cc634ca638f8%26iss%3D1 HTTP 302
https://sync.e-planning.net/um?uid=RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005&dc=1079cc634ca638f8&iss=1

Request Chain 303

https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3D9ae569c9d990f0cd%26uid%3D%24%7BUID%7D HTTP 302
https://u-iad04.e-planning.net/um?dc=ff96d1aa62deeebd&fi=9ae569c9d990f0cd&uid=ca045de8-7410-4045-bbd5-02e820b876f1

Request Chain 306

https://ib.adnxs.com/getuid?https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3D9ae569c9d990f0cd%26uid%3D%24UID HTTP 302
https://u-iad04.e-planning.net/um?dc=8103fa85295fbe60&fi=9ae569c9d990f0cd&uid=3118761177084706340

Request Chain 307

https://sync.go.sonobi.com/us?loc=%0A%0Ahttps%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3De52415579699e09f%26fi%3D9ae569c9d990f0cd%26uid%3D%5BUID%5D HTTP 302
https://u-iad04.e-planning.net/um?dc=e52415579699e09f&fi=9ae569c9d990f0cd&uid=bde8a076-aa5d-4bb4-9a2b-345dcd8baaab

Request Chain 308

https://cs.emxdgt.com/um?ssp=pbs&gdpr=0&gdpr_consent={{.GDPRConsent}}&us_privacy={{.USPrivacy}}&redirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Dd87251d0debad578%26fi%3D9ae569c9d990f0cd%26uid%3D%24UID HTTP 302
https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Dd87251d0debad578%26fi%3D9ae569c9d990f0cd%26uid%3D%24EMXUID&b64_redirect=aHR0cHM6Ly91LWlhZDA0LmUtcGxhbm5pbmcubmV0L3VtP2RjPWQ4NzI1MWQwZGViYWQ1NzgmZmk9OWFlNTY5YzlkOTkwZjBjZCZ1aWQ9JEVNWFVJRA== HTTP 302
https://cs.emxdgt.com/umcheck?apnxid=3118761177084706340&redirect=https://u-iad04.e-planning.net/um?dc=d87251d0debad578&fi=9ae569c9d990f0cd&uid=$EMXUID&b64_redirect=aHR0cHM6Ly91LWlhZDA0LmUtcGxhbm5pbmcubmV0L3VtP2RjPWQ4NzI1MWQwZGViYWQ1NzgmZmk9OWFlNTY5YzlkOTkwZjBjZCZ1aWQ9JEVNWFVJRA== HTTP 302
https://u-iad04.e-planning.net/um?dc=d87251d0debad578&fi=9ae569c9d990f0cd&uid=3118761177084706340brt64381657097264204469b6

Request Chain 309

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=eplanning_east&endpoint=us-east HTTP 301
https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east

Request Chain 311

https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D9ae569c9d990f0cd%26uid%3D HTTP 302
https://ssum.casalemedia.com%2C%20r19.lb.indexww.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D9ae569c9d990f0cd%26uid%3D&s=190243&C=1

Request Chain 316

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=33across&endpoint=us-east&us_privacy= HTTP 301
https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=

Request Chain 317

https://x.bidswitch.net/sync?ssp=the33across&us_privacy= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=the33across&bsw_param=09b3299d-acd9-44cb-8002-aa2609ca1291&google_hm=MDliMzI5OWQtYWNkOS00NGNiLTgwMDItYWEyNjA5Y2ExMjkx HTTP 302
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEKiBwTHMcx4R5G72chJzu3s&google_cver=1&ssp=the33across&bsw_param=09b3299d-acd9-44cb-8002-aa2609ca1291 HTTP 302
https://ssc-cms.33across.com/ps/?xi=10&us_privacy=&xu=09b3299d-acd9-44cb-8002-aa2609ca1291 HTTP 302
https://events-ssc.33across.com/match?bidder_id=10&external_user_id=09b3299d-acd9-44cb-8002-aa2609ca1291&ts=1657097264&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 318

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1657097263912.3&ri=1&ru=https%3A%2F%2Fsync.mathtag.com%2Fsync%2Fimg%3Fus_privacy%3D%24%7BUS_PRIVACY%7D%26mt_exid%3D73%26redir%3Dhttps%253A%252F%252Fevents-ssc.33across.com%252Fmatch%253Fliv%253Dg%2526us_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D1%2526external_user_id%253D%255BMM_UUID%255D HTTP 302
https://sync.mathtag.com/sync/img?us_privacy=&mt_exid=73&redir=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D1%26external_user_id%3D%5BMM_UUID%5D HTTP 302
https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=1&external_user_id=e9ae62c5-4c30-4a00-a0b2-0083c4f1a87e

Request Chain 319

https://ups.analytics.yahoo.com/ups/58350/sync?redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58350/sync?redir=true&verify=true HTTP 302
https://ssc-cms.33across.com/ps/?xi=99&us_privacy=&xu=y-eQkjoq5E2uFHDeEpRmsQna5zvqGWNeOw~A HTTP 302
https://events-ssc.33across.com/match?bidder_id=99&external_user_id=y-eQkjoq5E2uFHDeEpRmsQna5zvqGWNeOw%7EA&ts=1657097264&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 320

https://33across-match.dotomi.com/match/bounce/current?networkId=78390&version=1&us_privacy= HTTP 302
https://33across-match.dotomi.com/match/bounce/current?DotomiTest=2f041be6749d120f&is_secure=true&networkId=78390&version=1&us_privacy= HTTP 302
https://ssc-cms.33across.com/ps?xi=64&xu=AAAGahZyujOscgNsQT0hAAAAAAA&expiration=1657183664&is_secure=true&us_privacy= HTTP 302
https://events-ssc.33across.com/match?bidder_id=64&external_user_id=AAAGahZyujOscgNsQT0hAAAAAAA&ts=1657097264&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 321

https://match.adsrvr.org/track/cmf/generic?ttd_pid=f0v35ew&ttd_tpi=1&us_privacy= HTTP 302
https://ssc-cms.33across.com/ps/?ri=102&ru=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fbidder_id%3D102%26ttl%3D1659689264%26external_user_id%3D8c96384d-bd43-4ecf-8a87-9d923f86652d HTTP 302
https://cms-xch-chicago.33across.com/match?bidder_id=102&ttl=1659689264&external_user_id=8c96384d-bd43-4ecf-8a87-9d923f86652d

Request Chain 326

https://pixel.rubiconproject.com/exchange/sync.php?p=17184-d&khaos=L59CXBSV-3-4UE9 HTTP 302
https://sync.adtelligent.com/csync?t=a&ep=323557&extuid=L59CXBSV-3-4UE9

Request Chain 329

https://c1.adform.net/serving/cookie/match?party=14&cid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1

Request Chain 330

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YsVMMAAOOa2V7QAo HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YsVMMAAOOa2V7QAo&gdpr=0&gdpr_consent=&_test=YsVMMAAOOa2V7QAo

Request Chain 331

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:305c62c5-4c30-4200-9500-44bd64b53559&gdpr=0&gdpr_consent=

Request Chain 332

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFCdTNrN0ZpcGdBQUJHR2tUVFFTZw&bee_sync_partners=pp%2Csyn%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csyn%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AABu3k7FipgAABGGkTTQSg&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsyn%252Csas%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=syn%2Csas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AABu3k7FipgAABGGkTTQSg&pid=558502&do=add HTTP 303
https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AABu3k7FipgAABGGkTTQSg&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3 HTTP 307
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas,pm&bee_sync_current_partner=syn&bee_sync_initiator=adx&bee_sync_hop_count=3 HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AABu3k7FipgAABGGkTTQSg

Request Chain 334

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=fou3iOwNSqCMCEQNaNV4sQ%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 335

https://idsync.rlcdn.com/420486.gif?partner_uid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CIbVGRIwCiwIARCMowEaJDdFOEJCNzg4LUVDMEQtNEFBMC04QzA4LTQ0MEQ2OEQ1NzhCMRAAGg0IsJiVlgYSBQjoBxAAQgBKAA HTTP 307
https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D HTTP 302
https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=a61cad41-00c8-45cc-8f20-420e9878d5a4

Request Chain 336

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=37db62c5-4c30-4000-8cb0-e0643ac4e95d

Request Chain 337

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMoYhwG5d6t5a9RIv5I8CXw&google_cver=1

Request Chain 338

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:B242526CF2DB4B7AB8F295AB005A6121

Request Chain 339

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3187058829708213451&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 340

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=8c96384d-bd43-4ecf-8a87-9d923f86652d

Request Chain 342

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-jkvGiiFE2uW_kbpJVnUtuYSofF2Orbc-~A&gdpr=0&gdpr_consent=

Request Chain 354

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=eplanning_east&khaos=L59CXBSV-3-4UE9 HTTP 302
https://sync.e-planning.net/um?uid=L59CXBSV-3-4UE9&dc=9bcc91305985f0db&iss=1

Request Chain 358

https://id.rlcdn.com/709414.gif HTTP 307
https://token.rubiconproject.com/esync?pid=28028&puid=&pt=e

Request Chain 359

https://match.adsrvr.org/track/cmf/rubicon HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=8c96384d-bd43-4ecf-8a87-9d923f86652d&gdpr=0&gdpr_consent=&expires=30

Request Chain 360

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=BdIZj9XFQIqDjE6eRoh9Zg&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=BdIZj9XFQIqDjE6eRoh9Zg

Request Chain 361

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L59CXBSV-3-4UE9

Request Chain 362

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMTOzZlbozNOZFOeLqDZsvs&google_cver=1

Request Chain 363

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YmZiNDZiNzVjYTlhZWVjOTZhZTFlNWJjNDJiY2YxMjc1ZDNkMGQ2Zg

Request Chain 364

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDU5Q1hCU1YtMy00VUU5

Request Chain 365

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/nEmnRJnpXzf6-DXn9kczzw?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=7268359125657799608

Request Chain 368

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=33across&us_privacy=&khaos=L59CXBSV-3-4UE9 HTTP 302
https://ssc-cms.33across.com/ps/?xi=1&xu=L59CXBSV-3-4UE9 HTTP 302
https://events-ssc.33across.com/match?bidder_id=30&external_user_id=L59CXBSV-3-4UE9&ts=1657097264&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 373

https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dmedianet%26uid%3D%3Cvsid%3E HTTP 302
https://sync.quantumdex.io/setuid?bidder=medianet&uid=3000988641455662000V10

Request Chain 374

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=3118761177084706340

Request Chain 375

https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsharethrough%26uid%3D%24UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=645188bc-d8bc-4d12-b0dd-3e4651dd433a

Request Chain 376

https://id5-sync.com/i/495/0.gif?callback=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dinmobi%26uid%3D%7BID5UID%7D HTTP 302
https://id5-sync.com/c/495/0/0/1.gif?gdpr=0&gdpr_consent= HTTP 302
https://sync.quantumdex.io/setuid?bidder=inmobi&uid=ID5-ZHMO1rhBMUaOjzJ9Jmpfv4Zvf8G3mfxfsvXtoOq27Q

Request Chain 377

https://ups.analytics.yahoo.com/ups/58424/occ HTTP 302
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-IgnWEnlE2uHLCsALo3yLKP9fzQ74yjTAWqKc1sw-~A

Request Chain 378

https://s.ad.smaato.net/c/?adExInit=p&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsmaato%26uid%3D%24UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=smaato&uid=02fe9eba

Request Chain 379

https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D HTTP 302
https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1 HTTP 302
https://sync.quantumdex.io/setuid?bidder=between&uid=2696a6dc-272c-53bb-8847-31c4ea827df4

Request Chain 399

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YsVMMO1Kr8iar2WzSRoTWgAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHk-6dX1WCLMqCc_-u-6xAc&google_cver=1

Request Chain 401

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YsVMMO1Kr8iar2WzSRoTWgAAAKYAAAIB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEMmv0--_XHZEg9gKeaYoecs&google_cver=1

Request Chain 402

https://match.adsrvr.org/track/cmf/casale HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=8c96384d-bd43-4ecf-8a87-9d923f86652d&expiration=1659689264&gdpr=0&gdpr_consent=

Request Chain 403

https://match.prod.bidr.io/cookie-sync/ie HTTP 303
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AABu3k7FipgAABGGkTTQSg&expiration=1658306864

Request Chain 404

https://sync.extend.tv/r.gif?exchange=index HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=ad31758a-5fb7-470d-850b-01c3e72680bb

Request Chain 406

https://ad.turn.com/r/cs?pid=21 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3187058829708213451

Request Chain 413

https://x.bidswitch.net/sync?ssp=mgid HTTP 302
https://m.fg8dgt.com/sync?ssp=bidswitch&bidswitch_ssp_id=mgid&ssp_uuid=09b3299d-acd9-44cb-8002-aa2609ca1291 HTTP 302
https://m.fg8dgt.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=mgid&ssp_uuid=09b3299d-acd9-44cb-8002-aa2609ca1291 HTTP 302
https://x.bidswitch.net/sync?dsp_id=108&expires=14&ssp=mgid&user_id=1eba42a9-7b3b-4b93-a403-f2ca6264f024 HTTP 302
https://cm.mgid.com/m?cdsp=433145&c=09b3299d-acd9-44cb-8002-aa2609ca1291&gdpr=&consentData=&uspString=

Request Chain 414

https://t.adx.opera.com/pub/sync?pubid=pub6103523253312 HTTP 302
https://sync.aralego.com/idSync?ucf_nid=par-627D96DE43D94E241EAD99688E72B636&ucf_user_id=51d7215b4840f01c&redirect=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fuid%3DUCFUID%26vendor%3D60114 HTTP 302
https://t.adx.opera.com/sync?uid=511af5b5-388e-36cb-85ab-4482f54203bd&vendor=60114 HTTP 302
https://sync.taboola.com/sg/OperaSCoD/1/cm HTTP 302
https://t.adx.opera.com/sync?vendor=60151&uid=8dd58ee5-fd13-4763-b9ad-796d97a4521d-tuct9bed1b1 HTTP 302
https://ups.analytics.yahoo.com/ups/58484/occ HTTP 302
https://t.adx.opera.com/sync?vendor=60112&uid=y-IgnWEnlE2uHLCsALo3yLKP9fzQ74yjTAWqKc1sw-~A HTTP 302
https://sync.aralego.com/idSync?ucf_nid=par-627D96DE43D94E241EAD99688E72B636&ucf_user_id=51d7215b4840f01c&redirect=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fuid%3DUCFUID%26vendor%3D60114 HTTP 302
https://t.adx.opera.com/sync?uid=511af5b5-388e-36cb-85ab-4482f54203bd&vendor=60114 HTTP 302
https://cs.mobfox.com/7b8b188df2e2d757df67b198ed77e9f5.gif?puid=51d7215b4840f01c&redir=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fvendor%3D60058 HTTP 302
https://t.adx.opera.com/sync?vendor=60058 HTTP 302
https://ssbsync.smartadserver.com/api/sync?callerId=14&gdpr=0&gdpr_consent= HTTP 302
https://t.adx.opera.com/sync?vendor=60140&uid=2541039644928651045&gdpr=0&gdpr_consent= HTTP 302
https://an.yandex.ru/mapuid/operacom/ HTTP 302
https://an.yandex.ru/mapuid/operacom/?redir-setuniq=1 HTTP 302
https://t.adx.opera.com/sync?vendor=60143&uid=D6F903ABE05A4F2D HTTP 302
https://cm.mgid.com/m?cdsp=528163&c=4ba92145d7644c20b4631cabe199be3b

Request Chain 415

https://image8.pubmatic.com/AdServer/ImgSync?p=161673&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D161673%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fcm.mgid.com%252Fm%253Fcdsp%253D712807%2526c%253D%2523PMUID HTTP 302
https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=4df7e55f-fd08-11ec-8bbd-81c72e424eed&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&gdpr=0&gdpr_consent= HTTP 302
https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=24ab7c8f13a7120f&is_secure=true&networkId=17100&version=1&nuid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAGasxY41wTBQN00xFuAAAAAAA&expiration=1657183665&nuid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&is_secure=true&gdpr_consent=&gdpr=0 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=161673&pmc=1&pr=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D712807%26c%3D7E8BB788-EC0D-4AA0-8C08-440D68D578B1 HTTP 302
https://cm.mgid.com/m?cdsp=712807&c=7E8BB788-EC0D-4AA0-8C08-440D68D578B1

Request Chain 417

https://rtb-usw.mfadsrvr.com/sync?ssp=mgid HTTP 302
https://cm.mgid.com/m?cdsp=287839&c=d2238a2e-fc11-4134-b5f6-d623209392df

Request Chain 418

https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=1931007764&pcid=m66GW8FclGL1&3rddpi=1436365145&3rdpcid=L59CXBSV-3-4UE9&3rddpi=943214099&3rdpcid= HTTP 302
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=1931007764&pcid=m66GW8FclGL1&3rddpi=1436365145&3rdpcid=L59CXBSV-3-4UE9&3rddpi=943214099&3rdpcid=&ckls=true&ci=RK3IpY4AJ5&nc=false&trid=-888638406 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=156872&pu=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1402230080%26mi%3D10%26csh%3D1931007764%26rnd%3D736903959%26pcid%3D%23PMUID HTTP 302
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1402230080&mi=10&csh=1931007764&rnd=736903959&pcid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1 HTTP 302
https://ib.adnxs.com/getuid?https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1709765917%26mi%3D10%26csh%3D1931007764%3B1402230080%26rnd%3D-1398590697&pcid=$UID HTTP 302
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1709765917&mi=10&csh=1931007764;1402230080&rnd=-1398590697&pcid=3118761177084706340 HTTP 302
https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1486637409%26mi%3D10%26csh%3D1931007764%3B1402230080%3B1709765917%26rnd%3D520661999%26pcid%3D HTTP 302
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1486637409&mi=10&csh=1931007764;1402230080;1709765917&rnd=520661999&pcid=047f3497-81c9-4b5f-943c-54de4dabf769 HTTP 302
https://ce.lijit.com/merge?pid=8101&3pid=RK3IpY4AJ5&location=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D396218182%26mi%3D10%26csh%3D1931007764%3B1402230080%3B1709765917%3B1486637409%26rnd%3D-1500392341%26pcid%3D%5BSOVRNID%5D HTTP 302
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=396218182&mi=10&csh=1931007764;1402230080;1709765917;1486637409&rnd=-1500392341&pcid=E7evjLZHduBErJVZTJiI06fm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1072441116%26mi%3D10%26csh%3D1931007764%3B1402230080%3B1709765917%3B1486637409%3B396218182%26rnd%3D-1246876995%26pcid%3D%24SPOTX_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1072441116%26mi%3D10%26csh%3D1931007764%3B1402230080%3B1709765917%3B1486637409%3B396218182%26rnd%3D-1246876995%26pcid%3D%24SPOTX_USER_ID&__user_check__=1&sync_id=4e511aaf-fd08-11ec-9696-1f1e7c470303 HTTP 302
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1072441116&mi=10&csh=1931007764;1402230080;1709765917;1486637409;396218182&rnd=-1246876995&pcid=4e511a0a-fd08-11ec-9696-1f1e7c470303 HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=10019&redir=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1678944572%26mi%3D10%26csh%3D1931007764%3B1402230080%3B1709765917%3B1486637409%3B396218182%3B1072441116%26rnd%3D-498607899%26pcid=[MM_UUID] HTTP 302
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1678944572&mi=10&csh=1931007764;1402230080;1709765917;1486637409;396218182;1072441116&rnd=-498607899&pcid=e9ae62c5-4c30-4a00-a0b2-0083c4f1a87e HTTP 302
https://sync.1rx.io/usersync/intentiq/0?dspret=1&redir=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D541745869%26mi%3D10%26csh%3D1931007764%3B1402230080%3B1709765917%3B1486637409%3B396218182%3B1072441116%3B1678944572%26rnd%3D-1868245515%26pcid%3D%5BRX_UUID%5D HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005?redir=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D541745869%26mi%3D10%26csh%3D1931007764%3B1402230080%3B1709765917%3B1486637409%3B396218182%3B1072441116%3B1678944572%26rnd%3D-1868245515%26pcid%3DRX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005 HTTP 302
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=541745869&mi=10&csh=1931007764;1402230080;1709765917;1486637409;396218182;1072441116;1678944572&rnd=-1868245515&pcid=RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005

Request Chain 419

https://x.bidswitch.net/sync?ssp=mgid HTTP 302
https://pixel.quantserve.com/pixel/p-zLwwakwy-hZw3.gif?idmatch=0&ssp=mgid&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=76&user_group=2&ssp=mgid&gdpr=0&user_id=JpqvzCTL_8g9mqnNJ5HhwCPM9ME9nq3AcpCXc1Ab HTTP 302
https://cm.mgid.com/m?cdsp=433145&c=09b3299d-acd9-44cb-8002-aa2609ca1291&gdpr=0&consentData=&uspString=

Request Chain 420

https://t.adx.opera.com/pub/sync?pubid=pub6103523253312 HTTP 302
https://eb2.3lift.com/getuid?redir=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fvendor%3D60124%26uid%3D$UID HTTP 302
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fvendor%3D60124%26uid%3D%24UID HTTP 302
https://t.adx.opera.com/sync?vendor=60124&uid=4498649742313079059162 HTTP 302
https://sync.taboola.com/sg/OperaSCoD/1/cm HTTP 302
https://t.adx.opera.com/sync?vendor=60151&uid=b30d8f4d-72b6-458e-8ecc-7c27b571c983-tuct9bed1b1 HTTP 302
https://ups.analytics.yahoo.com/ups/58484/occ HTTP 302
https://t.adx.opera.com/sync?vendor=60112&uid=y-IgnWEnlE2uHLCsALo3yLKP9fzQ74yjTAWqKc1sw-~A HTTP 302
https://sync.aralego.com/idSync?ucf_nid=par-627D96DE43D94E241EAD99688E72B636&ucf_user_id=51d7215b4840f01c&redirect=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fuid%3DUCFUID%26vendor%3D60114 HTTP 302
https://t.adx.opera.com/sync?uid=511af5b5-388e-36cb-85ab-4482f54203bd&vendor=60114 HTTP 302
https://an.yandex.ru/mapuid/operacom/ HTTP 302
https://an.yandex.ru/mapuid/operacom/?redir-setuniq=1 HTTP 302
https://t.adx.opera.com/sync?vendor=60143&uid=D6F903ABE05A4F2D HTTP 302
https://cm.mgid.com/m?cdsp=528163&c=4ba92145d7644c20b4631cabe199be3b

Request Chain 421

https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=1931007764&pcid=m66GW8FclGL1&3rddpi=1436365145&3rdpcid=L59CXBSV-3-4UE9&3rddpi=943214099&3rdpcid= HTTP 302
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=1931007764&pcid=m66GW8FclGL1&3rddpi=1436365145&3rdpcid=L59CXBSV-3-4UE9&3rddpi=943214099&3rdpcid=&ckls=true&ci=11Vh4bgYpB&nc=false&trid=2094959689

Request Chain 422

https://image8.pubmatic.com/AdServer/ImgSync?p=161673&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D161673%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fcm.mgid.com%252Fm%253Fcdsp%253D712807%2526c%253D%2523PMUID HTTP 302
https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=4df80bba-fd08-11ec-a7ae-01d28394cfbb&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&gdpr=0&gdpr_consent= HTTP 302
https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=137068038f4c1210&is_secure=true&networkId=17100&version=1&nuid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAGahZyujOseANKl1CUAAAAAAA&expiration=1657183665&nuid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&is_secure=true&gdpr_consent=&gdpr=0 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3118761177084706340&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=G5bYmBnHiJwAlt6ZGp2WlB7Ag5UAktqUT5xS77DH HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Request Chain 425

https://rtb-usw.mfadsrvr.com/sync?ssp=mgid HTTP 302
https://cm.mgid.com/m?cdsp=287839&c=d2238a2e-fc11-4134-b5f6-d623209392df

Request Chain 426

https://ic.tynt.com/r/d?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X HTTP 307
https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X

Request Chain 430

https://sync.adtelligent.com/csync?redir=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D617666%26c%3D%7Buid%7D HTTP 302
https://cm.mgid.com/m?cdsp=617666&c=86a13ba6ab56d298

Request Chain 434

https://ic.tynt.com/r/d?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X HTTP 307
https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X

Request Chain 437

https://sync.adtelligent.com/csync?redir=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D617666%26c%3D%7Buid%7D HTTP 302
https://cm.mgid.com/m?cdsp=617666&c=86a13ba6ab56d298

Request Chain 441

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1657097265119.3&ri=70&ru=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fcm%3Fid%3Dc6a5ba0d-ce02-41bd-a1ea-842c68bd5108%26ph%3D8f5ed5d4-642c-4222-968a-d709c87ac3c8%26us_privacy%3D%24%7BUS_PRIVACY%7D%26r%3Dhttps%253A%252F%252Fevents-ssc.33across.com%252Fmatch%253Fliv%253Dg%2526us_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D70%2526external_user_id%253D HTTP 302
https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D

Request Chain 442

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1657097265119.1&ri=2&ru=https%3A%2F%2Fssum-sec.casalemedia.com%2Fusermatchredir%3Fs%3D191740%26us_privacy%3D%24%7BUS_PRIVACY%7D%26cb%3Dhttps%253A%252F%252Fevents-ssc.33across.com%252Fmatch%253Fliv%253Dg%2526us_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D2%2526external_user_id%253D HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=191740&us_privacy=&cb=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D2%26external_user_id%3D HTTP 302
https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=2&external_user_id=YsVMMO1Kr8iar2WzSRoTWgAA%26166

Request Chain 443

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=104&us_privacy=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D45%26xu%3D%7BuserId%7D HTTP 302
https://tags.bluekai.com/site/17724?id=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D1389%26tp%3DSTSC%26tpid%3D7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341%26gdpr%3D0%26gdpr_consent%3D%26redir%3Dhttps%253A%252F%252Fssc-cms.33across.com%252Fps%252F%253Fus_privacy%253D%2526xi%253D45%2526xu%253D7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341 HTTP 302
https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D45%26xu%3D7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341 HTTP 302
https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D45%26xu%3D7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&ct=y

Request Chain 444

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1657097265119.4&ri=90&ru=https%3A%2F%2Fib.adnxs.com%2Fgetuid%3Fhttps%253A%252F%252Fevents-ssc.33across.com%252Fmatch%253Fliv%253Dg%2526us_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D90%2526external_user_id%253D%2524UID HTTP 302
https://ib.adnxs.com/getuid?https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D90%26external_user_id%3D%24UID HTTP 302
https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=90&external_user_id=3118761177084706340

Request Chain 446

https://bttrack.com/pixel/cookiesync?source=2c3b95b9-6513-42b2-beb7-260851c73b75&secure=1&us_privacy=&cb=1657097265119.6 HTTP 302
https://ssc-cms.33across.com/ps/?xi=66&us_privacy=&xu=e5fc84c5-f83a-4778-92bb-59fad62cc6a5 HTTP 302
https://events-ssc.33across.com/match?bidder_id=66&external_user_id=e5fc84c5-f83a-4778-92bb-59fad62cc6a5&ts=1657097265&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 447

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=104&us_privacy=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D45%26xu%3D%7BuserId%7D HTTP 302
https://tags.bluekai.com/site/17724?id=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D1389%26tp%3DSTSC%26tpid%3D7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341%26gdpr%3D0%26gdpr_consent%3D%26redir%3Dhttps%253A%252F%252Fssc-cms.33across.com%252Fps%252F%253Fus_privacy%253D%2526xi%253D45%2526xu%253D7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341 HTTP 302
https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D45%26xu%3D7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341 HTTP 302
https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D45%26xu%3D7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&ct=y

Request Chain 448

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1657097265150.3&ri=70&ru=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fcm%3Fid%3Dc6a5ba0d-ce02-41bd-a1ea-842c68bd5108%26ph%3D8f5ed5d4-642c-4222-968a-d709c87ac3c8%26us_privacy%3D%24%7BUS_PRIVACY%7D%26r%3Dhttps%253A%252F%252Fevents-ssc.33across.com%252Fmatch%253Fliv%253Dg%2526us_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D70%2526external_user_id%253D HTTP 302
https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D

Request Chain 450

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1657097265150.1&ri=2&ru=https%3A%2F%2Fssum-sec.casalemedia.com%2Fusermatchredir%3Fs%3D191740%26us_privacy%3D%24%7BUS_PRIVACY%7D%26cb%3Dhttps%253A%252F%252Fevents-ssc.33across.com%252Fmatch%253Fliv%253Dg%2526us_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D2%2526external_user_id%253D HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=191740&us_privacy=&cb=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D2%26external_user_id%3D HTTP 302
https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=2&external_user_id=YsVMMO1Kr8iar2WzSRoTWgAA%26166

Request Chain 451

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1657097265150.4&ri=90&ru=https%3A%2F%2Fib.adnxs.com%2Fgetuid%3Fhttps%253A%252F%252Fevents-ssc.33across.com%252Fmatch%253Fliv%253Dg%2526us_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D90%2526external_user_id%253D%2524UID HTTP 302
https://ib.adnxs.com/getuid?https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D90%26external_user_id%3D%24UID HTTP 302
https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=90&external_user_id=3118761177084706340

Request Chain 452

https://bttrack.com/pixel/cookiesync?source=2c3b95b9-6513-42b2-beb7-260851c73b75&secure=1&us_privacy=&cb=1657097265150.6 HTTP 302
https://ssc-cms.33across.com/ps/?xi=66&us_privacy=&xu=bdf9931a-4ed2-4770-9765-04852cb4ff74 HTTP 302
https://events-ssc.33across.com/match?bidder_id=66&external_user_id=bdf9931a-4ed2-4770-9765-04852cb4ff74&ts=1657097265&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 458

https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fid.rlcdn.com%2F464246.gif%3Fpartner_uid%3D HTTP 302
https://id.rlcdn.com/464246.gif?partner_uid=a61cad41-00c8-45cc-8f20-420e9878d5a4 HTTP 307
https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D HTTP 302
https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=a61cad41-00c8-45cc-8f20-420e9878d5a4

Request Chain 459

https://ib.adnxs.com/getuid?https://us-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072399&val=3118761177084706340

Request Chain 461

https://ad.turn.com/r/cs?pid=9&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537073061&val=3187058829708213451&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 462

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YsVMMAAOOa2V7QAo

Request Chain 464

https://match.adsrvr.org/track/cmf/openx?oxid=f3dad227-cd8f-73ac-d059-c2fda1e3b47c&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072971&val=8c96384d-bd43-4ecf-8a87-9d923f86652d&ttd_puid=f3dad227-cd8f-73ac-d059-c2fda1e3b47c&gdpr=0&gdpr_consent=

Request Chain 466

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPd3n9OwhN_95TM-PsZJsmE&google_cver=1

Request Chain 469

https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fid.rlcdn.com%2F464246.gif%3Fpartner_uid%3D HTTP 302
https://id.rlcdn.com/464246.gif?partner_uid=a61cad41-00c8-45cc-8f20-420e9878d5a4 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm HTTP 302
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEFwswNnoaQfp-pcQG07GEeo&google_cver=1

Request Chain 470

https://ib.adnxs.com/getuid?https://us-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072399&val=3118761177084706340

Request Chain 472

https://ad.turn.com/r/cs?pid=9&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537073061&val=3187058829708213451&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 473

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YsVMMAAOOa2V7QAo

Request Chain 475

https://match.adsrvr.org/track/cmf/openx?oxid=f3dad227-cd8f-73ac-d059-c2fda1e3b47c&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072971&val=8c96384d-bd43-4ecf-8a87-9d923f86652d&ttd_puid=f3dad227-cd8f-73ac-d059-c2fda1e3b47c&gdpr=0&gdpr_consent=

Request Chain 477

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPd3n9OwhN_95TM-PsZJsmE&google_cver=1

Request Chain 478

https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent= HTTP 302
https://a.audrte.com/a?adform_uid=3389439704098990724 HTTP 302
https://a.audrte.com/p

Request Chain 479

https://ps.eyeota.net/pixel?pid=kh51m51&t=ajs&uid=73g104gog-2R8KJelRSdxCiKw&gdpr=0&gdpr_consent= HTTP 302
https://ps.eyeota.net/pixel/bounce/?pid=kh51m51&t=ajs&uid=73g104gog-2R8KJelRSdxCiKw&gdpr=0&gdpr_consent=

Request Chain 480

https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=73g104gog-2R8KJelRSdxCiKw&gdpr=0&gdpr_consent= HTTP 302
https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=73g104gog-2R8KJelRSdxCiKw&gdpr=0&gdpr_consent=&google_gid=CAESED2Q_C5Ys29ozhwGkkfET_U&google_cver=1 HTTP 302
https://a.audrte.com/p

Request Chain 489

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID HTTP 303
https://sync.console.adtarget.com.tr/csync?t=a&ep=307457&extuid=3389439704098990724

Request Chain 490

https://sync.console.adtarget.com.tr/csync?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D318342%26extuid%3D%7Buid%7D HTTP 302
https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=db3568928439bcef

Request Chain 493

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID HTTP 303
https://sync.console.adtarget.com.tr/csync?t=a&ep=307457&extuid=3389439704098990724

Request Chain 494

https://sync.console.adtarget.com.tr/csync?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D318342%26extuid%3D%7Buid%7D HTTP 302
https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=db3568928439bcef

Request Chain 495

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID HTTP 303
https://sync.console.adtarget.com.tr/csync?t=a&ep=307457&extuid=3389439704098990724

Request Chain 496

https://sync.console.adtarget.com.tr/csync?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D318342%26extuid%3D%7Buid%7D HTTP 302
https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=db3568928439bcef

Request Chain 501

https://sync.mathtag.com/sync/img?sync=auto&mt_exid=10040&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D4735%26tp%3DMDMA%26tpid%3D%5BMM_UUID%5D%26src=lot%26gdpr%3D0 HTTP 302
https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=e9ae62c5-4c30-4a00-a0b2-0083c4f1a87e&src=lot&gdpr=0

Request Chain 505

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzQ4ODM4MC90LzI/dpuid/8bf1f9c8fdc812a1b20482d33a852d1/url/https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=$!%7BTURN_UUID%7D/gdpr=0 HTTP 302
https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=3187058829708213451/gdpr=0

Request Chain 516

https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent= HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzAmdGw9MTI5NjAw&piggybackCookie=di_36219b9470134ebfa1e5f

Request Chain 518

https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent= HTTP 302
https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=4f595dc4-fd08-11ec-a7aa-683779566213

Request Chain 519

https://sync.srv.stackadapt.com/sync?nid=11 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=KElQabhlS19wIXE0Qn0NFpU4mbw

Request Chain 520

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005&rndcb=7247901137 HTTP 302
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=adconductor&bsw_custom_parameter=09b3299d-acd9-44cb-8002-aa2609ca1291 HTTP 302
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=adconductor&bsw_custom_parameter=09b3299d-acd9-44cb-8002-aa2609ca1291 HTTP 302
https://x.bidswitch.net/sync?dsp_id=4&user_id=ba71d331-d2a4-4461-b7ff-6e03ee2940be&ssp=adconductor&expires=30&user_group=5&bsw_param=09b3299d-acd9-44cb-8002-aa2609ca1291 HTTP 302
https://sync.1rx.io/usersync/bidswitch/09b3299d-acd9-44cb-8002-aa2609ca1291?gdpr=&gdpr_consent= HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005

Request Chain 521

https://beacon.lynx.cognitivlabs.com/pbmtc.gif?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=adc8c6bb-3df4-4525-99c4-8e75d00dda9a&r=https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=${PUBMATIC_UID} HTTP 302
https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1

Request Chain 522

https://ums.acuityplatform.com/tum?umid=6 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=679010260583

Request Chain 523

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:WL62lS3y1O90Hh5&gdpr=0&gdpr_consent=

Request Chain 524

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}

Request Chain 525

https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fsimage2.pubmatic.com%2fAdServer%2fPug%3fvcode%3dbz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw%26piggybackCookie%3dQ7103836671686527548&uid=Q7103836671686527548&ref=%2Fepm HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7103836671686527548

Request Chain 526

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=b30d8f4d-72b6-458e-8ecc-7c27b571c983-tuct9bed1b1&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0

Request Chain 527

https://gocm.c.appier.net/pubmatic HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=HNttt3EmC6GFyg9eM0zFYg

Request Chain 530

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent= HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0

Request Chain 531

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=fa5ae6a3-8da4-4b55-8126-1b2ec63dce94

Request Chain 532

https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D HTTP 302
https://um.simpli.fi/bnmlahttps%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D6%26uuid%3D%24UID HTTP 302
https://match.bnmla.com/usersync?dspid=6&uuid=B242526CF2DB4B7AB8F295AB005A6121 HTTP 302
https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D170%26uuid%3D%5BUSER_ID%5D HTTP 307
https://match.bnmla.com/usersync?dspid=170&uuid=05E3B1D783FC47F086FF70DB86B71706 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw&piggybackCookie=7de9fb20-a6dd-402f-8b4f-12d864a17786

Request Chain 533

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:B242526CF2DB4B7AB8F295AB005A6121

Request Chain 535

https://pixel.onaudience.com/?partner=214&mapped=7E8BB788-EC0D-4AA0-8C08-440D68D578B1 HTTP 302
https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D0 HTTP 302
https://pixel.onaudience.com/?partner=161&icm&cver&mapped=e7826a9689bba0687a38cf70e02de335&gdpr=0 HTTP 302
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=e4750e7866378c5a/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D HTTP 302
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=8bf1f9c8fdc812a1b20482d33a852d1&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=0 HTTP 302
https://pixel.onaudience.com/?partner=147&mapped=8c96384d-bd43-4ecf-8a87-9d923f86652d&icm&gdpr=0&gdpr_consent=&cver HTTP 302
https://pixel.onaudience.com/?partner=109&icm&cver&gdpr=0&smartmap=1&redirect=tags.bluekai.com%2Fsite%2F33141%3F%26id%3D%25m HTTP 302
https://tags.bluekai.com/site/33141?&id=25f439bb1dbad626

Request Chain 536

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&gdpr= HTTP 302
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&gdpr=&fbounce=1 HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&addseg=12,35,41

Request Chain 537

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 539

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&gdpr=0&gdpr_consent=

Request Chain 540

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dpubmatic HTTP 307
https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dpubmatic HTTP 302
https://x.bidswitch.net/sync?dsp_id=59&user_id=73562566-a61e-45f2-b12a-33ea3e5695ec&ssp=pubmatic HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=09b3299d-acd9-44cb-8002-aa2609ca1291&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 541

https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R1B342_F2953F59_100891E55&r=https://pmp.mxptint.net/sn.ashx?ak=1 HTTP 302
https://pmp.mxptint.net/sn.ashx?ak=1

Request Chain 542

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3389439704098990724

Request Chain 543

https://sync.resetdigital.co:10001/csync/pubmatic HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTgmdGw9NzIwMA==&piggybackCookie=000000B88BDB86CD

Request Chain 544

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=3118761177084706340

Request Chain 545

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:6de73ca6-8dc2-4b03-b735-5d67c932d6d6&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Request Chain 550

https://io.narrative.io/?companyId=673&id=pubmatic_id:7E8BB788-EC0D-4AA0-8C08-440D68D578B1 HTTP 302
https://io.narrative.io/?io.narrative.guid.v2=4f8896c0-fd08-11ec-ae86-0aa26e5cb0e9&companyId=673&id=pubmatic_id:7E8BB788-EC0D-4AA0-8C08-440D68D578B1

546 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 a3sv0Pk4RW
t.co/ 511 B
692 B 149ms
56ms Document
text/html 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/a3sv0Pk4RW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 249
content-type: text/html; charset=utf-8
date: Wed, 06 Jul 2022 08:47:39 GMT
expires: Wed, 06 Jul 2022 08:52:40 GMT
server: tsa_b
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: c1d03f8f586dcbc8bf8e6d333922e52ef725ae765f7523d75fd9d1cadb6f3f00
x-response-time: 15
x-xss-protection: 0

GET
H2 200 Primary Request link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher Show response
banten.hallo.id/entertainment/pr-563825832/ 87 KB
12 KB 1162ms
1104ms Document
text/html 13.224.214.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher

Requested by

Host: t.co
URL: https://t.co/a3sv0Pk4RW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.214.72 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-214-72.phl50.r.cloudfront.net

Software

nginx / PHP/7.3.31

Resource Hash

8bfc314db8d39871dba2bd83d163a2dfb552c573ea77358b3b64ce803f3880d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://t.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-cache, private
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 06 Jul 2022 08:47:41 GMT
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding
via: 1.1 4c18dd7deeecd61e783c74198943db58.cloudfront.net (CloudFront)
x-amz-cf-id: vnXQGHzCh5MxuWx-HBSD0IIDGVT69ws1-fp_Jcz6RcJXJPm0lO0ZWQ==
x-amz-cf-pop: PHL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-powered-by: PHP/7.3.31
x-xss-protection: 1; mode=block

GET
H2 200 css2
fonts.googleapis.com/ 6 KB
1 KB 81ms
35ms Stylesheet
text/css 2607:f8b0:4006:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,400;0,600;0,700;1,400;1,600;1,700&display=swap

Requested by

Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::200a New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

69b2906e60f091da37046596fe7cd56a16d3a1d49f90fc5714a72e812d709b5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 06 Jul 2022 08:30:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 06 Jul 2022 08:47:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 06 Jul 2022 08:47:41 GMT

GET
H2 200 style.min.css
assets.promediateknologi.com/promedia/news/desktop/css/ 61 KB
14 KB 82ms
22ms Stylesheet
text/css 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.promediateknologi.com/promedia/news/desktop/css/style.min.css?v=299
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: 23d71a3e5a18a64faeb1c6d399d8f77832f6f70fa3d66f3669c4da9a8d620dfc

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 01 Jul 2022 15:03:47 GMT
content-encoding: gzip
age: 409434
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Thu, 20 Jan 2022 02:24:40 GMT
server: nginx
etag: W/"4adfc5407db685d464f1a52d1b57136b"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTION
x-amz-version-id: ZD.Rup7a0fqztCF39N5PuR0abUxz18Db
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: PHL50-C1
content-type: text/css
x-amz-cf-id: yWJ4x_JnAR71ho_UsH9MCXyDfRF8pZdkxTKLAva40OXqccf6zmO9IA==
expires: Sat, 01 Jul 2023 15:03:47 GMT

GET
H2 200 custom.min.css
assets.promediateknologi.com/promedia/network/56/desktop/css/ 6 KB
2 KB 102ms
42ms Stylesheet
text/css 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.promediateknologi.com/promedia/network/56/desktop/css/custom.min.css?v=299
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: d08d2069ff4038255715ab5e00dd2ef311ca4c85f2f26a7faf1d6d8021ff31a6

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 01 Jul 2022 15:11:23 GMT
content-encoding: gzip
age: 408977
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Tue, 21 Sep 2021 08:27:30 GMT
server: nginx
etag: W/"6cf8d8ff9f5583d9e00dbc5b2b56b1aa"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTION
x-amz-version-id: df1Sze2dLsamAMub8u_42yrbc2ES5iPU
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: PHL50-C1
content-type: text/css
x-amz-cf-id: Qn1T5bnB5g27hDrOq6x36menqsOBoig76qkjDnc_wGZHUEHysaNpiQ==
expires: Sat, 01 Jul 2023 15:11:23 GMT

GET
H2 200 jquery-1.12.0.min.js Show response
assets.promediateknologi.com/promedia/news/desktop/js/ 95 KB
34 KB 85ms
26ms Script
application/x-javascript 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.promediateknologi.com/promedia/news/desktop/js/jquery-1.12.0.min.js?v=299
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: de33fe1ba0d81147fc56ff19149e85914d13c4c4d7a5969aeda463d9f4787848

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 01 Jul 2022 15:03:46 GMT
content-encoding: gzip
age: 409434
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Thu, 15 Apr 2021 16:17:06 GMT
server: nginx
etag: W/"b2f71c943f2f14613bc100fc3ec59db2"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTION
x-amz-version-id: null
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: PHL50-C1
content-type: application/x-javascript
x-amz-cf-id: Zb533JQBF5T39J5PLbG9Y2ELM0BWZ5dTYqjZIRjk8OfbCAazzLlF3g==
expires: Sat, 01 Jul 2023 15:03:46 GMT

GET
H2 200 hallobanten.js Show response
propsid.b-cdn.net/gpt/ 15 KB
4 KB 838ms
272ms Script
application/javascript 2a02:6ea0:d137::1
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://propsid.b-cdn.net/gpt/hallobanten.js
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:d137::1 Singapore, Singapore, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: BunnyCDN-SG-630 /
Resource Hash: 6be12476381cc8ee3f9b742b9baae3903ec927696c4e05d8bf5e4df37d80d25d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: br
cdn-edgestorageid: 641
cdn-fileserver: 233
cdn-storageserver: SG-105
cdn-cachedat: 07/04/2022 11:52:19
cdn-pullzone: 266288
server: BunnyCDN-SG-630
last-modified: Mon, 27 Dec 2021 01:12:51 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"61c91313-3ca7"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: 022eeb7f-01b5-4a33-8c9d-d5c55b7764e7
cache-control: public, max-age=2592000
cdn-requestid: c603d7e092358b06fb7e0242773e521a
cdn-requestcountrycode: CA
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 81 KB
28 KB 99ms
34ms Script
text/javascript 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

59f1a3d0c116e168f87501e3c0b350e1b64e9921237605327b5682131739db4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28005
x-xss-protection: 0
server: sffe
etag: "1265 / 326 of 1000 / last-modified: 1657096811"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 06 Jul 2022 08:47:41 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 160 KB
55 KB 108ms
44ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Requested by

Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a8f6176fe0a491db2dec67996e109131157ebdde3ef88eefda3c71b409a31f9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banten.hallo.id/
Origin: https://banten.hallo.id
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56229
x-xss-protection: 0
server: cafe
etag: 5427899038242269021
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 06 Jul 2022 08:47:41 GMT

GET
H2 200 logo-banten.png
assets.promediateknologi.com/promedia/network/56/desktop/images/ 75 KB
76 KB 60ms
49ms Image
image/png 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/promedia/network/56/desktop/images/logo-banten.png?v=299
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: 2482b27cf385c3b1661f2bd315f34c413d7d928036711f6e6174d2ed9ace280f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 01 Jul 2022 17:17:37 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
age: 401404
x-cache: Hit from cloudfront
content-length: 77037
last-modified: Mon, 26 Jul 2021 01:54:24 GMT
server: nginx
etag: "c84b8ad2cfca48887316b8a79ea42e59"
access-control-allow-methods: GET, OPTION
x-amz-version-id: dtAJgPqAU_sw3gBZRG4IQzXstSu1yc6p
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: PHL50-C1
accept-ranges: bytes
content-type: image/png
x-amz-cf-id: j7oYr5Ml2beKbjzC9vo0BOFV46l6xnsNKabqQ-9SPC1EFrolIFUidw==
expires: Sat, 01 Jul 2023 17:17:37 GMT

GET
H2 200 3248902034.jpg
assets.promediateknologi.com/crop/0x0:0x0/x/photo/2022/07/06/ 49 KB
50 KB 70ms
60ms Image
image/jpeg 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/crop/0x0:0x0/x/photo/2022/07/06/3248902034.jpg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: e34a2e083b3ae2f62aae56c9a8aa67827753afebed130c96b1cac29fa4cf4ffa

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 03:18:00 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
server: nginx
age: 19781
etag: "815e334268ebcdd44857dbd57e086c57a479c57b"
x-cache-status: HIT
access-control-allow-methods: GET, OPTION
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: PHL50-C1
content-length: 50260
x-amz-cf-id: IFJPYzEwQnlFCyJO3xz4oMzsoSAtsH1KVmBrNEWh3ZbDZYyI4cs06g==
expires: Thu, 06 Jul 2023 03:18:00 GMT

GET
H2 200 / Show response
click.advertnative.com/loading/ 4 KB
5 KB 920ms
391ms Script
application/javascript 139.99.126.163
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://click.advertnative.com/loading/?handle=11598

Requested by

Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.99.126.163 Singapore, Singapore, ASN16276 (OVH, FR),

Reverse DNS

tinong247.vn

Software

nginx/1.18.0 / PHP/7.2.24

Resource Hash

5828331c624622262155b5d23a34f1f98c624191e35746d0b13f5fd533ac7c7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000, max-age=15768000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
server: nginx/1.18.0
x-powered-by: PHP/7.2.24
strict-transport-security: max-age=15768000, max-age=15768000
content-type: application/javascript; charset=utf-8

GET
H2 200 banten.hallo.id.1179904.js Show response
jsc.mgid.com/b/a/ 2 KB
2 KB 91ms
33ms Script
text/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179904.js
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ff49c8e3d31562183bed99d7bd87b051c8d256530a67b9dd82eb526f6de23c8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:41 GMT
content-encoding: br
cf-cache-status: HIT
age: 2448
cf-polished: origSize=2324
last-modified: Wed, 08 Jun 2022 10:33:55 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: JRB6CXTR32ZCJC8K
x-amz-id-2: pUAJowlAPyiCtFEyKOrSY7+e0NvcScgluPBMLr2Z6rsQUyiDrIjL16xsoWwp8v1Rp4lFi1Jei9g=
cf-bgj: minify
server: cloudflare
etag: W/"aa91031e96f9470085eba66c7c438f19"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=10800
x-amz-version-id: IpYjh3Mioq8bArozDZCmNyFCDFYf.47f
cf-ray: 726713bd09d1caa8-YYZ
expires: Wed, 06 Jul 2022 11:47:41 GMT

GET
H2 200 4141708785.jpg
assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/06/26/ 4 KB
4 KB 70ms
60ms Image
image/jpeg 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/06/26/4141708785.jpg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: 4598c2f4a5f75426b778df46bea9bb8111ab375003677e3cf18b5b954c3a87b9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:08:39 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
server: nginx
age: 2342
etag: "68e9b003f57e8d45b029ca6c9b3b8d35b1326341"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: PHL50-C1
content-length: 3790
x-amz-cf-id: yCR3tzLU98sMDj3mhBtvyzKwKLqLg5L7YnDWTK76KvWpNmIXeZsMgA==
expires: Thu, 06 Jul 2023 08:08:39 GMT

GET
H2 200 4268793050.jpg
assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/04/30/ 4 KB
4 KB 69ms
59ms Image
image/jpeg 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/04/30/4268793050.jpg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: 0ca2c65001d72f5c043c1a0a62e3629f543b8849f4fed395cfc8774380a73981

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:08:39 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
server: nginx
age: 2342
etag: "a1c77c5443c41b1d4f5cc0d4ca9499621011fc81"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: PHL50-C1
content-length: 3710
x-amz-cf-id: 6-o9NfoPMBX_mzuUxy82_FXSgsLU7SjbhNEuPxvA9QZfjDja7LH_-w==
expires: Thu, 06 Jul 2023 08:08:39 GMT

GET
H2 200 518921997.jpg
assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/06/25/ 4 KB
4 KB 68ms
58ms Image
image/jpeg 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/06/25/518921997.jpg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: eff6139411eb6c6835215310519531930f89b00ebbedbb04ca13d0e3a2935dd1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:08:39 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
server: nginx
age: 2342
etag: "8d3a998be36e37f9ee7846fa1849cb6038e684ca"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: PHL50-C1
content-length: 3748
x-amz-cf-id: cBX0NkROchi-ehRB49L65GtECCc3n4DxEBPG1sH2Gv1tMjEXZKRM5Q==
expires: Thu, 06 Jul 2023 08:08:39 GMT

GET
H2 200 1555112007.jpg
assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2021/08/31/ 3 KB
4 KB 98ms
88ms Image
image/jpeg 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2021/08/31/1555112007.jpg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: 044457c87e80eb187b7108c91fb0680f2eea35757c234318cf322f54b5ceb874

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 04:50:14 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
server: nginx
age: 14247
etag: "b555b29ad67130ef84e47b9bdaca613d7b6c0ba7"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: PHL50-C1
content-length: 3501
x-amz-cf-id: ZAGSDCkWJ_9XQIq0YgI9mJ6P2_GCldNButRwIon3U5dJxS_REEMHwg==
expires: Thu, 06 Jul 2023 04:50:14 GMT

GET
H2 200 3099195126.jpg
assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/02/ 3 KB
3 KB 81ms
71ms Image
image/jpeg 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/02/3099195126.jpg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: 839d5b822ce5af930ab5634269981fec3c1f713a4386b471e719d39d8972265b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Sat, 02 Jul 2022 14:35:08 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
server: nginx
age: 324753
etag: "373f2e57af40727661bbe27c43dde6b379620b7f"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: PHL50-C1
content-length: 2837
x-amz-cf-id: Q4UkXcf-dvI_pzHVaHbRF4r65oUgaHkq_CRNT5EZPr3R2X26kShQjQ==
expires: Sun, 02 Jul 2023 14:35:08 GMT

GET
H2 200 3248902034.jpg
assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/06/ 5 KB
5 KB 80ms
70ms Image
image/jpeg 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/06/3248902034.jpg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: 483cfe17928907548131a6f664fb7cffcdb98a7efaffe0f8b82fc484b52dc419

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 03:16:50 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
server: nginx
age: 19851
etag: "c30abadf2ee60526d62ef97b76b0d3895b5ca11a"
x-cache-status: HIT
access-control-allow-methods: GET, OPTION
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: PHL50-C1
content-length: 4627
x-amz-cf-id: e6kKQaT8WsrIWKfcrkl0Sf3U6DQGtBtDOMwi1pfupdwQaBYwykKa4w==
expires: Thu, 06 Jul 2023 03:16:50 GMT

GET
H2 200 3740572533.jpg
assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/04/ 4 KB
5 KB 83ms
74ms Image
image/jpeg 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/04/3740572533.jpg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: e9b316c29dcbca021b0f383acc7f116a420f57ead1e3bcad6bae207f904e2910

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:08:39 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
server: nginx
age: 2342
etag: "fbf1034b650a59e5c2e91ad63a9373b13d938f4a"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: PHL50-C1
content-length: 4340
x-amz-cf-id: _o88yZINoUxuHg-UV7VTaD7UpR3VemjOAR5MrZXe8syqRBoxzjFMPw==
expires: Thu, 06 Jul 2023 08:08:39 GMT

GET
H2 200 4198288467.jpg
assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/06/22/ 4 KB
4 KB 81ms
72ms Image
image/jpeg 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/06/22/4198288467.jpg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: 95c60b60f1ab58f37432fb7024f1c3638d97031f5fa738db542bb179c075469d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:08:39 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
server: nginx
age: 2341
etag: "d686376fdaa7068fb20e02fff4c96b77756d1ff2"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: PHL50-C1
content-length: 3743
x-amz-cf-id: NItlFL7KLeu8JlRb9JruRUU5ClgNP9Z7HVtOKPuhoE7xXFFI_hmjJA==
expires: Thu, 06 Jul 2023 08:08:39 GMT

GET
H2 200 1066447002.jpg
assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/02/ 3 KB
4 KB 84ms
74ms Image
image/jpeg 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/02/1066447002.jpg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: 97fa9f699daad049c155d613673cf8b1353d5a19fb9c4d01e42e849168fbbb1f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 04 Jul 2022 11:27:12 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
server: nginx
age: 163228
etag: "c97961dfd4b5ea8f009c069002d9913c1706e109"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: PHL50-C1
content-length: 3318
x-amz-cf-id: 8h3GGtMQEUUE2HlvzHBtnoGgkT7ey8JgUEYDIY7m5-19Lw5pVfcRuA==
expires: Tue, 04 Jul 2023 11:27:12 GMT

GET
H2 200 909360907.jpg
assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/05/ 4 KB
4 KB 94ms
85ms Image
image/jpeg 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/05/909360907.jpg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: 99e531d0b20dd4cea74d57353cb94fdd5e581574d3a229f8e4ad607840465c7f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:02:52 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
server: nginx
age: 63889
etag: "934fa87832cfeaa2a3f987d4061befcf71d245b8"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: PHL50-C1
content-length: 4054
x-amz-cf-id: t24dEl82tsyLjH7abQEJD0dIIUTLXVBA3bO1lZ4UdZvW9ZRc4RfEaA==
expires: Wed, 05 Jul 2023 15:02:52 GMT

GET
H2 200 2171156633.jpg
assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/05/ 3 KB
4 KB 82ms
73ms Image
image/jpeg 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/05/2171156633.jpg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: a3ee9d81c72f0ab88e4e5e928306ada85c889bac5e50d1d5b54f29fc6d8d6c3a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:08:39 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
server: nginx
age: 2342
etag: "6d7f82aea30922d49f5bab0d15aac6a98fc4ecb3"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: PHL50-C1
content-length: 3443
x-amz-cf-id: 9NeucM9r58SuYGZfxxWcmZZXmSR_XeDAc1bFu4RFpoPy3cjTnKD8wA==
expires: Thu, 06 Jul 2023 08:08:39 GMT

GET
H2 200 949643846.jpg
assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/05/ 3 KB
4 KB 107ms
98ms Image
image/jpeg 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/05/949643846.jpg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: b770d9316c2bc6f37f5ecaa99b03736fa24cbb2bb5435018c748c47165bf0b38

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 13:27:21 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
server: nginx
age: 69620
etag: "ddb0420557af9af30498689fdf42cb9dede66d43"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: PHL50-C1
content-length: 3449
x-amz-cf-id: i6LpmyDgxUoOMh6eSrncCdYEmDF0wixaz4Yd_V6VtY_MAMTCiYVnug==
expires: Wed, 05 Jul 2023 13:27:21 GMT

GET
H2 200 1576432824.jpg
assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/05/ 3 KB
3 KB 91ms
82ms Image
image/jpeg 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/05/1576432824.jpg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: f36a4e4e8ae0751c9a3655afb8f84c1742191a87fb9b2369b9731bd54c688335

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 04:35:29 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
server: nginx
age: 101532
etag: "dbf7be8f0faa0ebdecc2ce508ab283a6ee7c6851"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: PHL50-C1
content-length: 2991
x-amz-cf-id: ZGAknOHb-dwYDIU6ns5yQdqjDnuF3FeIQa7JUHNMrnKmRWT8M2I1rg==
expires: Wed, 05 Jul 2023 04:35:29 GMT

GET
H2 200 1422827230.jpg
assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/05/ 3 KB
4 KB 93ms
84ms Image
image/jpeg 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/05/1422827230.jpg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: d78993dbdf5dea43df26b58b6047b30a45635602f8c2ebad95a3f47ece6c4c92

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 10:39:05 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
server: nginx
age: 79716
etag: "7a8032abcc863e62ab7067b73d65e30cb014b29d"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: PHL50-C1
content-length: 3386
x-amz-cf-id: k_xkX9xt-ga358GQs0hdYgDZNhK9MPNw8gaVKbFm4YEsfwvA03MlUg==
expires: Wed, 05 Jul 2023 10:39:05 GMT

GET
H2 200 1546053090.jpg
assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/06/29/ 4 KB
4 KB 83ms
75ms Image
image/jpeg 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/06/29/1546053090.jpg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: 9c504f85997c7bb45f9f0cde52a55e55ce7c7fa902da33bbece3c389e0429981

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:08:40 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
server: nginx
age: 2341
etag: "969ed0b6e71009b3b2d2caa26c1831616cc243c3"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: PHL50-C1
content-length: 3820
x-amz-cf-id: ZSSXF1Psh0nKc1sBsiHLTsxm8dMdJtolgoOTDWAE8POuLdLtd2AQ1Q==
expires: Thu, 06 Jul 2023 08:08:40 GMT

GET
H2 200 531157964.png
assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/05/ 22 KB
22 KB 84ms
76ms Image
image/png 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/05/531157964.png
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: 236c92a729a42aafd2c31e8cd361b2debe0ac0dd14f6c6118d80f55a059dd088

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 04:15:34 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
server: nginx
age: 102726
etag: "34f1e26befbd32cb3ca051cd95c9b0662b925948"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: PHL50-C1
content-length: 22421
x-amz-cf-id: CbFiYT_daJnRHCa3QnQJmmaL9wOg0Ip-Vd_YxxREZoSO5K74mj5gKg==
expires: Wed, 05 Jul 2023 04:15:34 GMT

GET
H2 200 3631262365.jpeg
assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/04/ 4 KB
4 KB 91ms
83ms Image
image/jpeg 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/04/3631262365.jpeg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: 87ba778871da0259ba1233548a55f627256e1e53f831156ba600f63a082eeaf6

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 04 Jul 2022 14:52:36 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
server: nginx
age: 150905
etag: "57fcd65bb0570be61c33578b5ae50fa7e2dc5fa2"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: PHL50-C1
content-length: 3658
x-amz-cf-id: 6Rp7OwatRZB4CzWeD4i70H8QbMinNgIBZCZ0rjjqkX2p8tubR8htFQ==
expires: Tue, 04 Jul 2023 14:52:36 GMT

GET
H2 200 2201091560.jpg
assets.promediateknologi.com/crop/0x0:800x505/100x100/photo/2022/07/04/ 4 KB
5 KB 90ms
82ms Image
image/jpeg 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/crop/0x0:800x505/100x100/photo/2022/07/04/2201091560.jpg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: f1772dc2f491c044f0a42efee3dd4e57000f33c629a24d0575ce16ae4476bde8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 04 Jul 2022 08:39:43 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
server: nginx
age: 173278
etag: "70f7c35a217edf12688b98379b9ff31ac5e47189"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: PHL50-C1
content-length: 4422
x-amz-cf-id: 9XTSpmKDf5J5T4pBHGOe8uQfypjEArC0Mx25EWr0VT2Cz2MnorWVPA==
expires: Tue, 04 Jul 2023 08:39:43 GMT

GET
H2 200 2789061976.jpg
assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/05/ 4 KB
4 KB 93ms
85ms Image
image/jpeg 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/05/2789061976.jpg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: e6b33c8ead4f6cf2f6d43034dda52dd7e330ff2c3993d62e55dd6cad6a15966b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 03:21:03 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
server: nginx
age: 105998
etag: "7a171bc5ea11f3c53a2327bb5550daf2037b0b68"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: PHL50-C1
content-length: 4181
x-amz-cf-id: FnfB1ZVdvAvDmmRKjuqTGFQC4AKexVFOawgPbJUTDI-CiTcMVUaNiw==
expires: Wed, 05 Jul 2023 03:21:03 GMT

GET
H2 200 614310575.jpg
assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/05/ 3 KB
4 KB 91ms
83ms Image
image/jpeg 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/crop/0x0:0x0/100x100/photo/2022/07/05/614310575.jpg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: bf30df93e04926fe11cfa7f2d7693a769cb0163c4054676544c40a88ede355f5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 04 Jul 2022 23:56:46 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
server: nginx
age: 118255
etag: "f8690cea24eaa63383f5d8fd66ccf8016d49ecef"
x-cache-status: MISS
access-control-allow-methods: GET, OPTION
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
x-amz-cf-pop: PHL50-C1
content-length: 3364
x-amz-cf-id: 6JKHPignz0_hdqwbZsZBevpj4BxuwC1HXTO4FVkF8efcoMCcXaSYjg==
expires: Tue, 04 Jul 2023 23:56:46 GMT

GET
H2 200 slick.min.js Show response
assets.promediateknologi.com/promedia/news/desktop/js/ 40 KB
10 KB 22ms
21ms Script
application/x-javascript 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.promediateknologi.com/promedia/news/desktop/js/slick.min.js?v=299
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: 0a38cf7423f9f7060c66183e74e7e138bed849de551199c490e3a1e97ce291e7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 01 Jul 2022 15:03:47 GMT
content-encoding: gzip
age: 409434
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Thu, 15 Apr 2021 16:17:05 GMT
server: nginx
etag: W/"72d9511c2715d0da989e1f5bfe886532"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTION
x-amz-version-id: null
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: PHL50-C1
content-type: application/x-javascript
x-amz-cf-id: 9XYD0HMjQpDOKKqvAoa04cFezmaoafHY1Usj323IQbfWGerob-dJXg==
expires: Sat, 01 Jul 2023 15:03:47 GMT

GET
H2 200 jquery.sticky-kit.min.js Show response
assets.promediateknologi.com/promedia/news/desktop/js/ 3 KB
2 KB 22ms
21ms Script
application/x-javascript 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.promediateknologi.com/promedia/news/desktop/js/jquery.sticky-kit.min.js?v=299
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: 3a8717b1c866759c800df22bdc5b34545730d2790473892a4cf31dce49bf1170

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 01 Jul 2022 15:03:46 GMT
content-encoding: gzip
age: 409434
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Thu, 15 Apr 2021 16:17:06 GMT
server: nginx
etag: W/"d61a7b888967697179c82adc5e7fc18d"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTION
x-amz-version-id: null
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: PHL50-C1
content-type: application/x-javascript
x-amz-cf-id: usRh9rlGcnu-4O3Ggsu4tcA2xIJywvXKzK4ChpgI6OSJLeerfbvmJg==
expires: Sat, 01 Jul 2023 15:03:46 GMT

GET
H2 200 jquery.magnific-popup.min.js Show response
assets.promediateknologi.com/promedia/news/desktop/js/ 20 KB
8 KB 52ms
42ms Script
application/x-javascript 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.promediateknologi.com/promedia/news/desktop/js/jquery.magnific-popup.min.js?v=299
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: 3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 01 Jul 2022 15:03:47 GMT
content-encoding: gzip
age: 409434
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Thu, 15 Apr 2021 16:17:06 GMT
server: nginx
etag: W/"ba6cf724c8bb1cf5b084e79ff230626e"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTION
x-amz-version-id: null
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: PHL50-C1
content-type: application/x-javascript
x-amz-cf-id: cqeMCczcIVGvqLhdQs2bdQjsq51g4ro1dOAoZuB_rIBtsBvoJsigkA==
expires: Sat, 01 Jul 2023 15:03:47 GMT

GET
H2 200 jquery.marquee.min.js Show response
assets.promediateknologi.com/promedia/news/desktop/js/ 5 KB
2 KB 55ms
43ms Script
application/x-javascript 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.promediateknologi.com/promedia/news/desktop/js/jquery.marquee.min.js?v=299
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: 9de5a9ee5dc9d4ca558268b7bcd6ead5eaff468a4a13f526738b4e5f65b32855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 01 Jul 2022 15:03:47 GMT
content-encoding: gzip
age: 409434
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Thu, 15 Apr 2021 16:17:06 GMT
server: nginx
etag: W/"14c4877ae18b2930b3cbd1bf9ad4dff6"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTION
x-amz-version-id: null
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: PHL50-C1
content-type: application/x-javascript
x-amz-cf-id: DIaKGjtD5wIHJ5anehgQ9fx0xRjQ4bwqpDRFYBjxuIGDmcXyXLRwPg==
expires: Sat, 01 Jul 2023 15:03:47 GMT

GET
H2 200 main.js Show response
assets.promediateknologi.com/promedia/news/desktop/js/ 4 KB
2 KB 55ms
42ms Script
application/x-javascript 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.promediateknologi.com/promedia/news/desktop/js/main.js?v=299
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: 40da1f2bb18419fdeb462e7468c95a3ce82767d881695aaa0800bd567ed53a00

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 01 Jul 2022 15:03:47 GMT
content-encoding: gzip
age: 409434
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Thu, 15 Apr 2021 16:17:06 GMT
server: nginx
etag: W/"7fc45067021f7c9d42dbedb0ab1f13d4"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTION
x-amz-version-id: null
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: PHL50-C1
content-type: application/x-javascript
x-amz-cf-id: 5f45EVVCqeoIcfsUXpBmfmb5uhTgxEfis09LTZoup0f6LFxBAH88Jg==
expires: Sat, 01 Jul 2023 15:03:47 GMT

GET
H2 200 share.js Show response
assets.promediateknologi.com/promedia/news/desktop/js/ 589 B
1 KB 54ms
42ms Script
application/x-javascript 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.promediateknologi.com/promedia/news/desktop/js/share.js
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: 2214d41b278709c873fdb298e1c176c1a8c2e2f40538d1b242a48e7c871611d2

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 10 Jun 2022 04:06:09 GMT
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
age: 2263291
x-cache: Hit from cloudfront
content-length: 589
last-modified: Wed, 14 Apr 2021 06:43:54 GMT
server: nginx
etag: "04bbb0cb75f8655f00d8fa946b39dd29"
access-control-allow-methods: GET, OPTION
x-amz-version-id: null
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: PHL50-C1
accept-ranges: bytes
content-type: application/x-javascript
x-amz-cf-id: XXGEXEUVp8LT0hZHp-ze7ivsXzcEV12McPQt8nMsTZkuaTpxIiOwDw==
expires: Sat, 10 Jun 2023 04:06:09 GMT

GET
H2 200 rfp-infeed.js Show response
js.rfp.fout.jp/ 63 KB
16 KB 399ms
19ms Script
application/javascript 2600:1400:d:58c::7ca
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://js.rfp.fout.jp/rfp-infeed.js
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1400:d:58c::7ca New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: c7b314bede193e724fbaddea45d80bdd780ce70251905b7c5fb3f745567c4d87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:41 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdvDm4YQh_uCXYDrvfk8XG06qRFKid2pk-n6qLXyB8stXalHEqQv8nN3MxFGuZW8EvmdpiUJsHXjSwMf8kTU1g
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 15604
last-modified: Mon, 14 Feb 2022 04:44:46 GMT
server: UploadServer
etag: "709c17ae39876f1e8e8e7dcffcee5eff"
vary: Accept-Encoding
x-goog-hash: crc32c=nywM2g==, md5=cJwXrjmHbx6Ojn3P/O5e/w==
x-goog-generation: 1644813886776747
cache-control: public, max-age=1800
x-goog-stored-content-length: 15604
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 06 Jul 2022 09:17:41 GMT

GET
H2 200 firebase-app.js Show response
www.gstatic.com/firebasejs/6.5.0/ 11 KB
4 KB 88ms
25ms Script
text/javascript 2607:f8b0:4006:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/6.5.0/firebase-app.js

Requested by

Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9db819fcacffaf3e9d603f594ce05f8594bcbb8389c59e687c97c26966c2d850

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 01 Jul 2022 00:18:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 462537
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3944
x-xss-protection: 0
last-modified: Thu, 29 Aug 2019 21:56:20 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Jul 2023 00:18:44 GMT

GET
H2 200 firebase-messaging.js Show response
www.gstatic.com/firebasejs/6.5.0/ 31 KB
9 KB 89ms
26ms Script
text/javascript 2607:f8b0:4006:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/6.5.0/firebase-messaging.js

Requested by

Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5e55a21dfa3a20ceb298737c8f4c517a83d7960468c7f53b3f33c567bacff3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 01 Jul 2022 00:18:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 462537
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8653
x-xss-protection: 0
last-modified: Thu, 29 Aug 2019 21:56:23 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Jul 2023 00:18:44 GMT

GET
H2 200 app.js Show response
assets.promediateknologi.com/promedia/sw/ 3 KB
2 KB 52ms
41ms Script
application/x-javascript 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.promediateknologi.com/promedia/sw/app.js?pro=5
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: ce246b13a7f316521adad2d9a6af151a26d5d8ba56628b82b6afcb44ae4b2cc3

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 10 Jun 2022 18:59:08 GMT
content-encoding: gzip
age: 2209713
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Tue, 24 Aug 2021 18:40:56 GMT
server: nginx
etag: W/"c5e56d09be700d78a72317816b93fcec"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTION
x-amz-version-id: oV.zEuGDAhQiFo11PQ50NYA0eifmyoZv
via: 1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: PHL50-C1
content-type: application/x-javascript
x-amz-cf-id: RDv4dlBFbrmiM85k_6v_ZuaqfE_pBlwKvbf6zDCEe_9L4MGaQQDy_w==
expires: Sat, 10 Jun 2023 18:59:08 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 103 KB
40 KB 94ms
34ms Script
application/javascript 2607:f8b0:4006:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-207405423-45

Requested by

Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2008 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2e136c5d9037d7f69d9b9c7058d0d5d49e0d7a1f63b20951efbf9719cf53153c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:41 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40309
x-xss-protection: 0
last-modified: Wed, 06 Jul 2022 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 06 Jul 2022 08:47:41 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 109 KB
41 KB 116ms
55ms Script
application/javascript 2607:f8b0:4006:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M5CJLJ7

Requested by

Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2008 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

48a7058210529c8c7bc0d564271a7726d14eb8cc7240848056b12891ee920076

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:41 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41907
x-xss-protection: 0
last-modified: Wed, 06 Jul 2022 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 06 Jul 2022 08:47:41 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 85ms
25ms Font
font/woff2 2607:f8b0:4006:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,400;0,600;0,700;1,400;1,600;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://banten.hallo.id
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 05:50:56 GMT
x-content-type-options: nosniff
age: 97005
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Jul 2023 05:50:56 GMT

GET
H2 200 icons.ttf
assets.promediateknologi.com/promedia/news/desktop/fonts/icons/ 11 KB
12 KB 92ms
33ms Font
application/octet-stream 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.promediateknologi.com/promedia/news/desktop/fonts/icons/icons.ttf?jemrcm
Requested by: Host: assets.promediateknologi.com
URL: https://assets.promediateknologi.com/promedia/news/desktop/css/style.min.css?v=299
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: 1517b5246f24efd5abf47f90c676a2e70fc62d28fb0f7e199e249111d4450a21

Request headers

Referer: https://assets.promediateknologi.com/promedia/news/desktop/css/style.min.css?v=299
Origin: https://banten.hallo.id
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 10 Jun 2022 21:07:20 GMT
via: 1.1 bf08d0f122cb7618f980954bd4f44e36.cloudfront.net (CloudFront)
age: 2202021
x-cache: Hit from cloudfront
content-length: 11480
last-modified: Thu, 15 Apr 2021 16:16:50 GMT
server: nginx
etag: "1d8d949452407d5b53666cedb753c381"
access-control-allow-methods: GET, OPTION
x-amz-version-id: null
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: PHL50-C1
accept-ranges: bytes
content-type: application/octet-stream
x-amz-cf-id: 7tciInbjTiJ_5ambxo4NZAHzEeWn4iuauH3tIamDKwwJiv3QwlkkKw==
expires: Sat, 10 Jun 2023 21:07:20 GMT

GET
H/1.1 200
OK hallo_banten.js Show response
api.popin.cc/searchbox/ 180 KB
42 KB 901ms
357ms Script
text/javascript 119.63.193.220
BAIDUJP Baidu

General

Check archive.org

Show headers Download Go to

Full URL: https://api.popin.cc/searchbox/hallo_banten.js
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 119.63.193.220 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 169e9df0356308147ad06c23e9c5e7fd562e2066b010adf551ea85c3d626fafd

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:42 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Jun 2022 09:23:40 GMT
Server: nginx
ETag: W/"529125091ff5c496bf78d8ab60b96744"
X-Cache-Status: HIT from 10.252.55.26
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
x-amz-version-id: qPWeKl.v9U.5wKQGKYMIAG5kfMsSNZyZ
Expires: Wed, 06 Jul 2022 09:47:42 GMT

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 68ms
26ms Font
font/woff2 2607:f8b0:4006:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,400;0,600;0,700;1,400;1,600;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://banten.hallo.id
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 09:10:11 GMT
x-content-type-options: nosniff
age: 85050
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8000
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Jul 2023 09:10:11 GMT

GET
H2 200 icomoon.ttf
assets.promediateknologi.com/promedia/news/desktop/fonts/ 7 KB
7 KB 81ms
40ms Font
application/octet-stream 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.promediateknologi.com/promedia/news/desktop/fonts/icomoon.ttf?i7fsrr
Requested by: Host: assets.promediateknologi.com
URL: https://assets.promediateknologi.com/promedia/news/desktop/css/style.min.css?v=299
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: nginx /
Resource Hash: 42d2d2f5ca7d4a74d4cec7eb892236bd4ca4790ef0446d15a1cde9d1e1d555d0

Request headers

Referer: https://assets.promediateknologi.com/promedia/news/desktop/css/style.min.css?v=299
Origin: https://banten.hallo.id
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 10 Jun 2022 21:07:20 GMT
via: 1.1 bf08d0f122cb7618f980954bd4f44e36.cloudfront.net (CloudFront)
age: 2202021
x-cache: Hit from cloudfront
content-length: 6712
last-modified: Thu, 15 Apr 2021 16:16:50 GMT
server: nginx
etag: "1ea1b32003df3f4a5a29843b3ec0ae1a"
access-control-allow-methods: GET, OPTION
x-amz-version-id: null
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: PHL50-C1
accept-ranges: bytes
content-type: application/octet-stream
x-amz-cf-id: I-4E2lJ6aJnQIGAnRw8QUlSIh79R0_iEc6iGFyJlKimvccjyegeHjQ==
expires: Sat, 10 Jun 2023 21:07:20 GMT

GET
H2 403 bg_footer.svg
assets.promediateknologi.com/promedia/network/56/desktop/images/bg/ 0
0 928ms
927ms Image
application/xml 13.224.214.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.promediateknologi.com/promedia/network/56/desktop/images/bg/bg_footer.svg
Requested by: Host: assets.promediateknologi.com
URL: https://assets.promediateknologi.com/promedia/network/56/desktop/css/custom.min.css?v=299
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-83.phl50.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://assets.promediateknologi.com/promedia/network/56/desktop/css/custom.min.css?v=299
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H2 200 banten.hallo.id.1179904.es6.js Show response
jsc.mgid.com/b/a/ 262 KB
76 KB 175ms
174ms Script
text/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179904.es6.js
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179904.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b69638346196b3e0efca0ddedab6546386d13976555a02f19596099ac4ddec8c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:41 GMT
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: 5726QWT1JJ7YKN0P
cf-polished: origSize=268005
cf-ray: 726713bd5a0ccaa8-YYZ
last-modified: Wed, 15 Jun 2022 13:23:45 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: RtgGm0RwMQK1NPjVGiDOCrAm1ql/CMBqXHFw7bxPNJVMyzxJXIIoVQH6s8IAUmW1y9xT3haCNEU=
cf-bgj: minify
server: cloudflare
etag: W/"a33f309dcd83a4231d0b925d19f903d8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: unCpaI8vUrlCO4Nl45u1iQpXwAVpAywx
cache-control: public, max-age=10800
content-type: text/javascript
expires: Wed, 06 Jul 2022 11:47:41 GMT

GET
H2 200 pubads_impl_2022062801.js Show response
securepubads.g.doubleclick.net/gpt/ 374 KB
128 KB 77ms
19ms Script
text/javascript 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062801.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

sffe /

Resource Hash

d7c2249c4f39bc0dbaceafeb7a4ab9f599441c6265927ad20920991fa22bf362

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 12:27:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73225
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130514
x-xss-protection: 0
last-modified: Tue, 28 Jun 2022 08:35:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 05 Jul 2023 12:27:16 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 194 B
764 B 92ms
35ms XHR
application/json 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=banten.hallo.id

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

4266bebcda49a5b55a0c290ac92254f8a8ca8e742b2f104652dfb63e4c5dad06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128
x-xss-protection: 0
expires: Wed, 06 Jul 2022 08:47:41 GMT

GET
H3 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/ 339 KB
120 KB 91ms
51ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f8e6eb26cc0bb5738a989271c3926ee7b24b5238c011e21d4e903acaa54d488c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122424
x-xss-protection: 0
server: cafe
etag: 6839236840553304186
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 06 Jul 2022 08:47:41 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220630/r20190131/ Frame 1664 10 KB
5 KB 65ms
19ms Document
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220630/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

75a2067c9dff8e58ae83cdb8ee4fe896013966ac4e8f3f1d5e8a75f27c9a1ae2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banten.hallo.id/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 47830
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4414
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Jul 2022 19:30:31 GMT
etag: 10429905676100781186
expires: Tue, 19 Jul 2022 19:30:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 66ms
19ms Script
text/javascript 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M5CJLJ7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 6674
date: Wed, 06 Jul 2022 06:56:27 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 06 Jul 2022 08:56:27 GMT

GET
H/1.1 200
OK atrk.js Show response
certify-js.alexametrics.com/ 4 KB
5 KB 81ms
26ms Script
application/javascript 13.224.214.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://certify-js.alexametrics.com/atrk.js
Requested by: Host: t.co
URL: https://t.co/a3sv0Pk4RW
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-11.phl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Tue, 28 Jun 2022 01:27:02 GMT
Via: 1.1 fadedfea448fa31cb8aba15ba1b05064.cloudfront.net (CloudFront)
Connection: keep-alive
Last-Modified: Tue, 27 Apr 2021 18:03:54 GMT
Server: AmazonS3
Age: 717640
ETag: "d89453438fbf10dcf4c13265c40d5160"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Cache-Control: max-age=26920000
X-Amz-Cf-Pop: PHL50-C1
Accept-Ranges: bytes
Content-Length: 4255
X-Amz-Cf-Id: x8A9qpxrqfbP6PQvm57tn_HhkJJKH7U_PCm34fibNPxC8pALfDbyog==

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 73ms
32ms XHR
text/plain 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=852485102&t=pageview&_s=1&dl=https%3A%2F%2Fbanten.hallo.id%2Fentertainment%2Fpr-563825832%2Flink-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=LINK%20NONTON%20Film%20Thor%20Love%20and%20Thunder%2C%20Melawan%20Gorr%20The%20God%20Butcher%20-%20Hallo%20Banten&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1851068281&gjid=633053385&cid=801837761.1657097262&tid=UA-205880106-1&_gid=1784264422.1657097262&_r=1&gtm=2wg6t0M5CJLJ7&cd2=2022-07-06%2010%3A11%3A06&cd3=&cd4=Nonton%20Film%20Gratis&cd5=Thor%2C%20link%20nonton%2C%20Thor%204%20Love%20and%20Thunder&cd6=3825832&cd7=Regie%20Dwistianto&cd8=Abu%20Ibrahim&cd9=11419&cd10=7383&z=1751038434

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://banten.hallo.id/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://banten.hallo.id
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 66ms
33ms XHR
text/plain 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=852485102&t=pageview&_s=1&dl=https%3A%2F%2Fbanten.hallo.id%2Fentertainment%2Fpr-563825832%2Flink-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=LINK%20NONTON%20Film%20Thor%20Love%20and%20Thunder%2C%20Melawan%20Gorr%20The%20God%20Butcher%20-%20Hallo%20Banten&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEABAAAAAC~&jid=1909864580&gjid=1111261527&cid=801837761.1657097262&tid=UA-195466154-9&_gid=1784264422.1657097262&_r=1&gtm=2wg6t0M5CJLJ7&cd2=2022-07-06%2010%3A11%3A06&cd3=&cd4=Nonton%20Film%20Gratis&cd5=Thor%2C%20link%20nonton%2C%20Thor%204%20Love%20and%20Thunder&cd6=3825832&cd7=Regie%20Dwistianto&cd8=Abu%20Ibrahim&cd9=11419&cd10=7383&z=2082446032

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://banten.hallo.id/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://banten.hallo.id
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.ca/adsid/ 107 B
792 B 82ms
35ms Script
application/javascript 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=banten.hallo.id

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 82ms
35ms Script
application/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=banten.hallo.id

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 216 KB
20 KB 164ms
122ms XHR
text/plain 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1953102225479114&correlator=1091213034329103&eid=31067913%2C44755510%2C44752585%2C31062930&output=ldjh&gdfp_req=1&vrg=2022062801&ptt=17&impl=fifs&iu_parts=22579199035%2Challobanten%2Cdesktop&enc_prev_ius=%2F0%2F1%2F2%2F%2C%2F0%2F1%2F2%2F%2C%2F0%2F1%2F2%2F%2C%2F0%2F1%2F2%2F%2C%2F0%2F1%2F2%2F%2C%2F0%2F1%2F2%2F%2C%2F0%2F1%2F2%2F%2C%2F0%2F1%2F2%2F%2C%2F0%2F1%2F2%2F%2C%2F0%2F1%2F2%2F%2C%2F0%2F1%2F2%2F&prev_iu_szs=970x250%2C300x600%2C160x600%7C120x600%2C120x600%7C160x600%2C970x90%2C1x1%7C336x280%2C120x600%7C160x600%2C300x250%2C320x50%7C1x1%7C300x250%7C336x280%7C336x420%2C320x50%7C1x1%7C300x250%7C336x280%7C336x420%2C468x60%7C728x90&fluid=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2Cheight%2Cheight%2C0&ifi=2&adks=1815547134%2C3409065166%2C3442582295%2C1822557826%2C277322864%2C4070391739%2C2169855747%2C2255228074%2C2741433441%2C212820414%2C3912333642&sfv=1-0-38&ecs=20220706&fsapi=false&prev_scp=Position%3DdesktopTopDetail%7CPosition%3DdesktopGiantDetail%7CPosition%3DdesktopSkinAdsLeftDetail%7CPosition%3DdesktopSkinAdsRightDetail%7CPosition%3DdesktopBottomFrameDetail%7CPosition%3DdesktopInArticle%7CPosition%3DdesktopSkycrapper%7CPosition%3DdesktopRB1Detail%7CPosition%3DdesktopRB2Detail%7CPosition%3DdesktopRB3Detail%7CPosition%3DdesktopUnderImage&sc=1&cookie_enabled=1&abxe=1&dt=1657097261890&lmt=1657097261&dlt=1657097261418&idt=435&biw=1600&bih=1200&adxs=265%2C1035%2C90%2C1350%2C250%2C265%2C783%2C1035%2C-9%2C265%2C265&adys=132%2C163%2C102%2C102%2C1110%2C1646%2C1126%2C1120%2C-9%2C2798%2C1126&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca%7Cb&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fbanten.hallo.id%2Fentertainment%2Fpr-563825832%2Flink-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher&ref=https%3A%2F%2Ft.co%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1070x0%7C300x0%7C160x-1%7C120x-1%7C1100x-1%7C518x0%7C222x0%7C300x0%7C0x-1%7C518x0%7C740x0&msz=1070x0%7C300x0%7C160x-1%7C120x-1%7C1100x-1%7C518x0%7C222x0%7C300x0%7C0x-1%7C518x0%7C740x0&fws=0%2C0%2C512%2C512%2C512%2C0%2C0%2C0%2C2%2C0%2C0&ohw=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0&ga_vid=801837761.1657097262&ga_sid=1657097262&ga_hid=852485102&ga_fc=true&btvi=0%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C-1%7C2%7C0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

22034e07e58d0925f58e2fe8283475311193f47ad244fdf5bfca7a45204b4c13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19941
x-xss-protection: 0
google-lineitem-id: 5784163418,5778782071,5778782071,5778782071,5778782071,5784163415,5778701938,5778782071,5778782071,5778701938,5778782071
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138362679468,138364476481,138361801221,138362112001,138361716218,138362679465,138362098912,138361801278,138361717586,138361705148,138361718111
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://banten.hallo.id
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6A20 6 KB
4 KB 106ms
32ms Document
text/html 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banten.hallo.id/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:41 GMT
expires: Thu, 06 Jul 2023 08:47:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 383 B
464 B 43ms
33ms Script
text/javascript 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=banten.hallo.id&callback=_gfp_s_&client=ca-pub-8400307307701650&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

113f61a617334fa86931c2b0c512c0d2c268d603b033e0f9bc51575cbd20f867

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 248
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 46ms
46ms Image
image/gif 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fbanten.hallo.id%2Fentertainment%2Fpr-563825832%2Flink-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher&tn=DIV&cls=ads__horizontal&ign=false&pw=1600&ph=1200&x=800&y=1130.4

Requested by

Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E357 0
19 B 131ms
90ms Document
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3025194257&lmt=1657097261&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fbanten.hallo.id%2Fentertainment%2Fpr-563825832%2Flink-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097261704&bpp=2&bdt=286&idt=208&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6992565609965&frm=20&pv=2&ga_vid=801837761.1657097262&ga_sid=1657097262&ga_hid=852485102&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31060048%2C31062930&oid=2&pvsid=1953102225479114&tmod=646511475&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=228

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banten.hallo.id/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:42 GMT
expires: Wed, 06 Jul 2022 08:47:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK atrk.gif
certify.alexametrics.com/ 43 B
552 B 72ms
19ms Image
image/gif 13.224.214.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://certify.alexametrics.com/atrk.gif?frame_height=1200&frame_width=1600&iframe=0&title=LINK%20NONTON%20Film%20Thor%20Love%20and%20Thunder%2C%20Melawan%20Gorr%20The%20God%20Butcher%20-%20Hallo%20Banten&time=1657097261939&time_zone_offset=0&screen_params=1600x1200x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Ft.co%2F&host_url=https%3A%2F%2Fbanten.hallo.id%2Fentertainment%2Fpr-563825832%2Flink-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher&random_number=1498062853&sess_cookie=e002d8e5181d2b193717b8da13b&sess_cookie_flag=1&user_cookie=e002d8e5181d2b193717b8da13b&user_cookie_flag=1&dynamic=true&domain=hallo.id&account=311hx1plEO20ws&jsv=20130128&user_lang=en-US
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-22.phl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Tue, 05 Jul 2022 17:27:13 GMT
Via: 1.1 235099561ba63a2b7662a2b20d9ac036.cloudfront.net (CloudFront)
Last-Modified: Mon, 17 Jan 2011 20:41:40 GMT
Server: AmazonS3
Age: 55230
ETag: "221d8352905f2c38b3cb2bd191d630b0"
X-Cache: Hit from cloudfront
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Pop: PHL50-C1
x-amz-meta-alexa-last-modified: 20110117123941
Content-Length: 43
X-Amz-Cf-Id: 4bUjDGo08Gqvrbb9UTVSuX6PReBNIUqd7Y9CdNa-dbm8TaMg1_V3hw==

GET
H2 204 x.png
redirect.prod.experiment.routing.cloudfront.aws.a2z.com/ 0
48 B 262ms
78ms Image
text/plain 34.216.244.244
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.216.244.244 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-216-244-244.us-west-2.compute.amazonaws.com
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
server: Server

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
439 B 85ms
33ms XHR
text/plain 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-195466154-9&cid=801837761.1657097262&jid=1909864580&gjid=1111261527&_gid=1784264422.1657097262&_u=YEDAAEABAAAAAC~&z=795236921

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://banten.hallo.id/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 06 Jul 2022 08:47:42 GMT
content-type: text/plain
access-control-allow-origin: https://banten.hallo.id
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
BLOB 200
OK 381d6913-1ba7-496c-ab2e-e1f650ab4e2f
https://banten.hallo.id/ 0
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://banten.hallo.id/381d6913-1ba7-496c-ab2e-e1f650ab4e2f
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Length: 0
Content-Type: text/javascript

GET
BLOB 200
OK 4b0b94f6-463f-49a1-a218-f50d7ce3c236
https://banten.hallo.id/ 245 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://banten.hallo.id/4b0b94f6-463f-49a1-a218-f50d7ce3c236
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d68edf3c87c6a6d87223649e8162ef1584ea6faad6f20e80fdd5f72c21b16a17

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Length: 245
Content-Type: text/javascript

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 32ms
32ms XHR
text/plain 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=852485102&t=pageview&_s=1&dl=https%3A%2F%2Fbanten.hallo.id%2Fentertainment%2Fpr-563825832%2Flink-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=LINK%20NONTON%20Film%20Thor%20Love%20and%20Thunder%2C%20Melawan%20Gorr%20The%20God%20Butcher%20-%20Hallo%20Banten&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAUABAAAAAC~&jid=112588450&gjid=921360251&cid=801837761.1657097262&tid=UA-207405423-45&_gid=1784264422.1657097262&_r=1&gtm=2ou6t0&z=168969823

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://banten.hallo.id/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://banten.hallo.id
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
22 B 83ms
33ms XHR
text/plain 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-207405423-45&cid=801837761.1657097262&jid=112588450&gjid=921360251&_gid=1784264422.1657097262&_u=aEDAAUABAAAAAC~&z=274998080

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://banten.hallo.id/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 06 Jul 2022 08:47:42 GMT
content-type: text/plain
access-control-allow-origin: https://banten.hallo.id
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C257 6 KB
3 KB 65ms
21ms Document
text/html 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banten.hallo.id/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:41 GMT
expires: Thu, 06 Jul 2023 08:47:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1E11 6 KB
3 KB 63ms
27ms Document
text/html 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banten.hallo.id/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:41 GMT
expires: Thu, 06 Jul 2023 08:47:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F4B6 6 KB
3 KB 56ms
26ms Document
text/html 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banten.hallo.id/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:41 GMT
expires: Thu, 06 Jul 2023 08:47:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 51EB 6 KB
3 KB 46ms
23ms Document
text/html 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banten.hallo.id/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:41 GMT
expires: Thu, 06 Jul 2023 08:47:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C3F0 6 KB
3 KB 31ms
20ms Document
text/html 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banten.hallo.id/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:41 GMT
expires: Thu, 06 Jul 2023 08:47:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CD16 6 KB
3 KB 20ms
19ms Document
text/html 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banten.hallo.id/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:41 GMT
expires: Thu, 06 Jul 2023 08:47:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7CAE 6 KB
3 KB 20ms
20ms Document
text/html 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banten.hallo.id/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:41 GMT
expires: Thu, 06 Jul 2023 08:47:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame AC77 6 KB
3 KB 19ms
19ms Document
text/html 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banten.hallo.id/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:41 GMT
expires: Thu, 06 Jul 2023 08:47:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A692 6 KB
3 KB 23ms
19ms Document
text/html 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banten.hallo.id/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:41 GMT
expires: Thu, 06 Jul 2023 08:47:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F578 6 KB
3 KB 20ms
20ms Document
text/html 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banten.hallo.id/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:41 GMT
expires: Thu, 06 Jul 2023 08:47:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame C3F0 22 KB
7 KB 68ms
18ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 06:34:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7972
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 06 Jul 2023 06:34:50 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame C3F0 160 KB
55 KB 138ms
93ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b8b63ded51bc284cf96c0d8c3b7bcf5eb538e12073de0255f87bc9503ed96b1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Origin: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56256
x-xss-protection: 0
server: cafe
etag: 1263842908142353836
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C3F0 138 KB
42 KB 120ms
77ms Script
text/javascript 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame C257 22 KB
7 KB 66ms
21ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 06:34:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7972
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 06 Jul 2023 06:34:50 GMT

GET
H3 200 banten.hallo.id.1179917.js Show response
jsc.mgid.com/b/a/ Frame C257 2 KB
1 KB 137ms
136ms Script
text/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179917.js
Requested by: Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3816171d91731818bf187d4b0ad06c6ea348a6516e72769f534c21bed954a53b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 3QGY3EKFPE1YPH40
cf-polished: origSize=2324
cf-ray: 726713c14a3b54cd-YYZ
last-modified: Wed, 15 Jun 2022 13:25:56 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: QkkT1y/L5dA6EzCaOhgyGr2H2HKDqFB3WJD2NIXFQ6JLrjf1xZRk2wyVJF5Qk6uU+Dll35JweTg=
cf-bgj: minify
server: cloudflare
etag: W/"dabf9c98921775a25fb507cc45891bc8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: fYhC3NptiadwwwEfzvDS3ZKX80ZchuO5
cache-control: public, max-age=10800
content-type: text/javascript
expires: Wed, 06 Jul 2022 11:47:42 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C257 138 KB
42 KB 83ms
45ms Script
text/javascript 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 51EB 22 KB
7 KB 66ms
23ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 06:34:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7972
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 06 Jul 2023 06:34:50 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 51EB 160 KB
55 KB 100ms
62ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7220c4faeccd366f0084aaf0c562bd35fa79b4ed4b7dee07facf04af62bca45d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Origin: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56256
x-xss-protection: 0
server: cafe
etag: 14461967402463066983
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 51EB 138 KB
42 KB 136ms
99ms Script
text/javascript 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame F4B6 22 KB
7 KB 76ms
35ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 06:34:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7972
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 06 Jul 2023 06:34:50 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame F4B6 160 KB
55 KB 161ms
124ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cc8d77fb6e80916a06eab7171c46e8cd21cb7565e032390efbc408b894c8304b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Origin: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56257
x-xss-protection: 0
server: cafe
etag: 16935173410816823170
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F4B6 138 KB
42 KB 131ms
96ms Script
text/javascript 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 1E11 22 KB
7 KB 83ms
44ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 06:34:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7972
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 06 Jul 2023 06:34:50 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 1E11 141 KB
50 KB 160ms
125ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cd45bb3214279d6b01a7c5fb82e909c4a6d6b752be321f05efb3e01aa1654ae8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Origin: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51294
x-xss-protection: 0
server: cafe
etag: 11656516730096732648
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1E11 138 KB
42 KB 137ms
104ms Script
text/javascript 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame CD16 22 KB
7 KB 83ms
46ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 06:34:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7972
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 06 Jul 2023 06:34:50 GMT

GET
H3 200 banten.hallo.id.1179914.js Show response
jsc.mgid.com/b/a/ Frame CD16 2 KB
1 KB 41ms
40ms Script
text/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179914.js
Requested by: Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d2059d8cc61db3e6ccf98e76ade7ff4d9d247a02bdd5587e7f29d64a69fca781

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: br
cf-cache-status: HIT
age: 2447
cf-polished: origSize=2324
last-modified: Wed, 15 Jun 2022 13:29:33 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZY2JTNAG3AM4BBS4
x-amz-id-2: HapZjAHbZULRdeauyUqzIPvT6yJjWt5/Q8nX33ogmjXiLYnfCdj0DtXrz+ISeLT/gBX/G9+eSgw=
cf-bgj: minify
server: cloudflare
etag: W/"91c2acb78b4e250bc9719006da6ba64b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=10800
x-amz-version-id: NyI8naI0HoLKu2B1_xQsti6gSioFVIBe
cf-ray: 726713c15a4754cd-YYZ
expires: Wed, 06 Jul 2022 11:47:42 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CD16 138 KB
42 KB 116ms
85ms Script
text/javascript 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 7CAE 22 KB
7 KB 73ms
38ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 06:34:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7972
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 06 Jul 2023 06:34:50 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 7CAE 160 KB
55 KB 49ms
48ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53562c7b6ab89593a4f2ce2d48273609483c95ff96b3b58291d51d04e2646d43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56219
x-xss-protection: 0
server: cafe
etag: 13852537855084423594
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7CAE 138 KB
42 KB 138ms
109ms Script
text/javascript 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame AC77 22 KB
7 KB 74ms
41ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 06:34:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7972
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 06 Jul 2023 06:34:50 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame AC77 160 KB
55 KB 155ms
127ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

031d49d33916a3e5daec3662381cd81903d3fd6a8045f82054555d8d2369896f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Origin: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56259
x-xss-protection: 0
server: cafe
etag: 2783859090693695531
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AC77 138 KB
42 KB 117ms
89ms Script
text/javascript 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame A692 22 KB
7 KB 79ms
49ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 06:34:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7972
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 06 Jul 2023 06:34:50 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame A692 160 KB
55 KB 73ms
46ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3987315829323386

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

555122bd8f4a2794904ffaf28d99fff2b52eeba7c545877b77074fdb07cfcd8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Origin: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56256
x-xss-protection: 0
server: cafe
etag: 82843828807509611
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A692 138 KB
42 KB 137ms
111ms Script
text/javascript 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame F578 22 KB
7 KB 81ms
53ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 06:34:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7972
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 06 Jul 2023 06:34:50 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame F578 160 KB
55 KB 146ms
122ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b3666a186442bd2c45fa35041df1de8216fa11bc4a97424d1014eb0147664cbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Origin: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56256
x-xss-protection: 0
server: cafe
etag: 11070989259224404479
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F578 138 KB
42 KB 143ms
120ms Script
text/javascript 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H2 200 / Show response
c.mgid.com/pv/ 0
44 B 70ms
47ms Script
text/plain 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.mgid.com/pv/?pv=5&cbuster=1657097262312972744532&uniqId=0696e&lct=1655251200&niet=4g&nisd=false&jsv=es6&ref=https%3A%2F%2Ft.co%2F&cxurl=https%3A%2F%2Fbanten.hallo.id%2Fentertainment%2Fpr-563825832%2Flink-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher&pr=t.co&lu=https%3A%2F%2Fbanten.hallo.id%2Fentertainment%2Fpr-563825832%2Flink-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher&sessionId=62c54c2e-11d3d&pageView=1&pvid=181d2b194e893668a29&site=734856&implVersion=11&dpr=1
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179904.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 726713c1add4caa8-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

GET
BLOB 206
Partial Content dafe5fd4-42e6-4d17-bfde-c3d9299554a8
https://banten.hallo.id/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://banten.hallo.id/dafe5fd4-42e6-4d17-bfde-c3d9299554a8
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
H2 200 mgid_ua.svg
cdn.mgid.com/images/mgid/ 2 KB
1 KB 42ms
26ms Image
image/svg+xml 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/mgid/mgid_ua.svg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70d5c4de881e718d0b7638959680ba86722d44eecbe4058d20dd77b8d0d97155

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: br
cf-cache-status: HIT
age: 3766
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 31SX4J2ZJHEVZGRM
x-amz-id-2: 6u8Pk8qDm5kmrtNGbADSH14Or01PntklmOjRRJLDFCTGlBMAiQzwTGO/n/XoaNQheTtLS/DD/oM=
last-modified: Tue, 08 Mar 2022 17:05:01 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1646759091/ctime:1646759091/gid:0/gname:root/md5:617c205137825561208ef7c1a2d8f319/mode:33206/mtime:1646759091/uid:0/uname:root
etag: W/"617c205137825561208ef7c1a2d8f319"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
x-amz-version-id: null
cf-ray: 726713c1bde3caa8-YYZ
expires: Thu, 07 Jul 2022 08:47:42 GMT

GET
H2 200 Adchoices.svg
cdn.mgid.com/images/logos/ 836 B
813 B 41ms
27ms Image
image/svg+xml 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/logos/Adchoices.svg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: br
cf-cache-status: HIT
age: 3004
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 31SXVY7NEV4DDYHS
x-amz-id-2: Fw9S6D3aOYgm2IIajWZv2uGOc1CeEzLTklOgSjJnq/axnigEnhi9v1cuI7wy2ZhgIevi/VquN6g=
last-modified: Wed, 17 Feb 2021 18:15:53 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1613585745/ctime:1613585745/gid:0/gname:root/md5:7d59364b7ed2df3f02507c9f92560df9/mode:33206/mtime:1613585745/uid:0/uname:root
etag: W/"7d59364b7ed2df3f02507c9f92560df9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
x-amz-version-id: null
cf-ray: 726713c1bde4caa8-YYZ
expires: Thu, 07 Jul 2022 08:47:42 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C3F0 0
0 42ms
37ms Fetch
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvfNDKQ_W1UEseSKcuc-gq4CPViOzU_ri7WIqLOLUwi5Y6z7-xOP6QryYV77tEpB4cFjLf51SgWdg1cPRg76EBnmN44-Jx41-VcsMpBe_OLvfRLNR2sKKfUqIHEnnJVmdAzxUVN24KkddiAAg7c04t8tHqu8aIYs4dpzOvmFpO46pdhPRJXOFqVNvO-KnHbJhBxILbSR2Ip75f84b58ZTDZGlNRZ1RhN75glSURQpF16mocm_zmYdcYetFSL2hlPpaGDwub4LwzhWQ5Inz2UqvYuelhvxGj6WdnrY6q7UuQ-dFKAFVRCyPAHEb7kuDIRO80uupLBmwM3ZnVXQ&sai=AMfl-YSm-JzUGMJpLgTGnCHJKDAPFzLtBxB570b5PNnAYIVW9RCBn_PcPBM724rfkW4eEKjIsLFaea74USMxOxXh3degHmaDP-hZqH_CsOvgYA&sig=Cg0ArKJSzKNhxIU_VaEBEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C257 0
0 40ms
37ms Fetch
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuOdYh1VAMsdcVkia5zWt_JdFt2n5hPaITEWPTZm_pOfwEMhHCQvS2TpJmj7NPjwRU97-4dyWDtaaqNC9ESYaB4xRlO6HHBdz0Q6gaIypwONgno_wNRu49CiJuQRqinRz_YcdwJvO_nVw0ZDsHrCR3UvaFT2Y-XYbgB-N8c5qGFlscLhE1pVpL8WaIEoh-aSUca85rDhpIjvb0-yMG-9X4eWxtOV_Nb68SSJp7YtjFEfGd233CfbCH89F7o-yBKo7WRDiSVvB1NaAg6MAYjYTPjeC7EFn4lVxs7LyO5Y4uAApSi736uI6v3L38-7QXCbu1Yf_owSuSxqLwQUg&sai=AMfl-YT05p0NrkBUX8s_Xd3mFB6-mieTrsFgFVhGQQrTqqIuoURCpRtaGAQd1qCFOZu827gsyUi9RGPi8ywmFDgLFOmZsD4P7l00HOrGg0L4xw&sig=Cg0ArKJSzAuRFcJqVOKAEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 51EB 0
0 38ms
37ms Fetch
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssoxExJVV3O970FIIqbrnY9ywkg-cD3Hfm6eCyvbjp_ZnsullLmbDAat-ZNgr1ChMf2w3lUW53Al8aEEAqZt-1c2lbbd6HAS68Jw-beJ4iUfD4WHN4T6WqES6KvPB5jh0ietevQB85CPDerNtlznpTe1FaP08RnBkunZ6JI9l5JlajTTSa4MvfF3YBHZPkJ1iGNfqv6xq5SY56MS9tQogR-dPt6Hoh584Ll_2Kjb2C-kg9j97sctTk1ZZgDgS2Rp7POrX3Ex5eCL51nvirrFzmm0d-fuDO6OEgXELdFWDV5f4FRJcnBxSTv5oG9-YNBKdVv-4rjIlJ670_TwA&sai=AMfl-YRm0kboq3mnByhRP-CD-5objJpy9M8Se00BMZWrvb5u8sjwJXCEdhsgW3zKzsRvIOaHOKJvt_ZjJOZehvq_rze1Euh1jdwTBNXDMdMe3w&sig=Cg0ArKJSzJVS-0xnNLFwEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F4B6 0
0 39ms
37ms Fetch
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssSYi8F96aCTdAVl7noEppl9rhqXghR-VNJdHZoOoCKdEtw2KSN-DpLvlluJCYqJGtTX1DqExtn7ULfoXiVradctkrahSswiynm7pHvgejGrcbM_TrnfqFH7_PaTFM43FvBb-XqbrvvDrwx7gynpJgqeXDP4GG-t0jHWCMcNnBvaNdukTpOvbAUVbCljSKG8GfpS9TpGMW7TJmOlEmRsExaPt-WZ--Syfwni64BNZS9VkzgSTmNs8hUkuB-tOwr8adiTbRgQvZuBLXw90B-8n60yGPsaELr4LEw8l8jrPVICEHAFQxOQqp9YxrfIbGScOjcV6JreWySRKEgQg&sai=AMfl-YTKzllxWOSnB_Q2-LD3uQBUkmgoFo870m6K3JY5z-T_vNUNeqT3G_n7QGL3fa4gWlxW0htWh8HBUejio33yH3KVZ3Zt25a1vNkBGpBgpQ&sig=Cg0ArKJSzMqeoPDLW40zEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7CAE 0
0 39ms
39ms Fetch
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuBCaLxEwoc94jfTfpV9wN6u0FmE364AkXjVtt0FwQG0bzXTseAfIy8Q95C_K_nDRm0LTlT7zLVjUEl2tMrafRYPE6xRhCzuX76nhJtUF-zLXSaCWCPyEHA1lM9N6ZqfMVqfqsTjqNDYM2RVjOIaIEOYEwrjaGP2dE9com0TEdbpAkK54hH1frV878ZSALotlyjvhxyQiJsSR2iLJ48kkTnHiscnFyIJ1JhM3iYWmwbRAy2fsJFJyxtoxb5InjYDRtWhwTGAhbJEJ0Vm4TATEEIRnBtyXhB3JP9LHH-QVSZqar1E9lI3c90QVTUtPaIkG-Kduw-QIHXmf2wzg&sai=AMfl-YRrIgE-1kW1RITK3761ZU54lIKwpDBE1gZMTfAq-fpScRIEfVX0vnenE85ZicFmyX-VGEFn0ZM2LteOin44O88ZAozW4tgTrEXAcRO1qw&sig=Cg0ArKJSzD1Ci98pw5SNEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame AC77 0
0 37ms
36ms Fetch
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssY6ThhXcLhcI0gZFaaHM3PJSMDykVy3AuV7YKaVo3hcA3x6AXxzaBB7Ayi7fGLN6-RY1dgN69mbHbpfVZN69z8CkUwILlxho1jsYsDwShJW2sJeugdcDr0kIkKRH7IqLS8YL-kH7r49HW0zAt5z9ykY_d6qZBLw-d2b2lKj-ZNp4IzWBdVPCIVlQmlMGEiMW6m5WdyA69uyOWbpknyqxdc8K28wnPEDCDf-DZezYcOvRbuB8Q28HZPI3xar4fnFBL1fzDanBJ-KTsY47ziQDkCSp2xLEgQ21G-F2GZ4zW5iTpMf5AbMwepupdmfmK2s_uuC3LgQ4lNwMaCTQ&sai=AMfl-YQU1Gdi8Pjh3GaVQvVMDVNo2nSM1e44pnU9axwpUYYJ3aqTF2diMwaPa7qrknTTR-NbYDQsE3pLB_vGGiZQP5x24JJc1x3wnqQt5IkqPQ&sig=Cg0ArKJSzCy_M61QheT4EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1E11 0
0 38ms
36ms Fetch
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvcUFneRZRRrmvTV2PgjrXOp6mayEhQH2XNm_qF8DFY4zZsbUwC3mm9P0zmGLuNWl6lrilxMcnVN8YMXdzXXfUvrvZRkZkBht6A5RT_HjhbpfaTvG0QcMq5QrSdgZnWG4cuBqhngDwOwxdifuMqXl7_sLdNYO3YeMsPdpbmNa84sb0enM3JfkW2SOscqEU3Izxzv5wapb36ewFo4afW4ido8mDpiug23qQoPtL27VQETLXA0Y0rBejBhPjTILrqykWDxYc82Xei4TXFry1tDLy3C5BvR6ifkdP_DXSWSy3_Zbks0jvwj2zcAwkt5LPiJqqGY6pmLnB46bzUhA&sai=AMfl-YQXO3jncZJsSCbtJESVOwFLDPqPN7Yq7yUcvkMN3Ml-1mN77LoKDTL87EWoUtmktOWIZP6jO1GgQXvPpmafjkowvKtTZKP5lLdk_Ij3sg&sig=Cg0ArKJSzNKkt4gIv0TtEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame CD16 0
0 37ms
37ms Fetch
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss51iqUd5xTkcBRoQufXO6n0IBGLcqpb4moY29_9-evYDPeF0PIAUkYn6-hy-M12boHS3PGvjOvZ3iQfk29ftzDLI1P9DVu8tFTEMBoVeHxVH0Q4wmrFi4b20b7Qc3BPwTMi-2sWrXWPpp1TTia6irzJrie8nlt9EWXUQok6_kf_MrRDqqHSzr5hjUXJw8AC8dLBKuGYvLTNlcTESun77K7OoNzvFbNTM_n4KjdJRd4Wy-mPwRILv-zSOVJel8Ni_o29FV19VtUNFITkmHTekV0kNvEzJhIn2d-CUSe6i_QDLrIzeCtYckU2skh9E8HMTqHTuxSvHGbxBsO7A&sai=AMfl-YRomqKpYKF41KrG4cciw2UI65Bv7zaMJhqdyCZe_bP9jZgfp4sBAc9XfYKX8AnhzJfdNLiSBBfBf48hUrOq3dWjzuhaIJFdIIp8sYOWrA&sig=Cg0ArKJSzMz4cY-zt8NMEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 1 Show response
servicer.mgid.com/1179904/ 3 KB
2 KB 88ms
67ms Script
application/x-javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://servicer.mgid.com/1179904/1?pv=5&cbuster=1657097262444181103747&uniqId=0696e&lct=1655251200&niet=4g&nisd=false&jsv=es6&mp4=1&ap=1&w=518&h=559&maxw_3=253&maxh_3=239&cols=2&ref=https%3A%2F%2Ft.co%2F&cxurl=https%3A%2F%2Fbanten.hallo.id%2Fentertainment%2Fpr-563825832%2Flink-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher&pr=t.co&lu=https%3A%2F%2Fbanten.hallo.id%2Fentertainment%2Fpr-563825832%2Flink-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher&sessionId=62c54c2e-11d3d&pageView=1&pvid=181d2b194e893668a29&implVersion=11&dpr=1
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179904.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82344474b81f1a6305c105aaa41076916b1952cbe722232239f675150efadc37

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cf-ray: 726713c27e69caa8-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame A692 0
0 41ms
37ms Fetch
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssM5oWa3VJYX8XgdXLctZr71CY9Zzl6jYKJAJEMahR0dkHIdgQ3dnFg4hW1HgvJvCrohynLCDwD8hb6aCtieLwooVf5HzH7XqrJwkp0WRR7y-tKFVWyoroB2NO83oAwwY2A2B_8A2xQ9WMCRxmWu3gmRG-oD1upeT3x2rCYfldZHevCj5YcMukFJH1VBbn6P_ulq8gSO_af6EX4YQBAdkoRq3YqBS30bHbDetdE_mcbtfL144FU-TDNakXbZI_F6SEMymWRoK82CYmNRsHUIVBlkPBkMQ-bC_u5-ZiJ8OCD6M2sbmWub0dj7Ij1cXz9TZ5NJmiwNeMCadhSMw&sai=AMfl-YREnwZVikbC0ENELPR3NOWqWv1v8sfM8x9WtdQHBKfasmg5F3lXXSPxklkO2YkAVVsi1w6pgccIYzIuSoKsCb4u0AilFYb5xMFn159MOg&sig=Cg0ArKJSzDWrfaBj6m05EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/ Frame 7CAE 340 KB
120 KB 52ms
51ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js?client=ca-pub-3987315829323386&plah=33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com&ama_t=adsense&asntp=100&asntpv=10&asntpl=10&asntpm=10&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=-1&asptt=-1&easpi=true&asro=false&easai=true

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

556a9fe478f81ccf139cd3a1638b6562d50ee3aa8bcb3ec66e32878a697d94af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122458
x-xss-protection: 0
server: cafe
etag: 18061083347819364212
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H3 200 banten.hallo.id.1179914.es6.js Show response
jsc.mgid.com/b/a/ Frame CD16 265 KB
77 KB 112ms
111ms Script
text/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179914.es6.js
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179914.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 23ec91eca9ac21dd98565d90eb2a87359de92a5573d5174254542ad98f72c632

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: NHR1GJ5FY5YSMCE1
cf-polished: origSize=271592
cf-ray: 726713c29b8d54cd-YYZ
last-modified: Wed, 15 Jun 2022 13:29:32 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: aU27DvzzZg9okFxD2XHCagPu6aimjMx4iwaDnwn8izQiI4lH+Ae+cW8EYWpzGO9+r6BqvIHZ1kk=
cf-bgj: minify
server: cloudflare
etag: W/"84d37f2f98af5ec840751538f74b021e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: glVF1Y_4VWXW5zMQODX3CxkNmMP0dt2J
cache-control: public, max-age=10800
content-type: text/javascript
expires: Wed, 06 Jul 2022 11:47:42 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 81 KB
27 KB 58ms
57ms Script
text/javascript 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: propsid.b-cdn.net
URL: https://propsid.b-cdn.net/gpt/hallobanten.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

sffe /

Resource Hash

37d6875c9ceea49c49a32ebbe080092918e7de2cbe8b13937f55553475c71910

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28044
x-xss-protection: 0
server: sffe
etag: "1265 / 781 of 1000 / last-modified: 1656713226"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F578 0
0 37ms
37ms Fetch
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsscfnAneGhhNpV8laPm8kGcRc_rNY4vxm-ZJjfsbN0lGl0Iw0q0qybhBH44LoWigIxACZQSDDv_7T9nlmXRPXboo02XKOArS6RHpgR9z38yG4N6lq8PL-ESLWGFu3425hjjvdh2YWat1NcXMX2fXcwB721v3o7ITxW7Oa3sXwq-ouyrm1rS5unFYNc1HNHj6vs_fOJLSzywsWxTies9_KQLx4FxNxwelAs5mZti5gYkXO7NacsjmM9GuHusaSMFmsE2J5NjBVB9lCOzTdT-lRJRVkanhuxA7v5ry-tjh1DvGi9vdQ_-KIXfOGW8OOABylyaefDHZEGkZcsmMg&sai=AMfl-YSvPi9m1d7K_KPU8bcHUALRAf-_d1vWigm9XT7Z8htfsXIgCvkTHQPGcwgCfsXECiATesb00YTeeEEKtYX5zI6BYWL1U2Fh9lP65GiBPQ&sig=Cg0ArKJSzJ1_8YRQE6qLEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/ Frame 51EB 339 KB
120 KB 57ms
56ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51bd385689fe680fbe4bf8f840baba23a09f95b7fe9c356b6c77b612fcbbb7e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122425
x-xss-protection: 0
server: cafe
etag: 17467329999885575541
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
DATA 200
OK truncated
/ Frame C257 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c5f9f57f62443be2e87a9dafde7296dc2daa4ba5109b877e4e3915b978f4ea01

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/ Frame A692 339 KB
120 KB 50ms
49ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3987315829323386

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc66a7958526629d2524eacc4ba459acba4b535a183ebdc633effa89a9ee0af8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122418
x-xss-protection: 0
server: cafe
etag: 10033574213019555159
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
DATA 200
OK truncated
/ Frame F578 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 999050cb652c07f45f7c7cfb58ea4b65dc5bab5263e7d599b66ae00452102189

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 banten.hallo.id.1179917.es6.js Show response
jsc.mgid.com/b/a/ Frame C257 261 KB
76 KB 202ms
201ms Script
text/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179917.es6.js
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179917.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df654d9a0adfc485d463c57d861b113ae1edba2960f08070b2e53a9db6300e6e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: 0C5ETCEYNZF5BZ53
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-version-id: y41J2P1xLCQ0ZHkCBWC.UT3pazhEl.ka
x-amz-id-2: 0q2UfF3k0avbha+XMcVYJp9TwEeaDOZJqsKSa8DjeFB2ZktdZJW+3qMT8/NZ/2SkP90U9dI3w+A=
last-modified: Wed, 15 Jun 2022 13:25:56 GMT
server: cloudflare
etag: W/"23b0acef6648a637d2b31862c137baa1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=10800
cf-ray: 726713c39c9854cd-YYZ
expires: Wed, 06 Jul 2022 11:47:42 GMT

GET
DATA 200
OK truncated
/ Frame C3F0 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5e59f0a44d9639a27e2439185156fae9113c97be37174cdcfe6d96df2891f8ef

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/ Frame C3F0 339 KB
120 KB 52ms
51ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dc7a1098fbd137208274ed4c4eb158a1d91a529d2439a70da89c7e4cd9b46cb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122424
x-xss-protection: 0
server: cafe
etag: 15315184717379683964
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H3 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/ Frame F578 339 KB
120 KB 61ms
60ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b259b8aa8fc311e672a210a654a4cc6c41629dc363013198314a67058b140643

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122418
x-xss-protection: 0
server: cafe
etag: 1947709322451799576
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
DATA 200
OK truncated
/ Frame F4B6 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8312836e3ccb8b7016be7e5e6d28644dde1136111c88c10e1d8f1289313294cd

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/ Frame F4B6 339 KB
120 KB 80ms
80ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8efc2fca483ee59ef1bde167eea0c7609c4ab1e99a52742e340a37e1778ae275

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122418
x-xss-protection: 0
server: cafe
etag: 15437387261420272450
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
DATA 200
OK truncated
/ Frame 1E11 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6be54b777041bad187c11ea4706fc709018e56f893a6485afff4c8095915e8af

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/ Frame 1E11 339 KB
120 KB 102ms
101ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ade7bb37b31387940a93efda8dc0910914940501da873c4d62517eb9df8aa2fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122424
x-xss-protection: 0
server: cafe
etag: 17084274560586207539
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
DATA 200
OK truncated
/ Frame AC77 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 38adf36fa11dc240b0b5ca6d1478b01ee35b35e93bc5a4c8dbcca0a718c56acd

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/ Frame AC77 337 KB
119 KB 56ms
55ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8400307307701650

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

87e5f0b8a014155c8c48ae1a95487b9717c0c4067fe5a64cb862931c8893e212

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121293
x-xss-protection: 0
server: cafe
etag: 2390532140603735513
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
DATA 200
OK truncated
/ Frame CD16 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f330c9e8124c01f559e29f7ec8a03c070d222b24d7bb4a69e3e06b1d85a921bb

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 all_an_white_4.png
advertnative.com/storage/logo/ 3 KB
3 KB 716ms
235ms Image
image/png 139.99.126.164
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://advertnative.com/storage/logo/all_an_white_4.png

Requested by

Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

139.99.126.164 Singapore, Singapore, ASN16276 (OVH, FR),

Reverse DNS

ip164.ip-139-99-126.net

Software

nginx/1.19.5 /

Resource Hash

23a7a772f258be3aec21ea1617a951c1f8a8867c69f446740826d0f6709b2129

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
last-modified: Thu, 23 Jan 2020 15:16:52 GMT
server: nginx/1.19.5
etag: "5e29b8e4-a78"
strict-transport-security: max-age=15768000
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 2680
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ Frame 51EB 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6dd0012871c73934601c74a33ceb370a232586f6e9470dbffc015286d075538b

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame A692 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1129b70c4d04913ce7070d8761720cd2e784d852916b2a80ebfbc09d657b3f06

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 7CAE 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 91cc06354008896c28d2ced00065f239fdb211595fbddb240a1b88b74a8aa4da

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 integrator.js Show response
adservice.google.ca/adsid/ Frame 7CAE 107 B
122 B 80ms
34ms Script
application/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js?client=ca-pub-3987315829323386&plah=33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com&ama_t=adsense&asntp=100&asntpv=10&asntpl=10&asntpm=10&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=-1&asptt=-1&easpi=true&asro=false&easai=true

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 7CAE 107 B
122 B 78ms
34ms Script
application/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6CB9 436 B
233 B 159ms
154ms Document
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3987315829323386&output=html&h=600&slotname=6376952303&adk=3561574240&adf=3173046723&pi=t.ma~as.6376952303&w=160&psa=0&format=160x600&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262476&bpp=4&bdt=241&idt=305&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&correlator=8633881805651&frm=24&ife=3&pv=2&ga_vid=1531273622.1657097263&ga_sid=1657097263&ga_hid=1187029201&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=1718784746&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C31068227%2C42531605&oid=2&pvsid=1647480985394596&tmod=1489209223&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.80agmmw8hab4&fsb=1&dtd=326

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e9bbcb01dc9ba2a6a0feecb91e5bd17c24d11dcfc816a45ec9b22439bc82ebb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 213
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.ca/adsid/ Frame 51EB 107 B
122 B 35ms
35ms Script
application/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 51EB 107 B
122 B 34ms
33ms Script
application/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D66B 0
16 B 80ms
79ms Document
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3279755403&plat=1%3A66048%2C2%3A66048%2C8%3A66048%2C9%3A66048%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32&format=0x0&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262503&bpp=3&bdt=300&idt=329&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&nras=1&correlator=132331902761&frm=24&ife=3&pv=2&ga_vid=1962130849.1657097263&ga_sid=1657097263&ga_hid=152202474&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=1718784746&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=1639146198188895&tmod=518643943&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.aa386t6sgbxb&fsb=1&dtd=363

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.ca/adsid/ Frame A692 107 B
122 B 35ms
34ms Script
application/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame A692 107 B
122 B 36ms
36ms Script
application/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B123 0
16 B 78ms
77ms Document
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3987315829323386&output=html&adk=1812271804&adf=2751417942&plat=1%3A520%2C2%3A520%2C8%3A512%2C9%3A520%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32&format=0x0&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262545&bpp=3&bdt=293&idt=337&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&nras=1&correlator=879986742010&frm=24&ife=3&pv=2&ga_vid=194203518.1657097263&ga_sid=1657097263&ga_hid=543201119&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=336&ish=280&ifk=1897472162&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31067528%2C31060048%2C42531606&oid=2&pvsid=1983468088472933&tmod=681743710&uas=0&nvt=1&fsapi=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C336%2C280&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.dd9ph7g7fi2q&fsb=1&dtd=358

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
BLOB 200
OK 3b136fa3-deea-4227-89d3-e9132a102f4e
https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/ Frame CD16 0
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/3b136fa3-deea-4227-89d3-e9132a102f4e
Requested by: Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Length: 0
Content-Type: text/javascript

GET
BLOB 200
OK 6804423d-e030-4fb5-a43b-a17fbabf65b4
https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/ Frame CD16 245 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/6804423d-e030-4fb5-a43b-a17fbabf65b4
Requested by: Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d68edf3c87c6a6d87223649e8162ef1584ea6faad6f20e80fdd5f72c21b16a17

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Length: 245
Content-Type: text/javascript

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame CD16 0
0 76ms
35ms Fetch
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvPTvVpSkTmWh_oEgQTGpTSTxQmmN9ZkmZzzPKsqgyUbRZpAx4wL8dpyf_WPIris-HwY23HUAUle7xfL3NQp9T8gjpgUfHjLZMxBX8QGWJfwygwbXXL2LSbd4fIN8-Zy6LAclMUbW7FoDcUi3dc4xr0nUBOAA6yAsgnoNXCW4C9MTrvWJHuJGM2gL425UOaCJ7g8xyHrXTYygk2j5FFLIgys8xb9P0gcOh9Yj2MqQYnHAVVIporEWmsR70I6zqSJBGGh0DceplJCd_WlfkbHCkTn_IhoV4oGSFYXwJg-nMrJcz2i944zjdktNW8HfxnmyW12JY6SJWELJf1OEhP&sai=AMfl-YQSM0eMVgXc4fOHSPyeEC7F1y8B80HV2x99Z-vGdjOsLOaA6O25ciXzaRc0N6WE3F2FcOnTVIAB4Cq9Cvgkw_1CmQkNSfI57Mz78E07Ag&sig=Cg0ArKJSzF-xQ40Na8fIEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 06 Jul 2022 08:47:42 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7FEE 436 B
232 B 110ms
108ms Document
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6224032654&adk=1570749283&adf=3173046726&pi=t.ma~as.6224032654&w=160&fwrn=16&psa=0&format=160x600&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262506&bpp=1&bdt=303&idt=412&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=132331902761&frm=24&ife=3&pv=1&ga_vid=1962130849.1657097263&ga_sid=1657097263&ga_hid=152202474&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=160&ish=600&ifk=1718784746&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=1639146198188895&tmod=518643943&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.atsut7tioz3k&fsb=1&dtd=421

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d4ad6a861281625aabb5e0681cccf4fff34cb366517aaa82c9c9afff2f55ab8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 212
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 81B8 436 B
231 B 176ms
175ms Document
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3987315829323386&output=html&h=280&slotname=2293262597&adk=2203421171&adf=776186312&pi=t.ma~as.2293262597&w=336&fwrn=16&psa=0&format=336x280&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262548&bpp=2&bdt=297&idt=384&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=879986742010&frm=24&ife=3&pv=1&ga_vid=194203518.1657097263&ga_sid=1657097263&ga_hid=543201119&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=336&ish=280&ifk=1897472162&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31067528%2C31060048%2C42531606&oid=2&pvsid=1983468088472933&tmod=681743710&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C336%2C280&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.1xce2awnqqkp&fsb=1&dtd=391

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

87168816a78067b954cc8a2f32b5b2e446186a553082bfaffe37ff140e918297

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 211
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.ca/adsid/ Frame C3F0 107 B
122 B 35ms
35ms Script
application/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame C3F0 107 B
122 B 33ms
33ms Script
application/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6A1A 0
16 B 96ms
94ms Document
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3279755402&plat=1%3A520%2C2%3A520%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32&format=0x0&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262676&bpp=3&bdt=486&idt=273&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&nras=1&correlator=683759478344&frm=24&ife=3&pv=2&ga_vid=71494002.1657097263&ga_sid=1657097263&ga_hid=59249166&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=970&ish=90&ifk=678412312&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31065544%2C42531605&oid=2&pvsid=3794386596553352&tmod=901594290&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.ql018vwzncj5&fsb=1&dtd=292

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.ca/adsid/ Frame F578 107 B
122 B 34ms
34ms Script
application/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame F578 107 B
122 B 34ms
34ms Script
application/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E701 0
16 B 70ms
69ms Document
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=2751417943&plat=1%3A520%2C2%3A520%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32&format=0x0&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262697&bpp=3&bdt=437&idt=283&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&nras=1&correlator=6505539800373&frm=24&ife=3&pv=2&ga_vid=1721521432.1657097263&ga_sid=1657097263&ga_hid=110428013&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=468&ish=60&ifk=706620601&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C42531607%2C21065724&oid=2&pvsid=134187575876917&tmod=2012101857&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C468%2C60&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.82il2jw0ryzl&fsb=1&dtd=299

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK td_js_sdk_171.js Show response
api.popin.cc/ 34 KB
13 KB 181ms
180ms Script
text/javascript 119.63.193.220
BAIDUJP Baidu

General

Check archive.org

Show headers Download Go to

Full URL: https://api.popin.cc/td_js_sdk_171.js
Requested by: Host: api.popin.cc
URL: https://api.popin.cc/searchbox/hallo_banten.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 119.63.193.220 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 19bfbd81c70637ae0a6fe5f07f112bdab13cf9c2ea5d54b70320df8f54fcc07b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:43 GMT
Content-Encoding: gzip
Last-Modified: Thu, 11 Jan 2018 09:42:51 GMT
Server: nginx
ETag: W/"17b2e8b253e693d224f7d8407e28e1ea"
X-Cache-Status: HIT from 10.252.55.26
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
x-amz-version-id: null
Expires: Wed, 06 Jul 2022 09:47:43 GMT

GET
H/1.1 200 recommend Show response
id.popin.cc/popin_discovery/ 6 KB
3 KB 1030ms
454ms Script
application/javascript 119.63.197.150
BAIDUJP Baidu

General

Check archive.org

Show headers Download Go to

Full URL: https://id.popin.cc/popin_discovery/recommend?mode=new&url=https%3A%2F%2Fbanten.hallo.id%2Fentertainment%2Fpr-563825832%2Flink-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher&&device=pc&media=banten.hallo.id&extra=windows&agency=nanyangbridge_id&topn=50&ad=10&r_category=all&country=id&redirect=true&uid=fd55976e6eb310dac911657097263008&info=eyJ1c2VyX3RkX29zIjoiV2luZG93cyIsInVzZXJfdGRfb3NfdmVyc2lvbiI6IjEwLjAuMCIsInVzZXJfdGRfYnJvd3NlciI6IkNocm9tZSIsInVzZXJfdGRfYnJvd3Nlcl92ZXJzaW9uIjoiMTAzLjAuNTA2MCIsInVzZXJfdGRfc2NyZWVuIjoiMTYwMHgxMjAwIiwidXNlcl90ZF92aWV3cG9ydCI6IjE2MDB4MTIwMCIsInVzZXJfdGRfdXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDMuMC41MDYwLjUzIFNhZmFyaS81MzcuMzYiLCJ1c2VyX3RkX3JlZmVycmVyIjoiaHR0cHM6Ly90LmNvLyIsInVzZXJfdGRfcGF0aCI6Ii9lbnRlcnRhaW5tZW50L3ByLTU2MzgyNTgzMi9saW5rLW5vbnRvbi1maWxtLXRob3ItbG92ZS1hbmQtdGh1bmRlci1tZWxhd2FuLWdvcnItdGhlLWdvZC1idXRjaGVyIiwidXNlcl90ZF9jaGFyc2V0IjoidXRmLTgiLCJ1c2VyX3RkX2xhbmd1YWdlIjoiZW4tdXMiLCJ1c2VyX3RkX2NvbG9yIjoiMjQtYml0IiwidXNlcl90ZF90aXRsZSI6IkxJTkslMjBOT05UT04lMjBGaWxtJTIwVGhvciUyMExvdmUlMjBhbmQlMjBUaHVuZGVyJTJDJTIwTWVsYXdhbiUyMEdvcnIlMjBUaGUlMjBHb2QlMjBCdXRjaGVyJTIwLSUyMEhhbGxvJTIwQmFudGVuIiwidXNlcl90ZF91cmwiOiJodHRwczovL2JhbnRlbi5oYWxsby5pZC9lbnRlcnRhaW5tZW50L3ByLTU2MzgyNTgzMi9saW5rLW5vbnRvbi1maWxtLXRob3ItbG92ZS1hbmQtdGh1bmRlci1tZWxhd2FuLWdvcnItdGhlLWdvZC1idXRjaGVyIiwidXNlcl90ZF9wbGF0Zm9ybSI6IldpbjMyIiwidXNlcl90ZF9ob3N0IjoiYmFudGVuLmhhbGxvLmlkIiwidXNlcl9kZXZpY2UiOiJwYyIsInVzZXJfdGltZSI6MTY1NzA5NzI2MzAwOSwiZnJ1aXRfYm94X3Bvc2l0aW9uIjoiIiwiZnJ1aXRfc3R5bGUiOiIifQ==&callback=_p6_96b64d5f3c6a
Requested by: Host: api.popin.cc
URL: https://api.popin.cc/searchbox/hallo_banten.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.197.150 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx/1.13.5 /
Resource Hash: 36d408e8754124b846b0d299369bb82f32c9d40c18a89ea7edff72fd89dc98e5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:43 GMT
Content-Encoding: gzip
Server: nginx/1.13.5
Vary: Accept-Encoding
Content-Type: application/javascript;charset=UTF-8
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive

GET
H/1.1 200
OK popin_discovery5-min.js Show response
api.popin.cc/ 154 KB
42 KB 536ms
364ms Script
application/javascript 119.63.193.220
BAIDUJP Baidu

General

Check archive.org

Show headers Download Go to

Full URL: https://api.popin.cc/popin_discovery5-min.js
Requested by: Host: api.popin.cc
URL: https://api.popin.cc/searchbox/hallo_banten.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 119.63.193.220 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 77d3a6b19e6eac0ab89be6d6d6754ca0fd0ee47beb8b39350ecc6b534ee95281

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:43 GMT
Content-Encoding: gzip
Last-Modified: Thu, 26 May 2022 05:04:08 GMT
Server: nginx
ETag: W/"455b85d8c8e61303fd231d2415058c18"
X-Cache-Status: HIT from 10.252.55.26
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
x-amz-version-id: 7goFykhV809rshrE2QHSfol2kmepeVDO
Expires: Wed, 06 Jul 2022 09:47:43 GMT

GET
H2 200 discoverylogs
log.popin.cc/log/popin_media/ 66 B
223 B 1895ms
1504ms Image
image/jpeg 119.63.198.143
BAIDUJP Baidu

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxMywidWEiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTAzLjAuNTA2MC41MyBTYWZhcmkvNTM3LjM2Iiwicl91cmwiOiJodHRwczovL2JhbnRlbi5oYWxsby5pZC9lbnRlcnRhaW5tZW50L3ByLTU2MzgyNTgzMi9saW5rLW5vbnRvbi1maWxtLXRob3ItbG92ZS1hbmQtdGh1bmRlci1tZWxhd2FuLWdvcnItdGhlLWdvZC1idXRjaGVyIn0=&t=1657097263005
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx/1.13.5 /
Resource Hash: 654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
last-modified: Mon, 07 Jan 2019 09:48:08 GMT
server: nginx/1.13.5
etag: "5c332058-42"
content-type: image/jpeg
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 66

GET
H2 200 discoverylogs
log.popin.cc/log/popin_media/ 66 B
223 B 1896ms
1506ms Image
image/jpeg 119.63.198.143
BAIDUJP Baidu

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxNCwidWEiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTAzLjAuNTA2MC41MyBTYWZhcmkvNTM3LjM2IiwiYXBpX2hvc3QiOiJpZC5wb3Bpbi5jYyIsImRldmljZSI6InBjIiwibWVkaWEiOiJiYW50ZW4uaGFsbG8uaWQiLCJ1cmwiOiJodHRwczovL2JhbnRlbi5oYWxsby5pZC9lbnRlcnRhaW5tZW50L3ByLTU2MzgyNTgzMi9saW5rLW5vbnRvbi1maWxtLXRob3ItbG92ZS1hbmQtdGh1bmRlci1tZWxhd2FuLWdvcnItdGhlLWdvZC1idXRjaGVyIiwibG9jIjoiaHR0cHM6Ly9iYW50ZW4uaGFsbG8uaWQvZW50ZXJ0YWlubWVudC9wci01NjM4MjU4MzIvbGluay1ub250b24tZmlsbS10aG9yLWxvdmUtYW5kLXRodW5kZXItbWVsYXdhbi1nb3JyLXRoZS1nb2QtYnV0Y2hlciJ9&t=1657097263011
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx/1.13.5 /
Resource Hash: 654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
last-modified: Mon, 07 Jan 2019 09:48:08 GMT
server: nginx/1.13.5
etag: "5c332058-42"
content-type: image/jpeg
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 66

GET
H2 200 discoverylogs
log.popin.cc/log/popin_media/ 66 B
223 B 1896ms
1507ms Image
image/jpeg 119.63.198.143
BAIDUJP Baidu

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxNSwicGFyYW0xIjowLCJhcGlfaG9zdCI6ImlkLnBvcGluLmNjIiwiZGV2aWNlIjoicGMiLCJtZWRpYSI6ImJhbnRlbi5oYWxsby5pZCIsInVybCI6Imh0dHBzOi8vYmFudGVuLmhhbGxvLmlkL2VudGVydGFpbm1lbnQvcHItNTYzODI1ODMyL2xpbmstbm9udG9uLWZpbG0tdGhvci1sb3ZlLWFuZC10aHVuZGVyLW1lbGF3YW4tZ29yci10aGUtZ29kLWJ1dGNoZXIiLCJ1aWQiOiJmZDU1OTc2ZTZlYjMxMGRhYzkxMTY1NzA5NzI2MzAwOCIsInRkX3RpdGxlIjoiIiwiZXh0cmEiOiIiLCJpbnRlcmFjdGlvbl9udW1iZXIiOjAsInBvcGluX3ZlcnNpb24iOjYsInRkX29zIjoiV2luZG93cyIsInRkX29zX3ZlcnNpb24iOiIxMC4wLjAiLCJ0ZF9icm93c2VyIjoiQ2hyb21lIiwidGRfYnJvd3Nlcl92ZXJzaW9uIjoiMTAzLjAuNTA2MCJ9&t=1657097263013
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx/1.13.5 /
Resource Hash: 654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
last-modified: Mon, 07 Jan 2019 09:48:08 GMT
server: nginx/1.13.5
etag: "5c332058-42"
content-type: image/jpeg
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 66

GET
H2 200 discoverylogs
log.popin.cc/log/popin_media/ 66 B
223 B 1895ms
1505ms Image
image/jpeg 119.63.198.143
BAIDUJP Baidu

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxMywidWEiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTAzLjAuNTA2MC41MyBTYWZhcmkvNTM3LjM2Iiwicl91cmwiOiJodHRwczovL2JhbnRlbi5oYWxsby5pZC9lbnRlcnRhaW5tZW50L3ByLTU2MzgyNTgzMi9saW5rLW5vbnRvbi1maWxtLXRob3ItbG92ZS1hbmQtdGh1bmRlci1tZWxhd2FuLWdvcnItdGhlLWdvZC1idXRjaGVyIn0=&t=1657097263017
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx/1.13.5 /
Resource Hash: 654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
last-modified: Mon, 07 Jan 2019 09:48:08 GMT
server: nginx/1.13.5
etag: "5c332058-42"
content-type: image/jpeg
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 66

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8E31 436 B
232 B 106ms
105ms Document
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=90&slotname=6406482591&adk=2197659081&adf=3173046725&pi=t.ma~as.6406482591&w=970&psa=0&format=970x90&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262679&bpp=1&bdt=489&idt=355&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=683759478344&frm=24&ife=3&pv=1&ga_vid=71494002.1657097263&ga_sid=1657097263&ga_hid=59249166&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=970&ish=90&ifk=678412312&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31065544%2C42531605&oid=2&pvsid=3794386596553352&tmod=901594290&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.90g1sugpd498&fsb=1&dtd=360

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

94c02d1c654a9f7eb518e281b757994e3b6f286a1393ad4fa997356226127ed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 212
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6767 436 B
234 B 114ms
114ms Document
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=60&slotname=9643020029&adk=1186402075&adf=776186319&pi=t.ma~as.9643020029&w=468&fwrn=16&psa=0&format=468x60&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262700&bpp=1&bdt=440&idt=368&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=6505539800373&frm=24&ife=3&pv=1&ga_vid=1721521432.1657097263&ga_sid=1657097263&ga_hid=110428013&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=468&ish=60&ifk=706620601&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C42531607%2C21065724&oid=2&pvsid=134187575876917&tmod=2012101857&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C468%2C60&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.h7n3jwlbi47y&fsb=1&dtd=374

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9219d0bea81ae3dba3fd1870dc74fb0d0e7865c4786ed837300c8f2c3ba9b86c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 214
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.ca/adsid/ Frame F4B6 107 B
122 B 34ms
34ms Script
application/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame F4B6 107 B
122 B 35ms
35ms Script
application/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E0E6 0
16 B 76ms
75ms Document
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3279755400&plat=1%3A66048%2C2%3A66048%2C8%3A66048%2C9%3A66048%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32&format=0x0&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262713&bpp=2&bdt=498&idt=371&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&nras=1&correlator=4932762053698&frm=24&ife=3&pv=2&ga_vid=1490785742.1657097263&ga_sid=1657097263&ga_hid=1450052226&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=600&ifk=3698180427&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C31068105%2C42531608&oid=2&pvsid=1212025964126670&tmod=2107832472&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C600&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.uw97nib9zbtl&fsb=1&dtd=388

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.ca/adsid/ Frame AC77 107 B
122 B 36ms
35ms Script
application/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame AC77 107 B
122 B 36ms
35ms Script
application/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0DE9 0
16 B 69ms
69ms Document
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=2751417941&plat=1%3A66056%2C2%3A66056%2C8%3A66048%2C9%3A66056%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32&format=0x0&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262745&bpp=2&bdt=505&idt=373&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&nras=1&correlator=7085836056548&frm=24&ife=3&pv=2&ga_vid=472338359.1657097263&ga_sid=1657097263&ga_hid=275396807&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1938537551&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C44763506%2C31068106%2C31067983%2C42531606&oid=2&pvsid=4227453080290102&tmod=1199217021&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.kzstv4hx7ft8&fsb=1&dtd=390

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.ca/adsid/ Frame 1E11 107 B
122 B 34ms
34ms Script
application/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 1E11 107 B
122 B 36ms
35ms Script
application/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A39D 0
16 B 69ms
69ms Document
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&adk=1812271804&adf=3279755401&plat=1%3A66048%2C2%3A66048%2C8%3A66048%2C9%3A66048%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32&format=0x0&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262728&bpp=3&bdt=508&idt=425&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&nras=1&correlator=3271316582063&rume=1&frm=24&ife=3&pv=2&ga_vid=1761357178.1657097263&ga_sid=1657097263&ga_hid=1590838306&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=600&ifk=1939174102&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C44761793%2C44766558%2C42531606%2C42531608%2C31061691%2C31061693&oid=2&pvsid=2558309577735024&tmod=604674769&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C600&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.qnerr7wk2rvi&fsb=1&dtd=441

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DC6F 436 B
232 B 114ms
112ms Document
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=2983625799&adk=3046421175&adf=3173046727&pi=t.ma~as.2983625799&w=120&fwrn=16&psa=0&format=120x600&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262715&bpp=1&bdt=501&idt=485&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=4932762053698&frm=24&ife=3&pv=1&ga_vid=1490785742.1657097263&ga_sid=1657097263&ga_hid=1450052226&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=600&ifk=3698180427&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C31068105%2C42531608&oid=2&pvsid=1212025964126670&tmod=2107832472&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.dvsn6stq9lru&fsb=1&dtd=490

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eccebc225e0bcf031ec882bfb87870956fe78bc705e9353756afad121ee094a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 212
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
BLOB 200
OK 384e6233-fc91-4ad9-9757-adb9ff424c88
https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/ Frame C257 0
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/384e6233-fc91-4ad9-9757-adb9ff424c88
Requested by: Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Length: 0
Content-Type: text/javascript

GET
BLOB 200
OK 038d77e6-974a-4871-bda3-70775d24f5fd
https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/ Frame C257 245 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/038d77e6-974a-4871-bda3-70775d24f5fd
Requested by: Host: 33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
URL: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d68edf3c87c6a6d87223649e8162ef1584ea6faad6f20e80fdd5f72c21b16a17

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Length: 245
Content-Type: text/javascript

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C257 0
0 36ms
35ms Fetch
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstZ6RVNLcsFU7LRCZfYSixHAehh3av9x0Cys_8lCdqfRaLIuz9aEP0EiUXSQp7NWQh8Pn5dvAuMICs-L34JiSXaUwYzCqadxe9pQ6fTjO7oElUoHF5NbgQmeUtuabbbq_lMCBAiBavpD81KYxJMAvOqxIXw9mNFsG-DatxC8lwePUUV5GxI3jKRE8G31PynKissrL-U_JEK5ANB46Wgth-7WtUhuY9gV0Ux9qgT6r4W83itMu8mkYKzamQuphl5CfWfmXNQtdJHQJL-uVa7pMTM9NBUSBKBs67c6RCTmMP3vMtI3HrUbQclf8nDra4FjlKfcU29jkbd5XPvQVpr&sai=AMfl-YTB3_j4EYnuM_CSQzFW1ddnDOaWtX1DfILSP2B0UerG23YqdDijUYSvsNVHkG0C4QqiUi8b2-WQhxvvE6WQXurNAXUkujt3-cIaJu-iow&sig=Cg0ArKJSzEkIvctTTuaUEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 06 Jul 2022 08:47:43 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1864 436 B
235 B 109ms
109ms Document
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=250&slotname=9060566096&adk=3807635426&adf=776186313&pi=t.ma~as.9060566096&w=300&fwrn=16&psa=0&format=300x250&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262747&bpp=2&bdt=507&idt=470&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7085836056548&frm=24&ife=3&pv=1&ga_vid=472338359.1657097263&ga_sid=1657097263&ga_hid=275396807&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1938537551&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C44763506%2C31068106%2C31067983%2C42531606&oid=2&pvsid=4227453080290102&tmod=1199217021&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.oxjgfw6tiif&fsb=1&dtd=474

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

63d11c72f8b71c14b1904608ea2b30df898ae7231a40570ef8d574f56f1bba48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 65A3 436 B
233 B 107ms
107ms Document
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8400307307701650&output=html&h=600&slotname=6242831060&adk=2345376669&adf=3173046728&pi=t.ma~as.6242831060&w=300&fwrn=16&psa=0&format=300x600&url=https%3A%2F%2Fbanten.hallo.id%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657097262731&bpp=2&bdt=511&idt=501&shv=r20220630&mjsv=m202206300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3271316582063&rume=1&frm=24&ife=3&pv=1&ga_vid=1761357178.1657097263&ga_sid=1657097263&ga_hid=1590838306&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=600&ifk=1939174102&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C44761793%2C44766558%2C42531606%2C42531608%2C31061691%2C31061693&oid=2&pvsid=2558309577735024&tmod=604674769&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.z0u1ng46v098&fsb=1&dtd=505

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

20ec648a59748adf40ac915ac3262db7757ea0ee476a98da9de240b3b5ccbfbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 213
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMDQtMTIvMTAxOTI0LzQ1YTczYzA1OWExZmMwMGM5ZWU3ZTNhNTAzOTM4ZTZmLmpwZw.webp
s-img.mgid.com/g/3805428/492x277/0x0x492x328/ 5 KB
5 KB 82ms
31ms Image
image/webp 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/3805428/492x277/0x0x492x328/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMDQtMTIvMTAxOTI0LzQ1YTczYzA1OWExZmMwMGM5ZWU3ZTNhNTAzOTM4ZTZmLmpwZw.webp?v=1657097262-RWCkOFYsj06ShQspDad7hkL-wdtrqQjbUU9dBVaZOd4
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 84c07a0e9097f42eff116ba2f5308e5bed921a5ac6f3e1e5ee4d7f27a6dae5a7

Request headers

Referer: https://banten.hallo.id/
Origin: https://banten.hallo.id
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
cf-cache-status: HIT
last-modified: Tue, 21 Jun 2022 11:50:55 GMT
x-mg-request-uuid: b695ed70-8c20-42d2-8f57-bdb8af036787
age: 1278181
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 726713c7dff0a1f8-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5102
server: cloudflare

GET
H2 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wNi8xMDE5MjQvMWQ0Z...
s-img.mgid.com/g/13404712/492x277/-/ 31 KB
32 KB 78ms
27ms Image
image/webp 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/13404712/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wNi8xMDE5MjQvMWQ0ZDkzYjEzZjhjMjQ3ZGNjNTk2ZGVmMzM1ZGU5NDUuanBlZw.webp?v=1657097262-6xH0IZqPvmxeGFptJKToTa0-G-J-atLACexxXMNz0A8
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df384796d2bbd44160efdbcc05da9e9af6a465de23bde239b0d9f2dc5b293eec

Request headers

Referer: https://banten.hallo.id/
Origin: https://banten.hallo.id
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
cf-cache-status: HIT
last-modified: Fri, 01 Jul 2022 07:19:35 GMT
x-mg-request-uuid: a09335fb-560e-4d6f-b021-36956c804f4e
age: 436935
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 726713c7dff1a1f8-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 32212
server: cloudflare

GET
H2 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wNS8xMDE5MjQvYmUzN...
s-img.mgid.com/g/13054683/492x277/-/ 17 KB
18 KB 79ms
28ms Image
image/webp 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/13054683/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wNS8xMDE5MjQvYmUzNDBjZTU5MWRmMTcxZTZlNzBlYjJiNGU3MWY1YWMuanBn.webp?v=1657097262-zt4x3J8hy0OjgQiCmhwH6IDk_UfKhL6aYtTX9_4mb-M
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00b2dc3677e4761e3b9d038223c77197813bd26014c60bc36e9adb2afbbfe521

Request headers

Referer: https://banten.hallo.id/
Origin: https://banten.hallo.id
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
cf-cache-status: HIT
last-modified: Wed, 25 May 2022 11:43:39 GMT
x-mg-request-uuid: b947f14e-52cc-4532-8717-f588d02d6ebe
age: 3610865
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 726713c7dff3a1f8-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17894
server: cloudflare

GET
H3 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMTItMDcvMTAxOTI0L2IzYmUzZDhkOWJlNWM4NjVjMGRkMzQzNTg2ZTA4YzlmLmpwZWc.webp
s-img.mgid.com/g/3805619/492x277/0x0x900x600/ 10 KB
10 KB 62ms
39ms Image
image/webp 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/3805619/492x277/0x0x900x600/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMTItMDcvMTAxOTI0L2IzYmUzZDhkOWJlNWM4NjVjMGRkMzQzNTg2ZTA4YzlmLmpwZWc.webp?v=1657097262-2s_FrdRhI6PtH89Nforc4uTIyVg9X7HTVJl9p0kuc5M
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54b537d4224ad6e2e0d129abe36be105add8a095397095a9cc6aa30a56b88359

Request headers

Referer: https://banten.hallo.id/
Origin: https://banten.hallo.id
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
cf-cache-status: HIT
last-modified: Tue, 21 Jun 2022 11:51:47 GMT
x-mg-request-uuid: 2c63a732-9842-408c-b7a3-848b60d27fcc
age: 1282088
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 726713c829385437-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9822
server: cloudflare

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7CAE 0
0 36ms
36ms Fetch
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuLmscdfkTpuU_O9Kbm_dHYJ5XGcCApg2TfMSd0epLX7j3XDmZtpig2taetjWJhRiHyK-gQdanc1jUK8Iwj0B_CzIPvFaPY4xotLPhVUtm7eh6yC42JXaye-GWLR0OGwtMYepvLnE2qsS6TzsO9QkXI7a3uFEIvrNenFKgkTlVC167QjEpwezK4hLyk-sS0o0OEWoVzU2GlrIkjhFoyjz0DlIHiobfQXT_68d9eT_psiuEFbF7P4FZaDogf9flaI7-rlY7QvJpLx5vN4SuTliPk6TcCmfcdli7a6azLAaIh5GkLKzmQHbR1uUApEvOT0uGFxd1S-IzbXYnaUWh_&sai=AMfl-YRMyYgsdLvbIVb0k3DjBnsdAQef0QhtnggAkoPjXEZvc8La4SQPan0le42lczm9FkGJfin6VXV409UFuL_uEQuk0WBUHW3hVr3A19mC1w&sig=Cg0ArKJSzHnKWsJez9r4EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 06 Jul 2022 08:47:43 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 7CAE 14 KB
11 KB 43ms
43ms XHR
application/json 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220630&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5f7312ffc225f202c5dd43838aab6e815417dbe5b2c2bd136484bc9b59c3073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10847
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 51EB 0
0 37ms
36ms Fetch
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsulcCWBwB9P6dC7pETNTkrPdhkFkKY9GiqMPBEC4q_Q_qsbrY6nEk1-XMfrAFc2iZl2SzPcVgAe_E1GMysOFcssvOfv60dHS7pbNcO5zyLVvv7apzybiVZu9hVMTuK8sOYcqm5aBnQcdbsI2mKQXuPKiJRcDC3dEGQMtf0YSpCi_1wLCnqAzHgw2QKV0SfYhf0Q3V_krmpj7bnVEYckDWzXRbP-WqGsqx5RghQ4ZhNdNj52XhUWmOgb-OnDJ-ZE6SR33KfiRGZgS6VYG45wW2joLeFuNo4tXE1f8HBpCM-YCmY7PSvZJioZIPGC-dBkUkxZzHZssV91UBfg7A1E&sai=AMfl-YQOsSTtQYSxwllY95cdcmVcoyEgSZg5702hhiCXLHIqs96QZg83rlaV8fmuVEHo5fZbdIYHDAMlY-4F2kQdGqSAIy5jOYH2Eqm7jFoMiw&sig=Cg0ArKJSzMPacf_kRzNNEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 06 Jul 2022 08:47:43 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 51EB 14 KB
11 KB 40ms
39ms XHR
application/json 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220630&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1991ee2bf02fcdcdc2f412b39e69222ada40a5603514b9f279755d7102fe0158

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10732
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame A692 0
0 39ms
37ms Fetch
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstPBxdsT0FmN2fJwDiHS7quRrfKgdkrWEShj42wKPtMefUoTeiCs2NaM0O_YXCELD09vtsKL4j7ThZjGXg3yvRYOWtQKfpMZMy08pIdDDRi1-hl2ANOuemwYCgeQ6oPpIfwD9dzr6Lue7s1Djs_dFtstbuGO2n8ww9zeVdJhKBWvJiiEdZlTK-R8_WzffqyxG7fvswKJo3Q5lhuys3LaKr1XuIKOnxyyPwU--HAHITcvjxWty0DKpmNLvsfwmITQNeV1uUz-DBDu9nzvwblF1SMm3VdvuhMz0TjbWOoEwrXMZrDEeYlOgSZzlOKzrF3DB6pz4RHeo9du51H2l_m&sai=AMfl-YRYq1_ddujJciaowZt2QB8cRaaY7IJOVOTDyN3nRlf2N_aJfFhMUFbHw0ZF7BfdT-5UQebp6jxVCIwNnSNcH0Ouk6ZjFpRLO2CBtrYeHQ&sig=Cg0ArKJSzCuOZBrlTyoiEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 06 Jul 2022 08:47:43 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame A692 14 KB
10 KB 43ms
41ms XHR
application/json 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220630&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50211975b8296041333a111713e8e7f0d012427f435faae4ecebb1f54cf4076d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10644
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C3F0 0
0 36ms
36ms Fetch
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvAsjcN3Dm2AQAslw7eMbxPbsW7-Typzgpj5Xb6nMpEL_0hBckNE62DPEPYINsgJBqt41buCfjccoGVeY5rHCA_FVzuX2U1CM2_A8ZLqqLHy84f9OtvYlcxW_0ZJTLknXkV1T3QAL5muUgFNGqN07cFVaH6fKn1_3EGCvlykBK8XBq8ItZmsbl4qb1wtAO-yGgdT7Pi3t9tB2kCx_gxQmOd2te7NEOi0H2NiyelIrwA8xWnVIsteSdlJ2js2EfFx0Z63DpWVuolJx5nJaaftqgoQzCjupva_XRseaggCNvBC0US26gZ1ktyauyaeyIfy2En3ys8cr4_gGDPfMCa&sai=AMfl-YQvWTGfN8Q1W3LPvNaQcOCZC4lSRyc1GE7MEzsThsxvU6K1TGWIcijIUkkjeI1NGSsqsUnu3Oj7CBOXpOXmrizVAQoek3jRFN36ktRyUg&sig=Cg0ArKJSzMBByQanU4rNEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 06 Jul 2022 08:47:43 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame C3F0 14 KB
11 KB 46ms
45ms XHR
application/json 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220630&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

858ef04b54848edd3d60f714b05817ab2b8a7f877127124165ba9b6a3604eddb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10739
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F578 0
0 35ms
35ms Fetch
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssaN5oryhNyAAc9QLK8bHPPHyPOC1kdtDlazyE1RgJh86-Q8mxUWQwcvfigy4cnqkERAcQiU2oXiZbL93-iO6xKXhSB--HFkx8BDoql6j7o1uZrdeOIhw8dGIvSKCEG_Kl3Hs6nKBYJqEzaB0AaKcrrWFdlrGFxV4_IY0iy2jiswheT298PU7ODPy5lqrvW38CBQ6MRAR9pybuJurNvIvBNFbvKqqL_tJFsxiwBAiaEx4DpGblr99QY0E5mnHh3p89INnMH_3dbqvzF2aZ7iWIy1nJeYAnI7s63M9wQ-j0N1DvS9BBeQRfZF13KQHQFn-QLWzjqaHo0dOICTpls&sai=AMfl-YRjYkfAbxuWj6h-xDnxAemvYFKAKMh2VakpER0r0dORFNA1Ax3PphCqZEYQWJvFqhQ6p8hiX84fXO_lKA3xwr7I0FCNQjPYfgUmlFCk8Q&sig=Cg0ArKJSzL1xfL_ndOz8EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 06 Jul 2022 08:47:43 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F578 14 KB
11 KB 46ms
46ms XHR
application/json 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220630&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02a5233771455f33030057ceec962485d1117a10960a094d634e8d71e4b0092d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10749
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 7CAE 17 KB
6 KB 127ms
69ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Jul 2022 08:47:43 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 51EB 17 KB
6 KB 120ms
72ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Jul 2022 08:47:43 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame A692 17 KB
6 KB 106ms
75ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Jul 2022 08:47:43 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F4B6 0
0 35ms
35ms Fetch
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvxJmwtwlV02XT5C7K0piIegcc2Oofp5DjQIlBnwjZJutmJuTzW-p_JekGo26gCW9YlitsLsKIAM-TDpEUcBR_ODAHSq9fXxlqpx9uM3FZGrmcO7U-umK6URZwmjsQ_-sTvR96JEfDH6EeOrxuSwLIOHpEOYJLvKttzd1URMaRZvxdxE0zd4FTciqrDl04xaV4TAMjwQN3CfsNW5MuXRdS9KTo64AxDBURsggXKpfQ3RSJrtfBilj4vwCSn5WTJsjaKCJUnvMM1f323ltX76GAmF4FrfqF8dtal-BY5rfK6gcSLdLXm-yhZfV8fK4LoYusRb1u9ljGVTJ2m3yvq&sai=AMfl-YSg0ImtQCJdHYC6jpwkJLAMOY7EwXK5Vp-mKhyxaXecVtEAGzB-jFYdKNbF18fIw5ADOhPM2omnfJycK2VoBeVAkIMV0v5WddmrDMfCkg&sig=Cg0ArKJSzPpNd7QfwQvXEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 06 Jul 2022 08:47:43 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F4B6 14 KB
10 KB 42ms
42ms XHR
application/json 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220630&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85305dc3fcecc413eaaf031d9d91f7bb015a5f57e4aa02df7724311eef5ec6bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10610
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame C3F0 17 KB
6 KB 72ms
51ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Jul 2022 08:47:43 GMT

GET
H2 200 i.js Show response
cm.mgid.com/ 2 KB
1 KB 76ms
57ms Script
application/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.mgid.com/i.js?&cbuster=16570972633888501755
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179904.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61c53d92b094f1eaedfcd139625b47b576b114486c47e2c409615ed54396a542

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713c85b4ccaa8-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame AC77 0
0 35ms
35ms Fetch
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv5hxk7qSmV62dH3GLreqtbx5RuRtBDyiG8R7xHB6wSRKD4Gr3Lp51XdwHdGp7Vg_w6Fo7NLK3ZH6_E2BtdAoheln3o0IMABb-T83MrA55aW183xp63VkexgWz4ZBmuA-sCgOEWcniYEq9iCaSNOorjOJwU9EONDrkzr0TxyKySJiMjqf1kNK1h_ScUKpzkn_C-BM76zZmv0ioF0cnuIMhFe5CxB48XGrlgZXyeXl3Kv9fmVO76bXIE7VAAzZa5AciHmTDV4ks97jw52q8HqkF3FpYIjfenTUyiO_v051KIVHC1i5bV-TpG_cR6V-x3_391J08Axdp1o4Tz4VHL&sai=AMfl-YSCyIVdjXysOHJI-yV68gg_mhU4N611TgPsbGZmwdKJupmVmJhxOvheWlbA9ngbGc4XusA8XaSA_H7CWOUU1CRROsIg4f0JLKZX-1xrHg&sig=Cg0ArKJSzJJ-lRvfdV6IEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 06 Jul 2022 08:47:43 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame AC77 14 KB
10 KB 41ms
40ms XHR
application/json 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220630&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ae17fc41507a16f21d63967e129cfd04088484c951ec3c9fec0c6f5a151b1634

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10673
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F578 17 KB
6 KB 45ms
34ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Jul 2022 08:47:43 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1E11 0
0 36ms
36ms Fetch
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvhEzlR7I0FTIib9EjTAUolBNdY0ur8EoXr_YtDIvpC1y8GR5VTCs5mEF8dV-VRg2PusueGtRoATdmev_uN94ANfZyoeRBqgbMbJEDjgPe5M_-jAZP3eQe4MmZPXsn90b4LfFUxifbY-I-OKiUsncgI8-stOWGrLJFD8AfhjEdLlRvvUcJtTmDIMjsHWw4lRZF6y_wyKvaARORzQZQ_zEw3C_du4_GGq7n7-xt-4xUdD4keKgS_PzPxyLTJcfaZgaO4hCOQd-gYBVSp9NIHVgVgkRiaL6Jh_MI9gneqoyRQg5Y-oav9di_cKrg7GoZlt2xK7wII_rXR24GgDVsC&sai=AMfl-YQ2mOvM48qbialE5tA7mKC4aEU72xNS3_sm8qI4OxgB_Lt8rStGWnLmsYltvgIVWcl0uIN9KFYeSwOUPxQm9A9_MeI-4Z1G9SAAM2JvyQ&sig=Cg0ArKJSzMKmsqbtPBabEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 06 Jul 2022 08:47:43 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1E11 14 KB
10 KB 42ms
42ms XHR
application/json 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220630&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9bbbc76ddcccd62b1c094e1dda9c224f36d82d30d18b887d489c868959a0bf29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10719
x-xss-protection: 0

GET
H2 204 i-noref.js Show response
cm.mgid.com/ Frame F44D 0
36 B 51ms
51ms Script
text/plain 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.mgid.com/i-noref.js?cbuster=1657097263418799456711
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179904.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:43 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713c86b59caa8-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F4B6 17 KB
6 KB 47ms
47ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Jul 2022 08:47:43 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame AC77 17 KB
6 KB 65ms
64ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Jul 2022 08:47:43 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1E11 17 KB
6 KB 49ms
48ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Jul 2022 08:47:43 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame ABB2 13 KB
5 KB 22ms
20ms Document
text/html 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 24130
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 02:05:33 GMT
expires: Thu, 06 Jul 2023 02:05:33 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F449 783 B
742 B 89ms
38ms Document
text/html 2607:f8b0:4006:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2004 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3a29aa570f1989f556ef9dad6fa41ec6d4b914ff59271e3f1a57ee75eee7678f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-uYuEfQI02MfZKPukfV_ZQQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-uYuEfQI02MfZKPukfV_ZQQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:43 GMT
expires: Wed, 06 Jul 2022 08:47:43 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 960D 13 KB
5 KB 21ms
19ms Document
text/html 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 24130
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 02:05:33 GMT
expires: Thu, 06 Jul 2023 02:05:33 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 2DC0 783 B
737 B 81ms
41ms Document
text/html 2607:f8b0:4006:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2004 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0dd13172611bb9c2a46b731bdafcc9dcf2741b80196bb85a6aed0f287d131614

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-w88uDyKYuW6Uhpd-hUi7zA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-w88uDyKYuW6Uhpd-hUi7zA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:43 GMT
expires: Wed, 06 Jul 2022 08:47:43 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK sync.html Show response
s.adtelligent.com/ Frame 4D1C 3 KB
1 KB 119ms
20ms Document
text/html 2a06:8640:683:0:ae1f:6bff:fec1:b062
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adtelligent.com/sync.html?aid=754484
Requested by: Host: cm.mgid.com
URL: https://cm.mgid.com/i.js?&cbuster=16570972633888501755
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:8640:683:0:ae1f:6bff:fec1:b062 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 312057a157c24a869d083c2dcdcfdd80d92e5ebd1fad998762be4ec0f11ce40d

Request headers

Referer: https://banten.hallo.id/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://banten.hallo.id
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 1231
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2022 08:47:43 GMT
Server: Adtelligent
X-Robots-Tag: noindex

GET
H3

200

m
cm.mgid.com/
Redirect Chain

https://ad.360yield.com/server_match?partner_id=1944&r=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D665953%26c%3D%7BPUB_USER_ID%7D
https://ad.360yield.com/ul_cb/server_match?partner_id=1944&r=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D665953%26c%3D%7BPUB_USER_ID%7D
https://cm.mgid.com/m?cdsp=665953&c=ea078dcd-ed1b-4065-a7ae-c9bdf6241b93

43 B
447 B

46ms
45ms

Image
image/gif

104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=665953&c=ea078dcd-ed1b-4065-a7ae-c9bdf6241b93
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:43 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713ca3b4d54cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

Redirect headers

location: https://cm.mgid.com/m?cdsp=665953&c=ea078dcd-ed1b-4065-a7ae-c9bdf6241b93
date: Wed, 06 Jul 2022 08:47:43 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET

/
an.yandex.ru/mapuid/operacom/
Redirect Chain

https://t.adx.opera.com/pub/sync?pubid=pub6103523253312
https://ib.adnxs.com/getuid?https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fvendor%3D60141%26uid%3D%24UID
https://t.adx.opera.com/sync?vendor=60141&uid=3118761177084706340
https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fvendor%3D60158%26uid%3D%24UID&partner=opera_media
https://t.adx.opera.com/sync?vendor=60158&uid=86581681-90df-f7e2-9cc7-5e292fc99232
https://creativecdn.com/cm-notify?pi=opera
https://t.adx.opera.com/sync?vendor=60039&uid=YG02ktO8Cn3rt9A3jqGj&pi=opera
https://cs.mobfox.com/7b8b188df2e2d757df67b198ed77e9f5.gif?puid=51d7215b4840f01c&redir=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fvendor%3D60058
https://t.adx.opera.com/sync?vendor=60058
https://sync.taboola.com/sg/OperaSCoD/1/cm
https://t.adx.opera.com/sync?vendor=60151&uid=b5abaf37-dff7-45d8-be78-4ba4a61156d3-tuct9bed1b1
https://ups.analytics.yahoo.com/ups/58484/occ
https://t.adx.opera.com/sync?vendor=60112&uid=y-IgnWEnlE2uHLCsALo3yLKP9fzQ74yjTAWqKc1sw-~A
https://sync.aralego.com/idSync?ucf_nid=par-627D96DE43D94E241EAD99688E72B636&ucf_user_id=51d7215b4840f01c&redirect=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fuid%3DUCFUID%26vendor%3D60114
https://t.adx.opera.com/sync?uid=511af5b5-388e-36cb-85ab-4482f54203bd&vendor=60114
https://cs.mobfox.com/7b8b188df2e2d757df67b198ed77e9f5.gif?puid=51d7215b4840f01c&redir=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fvendor%3D60058
https://t.adx.opera.com/sync?vendor=60058
https://ssbsync.smartadserver.com/api/sync?callerId=14&gdpr=0&gdpr_consent=
https://t.adx.opera.com/sync?vendor=60140&uid=2541039644928651045&gdpr=0&gdpr_consent=
https://an.yandex.ru/mapuid/operacom/
https://an.yandex.ru/mapuid/operacom/?redir-setuniq=1

0
0

GET
H3

200

m
cm.mgid.com/
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=161673&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D161673%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fcm.mg...
https://image8.pubmatic.com/AdServer/ImgSync?p=161673&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D161673%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fcm.mg...
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=N0U4QkI3ODgtRUMwRC00QUEwLThDMDgtNDQwRDY4RDU3OEIx&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=161673&pmc=1&pr=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D712807%26c%3D7E8BB788-EC0D-4AA0-8C08-440D68D578B1
https://cm.mgid.com/m?cdsp=712807&c=7E8BB788-EC0D-4AA0-8C08-440D68D578B1

43 B
479 B

49ms
48ms

Image
image/gif

104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=712807&c=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713cddf7b54cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

Redirect headers

location: https://cm.mgid.com/m?cdsp=712807&c=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
date: Wed, 06 Jul 2022 08:47:42 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H3

200

m
cm.mgid.com/
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=mgid
https://cm.mgid.com/m?cdsp=43070&c=L59CXBSV-3-4UE9

43 B
431 B

54ms
54ms

Image
image/gif

104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=43070&c=L59CXBSV-3-4UE9
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:43 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713c9dade54cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.mgid.com/m?cdsp=43070&c=L59CXBSV-3-4UE9
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 19c1ac3b9706c83a73951eba4d239689
Expires: 0

GET
H2

200

1011
jadserve.postrelease.com/suid/
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=303&user_id=m66GW8FclGL1
https://x.bidswitch.net/ul_cb/sync?dsp_id=303&user_id=m66GW8FclGL1
https://jadserve.postrelease.com/suid/1011?vk=09b3299d-acd9-44cb-8002-aa2609ca1291

43 B
540 B

91ms
23ms

Image
image/gif

35.169.213.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/suid/1011?vk=09b3299d-acd9-44cb-8002-aa2609ca1291
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Server: 35.169.213.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-169-213-151.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

Redirect headers

Location: //jadserve.postrelease.com/suid/1011?vk=09b3299d-acd9-44cb-8002-aa2609ca1291
Date: Wed, 06 Jul 2022 08:47:44 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H3

200

google
cm.mgid.com/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=marketgid&google_cm=&google_ula={guid}&google_hm=bTY2R1c4RmNsR0wx&muidn=m66GW8FclGL1
https://cm.mgid.com/google?muidn=m66GW8FclGL1&google_ula={guid},5&google_gid=CAESEDwVMn3L4h95VtutbXyfXiM&google_cver=1

0
187 B

47ms
42ms

Image
text/plain

104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/google?muidn=m66GW8FclGL1&google_ula={guid},5&google_gid=CAESEDwVMn3L4h95VtutbXyfXiM&google_cver=1
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/plain
cf-ray: 726713cadc1154cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:43 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.mgid.com/google?muidn=m66GW8FclGL1&google_ula={guid},5&google_gid=CAESEDwVMn3L4h95VtutbXyfXiM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 327
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

sync.php
pixel.rubiconproject.com/exchange/
Redirect Chain

https://sync.e-volution.ai/34b9aae5baa016b251b9fc488f4a97cd.gif?puid=m66GW8FclGL1
https://ssbsync.smartadserver.com/api/sync?callerId=24&gdpr=0&gdpr_consent=&us_privacy=
https://sync.e-volution.ai/a02d62607dea0c97e41ff36ebd422945.gif?puid=2541039644928651045&gdpr=0&gdpr_consent=
https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-pashadv&gdpr=0&gdpr_consent=&us_privacy=

42 B
708 B

23ms
23ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-pashadv&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 382e2818ca015d35b02cd449aa60881d
Content-Type: image/gif

Redirect headers

Pragma: no-cache
Date: Wed, 06 Jul 2022 08:47:44 GMT
Server: nginx
Transfer-Encoding: chunked
Location: https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-pashadv&gdpr=0&gdpr_consent=&us_privacy=
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Expires: 0

GET
H3

200

m
cm.mgid.com/
Redirect Chain

https://rtb-usw.mfadsrvr.com/sync?ssp=mgid
https://rtb-usw.mfadsrvr.com/ul_cb/sync?ssp=mgid
https://cm.mgid.com/m?cdsp=287839&c=6d18d6d8-458c-4f27-b8a4-9765be99ae76

43 B
526 B

49ms
43ms

Image
image/gif

104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=287839&c=6d18d6d8-458c-4f27-b8a4-9765be99ae76
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713d4bf1054cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

Redirect headers

location: //cm.mgid.com/m?cdsp=287839&c=6d18d6d8-458c-4f27-b8a4-9765be99ae76
date: Wed, 06 Jul 2022 08:47:45 GMT
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET
H3

200

m
cm.mgid.com/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=omn67hl&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=omn67hl&ttd_tpi=1
https://cm.mgid.com/m?cdsp=371158&c=8c96384d-bd43-4ecf-8a87-9d923f86652d&ttl=1659689264

43 B
479 B

42ms
42ms

Image
image/gif

104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=371158&c=8c96384d-bd43-4ecf-8a87-9d923f86652d&ttl=1659689264
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713cdff9e54cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.mgid.com/m?cdsp=371158&c=8c96384d-bd43-4ecf-8a87-9d923f86652d&ttl=1659689264
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 205

GET
H3

200

1000.gif
id.rlcdn.com/
Redirect Chain

https://id.rlcdn.com/712056.gif?
https://id.rlcdn.com/1000.gif?memo=CPi6KxoNCLCYlZYGEgUI6AcQAEIASgA

42 B
60 B

84ms
61ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/1000.gif?memo=CPi6KxoNCLCYlZYGEgUI6AcQAEIASgA
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:44 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

date: Wed, 06 Jul 2022 08:47:44 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://id.rlcdn.com/1000.gif?memo=CPi6KxoNCLCYlZYGEgUI6AcQAEIASgA
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

458249.gif
idsync.rlcdn.com/
Redirect Chain

https://idsync.rlcdn.com/712107.gif?partner_uid=m66GW8FclGL1&
https://pippio.com/api/sync?pid=5324&_=2
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpGgwIsJiVlgYSBAgCEABCAEoA
https://pippio.com/api/sync/ddp?pid=2&m=CMwpGgwIsJiVlgYSBAgCEABCAEoA&google_gid=CAESECVcHgcC-6I-9FuPxasExRo&google_cver=1
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=
https://idsync.rlcdn.com/458249.gif?partner_uid=05419d98-7d48-47e4-8c05-60b38b69e503

42 B
60 B

44ms
44ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/458249.gif?partner_uid=05419d98-7d48-47e4-8c05-60b38b69e503
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:44 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

location: https://idsync.rlcdn.com/458249.gif?partner_uid=05419d98-7d48-47e4-8c05-60b38b69e503
date: Wed, 06 Jul 2022 08:47:44 GMT
via: 1.1 google
x-samesite: secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111
content-type: text/html; charset=utf-8

GET
H3

200

m
cm.mgid.com/
Redirect Chain

https://creativecdn.com/cm-notify?pi=mgid
https://creativecdn.com/cm-notify?pi=mgid&tc=1
https://cm.mgid.com/m?cdsp=501037&c=YG02ktO8Cn3rt9A3jqGj&pi=mgid&tc=1

43 B
494 B

47ms
47ms

Image
image/gif

104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=501037&c=YG02ktO8Cn3rt9A3jqGj&pi=mgid&tc=1
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713d18b5c54cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

Redirect headers

location: https://cm.mgid.com/m?cdsp=501037&c=YG02ktO8Cn3rt9A3jqGj&pi=mgid&tc=1
pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT, Wed, 06 Jul 2022 08:47:44 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

m
cm.mgid.com/
Redirect Chain

https://x.bidswitch.net/sync?ssp=mgid
https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=mgid&bsw_user_id=09b3299d-acd9-44cb-8002-aa2609ca1291
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=mgid&bsw_user_id=09b3299d-acd9-44cb-8002-aa2609ca1291
https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=d2238a2e-fc11-4134-b5f6-d623209392df&ssp=mgid
https://cm.mgid.com/m?cdsp=433145&c=09b3299d-acd9-44cb-8002-aa2609ca1291&gdpr=&consentData=&uspString=

43 B
510 B

43ms
42ms

Image
image/gif

104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=433145&c=09b3299d-acd9-44cb-8002-aa2609ca1291&gdpr=&consentData=&uspString=
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713d3ee3154cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

Redirect headers

Location: //cm.mgid.com/m?cdsp=433145&c=09b3299d-acd9-44cb-8002-aa2609ca1291&gdpr=&consentData=&uspString=
Date: Wed, 06 Jul 2022 08:47:45 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2 200 /
cm.idealmedia.io/setmuidn/ 0
173 B 178ms
125ms Image
image/gif 104.16.199.73
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.idealmedia.io/setmuidn/?muidf=m66GW8FclGL1
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.199.73 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 726713d06f40a1e6-YYZ
content-length: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame CDB0 13 KB
5 KB 21ms
19ms Document
text/html 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 24130
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 02:05:33 GMT
expires: Thu, 06 Jul 2023 02:05:33 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 60BE 783 B
1 KB 63ms
37ms Document
text/html 2607:f8b0:4006:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2004 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e329a718ceb89482f2465db3faf92c2e0db7db57470b5a08276f14bafdf20bab

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-fPCG4mwxr7_l17Lci4FaJw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-fPCG4mwxr7_l17Lci4FaJw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:43 GMT
expires: Wed, 06 Jul 2022 08:47:43 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 09D4 13 KB
5 KB 21ms
20ms Document
text/html 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 24130
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 02:05:33 GMT
expires: Thu, 06 Jul 2023 02:05:33 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F935 783 B
738 B 62ms
39ms Document
text/html 2607:f8b0:4006:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2004 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

6bd59dc4787129e3d7b3d7d337fb5ec03b79ddcfca74d5c1f6f30d7e454d1042

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-G47hXFrVHv7rxx3t8FiZbA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-G47hXFrVHv7rxx3t8FiZbA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:43 GMT
expires: Wed, 06 Jul 2022 08:47:43 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 integrator.js Show response
adservice.google.ca/adsid/ 107 B
122 B 34ms
34ms Script
application/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=banten.hallo.id

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 37ms
34ms Script
application/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=banten.hallo.id

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 316 B
167 B 200ms
200ms XHR
text/plain 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

139c364496769ac0100a185f160285c66bc071192cbcba07d6aaf6dd375bda15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://banten.hallo.id
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 322 B
173 B 512ms
511ms XHR
text/plain 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

a29652e90f17c9db656a99a3a86923183ed6140065a140fbe9e227b5572273aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 144
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://banten.hallo.id
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 330 B
182 B 377ms
377ms XHR
text/plain 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

9e73701d6e7bc8b793b8e74076819863748660c13c753e5459ceea60338bcc00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 153
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://banten.hallo.id
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3984 13 KB
5 KB 20ms
19ms Document
text/html 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 24130
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 02:05:33 GMT
expires: Thu, 06 Jul 2023 02:05:33 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame AB38 783 B
533 B 82ms
38ms Document
text/html 2607:f8b0:4006:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2004 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

38ea69101b6808abc6482ec2d5fdc03c874237626c1041b30f5adb2c23c0d40d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-iNf02PvlaOitKP9y2AUbfw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 511
content-security-policy: script-src 'report-sample' 'nonce-iNf02PvlaOitKP9y2AUbfw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:43 GMT
expires: Wed, 06 Jul 2022 08:47:43 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 03C9 13 KB
5 KB 20ms
19ms Document
text/html 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 24130
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 02:05:33 GMT
expires: Thu, 06 Jul 2023 02:05:33 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6B8F 783 B
535 B 78ms
41ms Document
text/html 2607:f8b0:4006:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2004 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ad35886a5e1009a5bc48997b5bea960291e54b7db92f87c25b04c1206b7e7721

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-E2fI0ke-XNzOeD2RMgJZYA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-E2fI0ke-XNzOeD2RMgJZYA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:43 GMT
expires: Wed, 06 Jul 2022 08:47:43 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8914 13 KB
5 KB 21ms
20ms Document
text/html 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 24130
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 02:05:33 GMT
expires: Thu, 06 Jul 2023 02:05:33 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E228 783 B
535 B 40ms
39ms Document
text/html 2607:f8b0:4006:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2004 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e12c7543ce84abd257389c31041a26a8609aaaafc9e87c312e48fcf0ed7d6501

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-jUCAko58H0HmjarhE-zTEA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-jUCAko58H0HmjarhE-zTEA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:43 GMT
expires: Wed, 06 Jul 2022 08:47:43 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame C87D 13 KB
5 KB 20ms
19ms Document
text/html 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 24130
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 02:05:33 GMT
expires: Thu, 06 Jul 2023 02:05:33 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame CEC4 783 B
536 B 39ms
39ms Document
text/html 2607:f8b0:4006:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2004 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

33ca849eae1fa1032fc9c3b3fac000cd645550c5dd33e70008b2ed522f3b0ab3

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-2xeEPNCZLx9aRa3RV5UvvQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-2xeEPNCZLx9aRa3RV5UvvQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:43 GMT
expires: Wed, 06 Jul 2022 08:47:43 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK sync.html Show response
s.console.adtarget.com.tr/ Frame 88CE 1 KB
1004 B 1711ms
21ms Document
text/html 2a06:8640:471:0:ec4:7aff:fe7e:dd90
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.console.adtarget.com.tr/sync.html?aid=755289
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:8640:471:0:ec4:7aff:fe7e:dd90 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 8a77716d191bdcbb71ccafbe17e67b9e6f45d58e3c7477e3c9b7d7b9321c6f5a

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://s.adtelligent.com
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 699
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2022 08:47:44 GMT
Server: Adtelligent
X-Robots-Tag: noindex

GET
H/1.1

200
OK

csync Show response
sync.adtelligent.com/ Frame 9DE2
Redirect Chain

https://csync.loopme.me/?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D319130%26extuid%3D%7Bdevice_id%7D
https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=2709fb28-e68c-4bdc-af39-4d72cf8bd176

0
407 B

18ms
18ms

Document
text/plain

23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=2709fb28-e68c-4bdc-af39-4d72cf8bd176
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Content-Length: 0
Date: Wed, 06 Jul 2022 08:47:43 GMT
Etag: 86a13ba6ab56d298
Server: VertaMedia 1.0

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 726713ca7f53a1de-YYZ
content-length: 0
date: Wed, 06 Jul 2022 08:47:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=2709fb28-e68c-4bdc-af39-4d72cf8bd176
server: cloudflare

GET
H/1.1 200
OK sync.html Show response
s.adtelligent.com/ Frame 6118 1 KB
1 KB 21ms
21ms Document
text/html 2a06:8640:683:0:ae1f:6bff:fec1:b062
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adtelligent.com/sync.html?aid=651796
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:8640:683:0:ae1f:6bff:fec1:b062 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 9c79af78cb324a3ca6c879d38313c4eb4025972decd05170d88f4b486f43acef

Request headers

Referer: https://s.adtelligent.com/sync.html?aid=754484
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://s.adtelligent.com
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 783
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2022 08:47:43 GMT
Server: Adtelligent
X-Robots-Tag: noindex

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame FBE6 15 KB
6 KB 90ms
19ms Document
text/html 23.52.161.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr={gdpr]&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D558003%26extuid%3D
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-161-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=87014
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Wed, 06 Jul 2022 08:47:43 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Thu, 07 Jul 2022 08:57:57 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2

200

/ Show response
de.tynt.com/deb/ Frame 8D7E
Redirect Chain

https://ic.tynt.com/r/d?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X

1 KB
2 KB

116ms
34ms

Document
text/html

67.202.105.32
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.32 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip32.67-202-105.static.steadfastdns.net
Software: /
Resource Hash: a01d097c5485efe912c3ac768415907401ede6052803323f19d4dcc626c3f977

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
content-length: 1328
content-type: text/html
date: Wed, 06 Jul 2022 08:47:43 GMT
expires: Sat, 26 Jul 1997 05:00:00 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy: unsafe-url

Redirect headers

accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
content-length: 171
content-type: text/html; charset=utf-8
date: Wed, 06 Jul 2022 08:47:43 GMT
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
location: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
p3p: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
server: nginx/1.16.1

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame F8A4 2 KB
815 B 48ms
9ms Document
text/html 51.222.39.187
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=59a18369e249bfb

Requested by

Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.222.39.187 , Canada, ASN16276 (OVH, FR),

Reverse DNS

ip187.ip-51-222-39.net

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
content-type: text/html
strict-transport-security: max-age=15552000

GET
H2

200

/ Show response
ads.us.e-planning.net/uspd/1/ Frame F972
Redirect Chain

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID

2 KB
1 KB

30ms
25ms

Document
text/html

172.98.26.125
E-PLANNING-

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: 94a21867464639561fa1a461ec6b44f24e1163767ac1ee6f83774405b23c34e8

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=0, no-cache
content-encoding: gzip
content-type: text/html
date: Wed, 06 Jul 2022 08:47:43 GMT
expires: Wed, 06 Jul 2022 08:47:43 GMT
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server: openresty
x-sid: IAD-1212

Redirect headers

content-type: text/html; charset=iso-8859-1
date: Wed, 06 Jul 2022 08:47:43 GMT
location: /uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server: openresty
x-sid: IAD-1212

GET
H/1.1

200
OK

csync Show response
sync.adtelligent.com/ Frame 5F2D
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D584890%26extuid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.adtelligent.com%252Fcsync%253Ft%253Da%2526ep%253D584890%2526extuid%253D%2524UID
https://sync.adtelligent.com/csync?t=a&ep=584890&extuid=3118761177084706340

0
390 B

28ms
20ms

Document
text/plain

23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.adtelligent.com/csync?t=a&ep=584890&extuid=3118761177084706340
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Content-Length: 0
Date: Wed, 06 Jul 2022 08:47:43 GMT
Etag: 86a13ba6ab56d298
Server: VertaMedia 1.0

Redirect headers

AN-X-Request-Uuid: abd505d5-1065-4582-adc8-9751ede91362
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=utf-8
Date: Wed, 06 Jul 2022 08:47:43 GMT
Expires: Sat, 15 Nov 2008 16:00:00 GMT
Location: https://sync.adtelligent.com/csync?t=a&ep=584890&extuid=3118761177084706340
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma: no-cache
Server: nginx/1.21.3
X-Proxy-Origin: 149.56.153.188; 149.56.153.188; 555.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection: 0

GET
H/1.1

200
OK

csync
sync.adtelligent.com/ Frame 4D1C
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D310570%26extuid%3D%24UID
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D310570%26extuid%3D%24UID&sovrn_retry=true
https://sync.adtelligent.com/csync?t=a&ep=310570&extuid=E7evjLZHduBErJVZTJiI06fm

0
395 B

18ms
18ms

Image
text/plain

23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?t=a&ep=310570&extuid=E7evjLZHduBErJVZTJiI06fm
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: HTTP/1.1
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:43 GMT
Server: VertaMedia 1.0
Etag: 86a13ba6ab56d298
Content-Length: 0

Redirect headers

Date: Wed, 06 Jul 2022 08:47:43 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://sync.adtelligent.com/csync?t=a&ep=310570&extuid=E7evjLZHduBErJVZTJiI06fm
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap3dca1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H/1.1

200
OK

csync
sync.adtelligent.com/ Frame 4D1C
Redirect Chain

https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D309255%26extuid%3D%24%7BUID%7D
https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D309255%26extuid%3D%24%7BUID%7D&ox_sc=1
https://sync.adtelligent.com/csync?t=a&ep=309255&extuid=ca045de8-7410-4045-bbd5-02e820b876f1

0
407 B

18ms
18ms

Image
text/plain

23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?t=a&ep=309255&extuid=ca045de8-7410-4045-bbd5-02e820b876f1
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: HTTP/1.1
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:43 GMT
Server: VertaMedia 1.0
Etag: 86a13ba6ab56d298
Content-Length: 0

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:43 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://sync.adtelligent.com/csync?t=a&ep=309255&extuid=ca045de8-7410-4045-bbd5-02e820b876f1
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-request-id: jusebe7sts812st9kiroj546vkn68bag

GET
H/1.1

200
OK

csync
sync.adtelligent.com/ Frame 4D1C
Redirect Chain

https://ad.360yield.com/server_match?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D289656%26extuid%3D%7BPUB_USER_ID%7D
https://sync.adtelligent.com/csync?t=a&ep=289656&extuid=ea078dcd-ed1b-4065-a7ae-c9bdf6241b93

0
407 B

80ms
18ms

Image
text/plain

23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?t=a&ep=289656&extuid=ea078dcd-ed1b-4065-a7ae-c9bdf6241b93
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: HTTP/1.1
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:43 GMT
Server: VertaMedia 1.0
Etag: 86a13ba6ab56d298
Content-Length: 0

Redirect headers

location: https://sync.adtelligent.com/csync?t=a&ep=289656&extuid=ea078dcd-ed1b-4065-a7ae-c9bdf6241b93
date: Wed, 06 Jul 2022 08:47:43 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

csync
sync.adtelligent.com/ Frame 4D1C
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D297253%26extuid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.adtelligent.com%252Fcsync%253Ft%253Da%2526ep%253D297253%2526extuid%253D%2524UID
https://sync.adtelligent.com/csync?t=a&ep=297253&extuid=3118761177084706340

0
390 B

18ms
18ms

Image
text/plain

23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?t=a&ep=297253&extuid=3118761177084706340
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: HTTP/1.1
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:43 GMT
Server: VertaMedia 1.0
Etag: 86a13ba6ab56d298
Content-Length: 0

Redirect headers

Pragma: no-cache
Date: Wed, 06 Jul 2022 08:47:43 GMT
X-Proxy-Origin: 149.56.153.188; 149.56.153.188; 555.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 47634494-3078-4cd5-991f-2b0f165ec724
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.adtelligent.com/csync?t=a&ep=297253&extuid=3118761177084706340
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

csync
sync.adtelligent.com/ Frame 4D1C
Redirect Chain

https://a4p.adpartner.pro/ssp/match?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307558%26extuid%3D%7Buser_id%7D
https://sync.adtelligent.com/csync?t=a&ep=307558&extuid=08e91465-96f4-4292-bbbb-b8c2373e2484

0
407 B

18ms
18ms

Image
text/plain

23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?t=a&ep=307558&extuid=08e91465-96f4-4292-bbbb-b8c2373e2484
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: HTTP/1.1
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:43 GMT
Server: VertaMedia 1.0
Etag: 86a13ba6ab56d298
Content-Length: 0

Redirect headers

location: https://sync.adtelligent.com/csync?t=a&ep=307558&extuid=08e91465-96f4-4292-bbbb-b8c2373e2484
date: Wed, 06 Jul 2022 08:47:44 GMT
cache-control: no-store no-transform
server: nginx
content-length: 166
content-type: text/html; charset=utf-8

GET
H2 200 sync
vid.vidoomy.com/ Frame 4D1C 0
0 243ms
66ms Image
text/html 2a02:6ea0:c400::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vid.vidoomy.com/sync?gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D556847%26extuid%3D%7B%7BVID%7D%7D
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c400::11 New York, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3

200

m
cm.mgid.com/ Frame 4D1C
Redirect Chain

https://sync.adtelligent.com/csync?redir=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D617666%26c%3D%7Buid%7D
https://cm.mgid.com/m?cdsp=617666&c=86a13ba6ab56d298

43 B
463 B

48ms
48ms

Image
image/gif

104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=617666&c=86a13ba6ab56d298
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: H3
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713cd0ebf54cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

Redirect headers

Location: https://cm.mgid.com/m?cdsp=617666&c=86a13ba6ab56d298
Date: Wed, 06 Jul 2022 08:47:43 GMT
Server: VertaMedia 1.0
Etag: 86a13ba6ab56d298
Content-Length: 0

GET
H3 200 / Show response
c.mgid.com/pv/ Frame CD16 0
186 B 56ms
56ms Script
text/plain 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.mgid.com/pv/?pv=5&cbuster=1657097263731359135109&uniqId=0653b&lct=1655251200&niet=4g&nisd=false&jsv=es6&iframe=2&ref=https%3A%2F%2Fbanten.hallo.id%2F&cxurl=https%3A%2F%2Fbanten.hallo.id%2F&pr=banten.hallo.id&lu=https%3A%2F%2F33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&sessionId=62c54c30-0310f&pageView=1&pvid=181d2b19a74a9ac6afe&site=734856&implVersion=11&dpr=1
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179914.es6.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 726713ca6b9554cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

GET
H3 200 SDwrgNAjdQsa4VNQPO_RFNWmztQcb_iohgsAvJm3iSQ.js Show response
pagead2.googlesyndication.com/bg/ Frame ABB2 35 KB
13 KB 19ms
19ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/SDwrgNAjdQsa4VNQPO_RFNWmztQcb_iohgsAvJm3iSQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

483c2b80d023750b1ae153503cefd114d5a6ced41c6ff8a8860b00bc99b78924

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 05:07:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13192
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13718
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Jul 2023 05:07:51 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 60BE 0
0 54ms
54ms Image
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220630&jk=1647480985394596&rc=
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F449 0
0 56ms
56ms Image
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220630&jk=134187575876917&rc=
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F935 0
0 58ms
58ms Image
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220630&jk=1212025964126670&rc=
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2DC0 0
0 76ms
76ms Image
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220630&jk=3794386596553352&rc=
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
BLOB 206
Partial Content fbc3d3a7-c0d1-41ca-b548-dce41a5b0b4c
https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/ Frame CD16 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/fbc3d3a7-c0d1-41ca-b548-dce41a5b0b4c
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
H3 200 SDwrgNAjdQsa4VNQPO_RFNWmztQcb_iohgsAvJm3iSQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 960D 35 KB
13 KB 19ms
19ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/SDwrgNAjdQsa4VNQPO_RFNWmztQcb_iohgsAvJm3iSQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

483c2b80d023750b1ae153503cefd114d5a6ced41c6ff8a8860b00bc99b78924

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 05:07:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13192
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13718
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Jul 2023 05:07:51 GMT

GET
H3 200 SDwrgNAjdQsa4VNQPO_RFNWmztQcb_iohgsAvJm3iSQ.js Show response
pagead2.googlesyndication.com/bg/ Frame CDB0 35 KB
13 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/SDwrgNAjdQsa4VNQPO_RFNWmztQcb_iohgsAvJm3iSQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

483c2b80d023750b1ae153503cefd114d5a6ced41c6ff8a8860b00bc99b78924

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 05:07:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13192
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13718
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Jul 2023 05:07:51 GMT

GET
H3 200 SDwrgNAjdQsa4VNQPO_RFNWmztQcb_iohgsAvJm3iSQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 09D4 35 KB
13 KB 22ms
21ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/SDwrgNAjdQsa4VNQPO_RFNWmztQcb_iohgsAvJm3iSQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

483c2b80d023750b1ae153503cefd114d5a6ced41c6ff8a8860b00bc99b78924

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 05:07:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13192
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13718
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Jul 2023 05:07:51 GMT

GET
H3 200 / Show response
c.mgid.com/pv/ Frame C257 0
186 B 54ms
49ms Script
text/plain 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.mgid.com/pv/?pv=5&cbuster=1657097263780537339776&lct=1655251200&niet=4g&nisd=false&jsv=es6&iframe=2&ref=https%3A%2F%2Fbanten.hallo.id%2F&cxurl=https%3A%2F%2Fbanten.hallo.id%2F&pr=banten.hallo.id&lu=https%3A%2F%2F33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&sessionId=62c54c30-0310f&pageView=1&pvid=181d2b19aa587b48faa&site=734856&implVersion=11&dpr=1
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179917.es6.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 726713cabbf154cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame BC91 15 KB
6 KB 26ms
18ms Document
text/html 23.52.161.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=651796
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-161-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=87014
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Wed, 06 Jul 2022 08:47:43 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Thu, 07 Jul 2022 08:57:57 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame E00A
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17184-d
https://eus.rubiconproject.com/usync.html?p=17184-d

281 B
554 B

71ms
18ms

Document
text/html

23.73.244.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=17184-d
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=651796
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-73-244-44.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2022 08:47:43 GMT
ETag: "402b2-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Wed, 06 Jul 2022 08:47:43 GMT
location: https://eus.rubiconproject.com/usync.html?p=17184-d
server: AkamaiGHost

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame E0FD 2 KB
814 B 14ms
12ms Document
text/html 51.222.39.187
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=75a1922f904cc20

Requested by

Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=651796

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.222.39.187 , Canada, ASN16276 (OVH, FR),

Reverse DNS

ip187.ip-51-222-39.net

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
content-type: text/html
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK csync
sync.adtelligent.com/ Frame 6118 43 B
323 B 59ms
17ms Image
image/gif 23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?redir=
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=651796
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:43 GMT
Server: VertaMedia 1.0
Etag: 86a13ba6ab56d298
Content-Length: 43
Content-Type: image/gif

GET
BLOB 206
Partial Content 92b21059-d0c8-48df-b2b7-c95f79b03435
https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/ Frame C257 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/92b21059-d0c8-48df-b2b7-c95f79b03435
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
H3 200 SDwrgNAjdQsa4VNQPO_RFNWmztQcb_iohgsAvJm3iSQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 3984 35 KB
13 KB 19ms
19ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/SDwrgNAjdQsa4VNQPO_RFNWmztQcb_iohgsAvJm3iSQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

483c2b80d023750b1ae153503cefd114d5a6ced41c6ff8a8860b00bc99b78924

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 05:07:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13192
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13718
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Jul 2023 05:07:51 GMT

GET
H3 200 SDwrgNAjdQsa4VNQPO_RFNWmztQcb_iohgsAvJm3iSQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 03C9 35 KB
13 KB 19ms
18ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/SDwrgNAjdQsa4VNQPO_RFNWmztQcb_iohgsAvJm3iSQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

483c2b80d023750b1ae153503cefd114d5a6ced41c6ff8a8860b00bc99b78924

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 05:07:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13192
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13718
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Jul 2023 05:07:51 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AB38 0
0 49ms
49ms Image
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220630&jk=1639146198188895&rc=
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6B8F 0
0 50ms
49ms Image
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220630&jk=1983468088472933&rc=
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E228 0
0 50ms
50ms Image
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220630&jk=2558309577735024&rc=
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame CEC4 0
0 51ms
51ms Image
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220630&jk=4227453080290102&rc=
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 200 SDwrgNAjdQsa4VNQPO_RFNWmztQcb_iohgsAvJm3iSQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 8914 35 KB
13 KB 19ms
19ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/SDwrgNAjdQsa4VNQPO_RFNWmztQcb_iohgsAvJm3iSQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

483c2b80d023750b1ae153503cefd114d5a6ced41c6ff8a8860b00bc99b78924

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 05:07:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13192
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13718
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Jul 2023 05:07:51 GMT

GET
H3 200 widget-ssp-performance
c.mgid.com/ Frame CD16 43 B
233 B 44ms
44ms Image
image/gif 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.mgid.com/widget-ssp-performance?time=58
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 726713cbad4454cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif

GET
H3 200 SDwrgNAjdQsa4VNQPO_RFNWmztQcb_iohgsAvJm3iSQ.js Show response
pagead2.googlesyndication.com/bg/ Frame C87D 35 KB
13 KB 20ms
19ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/SDwrgNAjdQsa4VNQPO_RFNWmztQcb_iohgsAvJm3iSQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

483c2b80d023750b1ae153503cefd114d5a6ced41c6ff8a8860b00bc99b78924

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 05:07:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13192
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13718
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Jul 2023 05:07:51 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame FBE6 2 KB
3 KB 118ms
23ms Script
text/html 8.28.7.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=69090167&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr={gdpr]&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr={gdpr]&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D558003%26extuid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.81 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 7f6426b3e969eb94bb3624f1c29ed57526e7a17c67bb6374085f625e21b1f1eb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

um
u-iad04.e-planning.net/ Frame F972
Redirect Chain

https://pixel.sitescout.com/dmp/pixelSync?network=EPLANNING&rurl=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3D9ae569c9d990f0cd
https://pixel.sitescout.com/dmp/pixelSync?cookieQ=1&network=EPLANNING&rurl=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3D9ae569c9d990f0cd
https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&gdpr=0&gdpr_consent=&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D24...
https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&gdpr=0&gdpr_consent=&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D24...
https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&partner_url=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3D7193c592-12...
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&partner_url=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3D7193c...
https://u-iad04.e-planning.net/um?uid=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&dc=0abbcb4eba840e59&fi=9ae569c9d990f0cd

42 B
103 B

22ms
22ms

Image
image/gif

172.98.26.125
E-PLANNING-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-iad04.e-planning.net/um?uid=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&dc=0abbcb4eba840e59&fi=9ae569c9d990f0cd
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: H2
Server: 172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
server: openresty
content-type: image/gif

Redirect headers

location: https://u-iad04.e-planning.net/um?uid=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&dc=0abbcb4eba840e59&fi=9ae569c9d990f0cd
date: Wed, 06 Jul 2022 08:47:44 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2

200

um
sync.e-planning.net/ Frame F972
Redirect Chain

https://sync.1rx.io/usersync2/eplanning
https://sync.1rx.io/usersync2/eplanning?zcc=1&cb=1657097264148
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4980588797
https://sync.1rx.io/usersync/tradedesk/8c96384d-bd43-4ecf-8a87-9d923f86652d
https://sync.targeting.unrulymedia.com/csync/RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005?redir=https%3A%2F%2Fsync.e-planning.net%2Fum%3Fuid%3DRX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005%26dc%3D1079...
https://sync.e-planning.net/um?uid=RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005&dc=1079cc634ca638f8&iss=1

42 B
103 B

22ms
22ms

Image
image/gif

172.98.26.125
E-PLANNING-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.e-planning.net/um?uid=RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005&dc=1079cc634ca638f8&iss=1
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: H2
Server: 172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
server: openresty
content-type: image/gif

Redirect headers

Location: https://sync.e-planning.net/um?uid=RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005&dc=1079cc634ca638f8&iss=1
Date: Wed, 06 Jul 2022 08:47:44 GMT
Connection: keep-alive
Content-Type: text/html
ETag: RX1eb7b0f4ce65495f872e8e080c7f362d005
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

GET
H2

200

um
u-iad04.e-planning.net/ Frame F972
Redirect Chain

https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3D9ae569c9d990f0cd%26uid%3D%24%7BUID%7D
https://u-iad04.e-planning.net/um?dc=ff96d1aa62deeebd&fi=9ae569c9d990f0cd&uid=ca045de8-7410-4045-bbd5-02e820b876f1

42 B
103 B

69ms
24ms

Image
image/gif

172.98.26.125
E-PLANNING-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-iad04.e-planning.net/um?dc=ff96d1aa62deeebd&fi=9ae569c9d990f0cd&uid=ca045de8-7410-4045-bbd5-02e820b876f1
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: H2
Server: 172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
server: openresty
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:43 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://u-iad04.e-planning.net/um?dc=ff96d1aa62deeebd&fi=9ae569c9d990f0cd&uid=ca045de8-7410-4045-bbd5-02e820b876f1
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-request-id: 1o5rqs2anh2iiqcap0jke8aqkokoskp7

GET
H/1.1 200 ptag Show response
a.audrte.com/ Frame F972 5 KB
2 KB 100ms
24ms Script
text/plain 18.205.54.230
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.audrte.com/ptag?p=M1353665098
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.205.54.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-205-54-230.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 65192ab51c34b3042504aa2fe731a68b6e04dd13679afbbe46858457ab47d0a5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:44 GMT
Content-Encoding: gzip
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: text/plain;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-transform, public, max-age=3600
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1682

GET
H2 200 lotame20220615.js Show response
s.e-planning.net/esb/4/0/1992d/f6ee63a0c2353004/ Frame F972 566 B
522 B 89ms
22ms Script
application/x-javascript 172.98.26.121
E-PLANNING-

General

Check archive.org

Show headers Download Go to

Full URL: https://s.e-planning.net/esb/4/0/1992d/f6ee63a0c2353004/lotame20220615.js
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 172.98.26.121 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS: s.e-planning.net
Software: openresty /
Resource Hash: 4f618d20d85f3163d72432606f3afa3c17b6c79954f967ec3df9a710503c9df4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
content-encoding: gzip
last-modified: Wed, 15 Jun 2022 16:21:31 GMT
server: openresty
etag: W/"62aa070b-236"
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=157680000
expires: Mon, 05 Jul 2027 08:47:43 GMT

GET
H2

200

um
u-iad04.e-planning.net/ Frame F972
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3D9ae569c9d990f0cd%26uid%3D%24UID
https://u-iad04.e-planning.net/um?dc=8103fa85295fbe60&fi=9ae569c9d990f0cd&uid=3118761177084706340

42 B
104 B

81ms
23ms

Image
image/gif

172.98.26.125
E-PLANNING-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-iad04.e-planning.net/um?dc=8103fa85295fbe60&fi=9ae569c9d990f0cd&uid=3118761177084706340
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: H2
Server: 172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
server: openresty
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Wed, 06 Jul 2022 08:47:44 GMT
X-Proxy-Origin: 149.56.153.188; 149.56.153.188; 555.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 0137a567-bba9-4257-9f1f-fd618be87782
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://u-iad04.e-planning.net/um?dc=8103fa85295fbe60&fi=9ae569c9d990f0cd&uid=3118761177084706340
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

um
u-iad04.e-planning.net/ Frame F972
Redirect Chain

https://sync.go.sonobi.com/us?loc=%0A%0Ahttps%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3De52415579699e09f%26fi%3D9ae569c9d990f0cd%26uid%3D%5BUID%5D
https://u-iad04.e-planning.net/um?dc=e52415579699e09f&fi=9ae569c9d990f0cd&uid=bde8a076-aa5d-4bb4-9a2b-345dcd8baaab

42 B
103 B

22ms
22ms

Image
image/gif

172.98.26.125
E-PLANNING-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-iad04.e-planning.net/um?dc=e52415579699e09f&fi=9ae569c9d990f0cd&uid=bde8a076-aa5d-4bb4-9a2b-345dcd8baaab
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: H2
Server: 172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
server: openresty
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Wed, 06 Jul 2022 08:47:44 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-61
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://u-iad04.e-planning.net/um?dc=e52415579699e09f&fi=9ae569c9d990f0cd&uid=bde8a076-aa5d-4bb4-9a2b-345dcd8baaab
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
u-iad04.e-planning.net/ Frame F972
Redirect Chain

https://cs.emxdgt.com/um?ssp=pbs&gdpr=0&gdpr_consent={{.GDPRConsent}}&us_privacy={{.USPrivacy}}&redirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Dd87251d0debad578%26fi%3D9ae569c9d990f0cd%26...
https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Dd87251d0debad578%26fi%3D9ae569c9d990f0cd%26uid%3D%24EMXUID&b64_redire...
https://cs.emxdgt.com/umcheck?apnxid=3118761177084706340&redirect=https://u-iad04.e-planning.net/um?dc=d87251d0debad578&fi=9ae569c9d990f0cd&uid=$EMXUID&b64_redirect=aHR0cHM6Ly91LWlhZDA0LmUtcGxhbm5p...
https://u-iad04.e-planning.net/um?dc=d87251d0debad578&fi=9ae569c9d990f0cd&uid=3118761177084706340brt64381657097264204469b6

42 B
103 B

23ms
23ms

Image
image/gif

172.98.26.125
E-PLANNING-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-iad04.e-planning.net/um?dc=d87251d0debad578&fi=9ae569c9d990f0cd&uid=3118761177084706340brt64381657097264204469b6
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: H2
Server: 172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
server: openresty
content-type: image/gif

Redirect headers

location: https://u-iad04.e-planning.net/um?dc=d87251d0debad578&fi=9ae569c9d990f0cd&uid=3118761177084706340brt64381657097264204469b6
date: Wed, 06 Jul 2022 08:47:43 GMT
content-length: 0
content-type: text/html

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame B67A
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=eplanning_east&endpoint=us-east
https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east

281 B
554 B

19ms
18ms

Document
text/html

23.73.244.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-73-244-44.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://ads.us.e-planning.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2022 08:47:44 GMT
ETag: "402b2-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Wed, 06 Jul 2022 08:47:44 GMT
location: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
server: AkamaiGHost

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 61DE 15 KB
6 KB 20ms
19ms Document
text/html 23.52.161.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D9ae569c9d990f0cd%26uid%3D
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-161-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://ads.us.e-planning.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=87013
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Wed, 06 Jul 2022 08:47:44 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Thu, 07 Jul 2022 08:57:57 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET

https://ssum.casalemedia.com%2C%20r19.lb.indexww.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D9ae569c9d990f0cd%26uid%3D&s=190243&C=1
https://ssum.casalemedia.com%2C%20r19.lb.indexww.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D9ae569c9d990f0cd%26uid%3D&s=190243&C=1 Frame 8819
Redirect Chain

https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D9ae569c9d990f0cd%26uid%3D
https://ssum.casalemedia.com%2C%20r19.lb.indexww.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D9ae569c9d990f0cd%26uid%3D&s=190243&C=1

0
0

GET
H2 200 navegg_2022_01_br.html Show response
i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/ Frame 986A 1 KB
987 B 383ms
114ms Document
text/html 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/navegg_2022_01_br.html
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Leesburg, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: fda04c7b27b3db6bda165e1d1324e7c475edc1f3cc06e927a78f739d74992fcb

Request headers

Referer: https://ads.us.e-planning.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=157680000
cf4age: 0
cf4ttl: 157680000.000
content-encoding: gzip
content-length: 624
content-type: text/html
date: Wed, 06 Jul 2022 08:47:44 GMT
etag: W/"61ddbb71-5f5"
expires: Sun, 10 Jan 2027 17:30:12 GMT
last-modified: Tue, 11 Jan 2022 17:16:33 GMT
server: CFS 0215
x-cf-rand: 58.812
x-cf-tsc: 1641922213
x-cf1: 29080:dA.waw1:co:1585621119:cacheN.waw1-01:D
x-cf2: H
x-cf3: M
x-cff: B

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 2725 2 KB
814 B 10ms
10ms Document
text/html 51.222.39.187
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=5927d926323dc2c

Requested by

Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.222.39.187 , Canada, ASN16276 (OVH, FR),

Reverse DNS

ip187.ip-51-222-39.net

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://ads.us.e-planning.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
content-type: text/html
strict-transport-security: max-age=15552000

GET
H2 204 /
spl.zeotap.com/ Frame 0EC1 0
0 118ms
64ms Document
text/plain 2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://ads.us.e-planning.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 726713cd1b03a202-YYZ
date: Wed, 06 Jul 2022 08:47:44 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
via: 1.1 google

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame E00A 31 KB
10 KB 19ms
19ms Script
text/html 23.73.244.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17184-d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-73-244-44.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 4a411ecc4f2769a81a8f2fc5a796ae019bbaa0ca05aa70ef91d7029e6a3f54b4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=17184-d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:44 GMT
Content-Encoding: gzip
Last-Modified: Thu, 09 Jun 2022 17:17:26 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=30817
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9455
Expires: Wed, 06 Jul 2022 17:21:21 GMT

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 910B
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=33across&endpoint=us-east&us_privacy=
https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=

281 B
554 B

18ms
18ms

Document
text/html

23.73.244.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-73-244-44.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: about:blank
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2022 08:47:44 GMT
ETag: "402b2-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Wed, 06 Jul 2022 08:47:44 GMT
location: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
server: AkamaiGHost

GET
H3

200

match
events-ssc.33across.com/ Frame 8D7E
Redirect Chain

https://x.bidswitch.net/sync?ssp=the33across&us_privacy=
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=the33across&bsw_param=09b3299d-acd9-44cb-8002-aa2609ca1291&google_hm=MDliMzI5OWQtYWNkOS00NGNiLTgwMDItYWEyNjA5Y2Ex...
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEKiBwTHMcx4R5G72chJzu3s&google_cver=1&ssp=the33across&bsw_param=09b3299d-acd9-44cb-8002-aa2609ca1291
https://ssc-cms.33across.com/ps/?xi=10&us_privacy=&xu=09b3299d-acd9-44cb-8002-aa2609ca1291
https://events-ssc.33across.com/match?bidder_id=10&external_user_id=09b3299d-acd9-44cb-8002-aa2609ca1291&ts=1657097264&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
82 B

228ms
27ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=10&external_user_id=09b3299d-acd9-44cb-8002-aa2609ca1291&ts=1657097264&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Protocol: H3
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
via: 1.1 google
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
referrer-policy: unsafe-url
server: 33XP003
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=10&external_user_id=09b3299d-acd9-44cb-8002-aa2609ca1291&ts=1657097264&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H2

200

match
events-ssc.33across.com/ Frame 8D7E
Redirect Chain

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1657097263912.3&ri=1&ru=https%3A%2F%2Fsync.mathtag.com%2Fsync%2Fimg%3Fus_privacy%3D%24%7BUS_PRIVACY%7D%26mt_exid%3D73%26redir%3Dhttps%253A%252F%252Fe...
https://sync.mathtag.com/sync/img?us_privacy=&mt_exid=73&redir=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D1%26external_user_id%3D%5BMM_UUID%5D
https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=1&external_user_id=e9ae62c5-4c30-4a00-a0b2-0083c4f1a87e

68 B
225 B

61ms
28ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=1&external_user_id=e9ae62c5-4c30-4a00-a0b2-0083c4f1a87e
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
via: 1.1 google
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

Date: Wed, 06 Jul 2022 08:47:44 GMT
Server: MT3 4475 c1dc35a master iad-pixel-x14 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=1&external_user_id=e9ae62c5-4c30-4a00-a0b2-0083c4f1a87e
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 06 Jul 2022 08:47:43 GMT

GET
H2

200

match
events-ssc.33across.com/ Frame 8D7E
Redirect Chain

https://ups.analytics.yahoo.com/ups/58350/sync?redir=true
https://ups.analytics.yahoo.com/ups/58350/sync?redir=true&verify=true
https://ssc-cms.33across.com/ps/?xi=99&us_privacy=&xu=y-eQkjoq5E2uFHDeEpRmsQna5zvqGWNeOw~A
https://events-ssc.33across.com/match?bidder_id=99&external_user_id=y-eQkjoq5E2uFHDeEpRmsQna5zvqGWNeOw%7EA&ts=1657097264&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
126 B

332ms
27ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=99&external_user_id=y-eQkjoq5E2uFHDeEpRmsQna5zvqGWNeOw%7EA&ts=1657097264&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
via: 1.1 google
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:43 GMT
referrer-policy: unsafe-url
server: 33XP001
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=99&external_user_id=y-eQkjoq5E2uFHDeEpRmsQna5zvqGWNeOw%7EA&ts=1657097264&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H3

200

match
events-ssc.33across.com/ Frame 8D7E
Redirect Chain

https://33across-match.dotomi.com/match/bounce/current?networkId=78390&version=1&us_privacy=
https://33across-match.dotomi.com/match/bounce/current?DotomiTest=2f041be6749d120f&is_secure=true&networkId=78390&version=1&us_privacy=
https://ssc-cms.33across.com/ps?xi=64&xu=AAAGahZyujOscgNsQT0hAAAAAAA&expiration=1657183664&is_secure=true&us_privacy=
https://events-ssc.33across.com/match?bidder_id=64&external_user_id=AAAGahZyujOscgNsQT0hAAAAAAA&ts=1657097264&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
82 B

119ms
28ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=64&external_user_id=AAAGahZyujOscgNsQT0hAAAAAAA&ts=1657097264&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Protocol: H3
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
via: 1.1 google
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
referrer-policy: unsafe-url
server: 33XP002
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=64&external_user_id=AAAGahZyujOscgNsQT0hAAAAAAA&ts=1657097264&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H2

200

match
cms-xch-chicago.33across.com/ Frame 8D7E
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=f0v35ew&ttd_tpi=1&us_privacy=
https://ssc-cms.33across.com/ps/?ri=102&ru=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fbidder_id%3D102%26ttl%3D1659689264%26external_user_id%3D8c96384d-bd43-4ecf-8a87-9d923f86652d
https://cms-xch-chicago.33across.com/match?bidder_id=102&ttl=1659689264&external_user_id=8c96384d-bd43-4ecf-8a87-9d923f86652d

68 B
225 B

59ms
27ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cms-xch-chicago.33across.com/match?bidder_id=102&ttl=1659689264&external_user_id=8c96384d-bd43-4ecf-8a87-9d923f86652d
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
referrer-policy: unsafe-url
server: 33XP001
x-33x-status: 40000000008200000C
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://cms-xch-chicago.33across.com/match?bidder_id=102&ttl=1659689264&external_user_id=8c96384d-bd43-4ecf-8a87-9d923f86652d
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame B67A 31 KB
10 KB 20ms
20ms Script
text/html 23.73.244.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-73-244-44.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 4a411ecc4f2769a81a8f2fc5a796ae019bbaa0ca05aa70ef91d7029e6a3f54b4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:44 GMT
Content-Encoding: gzip
Last-Modified: Thu, 09 Jun 2022 17:17:26 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=30817
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9455
Expires: Wed, 06 Jul 2022 17:21:21 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C257 42 B
64 B 34ms
33ms Fetch
image/gif 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssKJORQptjFf5oIvgGjDwrcThLu4kdZsWfj9aRzeLj0SWC1LGuWayGC9Rh5DMQmvyKHr6qJbWbsdQIV7UqkDhw9Nc1uFWma6QYTMP2vC0P2lQ-Xsk14&sig=Cg0ArKJSzIV_kDBYZdibEAE&id=lidar2&mcvt=1083&p=132,315,382,1285&mtos=1083,1083,1083,1083,1083&tos=1083,0,0,0,0&v=20220627&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=1815547134&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1657097262100&rpt=1107&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 discoverylogs
log.popin.cc/log/popin_media/ 66 B
223 B 584ms
584ms Image
image/jpeg 119.63.198.143
BAIDUJP Baidu

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxNSwicGFyYW0xIjoxLCJhcGlfaG9zdCI6ImlkLnBvcGluLmNjIiwiZGV2aWNlIjoicGMiLCJtZWRpYSI6ImJhbnRlbi5oYWxsby5pZCIsInVybCI6Imh0dHBzOi8vYmFudGVuLmhhbGxvLmlkL2VudGVydGFpbm1lbnQvcHItNTYzODI1ODMyL2xpbmstbm9udG9uLWZpbG0tdGhvci1sb3ZlLWFuZC10aHVuZGVyLW1lbGF3YW4tZ29yci10aGUtZ29kLWJ1dGNoZXIiLCJ1aWQiOiJmZDU1OTc2ZTZlYjMxMGRhYzkxMTY1NzA5NzI2MzAwOCIsInRkX3ZlcnNpb24iOiIxLjcuMSIsInRkX2NsaWVudF9pZCI6Ijc4Y2MwODE5LTUwNjEtNDhiNi1hMDE3LTdlOTI5NzYyMDI1MiIsInRkX2NoYXJzZXQiOiJ1dGYtOCIsInRkX2xhbmd1YWdlIjoiZW4tdXMiLCJ0ZF9jb2xvciI6IjI0LWJpdCIsInRkX3NjcmVlbiI6IjE2MDB4MTIwMCIsInRkX3ZpZXdwb3J0IjoiMTYwMHgxMjAwIiwidGRfdGl0bGUiOiIiLCJ0ZF91cmwiOiJodHRwczovL2JhbnRlbi5oYWxsby5pZC9lbnRlcnRhaW5tZW50L3ByLTU2MzgyNTgzMi9saW5rLW5vbnRvbi1maWxtLXRob3ItbG92ZS1hbmQtdGh1bmRlci1tZWxhd2FuLWdvcnItdGhlLWdvZC1idXRjaGVyIiwidGRfdXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDMuMC41MDYwLjUzIFNhZmFyaS81MzcuMzYiLCJ0ZF9wbGF0Zm9ybSI6IldpbjMyIiwidGRfaG9zdCI6ImJhbnRlbi5oYWxsby5pZCIsInRkX3BhdGgiOiIvZW50ZXJ0YWlubWVudC9wci01NjM4MjU4MzIvbGluay1ub250b24tZmlsbS10aG9yLWxvdmUtYW5kLXRodW5kZXItbWVsYXdhbi1nb3JyLXRoZS1nb2QtYnV0Y2hlciIsInRkX3JlZmVycmVyIjoiaHR0cHM6Ly90LmNvLyIsInRkX2Jyb3dzZXIiOiJDaHJvbWUiLCJ0ZF9icm93c2VyX3ZlcnNpb24iOiIxMDMuMC41MDYwIiwidGRfb3MiOiJXaW5kb3dzIiwidGRfb3NfdmVyc2lvbiI6IjEwLjAuMCIsImNsaWVudF9pZCI6Ijc4Y2MwODE5LTUwNjEtNDhiNi1hMDE3LTdlOTI5NzYyMDI1MiIsImV4dHJhIjoiIiwiaW50ZXJhY3Rpb25fbnVtYmVyIjowLCJwb3Bpbl92ZXJzaW9uIjo2fQ==&t=1657097264329
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx/1.13.5 /
Resource Hash: 654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
last-modified: Mon, 07 Jan 2019 09:48:08 GMT
server: nginx/1.13.5
etag: "5c332058-42"
content-type: image/jpeg
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 66

GET
H2 200 log.gif
r.popin.cc/ 35 B
186 B 540ms
175ms Image
image/gif 119.63.198.188
BAIDUJP Baidu

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.popin.cc/log.gif?type=related-th&uid=fd55976e6eb310dac911657097263008&url=https%3A%2F%2Fbanten.hallo.id%2Fentertainment%2Fpr-563825832%2Flink-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher&t=1657097264330
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.198.188 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:45 GMT
last-modified: Tue, 10 Sep 2019 08:00:09 GMT
server: nginx
etag: "5d775809-23"
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 35

GET
H/1.1

200
OK

csync
sync.adtelligent.com/ Frame E00A
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=17184-d&khaos=L59CXBSV-3-4UE9
https://sync.adtelligent.com/csync?t=a&ep=323557&extuid=L59CXBSV-3-4UE9

0
386 B

19ms
18ms

Image
text/plain

23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?t=a&ep=323557&extuid=L59CXBSV-3-4UE9
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17184-d
Protocol: HTTP/1.1
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:44 GMT
Server: VertaMedia 1.0
Etag: 86a13ba6ab56d298
Content-Length: 0

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://sync.adtelligent.com/csync?t=a&ep=323557&extuid=L59CXBSV-3-4UE9
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 19ea072139d67f7022c6e463249c998e
Expires: 0

GET
H3 200 mgid_ua.svg
cdn.mgid.com/images/mgid/ Frame CD16 2 KB
1 KB 35ms
34ms Image
image/svg+xml 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/mgid/mgid_ua.svg
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179914.es6.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70d5c4de881e718d0b7638959680ba86722d44eecbe4058d20dd77b8d0d97155

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
content-encoding: br
cf-cache-status: HIT
age: 3768
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 31SX4J2ZJHEVZGRM
x-amz-id-2: 6u8Pk8qDm5kmrtNGbADSH14Or01PntklmOjRRJLDFCTGlBMAiQzwTGO/n/XoaNQheTtLS/DD/oM=
last-modified: Tue, 08 Mar 2022 17:05:01 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1646759091/ctime:1646759091/gid:0/gname:root/md5:617c205137825561208ef7c1a2d8f319/mode:33206/mtime:1646759091/uid:0/uname:root
etag: W/"617c205137825561208ef7c1a2d8f319"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
x-amz-version-id: null
cf-ray: 726713ce480354cd-YYZ
expires: Thu, 07 Jul 2022 08:47:44 GMT

GET
H3 200 Adchoices.svg
cdn.mgid.com/images/logos/ Frame CD16 836 B
1 KB 34ms
33ms Image
image/svg+xml 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/logos/Adchoices.svg
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179914.es6.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
content-encoding: br
cf-cache-status: HIT
age: 3006
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 31SXVY7NEV4DDYHS
x-amz-id-2: Fw9S6D3aOYgm2IIajWZv2uGOc1CeEzLTklOgSjJnq/axnigEnhi9v1cuI7wy2ZhgIevi/VquN6g=
last-modified: Wed, 17 Feb 2021 18:15:53 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1613585745/ctime:1613585745/gid:0/gname:root/md5:7d59364b7ed2df3f02507c9f92560df9/mode:33206/mtime:1613585745/uid:0/uname:root
etag: W/"7d59364b7ed2df3f02507c9f92560df9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
x-amz-version-id: null
cf-ray: 726713ce480454cd-YYZ
expires: Thu, 07 Jul 2022 08:47:44 GMT

GET
H2

200

match Show response
c1.adform.net/serving/cookie/ Frame 03CD
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1

35 B
468 B

17ms
17ms

Document
image/gif

185.167.164.39
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr={gdpr]&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D558003%26extuid%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.167.164.39 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: image/gif
date: Wed, 06 Jul 2022 08:47:44 GMT
expires: -1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
date: Wed, 06 Jul 2022 08:47:44 GMT
expires: -1
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 0A0E
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YsVMMAAOOa2V7QAo&gdpr=0&gdpr_consent=&_test=YsVMMAAOOa2V7QAo

1 B
238 B

50ms
23ms

Document
text/html

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YsVMMAAOOa2V7QAo&gdpr=0&gdpr_consent=&_test=YsVMMAAOOa2V7QAo
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr={gdpr]&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D558003%26extuid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Wed, 06 Jul 2022 08:47:44 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-ranges: bytes
cache-control: no-cache
content-length: 0
date: Wed, 06 Jul 2022 08:47:44 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YsVMMAAOOa2V7QAo&gdpr=0&gdpr_consent=&_test=YsVMMAAOOa2V7QAo
pragma: no-cache
retry-after: 0
server: Varnish
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 0
x-served-by: cache-yul12829-YUL
x-timer: S1657097264.458390,VS0,VE0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 7BE2
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:305c62c5-4c30-4200-9500-44bd64b53559&gdpr=0&gdpr_consent=

42 B
423 B

29ms
22ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:305c62c5-4c30-4200-9500-44bd64b53559&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr={gdpr]&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D558003%26extuid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Wed, 06 Jul 2022 08:47:44 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Content-Type: image/gif
Date: Wed, 06 Jul 2022 08:47:44 GMT
Expires: Wed, 06 Jul 2022 08:47:43 GMT
Keep-Alive: timeout=360
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 4475 c1dc35a master iad-pixel-x30 config:1.0.0
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:305c62c5-4c30-4200-9500-44bd64b53559&gdpr=0&gdpr_consent=

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame AC90
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFCdTNrN0ZpcGdBQUJHR2tUVFFTZw&bee_sync_partners=pp%2Csyn%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csyn%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AABu3k7FipgAABGGkTTQSg&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsyn%252Csas%252Cpm%26bee_sync_current_partne...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=syn%2Csas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AABu3k7FipgAABGGkTTQSg&pid=558502&do=add
https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AABu3k7FipgAABGGkTTQSg&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dsy...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas,pm&bee_sync_current_partner=syn&bee_sync_initiator=adx&bee_sync_hop_count=3
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AABu3k7FipgAABGGkTTQSg

42 B
279 B

41ms
40ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AABu3k7FipgAABGGkTTQSg
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr={gdpr]&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D558003%26extuid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Wed, 06 Jul 2022 08:47:43 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 0
Date: Wed, 06 Jul 2022 08:47:44 GMT
Server: nginx
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AABu3k7FipgAABGGkTTQSg
strict-transport-security: max-age=2592000; includeSubDomains

GET
H/1.1 200
OK csync Show response
sync.adtelligent.com/ Frame B144 0
407 B 26ms
21ms Document
text/plain 23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.adtelligent.com/csync?t=a&ep=558003&extuid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr={gdpr]&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D558003%26extuid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Content-Length: 0
Date: Wed, 06 Jul 2022 08:47:44 GMT
Etag: 86a13ba6ab56d298
Server: VertaMedia 1.0

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame FBE6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=fou3iOwNSqCMCEQNaNV4sQ%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

15 KB
15 KB

20ms
19ms

Image
text/html

23.52.161.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr={gdpr]&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D558003%26extuid%3D
Protocol: H2
Server: 23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-161-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
content-encoding: gzip
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
server: Apache
etag: "1300708-3de4-5d6ef246ef4cf"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=87013
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 5549
expires: Thu, 07 Jul 2022 08:57:57 GMT

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

396846.gif
idsync.rlcdn.com/ Frame FBE6
Redirect Chain

https://idsync.rlcdn.com/420486.gif?partner_uid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
https://idsync.rlcdn.com/1000.gif?memo=CIbVGRIwCiwIARCMowEaJDdFOEJCNzg4LUVDMEQtNEFBMC04QzA4LTQ0MEQ2OEQ1NzhCMRAAGg0IsJiVlgYSBQjoBxAAQgBKAA
https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D
https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=a61cad41-00c8-45cc-8f20-420e9878d5a4

42 B
60 B

43ms
42ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=a61cad41-00c8-45cc-8f20-420e9878d5a4
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr={gdpr]&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D558003%26extuid%3D
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:44 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

date: Wed, 06 Jul 2022 08:47:44 GMT
content-encoding: gzip
server: OXGW/7f1e280
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=a61cad41-00c8-45cc-8f20-420e9878d5a4
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame FBE6
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=37db62c5-4c30-4000-8cb0-e0643ac4e95d

0
48 B

20ms
20ms

Image
text/plain

104.36.115.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=37db62c5-4c30-4000-8cb0-e0643ac4e95d
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr={gdpr]&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D558003%26extuid%3D
Protocol: H2
Server: 104.36.115.114 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Wed, 06 Jul 2022 08:47:44 GMT
Server: MT3 4475 c1dc35a master iad-pixel-x13 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=37db62c5-4c30-4000-8cb0-e0643ac4e95d
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 06 Jul 2022 08:47:43 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame FBE6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMoYhwG5d6t5a9RIv5I8CXw&google_cver=1

42 B
299 B

24ms
24ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMoYhwG5d6t5a9RIv5I8CXw&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr={gdpr]&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D558003%26extuid%3D
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
cache-control: no-store, no-cache, private
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMoYhwG5d6t5a9RIv5I8CXw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame FBE6
Redirect Chain

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:B242526CF2DB4B7AB8F295AB005A6121

42 B
209 B

24ms
23ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:B242526CF2DB4B7AB8F295AB005A6121
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr={gdpr]&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D558003%26extuid%3D
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
cache-control: no-store, no-cache, private
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

date: Wed, 06 Jul 2022 08:47:44 GMT
x-content-type-options: nosniff
server: nginx
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:B242526CF2DB4B7AB8F295AB005A6121
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Tue, 05 Jul 2022 08:47:44 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame FBE6
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3187058829708213451&gdpr=0&gdpr_consent=&us_privacy=

1 B
175 B

24ms
23ms

Image
text/html

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3187058829708213451&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr={gdpr]&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D558003%26extuid%3D
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
cache-control: no-store, no-cache, private
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3187058829708213451&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame FBE6
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=8c96384d-bd43-4ecf-8a87-9d923f86652d

42 B
316 B

23ms
23ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=8c96384d-bd43-4ecf-8a87-9d923f86652d
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr={gdpr]&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D558003%26extuid%3D
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
cache-control: no-store, no-cache, private
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=8c96384d-bd43-4ecf-8a87-9d923f86652d
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H2 200 7E8BB788-EC0D-4AA0-8C08-440D68D578B1
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame FBE6 43 B
991 B 106ms
30ms Image
image/gif 2600:1f18:4e9:5a05:2903:4db6:5aa9:2a2
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/7E8BB788-EC0D-4AA0-8C08-440D68D578B1?gdpr=0&gdpr_consent=

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:4e9:5a05:2903:4db6:5aa9:2a2 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame FBE6
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&redir=true&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-jkvGiiFE2uW_kbpJVnUtuYSofF2Orbc-~A&gdpr=0&gdpr_consent=

0
128 B

20ms
19ms

Image
text/plain

104.36.115.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-jkvGiiFE2uW_kbpJVnUtuYSofF2Orbc-~A&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr={gdpr]&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D558003%26extuid%3D
Protocol: H2
Server: 104.36.115.114 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-jkvGiiFE2uW_kbpJVnUtuYSofF2Orbc-~A&gdpr=0&gdpr_consent=
date: Wed, 06 Jul 2022 08:47:44 GMT
server: ATS/9.1.0.46
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 204 CookieSyncPubMatic&gdpr=0&gdpr_consent=
rtb.adentifi.com/ Frame FBE6 0
35 B 102ms
26ms Image
text/plain 34.197.2.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr={gdpr]&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D558003%26extuid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.197.2.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-197-2-134.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 910B 31 KB
10 KB 21ms
20ms Script
text/html 23.73.244.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-73-244-44.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 4a411ecc4f2769a81a8f2fc5a796ae019bbaa0ca05aa70ef91d7029e6a3f54b4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:44 GMT
Content-Encoding: gzip
Last-Modified: Thu, 09 Jun 2022 17:17:26 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=30817
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9455
Expires: Wed, 06 Jul 2022 17:21:21 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 51EB 42 B
64 B 34ms
33ms Fetch
image/gif 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss_CMyH-pL0gx7NrSxelD7zU8qcWBPCkjwf2XKzT7X364ZfW5krShEwaAyTlxzSvWAklLEWjLZf5UejIQ0XyfKGXfPfyfELWFdNa5CxPmP-BOCMHi9Q&sig=Cg0ArKJSzCxH5byNMuIqEAE&id=lidar2&mcvt=1089&p=102,1350,702,1510&mtos=1089,1089,1089,1089,1089&tos=1089,0,0,0,0&v=20220627&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=1822557826&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1657097262121&rpt=1179&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C3F0 42 B
64 B 34ms
33ms Fetch
image/gif 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu6H-LFPMu6aiHo9Oj7ASBGJOaY-35nASh4xPIkKKxggk8VMQx3DTlq55VoqW6HvLmY5tfnM7tcwnHc4HSY7HA0jGNwm7dlxK7mvgQddStz0uawFhIZ&sig=Cg0ArKJSzPN0t9fc_iwiEAE&id=lidar2&mcvt=1073&p=1110,315,1200,1285&mtos=1073,1073,1073,1073,1073&tos=1073,0,0,0,0&v=20220627&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=277322864&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1657097262134&rpt=1190&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F4B6 42 B
64 B 36ms
34ms Fetch
image/gif 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv2ukqX86wipcrNJaFqSgvQ0EgQki5ma0_DxG6Sp9_WyQTcbwT25gOCtXzlzqSwKgMdlppl64s6BUcIbHR13fZ9og0Kh44ztqQiBI4-c9FJPJ08Eb72&sig=Cg0ArKJSzBK2sjHU5US5EAE&id=lidar2&mcvt=1070&p=102,130,702,250&mtos=1070,1070,1070,1070,1070&tos=1070,0,0,0,0&v=20220627&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=3442582295&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1657097262115&rpt=1264&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 lt.min.js Show response
tags.crwdcntrl.net/lt/c/15238/ Frame F972 47 KB
15 KB 76ms
22ms Script
text/javascript 13.224.214.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Requested by: Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/f6ee63a0c2353004/lotame20220615.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-92.phl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 074691f1175a4040f292124afbff0c87cd24290b7b9672577f33b7c7de205384

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 05 Jul 2022 13:10:17 GMT
content-encoding: gzip
last-modified: Wed, 15 Jun 2022 17:05:13 GMT
server: AmazonS3
age: 70648
etag: W/"a31a707739fd82541fa40e577dbbfede"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 c8e0acf79809da404c9ef6a70cdd4fde.cloudfront.net (CloudFront)
cache-control: max-age: 86400
x-amz-cf-pop: PHL50-C1
x-amz-cf-id: DpT4YlsyCqm2YxT3ZrYO43OfMDNTmhPD4lNql5dIOi_7Ra7eM-OvlA==

GET
H2 200 sirdata_03022021.html Show response
s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/ Frame 8BAA 636 B
578 B 23ms
22ms Document
text/html 172.98.26.121
E-PLANNING-

General

Check archive.org

Show headers Download Go to

Full URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 172.98.26.121 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS: s.e-planning.net
Software: openresty /
Resource Hash: 14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a

Request headers

Referer: https://ads.us.e-planning.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-origin: *
cache-control: max-age=157680000
content-encoding: gzip
content-type: text/html
date: Wed, 06 Jul 2022 08:47:43 GMT
etag: W/"601b131c-27c"
expires: Mon, 05 Jul 2027 08:47:43 GMT
last-modified: Wed, 03 Feb 2021 21:18:20 GMT
server: openresty

GET
H2 200 e-planning Show response
sync.quantumdex.io/usersync/ Frame 5F49 3 KB
1 KB 96ms
47ms Document
text/html 2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.quantumdex.io/usersync/e-planning
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a759381e8760351ce76fce168ec3b4a5fa28cd19cf6fec8dcfe52a812a559bc5

Request headers

Referer: https://ads.us.e-planning.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 726713cf4d30a214-YYZ
content-encoding: gzip
content-type: text/html
date: Wed, 06 Jul 2022 08:47:44 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare

GET
H/1.1 200
OK csync Show response
sync.adtelligent.com/ Frame A12B 0
387 B 18ms
17ms Document
text/plain 23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.adtelligent.com/csync?t=a&ep=307971&extuid=AG3iQzRW0QztTdBk
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.us.e-planning.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Content-Length: 0
Date: Wed, 06 Jul 2022 08:47:44 GMT
Etag: 86a13ba6ab56d298
Server: VertaMedia 1.0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame ABB2 0
9 B 20ms
19ms Image
text/plain 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?byKxwQ
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1E11 42 B
64 B 86ms
86ms Fetch
image/gif 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssWK4pa5TCbm5_jHG0ykCJS59szOOaIYbkpQzJo_PGGTCFREoxl-5S3CUc6mYwS_XtsrSezDwbIGhpr8964plY2IDvcS9yBMrSB52DMtVHuO3yyMdXu&sig=Cg0ArKJSzLSI5uCUIrsvEAE&id=lidar2&mcvt=1068&p=412,1035,1012,1335&mtos=1068,1068,1068,1068,1068&tos=1068,0,0,0,0&v=20220627&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=3409065166&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1657097262109&rpt=1288&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

um
sync.e-planning.net/ Frame B67A
Redirect Chain

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=eplanning_east&khaos=L59CXBSV-3-4UE9
https://sync.e-planning.net/um?uid=L59CXBSV-3-4UE9&dc=9bcc91305985f0db&iss=1

42 B
103 B

23ms
22ms

Image
image/gif

172.98.26.125
E-PLANNING-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.e-planning.net/um?uid=L59CXBSV-3-4UE9&dc=9bcc91305985f0db&iss=1
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol: H2
Server: 172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
server: openresty
content-type: image/gif

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://sync.e-planning.net/um?uid=L59CXBSV-3-4UE9&dc=9bcc91305985f0db&iss=1
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 03d4828e33e22cf7b4098c5a68746480
Expires: 0

GET
H3 200 mgid_ua.svg
cdn.mgid.com/images/mgid/ Frame C257 2 KB
1 KB 31ms
30ms Image
image/svg+xml 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/mgid/mgid_ua.svg
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179917.es6.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70d5c4de881e718d0b7638959680ba86722d44eecbe4058d20dd77b8d0d97155

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
content-encoding: br
cf-cache-status: HIT
age: 3768
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 31SX4J2ZJHEVZGRM
x-amz-id-2: 6u8Pk8qDm5kmrtNGbADSH14Or01PntklmOjRRJLDFCTGlBMAiQzwTGO/n/XoaNQheTtLS/DD/oM=
last-modified: Tue, 08 Mar 2022 17:05:01 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1646759091/ctime:1646759091/gid:0/gname:root/md5:617c205137825561208ef7c1a2d8f319/mode:33206/mtime:1646759091/uid:0/uname:root
etag: W/"617c205137825561208ef7c1a2d8f319"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
x-amz-version-id: null
cf-ray: 726713cf390d54cd-YYZ
expires: Thu, 07 Jul 2022 08:47:44 GMT

GET
H3 200 Adchoices.svg
cdn.mgid.com/images/logos/ Frame C257 836 B
1 KB 27ms
27ms Image
image/svg+xml 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/logos/Adchoices.svg
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179917.es6.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
content-encoding: br
cf-cache-status: HIT
age: 3006
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 31SXVY7NEV4DDYHS
x-amz-id-2: Fw9S6D3aOYgm2IIajWZv2uGOc1CeEzLTklOgSjJnq/axnigEnhi9v1cuI7wy2ZhgIevi/VquN6g=
last-modified: Wed, 17 Feb 2021 18:15:53 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1613585745/ctime:1613585745/gid:0/gname:root/md5:7d59364b7ed2df3f02507c9f92560df9/mode:33206/mtime:1613585745/uid:0/uname:root
etag: W/"7d59364b7ed2df3f02507c9f92560df9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
x-amz-version-id: null
cf-ray: 726713cf390e54cd-YYZ
expires: Thu, 07 Jul 2022 08:47:44 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 960D 0
9 B 22ms
19ms Image
text/plain 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ogeHYQ
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1

204
No Content

esync
token.rubiconproject.com/ Frame E00A
Redirect Chain

https://id.rlcdn.com/709414.gif
https://token.rubiconproject.com/esync?pid=28028&puid=&pt=e

0
214 B

43ms
23ms

Image
text/plain

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/esync?pid=28028&puid=&pt=e
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17184-d
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: d5a7ef20801cf5cb1ee516b6110e672f
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Wed, 06 Jul 2022 08:47:44 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://token.rubiconproject.com/esync?pid=28028&puid=&pt=e
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame E00A
Redirect Chain

https://match.adsrvr.org/track/cmf/rubicon
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=8c96384d-bd43-4ecf-8a87-9d923f86652d&gdpr=0&gdpr_consent=&expires=30

42 B
708 B

24ms
24ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=8c96384d-bd43-4ecf-8a87-9d923f86652d&gdpr=0&gdpr_consent=&expires=30
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17184-d
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 382e2818ca015d35b02cd449aa60881d
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=8c96384d-bd43-4ecf-8a87-9d923f86652d&gdpr=0&gdpr_consent=&expires=30
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 289

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame E00A
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=BdIZj9XFQIqDjE6eRoh9Zg&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=BdIZj9XFQIqDjE6eRoh9Zg

43 B
556 B

29ms
29ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=BdIZj9XFQIqDjE6eRoh9Zg

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17184-d

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Jul 2022 08:47:44 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: QV86DNXXVTEF46436SVS
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=BdIZj9XFQIqDjE6eRoh9Zg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 9a0c641c0479142b55591fdf2031b15f
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

setuid
px.ads.linkedin.com/ Frame E00A
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L59CXBSV-3-4UE9

0
575 B

126ms
80ms

Image
text/plain

2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L59CXBSV-3-4UE9
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17184-d
Protocol: H2
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 0E73EEC62444439D908D5AF7DC1BB7FA Ref B: YTO01EDGE0513 Ref C: 2022-07-06T08:47:44Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXjHwXTYMHIh5ji58lpAg==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L59CXBSV-3-4UE9
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4f2e9ddc15e6cc2c3861f8e2683d2514
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame E00A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMTOzZlbozNOZFOeLqDZsvs&google_cver=1

42 B
708 B

47ms
25ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMTOzZlbozNOZFOeLqDZsvs&google_cver=1
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17184-d
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 0228ab361cece0438ff9eb16e4e5890e
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMTOzZlbozNOZFOeLqDZsvs&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E00A
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YmZiNDZiNzVjYTlhZWVjOTZhZTFlNWJjNDJiY2YxMjc1ZDNkMGQ2Zg

170 B
188 B

35ms
35ms

Image
image/png

142.250.80.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YmZiNDZiNzVjYTlhZWVjOTZhZTFlNWJjNDJiY2YxMjc1ZDNkMGQ2Zg

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17184-d

Protocol

Server

142.250.80.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s36-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YmZiNDZiNzVjYTlhZWVjOTZhZTFlNWJjNDJiY2YxMjc1ZDNkMGQ2Zg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 9a0c641c0479142b55591fdf2031b15f
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E00A
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDU5Q1hCU1YtMy00VUU5

170 B
188 B

35ms
34ms

Image
image/png

142.250.80.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDU5Q1hCU1YtMy00VUU5

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17184-d

Protocol

Server

142.250.80.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s36-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDU5Q1hCU1YtMy00VUU5
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 382e2818ca015d35b02cd449aa60881d
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame E00A
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/nEmnRJnpXzf6-DXn9kczzw?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=7268359125657799608

42 B
708 B

24ms
24ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=7268359125657799608
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17184-d
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 20e8391fc78a9019eb67dba4b22f0ac2
Content-Type: image/gif

Redirect headers

date: Wed, 06 Jul 2022 08:47:44 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=7268359125657799608
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame CDB0 0
9 B 20ms
19ms Image
text/plain 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?-H_F9A
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 4 Show response
servicer.mgid.com/1179914/ Frame CD16 4 KB
2 KB 84ms
83ms Script
application/x-javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://servicer.mgid.com/1179914/4?pv=5&cbuster=1657097264543422872249&uniqId=0653b&lct=1655251200&niet=4g&nisd=false&jsv=es6&mp4=1&ap=1&w=336&h=452&wrongImageSize=1&cols=1&iframe=2&ref=https%3A%2F%2Fbanten.hallo.id%2F&cxurl=https%3A%2F%2Fbanten.hallo.id%2F&pr=banten.hallo.id&lu=https%3A%2F%2F33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&sessionId=62c54c30-0310f&pageView=1&pvid=181d2b19a74a9ac6afe&implVersion=11&dpr=1
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179914.es6.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c8bbcede01cbca734adaa0677bd23392ca06beff4a6cfc99cfa8714e0203fbe2

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cf-ray: 726713cf896054cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3

200

match
events-ssc.33across.com/ Frame 910B
Redirect Chain

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=33across&us_privacy=&khaos=L59CXBSV-3-4UE9
https://ssc-cms.33across.com/ps/?xi=1&xu=L59CXBSV-3-4UE9
https://events-ssc.33across.com/match?bidder_id=30&external_user_id=L59CXBSV-3-4UE9&ts=1657097264&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
82 B

129ms
28ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=30&external_user_id=L59CXBSV-3-4UE9&ts=1657097264&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Protocol: H3
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
via: 1.1 google
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:43 GMT
referrer-policy: unsafe-url
server: 33XP005
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=30&external_user_id=L59CXBSV-3-4UE9&ts=1657097264&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3984 0
9 B 19ms
19ms Image
text/plain 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?OZiYFw
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 03C9 0
9 B 20ms
20ms Image
text/plain 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?lKg9jQ
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 09D4 0
9 B 20ms
20ms Image
text/plain 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?NlDGhw
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 4 Show response
servicer.mgid.com/1179917/ Frame C257 3 KB
1 KB 66ms
65ms Script
application/x-javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://servicer.mgid.com/1179917/4?pv=5&cbuster=1657097264730842730597&lct=1655251200&niet=4g&nisd=false&jsv=es6&mp4=1&ap=1&w=970&h=320&maxw_3=313&maxh_3=274&ident_p=true&cols=3&iframe=2&ref=https%3A%2F%2Fbanten.hallo.id%2F&cxurl=https%3A%2F%2Fbanten.hallo.id%2F&pr=banten.hallo.id&lu=https%3A%2F%2F33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&sessionId=62c54c30-0310f&pageView=1&pvid=181d2b19aa587b48faa&implVersion=11&dpr=1
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179917.es6.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fbdfb569a822814aaabae3da4b8bfe552450ba1c628314d6a3ff66ef60098237

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cf-ray: 726713d0aa6854cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2

200

setuid
sync.quantumdex.io/ Frame 5F49
Redirect Chain

https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dmedianet%26uid%3D%3C...
https://sync.quantumdex.io/setuid?bidder=medianet&uid=3000988641455662000V10

43 B
95 B

46ms
46ms

Image
image/gif

2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=medianet&uid=3000988641455662000V10
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: H2
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 726713d198c0a214-YYZ
content-length: 43
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif

Redirect headers

pragma: no-cache
strict-transport-security: max-age=604800
server: Apache
date: Wed, 06 Jul 2022 08:47:44 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
location: https://sync.quantumdex.io/setuid?bidder=medianet&uid=3000988641455662000V10
cache-control: max-age=0, no-cache, no-store
content-type: text/html
content-length: 154
x-mnet-hl2: E
expires: Wed, 06 Jul 2022 08:47:44 GMT

GET
H2

200

setuid
sync.quantumdex.io/ Frame 5F49
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=3118761177084706340

43 B
106 B

51ms
50ms

Image
image/gif

2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=3118761177084706340
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: H2
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 726713d11ff1a214-YYZ
content-length: 43
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Wed, 06 Jul 2022 08:47:44 GMT
X-Proxy-Origin: 149.56.153.188; 149.56.153.188; 555.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: a2ae21a3-b58e-4799-a5cc-85f5d5525f78
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=3118761177084706340
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

setuid
sync.quantumdex.io/ Frame 5F49
Redirect Chain

https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsharethrough%26uid%3D%24UID
https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=645188bc-d8bc-4d12-b0dd-3e4651dd433a

43 B
95 B

53ms
53ms

Image
image/gif

2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=645188bc-d8bc-4d12-b0dd-3e4651dd433a
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: H2
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 726713d198c2a214-YYZ
content-length: 43
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif

Redirect headers

location: https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=645188bc-d8bc-4d12-b0dd-3e4651dd433a
date: Wed, 06 Jul 2022 08:47:44 GMT
content-length: 0

GET
H2

200

setuid
sync.quantumdex.io/ Frame 5F49
Redirect Chain

https://id5-sync.com/i/495/0.gif?callback=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dinmobi%26uid%3D%7BID5UID%7D
https://id5-sync.com/c/495/0/0/1.gif?gdpr=0&gdpr_consent=
https://sync.quantumdex.io/setuid?bidder=inmobi&uid=ID5-ZHMO1rhBMUaOjzJ9Jmpfv4Zvf8G3mfxfsvXtoOq27Q

43 B
95 B

66ms
64ms

Image
image/gif

2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=inmobi&uid=ID5-ZHMO1rhBMUaOjzJ9Jmpfv4Zvf8G3mfxfsvXtoOq27Q
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: H2
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:45 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 726713d39baea214-YYZ
content-length: 43
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif

Redirect headers

location: https://sync.quantumdex.io/setuid?bidder=inmobi&uid=ID5-ZHMO1rhBMUaOjzJ9Jmpfv4Zvf8G3mfxfsvXtoOq27Q
date: Wed, 06 Jul 2022 08:47:44 GMT
transfer-encoding: chunked
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"

GET
H2

200

setuid
sync.quantumdex.io/ Frame 5F49
Redirect Chain

https://ups.analytics.yahoo.com/ups/58424/occ
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-IgnWEnlE2uHLCsALo3yLKP9fzQ74yjTAWqKc1sw-~A

43 B
95 B

47ms
46ms

Image
image/gif

2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-IgnWEnlE2uHLCsALo3yLKP9fzQ74yjTAWqKc1sw-~A
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: H2
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 726713d1889ba214-YYZ
content-length: 43
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif

Redirect headers

location: https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-IgnWEnlE2uHLCsALo3yLKP9fzQ74yjTAWqKc1sw-~A
date: Wed, 06 Jul 2022 08:47:44 GMT
server: ATS/9.1.0.46
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

setuid
sync.quantumdex.io/ Frame 5F49
Redirect Chain

https://s.ad.smaato.net/c/?adExInit=p&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsmaato%26uid%3D%24UID
https://sync.quantumdex.io/setuid?bidder=smaato&uid=02fe9eba

43 B
95 B

42ms
41ms

Image
image/gif

2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=smaato&uid=02fe9eba
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: H2
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 726713d198bea214-YYZ
content-length: 43
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif

Redirect headers

date: Wed, 06 Jul 2022 08:47:44 GMT
via: 1.1 0112af6219abab80a1c298e0563cf966.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: PHL50-C1
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://sync.quantumdex.io/setuid?bidder=smaato&uid=02fe9eba
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: MhdzJMFSMPorHIOwhSg-6_pxBWO4MF4UIswHYWas13K_391uzAffuA==

GET
H2

200

setuid
sync.quantumdex.io/ Frame 5F49
Redirect Chain

https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D
https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1
https://sync.quantumdex.io/setuid?bidder=between&uid=2696a6dc-272c-53bb-8847-31c4ea827df4

43 B
95 B

55ms
52ms

Image
image/gif

2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=between&uid=2696a6dc-272c-53bb-8847-31c4ea827df4
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: H2
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:45 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 726713d2397ba214-YYZ
content-length: 43
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif

Redirect headers

location: https://sync.quantumdex.io/setuid?bidder=between&uid=2696a6dc-272c-53bb-8847-31c4ea827df4
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0

GET
H2 200 um
sync.e-planning.net/ Frame 5F49 42 B
103 B 23ms
22ms Image
image/gif 172.98.26.125
E-PLANNING-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.e-planning.net/um?dc=bcf310d1654d268f&iss=1&uid=51c00962-bfcd-48ef-87ca-8c95ccdc4037
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
server: openresty
content-type: image/gif

GET
H/1.1 200
OK GS.d Show response
js.cookieless-data.com/ Frame 8BAA 0
535 B 318ms
100ms Script
text/plain 51.158.28.82
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL

https://js.cookieless-data.com/GS.d?pa=24492&cmp=0&si=1&u=https%3A%2F%2Fs.e-planning.net%2Fesb%2F4%2F0%2F1992d%2Fbb6e7a161f794f56%2Fsirdata_03022021.html&r=https%3A%2F%2Fads.us.e-planning.net%2F&s=&rand=1657097264737

Requested by

Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.158.28.82 Paris, France, ASN12876 (Online SAS, FR),

Reverse DNS

51-158-28-82.rev.poneytelecom.eu

Software

nginx/1.20.2 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains; preload
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Jul 2022 08:47:45 GMT
Server: nginx/1.20.2
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload
P3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 0
X-Xss-Protection: 0
Expires: Tue, 01 Jan 2000 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 8914 0
9 B 21ms
19ms Image
text/plain 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?FoHuqg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame C87D 0
9 B 19ms
19ms Image
text/plain 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?LRRQyw
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 79EB 2 KB
814 B 10ms
9ms Document
text/html 51.222.39.187
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=2bb78272a859ca6

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.222.39.187 , Canada, ASN16276 (OVH, FR),

Reverse DNS

ip187.ip-51-222-39.net

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
content-type: text/html
strict-transport-security: max-age=15552000

GET
H/1.1 204
No Content pbsync
usermatch.targeting.unrulymedia.com/ Frame A927 0
0 131ms
23ms Document
text/plain 199.127.204.142
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://usermatch.targeting.unrulymedia.com/pbsync?gdpr=${GDPR}&consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&rurl=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%24UID
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 199.127.204.142 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Connection: keep-alive
Date: Wed, 06 Jul 2022 08:47:44 GMT

GET
H2 200 usermatch Show response
ssum-sec.casalemedia.com/ Frame C548 1 KB
2 KB 123ms
60ms Document
text/html 104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 69e6415a45448f4728de81ba7b14a36623e401dee7f78da611c03e7290621bed

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 726713d17886a214-YYZ
content-encoding: br
content-type: text/html
date: Wed, 06 Jul 2022 08:47:44 GMT
dropped-udsids: 45|241|230|39|130|152|5|4
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ktlglou1FmVSI8xJA6NCgF3XTjS3ssdpvZha9yIyoUzL9UpRgm21Ab9zMU%2FX7S%2F6MEx61f51ReeKvCvWAXAmEhplxzSiLbzDOAdsUoP0lyIZG%2BE3%2FaYsOB%2B3up9awV%2FSoafGyFGA2QOosQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Is-Traffic-Usersync, Accept-Encoding

GET
H3 200 widget-ssp-performance
c.mgid.com/ Frame CD16 43 B
233 B 48ms
47ms Image
image/gif 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.mgid.com/widget-ssp-performance?time=85
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 726713d12af354cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif

GET
H3 200 mgid_ua.svg
cdn.mgid.com/images/mgid/ Frame CD16 2 KB
1 KB 26ms
26ms Image
image/svg+xml 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/mgid/mgid_ua.svg
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179914.es6.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70d5c4de881e718d0b7638959680ba86722d44eecbe4058d20dd77b8d0d97155

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
content-encoding: br
cf-cache-status: HIT
age: 3768
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 31SX4J2ZJHEVZGRM
x-amz-id-2: 6u8Pk8qDm5kmrtNGbADSH14Or01PntklmOjRRJLDFCTGlBMAiQzwTGO/n/XoaNQheTtLS/DD/oM=
last-modified: Tue, 08 Mar 2022 17:05:01 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1646759091/ctime:1646759091/gid:0/gname:root/md5:617c205137825561208ef7c1a2d8f319/mode:33206/mtime:1646759091/uid:0/uname:root
etag: W/"617c205137825561208ef7c1a2d8f319"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
x-amz-version-id: null
cf-ray: 726713d1bb8c54cd-YYZ
expires: Thu, 07 Jul 2022 08:47:44 GMT

GET
H3 200 Adchoices.svg
cdn.mgid.com/images/logos/ Frame CD16 836 B
1 KB 27ms
27ms Image
image/svg+xml 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/logos/Adchoices.svg
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179914.es6.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
content-encoding: br
cf-cache-status: HIT
age: 3006
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 31SXVY7NEV4DDYHS
x-amz-id-2: Fw9S6D3aOYgm2IIajWZv2uGOc1CeEzLTklOgSjJnq/axnigEnhi9v1cuI7wy2ZhgIevi/VquN6g=
last-modified: Wed, 17 Feb 2021 18:15:53 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1613585745/ctime:1613585745/gid:0/gname:root/md5:7d59364b7ed2df3f02507c9f92560df9/mode:33206/mtime:1613585745/uid:0/uname:root
etag: W/"7d59364b7ed2df3f02507c9f92560df9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
x-amz-version-id: null
cf-ray: 726713d1bb8f54cd-YYZ
expires: Thu, 07 Jul 2022 08:47:44 GMT

GET
H3 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMTAvMTAxOTI0L2ZlM2I2NDMwZjZmMGE2YThjYmFhYjM0ZjZjNzBkZTI0LmpwZWc.webp
s-img.mgid.com/g/8052385/492x277/135x0x863x575/ Frame CD16 8 KB
8 KB 33ms
32ms Image
image/webp 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/8052385/492x277/135x0x863x575/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMTAvMTAxOTI0L2ZlM2I2NDMwZjZmMGE2YThjYmFhYjM0ZjZjNzBkZTI0LmpwZWc.webp?v=1657097264-4dnPJS_gxwaVGaflAhpM7gikSQ-yD4iUDD8Zuweb5D0
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a163abe2674350c1bfc7484f3508aad78dba67946f610363b48a0ba289fcc060

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Origin: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Nov 2021 15:57:07 GMT
x-mg-request-uuid: 7b78ef70-f569-46c1-84b6-836a326d7353
age: 4925822
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 726713d1bf535437-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8080
server: cloudflare

GET
H3 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wNy8xNzU2ODUvMWVjN...
s-img.mgid.com/g/13408641/492x277/-/ Frame CD16 9 KB
9 KB 33ms
32ms Image
image/webp 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/13408641/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wNy8xNzU2ODUvMWVjNTc5OTNmMzNhMWM5MTg3YmE0NTQxNjJhOGI1NjUuanBlZw.webp?v=1657097264-BI7Jbu-atgERGfbdCIa-_MuQkMv6P9Q28iUrUpvo-K8
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a93ca4ed0c3c4436f499c0e03ba6b24acdd15407285b703ec0657e8c8e55926

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Origin: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
cf-cache-status: HIT
last-modified: Fri, 01 Jul 2022 19:49:52 GMT
x-mg-request-uuid: 83e714a7-a873-428d-b201-baad4e41262e
age: 391776
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 726713d1bf575437-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9188
server: cloudflare

GET
H3 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMS0xMi8xMDE5MjQvYjZiZTg0OTUxYjczOWQwY...
s-img.mgid.com/g/12068028/492x277/-/ Frame CD16 12 KB
12 KB 50ms
49ms Image
image/webp 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/12068028/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMS0xMi8xMDE5MjQvYjZiZTg0OTUxYjczOWQwYmE3Y2I5NjIxODdiMDAxMWMuanBlZw.webp?v=1657097264-c-gaFt6HUzOcw9Zkd2Sg02vdfjRU9cH6EE0FXkVzpMI
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 794db768c144a461fe24335291e66e3254a79d43b3c7146a4daa85b43b3b0d23

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Origin: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 14:13:04 GMT
x-mg-request-uuid: 72e3c845-b438-4362-af0a-6ab89a0f4b50
age: 1673990
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 726713d1bf585437-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 12072
server: cloudflare

GET
H3 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIscV9hdXRvOmdvb2Qsd18xMDIwLHhfMzU2LHlfNTA0L2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIyLTA2L...
s-img.mgid.com/g/13268967/492x277/-/ Frame CD16 6 KB
7 KB 50ms
49ms Image
image/webp 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/13268967/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIscV9hdXRvOmdvb2Qsd18xMDIwLHhfMzU2LHlfNTA0L2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIyLTA2LzEwMTkyNC81M2MwY2U4MjZkOTVhYzFhZjRkM2E3YzUyMjE1ODBjMy5qcGVn.webp?v=1657097264-edt2D2xllyXuRlH8TV8SlrljoaGpz6OzXW5oyHWyq84
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5caebcdf8a42c8c0be2fb4f336a45367768d8cb3eda88f162f3c8bf85d3bea7d

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Origin: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
cf-cache-status: HIT
last-modified: Thu, 16 Jun 2022 11:46:21 GMT
x-mg-request-uuid: db46e7b4-64c0-4351-8cf3-af567d05b724
age: 1716857
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 726713d1bf595437-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6574
server: cloudflare

GET
H3 200 mgid_ua.svg
cdn.mgid.com/images/mgid/ Frame C257 2 KB
1 KB 34ms
29ms Image
image/svg+xml 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/mgid/mgid_ua.svg
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179917.es6.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70d5c4de881e718d0b7638959680ba86722d44eecbe4058d20dd77b8d0d97155

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
content-encoding: br
cf-cache-status: HIT
age: 3768
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 31SX4J2ZJHEVZGRM
x-amz-id-2: 6u8Pk8qDm5kmrtNGbADSH14Or01PntklmOjRRJLDFCTGlBMAiQzwTGO/n/XoaNQheTtLS/DD/oM=
last-modified: Tue, 08 Mar 2022 17:05:01 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1646759091/ctime:1646759091/gid:0/gname:root/md5:617c205137825561208ef7c1a2d8f319/mode:33206/mtime:1646759091/uid:0/uname:root
etag: W/"617c205137825561208ef7c1a2d8f319"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
x-amz-version-id: null
cf-ray: 726713d1cba554cd-YYZ
expires: Thu, 07 Jul 2022 08:47:44 GMT

GET
H3 200 Adchoices.svg
cdn.mgid.com/images/logos/ Frame C257 836 B
1 KB 36ms
29ms Image
image/svg+xml 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/logos/Adchoices.svg
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179917.es6.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
content-encoding: br
cf-cache-status: HIT
age: 3006
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 31SXVY7NEV4DDYHS
x-amz-id-2: Fw9S6D3aOYgm2IIajWZv2uGOc1CeEzLTklOgSjJnq/axnigEnhi9v1cuI7wy2ZhgIevi/VquN6g=
last-modified: Wed, 17 Feb 2021 18:15:53 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1613585745/ctime:1613585745/gid:0/gname:root/md5:7d59364b7ed2df3f02507c9f92560df9/mode:33206/mtime:1613585745/uid:0/uname:root
etag: W/"7d59364b7ed2df3f02507c9f92560df9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
x-amz-version-id: null
cf-ray: 726713d1cbab54cd-YYZ
expires: Thu, 07 Jul 2022 08:47:44 GMT

GET
H3 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzM6MixjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8sd18xMDIwL2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIxLTExLzEwMTkyNC82MDI0MzliMjAwOTUxNTA0M...
s-img.mgid.com/g/11533307/492x328/-/ Frame C257 15 KB
16 KB 57ms
56ms Image
image/webp 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/11533307/492x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzM6MixjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8sd18xMDIwL2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIxLTExLzEwMTkyNC82MDI0MzliMjAwOTUxNTA0MTI3Y2MwYzk1ODk2OTI4Ni5wbmc.webp?v=1657097264-96wxDaXbT6gDxlqVE7FDKgGVtebmQyCkB9XaMjk5SXM
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 281805d66f31d517f8037a2604634f2ed1447f05a9814618cd699ce08ee21c28

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Origin: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
cf-cache-status: HIT
last-modified: Wed, 01 Dec 2021 12:23:26 GMT
x-mg-request-uuid: a2574f96-1850-45f4-b500-f3f95198118b
age: 4925825
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 726713d1df755437-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15370
server: cloudflare

GET
H3 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDcvMTAxOTI0L2QyYzViNjdkODVlNDE3ZDM0YWVmN2Q3YjhiZGEwZmJjLmpwZWc.webp
s-img.mgid.com/g/8164860/492x328/0x0x831x554/ Frame C257 9 KB
10 KB 59ms
57ms Image
image/webp 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/8164860/492x328/0x0x831x554/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDcvMTAxOTI0L2QyYzViNjdkODVlNDE3ZDM0YWVmN2Q3YjhiZGEwZmJjLmpwZWc.webp?v=1657097264-mdTxdrmrXJWOvA5ZPjasz26r_SHemlIjSqq_6iEg2Fg
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51fa72d0a472d4e3650387ebcd857ab03ab8c476e4ff0a0339e65d8229a57496

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Origin: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Nov 2021 15:46:05 GMT
x-mg-request-uuid: 5a931540-d8bf-4a9a-b365-160beac46397
age: 4925708
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 726713d1df775437-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9696
server: cloudflare

GET
H3 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDQvMTAxOTI0L2YwOGJiYTYyZTZiNTczY2MzZThhMzY1ZTUyMjU2ZWQ0LmpwZWc.webp
s-img.mgid.com/g/8164910/492x328/0x9x612x408/ Frame C257 15 KB
15 KB 59ms
58ms Image
image/webp 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/8164910/492x328/0x9x612x408/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDQvMTAxOTI0L2YwOGJiYTYyZTZiNTczY2MzZThhMzY1ZTUyMjU2ZWQ0LmpwZWc.webp?v=1657097264-Xz__SxCO3MBA7qhsONuivR-VUFyDiIT_aHpBsBiV7yI
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 06eed8e682c13618d1183842a88bb5eb7af96acc4d2284fb6739aa8663d60c4f

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Origin: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Nov 2021 15:45:19 GMT
x-mg-request-uuid: 3f6252bc-208f-4c2b-8ab5-e683ba37e151
age: 4925953
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 726713d1df795437-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15180
server: cloudflare

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame C548
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YsVMMO1Kr8iar2WzSRoTWgAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHk-6dX1WCLMqCc_-u-6xAc&google_cver=1

43 B
910 B

47ms
45ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHk-6dX1WCLMqCc_-u-6xAc&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

cf-ray: 726713d3093953e9-YYZ
pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ltbnFh4iFi9FKnza2GcnuAyDPqtRX50lls4MUUQLTs%2FX7S5gHLeaQnu%2BWK86aoyd5eHP88p%2BAAg%2BYRHQOzd6mSuHzDdvQiYlOdMzyBorzKqWlGnNHYiI%2BC3d1klLWOOhqaLjjLuDWXKypA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHk-6dX1WCLMqCc_-u-6xAc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dcm
s.amazon-adsystem.com/ Frame C548 43 B
932 B 29ms
28ms Image
image/gif 209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YsVMMO1Kr8iar2WzSRoTWgAAAKYAAAIB

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Jul 2022 08:47:44 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: YKK27J0EJP8JFRFK4PJ3
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

usermatchredir
ssum-sec.casalemedia.com/ Frame C548
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YsVMMO1Kr8iar2WzSRoTWgAAAKYAAAIB&gdpr_consent=&us_privacy=&gdpr=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEMmv0--_XHZEg9gKeaYoecs&google_cver=1

43 B
950 B

69ms
44ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEMmv0--_XHZEg9gKeaYoecs&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

cf-ray: 726713d25b7ea21d-YYZ
pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l3jsMrvi32xxGdtU5YMbIMjJ9JmwzOxkBcXOHJbem4qW%2BK4qwT35II6rJDgUKWWveSMAsR7p%2BuNDxaE3%2FWQHtuLg1zK0aAAvlJCrrw%2BDG0yQNvtQF%2FhB85uyykt0YP9rU%2Fj2iSXYD%2Bgz2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEMmv0--_XHZEg9gKeaYoecs&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 342
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame C548
Redirect Chain

https://match.adsrvr.org/track/cmf/casale
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=8c96384d-bd43-4ecf-8a87-9d923f86652d&expiration=1659689264&gdpr=0&gdpr_consent=

43 B
419 B

104ms
78ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=8c96384d-bd43-4ecf-8a87-9d923f86652d&expiration=1659689264&gdpr=0&gdpr_consent=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: H2
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

cf-ray: 726713d25a7ca1de-YYZ
pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BoB91l4g1n7egv2sjKPkqCHCsLhebIO3VJENbIIJbldKnr5TN7u91q3uYvPTlrK49MQMd470CnIc156Zq%2FVQtKfyeWFEbODhgLQYEYER3HjMk%2B0%2BD29Pfl9LzmyX5MfpVuMs2qdDJz6Z5w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=8c96384d-bd43-4ecf-8a87-9d923f86652d&expiration=1659689264&gdpr=0&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 323

GET
H2

200

crum
dsum-sec.casalemedia.com/ Frame C548
Redirect Chain

https://match.prod.bidr.io/cookie-sync/ie
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AABu3k7FipgAABGGkTTQSg&expiration=1658306864

43 B
956 B

78ms
52ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AABu3k7FipgAABGGkTTQSg&expiration=1658306864
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: H2
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

cf-ray: 726713d25a7fa1de-YYZ
pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O5y%2BZe3PJWL41wc%2BqpAwfWUG5XKsymX82xxqCGlEtrqPi0cpIJMOmKrV0tt4m6qWUNsDrCEHTI%2BG9egDhHsWqeWOrbzCzybBF74rWM2V%2BG02C52Is7qd5yhSDzWEDl%2BmM5jlaC9kMSQyhw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AABu3k7FipgAABGGkTTQSg&expiration=1658306864
Date: Wed, 06 Jul 2022 08:47:44 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
strict-transport-security: max-age=2592000; includeSubDomains

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame C548
Redirect Chain

https://sync.extend.tv/r.gif?exchange=index
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=ad31758a-5fb7-470d-850b-01c3e72680bb

43 B
944 B

81ms
56ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=ad31758a-5fb7-470d-850b-01c3e72680bb
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

cf-ray: 726713d2e8cb53e9-YYZ
pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5K7CaJWe%2B8gr8kSk2aaQfDcHWJUnEmU7moBfywJmpgFCi5ayrgRl6ffJ5gkme1NmhjTvWpQ7Sw%2FKVoZrO1SXLphmIH0Vs3PzqMRgipjwz%2BRXvcFw6PpWhlSwFJppmwAWbOOcMdRhxNMZMA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 06 Jul 2022 08:47:45 GMT
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=ad31758a-5fb7-470d-850b-01c3e72680bb
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 132
Expires: Tue, 29 May 1984 15:00:00 GMT

GET
H2 200 ix
ad4m.at/ad/sim/ Frame C548 0
0 93ms
35ms Image
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad4m.at/ad/sim/ix
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame C548
Redirect Chain

https://ad.turn.com/r/cs?pid=21
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3187058829708213451

43 B
417 B

88ms
79ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3187058829708213451
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: H2
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

cf-ray: 726713d25a82a1de-YYZ
pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cz1Z48haVLIKnfuXOdH8SOi7TRIbNDs24nP0TU0zLsfki%2BgQjo0EMgWIkeKN0tqBVwJnHAclFQw0EcYOY7%2F0FLqNCALJzGWE4mOzYkeK9WPNDZqqTBxbH2qUj51cBfsPRy4JMNQSP5FdTg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3187058829708213451
pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 200 setuid
sync.quantumdex.io/ Frame C548 43 B
118 B 63ms
58ms Image
image/gif 2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=ix&uid=YsVMMO1Kr8iar2WzSRoTWgAAAKYAAAIB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:45 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 726713d1f93ea214-YYZ
content-length: 43
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif

GET
H3 200 i.js Show response
cm.mgid.com/ Frame CD16 1 KB
1003 B 51ms
50ms Script
application/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.mgid.com/i.js?&cbuster=1657097264947554771142
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179914.es6.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec326fb4de1d26fd1863f383cec1a9228cd8b04f7bcb7b0c5690e5620ba3846c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713d1fbe054cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 i.js Show response
cm.mgid.com/ Frame C257 1 KB
1003 B 48ms
48ms Script
application/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.mgid.com/i.js?&cbuster=1657097264960751324003
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179917.es6.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a0aa0322e96e88b48e1e6187777cc8e0cb5b53464223d3404401cc4abc49ebc6

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713d21bf254cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 204 i-noref.js Show response
cm.mgid.com/ Frame F89E 0
228 B 44ms
43ms Script
text/plain 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.mgid.com/i-noref.js?cbuster=1657097264965250040457
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179914.es6.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713d21bfd54cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 204 i-noref.js Show response
cm.mgid.com/ Frame 73F6 0
228 B 49ms
45ms Script
text/plain 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.mgid.com/i-noref.js?cbuster=1657097264975730602969
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179917.es6.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713d23c1d54cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 712056.gif
id.rlcdn.com/ Frame CD16 42 B
60 B 43ms
42ms Image
image/gif 35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/712056.gif?
Requested by: Host: cm.mgid.com
URL: https://cm.mgid.com/i.js?&cbuster=1657097264947554771142
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H3

200

m
cm.mgid.com/ Frame CD16
Redirect Chain

https://x.bidswitch.net/sync?ssp=mgid
https://m.fg8dgt.com/sync?ssp=bidswitch&bidswitch_ssp_id=mgid&ssp_uuid=09b3299d-acd9-44cb-8002-aa2609ca1291
https://m.fg8dgt.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=mgid&ssp_uuid=09b3299d-acd9-44cb-8002-aa2609ca1291
https://x.bidswitch.net/sync?dsp_id=108&expires=14&ssp=mgid&user_id=1eba42a9-7b3b-4b93-a403-f2ca6264f024
https://cm.mgid.com/m?cdsp=433145&c=09b3299d-acd9-44cb-8002-aa2609ca1291&gdpr=&consentData=&uspString=

43 B
510 B

44ms
43ms

Image
image/gif

104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=433145&c=09b3299d-acd9-44cb-8002-aa2609ca1291&gdpr=&consentData=&uspString=
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713d45ea254cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

Redirect headers

Location: //cm.mgid.com/m?cdsp=433145&c=09b3299d-acd9-44cb-8002-aa2609ca1291&gdpr=&consentData=&uspString=
Date: Wed, 06 Jul 2022 08:47:45 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H3

200

m
cm.mgid.com/ Frame CD16
Redirect Chain

https://t.adx.opera.com/pub/sync?pubid=pub6103523253312
https://sync.aralego.com/idSync?ucf_nid=par-627D96DE43D94E241EAD99688E72B636&ucf_user_id=51d7215b4840f01c&redirect=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fuid%3DUCFUID%26vendor%3D60114
https://t.adx.opera.com/sync?uid=511af5b5-388e-36cb-85ab-4482f54203bd&vendor=60114
https://sync.taboola.com/sg/OperaSCoD/1/cm
https://t.adx.opera.com/sync?vendor=60151&uid=8dd58ee5-fd13-4763-b9ad-796d97a4521d-tuct9bed1b1
https://ups.analytics.yahoo.com/ups/58484/occ
https://t.adx.opera.com/sync?vendor=60112&uid=y-IgnWEnlE2uHLCsALo3yLKP9fzQ74yjTAWqKc1sw-~A
https://sync.aralego.com/idSync?ucf_nid=par-627D96DE43D94E241EAD99688E72B636&ucf_user_id=51d7215b4840f01c&redirect=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fuid%3DUCFUID%26vendor%3D60114
https://t.adx.opera.com/sync?uid=511af5b5-388e-36cb-85ab-4482f54203bd&vendor=60114
https://cs.mobfox.com/7b8b188df2e2d757df67b198ed77e9f5.gif?puid=51d7215b4840f01c&redir=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fvendor%3D60058
https://t.adx.opera.com/sync?vendor=60058
https://ssbsync.smartadserver.com/api/sync?callerId=14&gdpr=0&gdpr_consent=
https://t.adx.opera.com/sync?vendor=60140&uid=2541039644928651045&gdpr=0&gdpr_consent=
https://an.yandex.ru/mapuid/operacom/
https://an.yandex.ru/mapuid/operacom/?redir-setuniq=1
https://t.adx.opera.com/sync?vendor=60143&uid=D6F903ABE05A4F2D
https://cm.mgid.com/m?cdsp=528163&c=4ba92145d7644c20b4631cabe199be3b

43 B
558 B

47ms
46ms

Image
image/gif

104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=528163&c=4ba92145d7644c20b4631cabe199be3b
Protocol: H3
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:46 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713de399154cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:46 GMT
server: Tengine
access-control-allow-origin: *
access-control-allow-methods: POST, GET
content-type: text/html; charset=utf-8
location: https://cm.mgid.com/m?cdsp=528163&c=4ba92145d7644c20b4631cabe199be3b
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
content-length: 95
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3

200

m
cm.mgid.com/ Frame CD16
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=161673&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D161673%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fcm.mg...
https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=4df7e55f-fd08-11ec-8bbd-81c72e424eed&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&gdpr=0&gdpr_consent=
https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=24ab7c8f13a7120f&is_secure=true&networkId=17100&version=1&nuid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAGasxY41wTBQN00xFuAAAAAAA&expiration=1657183665&nuid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&...
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=161673&pmc=1&pr=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D712807%26c%3D7E8BB788-EC0D-4AA0-8C08-440D68D578B1
https://cm.mgid.com/m?cdsp=712807&c=7E8BB788-EC0D-4AA0-8C08-440D68D578B1

43 B
543 B

47ms
46ms

Image
image/gif

104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=712807&c=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713d5481954cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

Redirect headers

location: https://cm.mgid.com/m?cdsp=712807&c=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
date: Wed, 06 Jul 2022 08:47:45 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1 200
OK sync.html Show response
s.adtelligent.com/ Frame 1FC7 2 KB
1 KB 45ms
40ms Document
text/html 2a06:8640:683:0:ae1f:6bff:fec1:b062
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adtelligent.com/sync.html?aid=754484
Requested by: Host: cm.mgid.com
URL: https://cm.mgid.com/i.js?&cbuster=1657097264947554771142
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:8640:683:0:ae1f:6bff:fec1:b062 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 45c55e6e124dd6df7d8fa5c40948a33e0e1fa0affc08047c59ff82d91181084b

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 876
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2022 08:47:44 GMT
Server: Adtelligent
X-Robots-Tag: noindex

GET
H3

200

m
cm.mgid.com/ Frame CD16
Redirect Chain

https://rtb-usw.mfadsrvr.com/sync?ssp=mgid
https://cm.mgid.com/m?cdsp=287839&c=d2238a2e-fc11-4134-b5f6-d623209392df

43 B
510 B

47ms
46ms

Image
image/gif

104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=287839&c=d2238a2e-fc11-4134-b5f6-d623209392df
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713d39df254cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

Redirect headers

location: //cm.mgid.com/m?cdsp=287839&c=d2238a2e-fc11-4134-b5f6-d623209392df
date: Wed, 06 Jul 2022 08:47:45 GMT
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET
H2

200

ProfilesEngineServlet
sync1.intentiq.com/profiles_engine/ Frame CD16
Redirect Chain

https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=1931007764&pcid=m66GW8FclGL1&3rddpi=1436365145&3rdpcid=L59CXBSV-3-4UE9&3rddpi=943214099&3rdpcid=
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=1931007764&pcid=m66GW8FclGL1&3rddpi=1436365145&3rdpcid=L59CXBSV-3-4UE9&3rddpi=943214099&3rdpcid=&ckls=true&ci=RK3IpY...
https://image8.pubmatic.com/AdServer/ImgSync?p=156872&pu=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1402230080%26mi%3D10%26csh%3D1931007764%26rnd%3...
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1402230080&mi=10&csh=1931007764&rnd=736903959&pcid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
https://ib.adnxs.com/getuid?https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1709765917%26mi%3D10%26csh%3D1931007764%3B1402230080%26rnd%3D-1398590697&pci...
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1709765917&mi=10&csh=1931007764;1402230080&rnd=-1398590697&pcid=3118761177084706340
https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1486637409%26mi%3D10%26csh%3D1931...
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1486637409&mi=10&csh=1931007764;1402230080;1709765917&rnd=520661999&pcid=047f3497-81c9-4b5f-943c-54de4dabf769
https://ce.lijit.com/merge?pid=8101&3pid=RK3IpY4AJ5&location=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D396218182%26mi%3D10%26csh%3D1931007764%3B14...
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=396218182&mi=10&csh=1931007764;1402230080;1709765917;1486637409&rnd=-1500392341&pcid=E7evjLZHduBErJVZTJiI06fm
https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1072441116%26mi%3D10%26csh%3D1931007764%3B...
https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1072441116%26mi%3D10%26csh%3D1931007764%3B...
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1072441116&mi=10&csh=1931007764;1402230080;1709765917;1486637409;396218182&rnd=-1246876995&pcid=4e511a0a-fd08-11ec-9696-1f...
https://sync.mathtag.com/sync/img?mt_exid=10019&redir=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1678944572%26mi%3D10%26csh%3D1931007764%3B14022300...
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1678944572&mi=10&csh=1931007764;1402230080;1709765917;1486637409;396218182;1072441116&rnd=-498607899&pcid=e9ae62c5-4c30-4a...
https://sync.1rx.io/usersync/intentiq/0?dspret=1&redir=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D541745869%26mi%3D10%26csh%3D1931007764%3B14022300...
https://sync.targeting.unrulymedia.com/csync/RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005?redir=https%3A%2F%2Fsync1.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D541745869...
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=541745869&mi=10&csh=1931007764;1402230080;1709765917;1486637409;396218182;1072441116;1678944572&rnd=-1868245515&pcid=RX-1e...

43 B
1 KB

47ms
47ms

Image
image/gif

13.224.214.95
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=541745869&mi=10&csh=1931007764;1402230080;1709765917;1486637409;396218182;1072441116;1678944572&rnd=-1868245515&pcid=RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Server: 13.224.214.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-95.phl50.r.cloudfront.net
Software: Apache-Coyote/1.1 /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:46 GMT
via: 1.1 534fd2eebbd6707fdf4614c97949ccac.cloudfront.net (CloudFront)
server: Apache-Coyote/1.1
x-amz-cf-pop: PHL50-C1
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
x-amz-cf-id: lD-6BQK7qILEqbO9990p31ZqhHvEiXI9pQvSpstI2eK5ZAFYlmp1Lw==
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=541745869&mi=10&csh=1931007764;1402230080;1709765917;1486637409;396218182;1072441116;1678944572&rnd=-1868245515&pcid=RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005
Date: Wed, 06 Jul 2022 08:47:46 GMT
Connection: keep-alive
Content-Type: text/html
ETag: RX1eb7b0f4ce65495f872e8e080c7f362d005
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

GET
H3

200

m
cm.mgid.com/ Frame C257
Redirect Chain

https://x.bidswitch.net/sync?ssp=mgid
https://pixel.quantserve.com/pixel/p-zLwwakwy-hZw3.gif?idmatch=0&ssp=mgid&gdpr=&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=76&user_group=2&ssp=mgid&gdpr=0&user_id=JpqvzCTL_8g9mqnNJ5HhwCPM9ME9nq3AcpCXc1Ab
https://cm.mgid.com/m?cdsp=433145&c=09b3299d-acd9-44cb-8002-aa2609ca1291&gdpr=0&consentData=&uspString=

43 B
510 B

47ms
46ms

Image
image/gif

104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=433145&c=09b3299d-acd9-44cb-8002-aa2609ca1291&gdpr=0&consentData=&uspString=
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713d3ce1e54cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

Redirect headers

Location: //cm.mgid.com/m?cdsp=433145&c=09b3299d-acd9-44cb-8002-aa2609ca1291&gdpr=0&consentData=&uspString=
Date: Wed, 06 Jul 2022 08:47:45 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H3

200

m
cm.mgid.com/ Frame C257
Redirect Chain

https://t.adx.opera.com/pub/sync?pubid=pub6103523253312
https://eb2.3lift.com/getuid?redir=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fvendor%3D60124%26uid%3D$UID
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fvendor%3D60124%26uid%3D%24UID
https://t.adx.opera.com/sync?vendor=60124&uid=4498649742313079059162
https://sync.taboola.com/sg/OperaSCoD/1/cm
https://t.adx.opera.com/sync?vendor=60151&uid=b30d8f4d-72b6-458e-8ecc-7c27b571c983-tuct9bed1b1
https://ups.analytics.yahoo.com/ups/58484/occ
https://t.adx.opera.com/sync?vendor=60112&uid=y-IgnWEnlE2uHLCsALo3yLKP9fzQ74yjTAWqKc1sw-~A
https://sync.aralego.com/idSync?ucf_nid=par-627D96DE43D94E241EAD99688E72B636&ucf_user_id=51d7215b4840f01c&redirect=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fuid%3DUCFUID%26vendor%3D60114
https://t.adx.opera.com/sync?uid=511af5b5-388e-36cb-85ab-4482f54203bd&vendor=60114
https://an.yandex.ru/mapuid/operacom/
https://an.yandex.ru/mapuid/operacom/?redir-setuniq=1
https://t.adx.opera.com/sync?vendor=60143&uid=D6F903ABE05A4F2D
https://cm.mgid.com/m?cdsp=528163&c=4ba92145d7644c20b4631cabe199be3b

43 B
558 B

43ms
42ms

Image
image/gif

104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=528163&c=4ba92145d7644c20b4631cabe199be3b
Protocol: H3
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:46 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713de59a154cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:46 GMT
server: Tengine
access-control-allow-origin: *
access-control-allow-methods: POST, GET
content-type: text/html; charset=utf-8
location: https://cm.mgid.com/m?cdsp=528163&c=4ba92145d7644c20b4631cabe199be3b
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
content-length: 95
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ProfilesEngineServlet
sync1.intentiq.com/profiles_engine/ Frame C257
Redirect Chain

https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=1931007764&pcid=m66GW8FclGL1&3rddpi=1436365145&3rdpcid=L59CXBSV-3-4UE9&3rddpi=943214099&3rdpcid=
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=1931007764&pcid=m66GW8FclGL1&3rddpi=1436365145&3rdpcid=L59CXBSV-3-4UE9&3rddpi=943214099&3rdpcid=&ckls=true&ci=11Vh4b...

43 B
539 B

40ms
36ms

Image
image/gif

13.224.214.95
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=1931007764&pcid=m66GW8FclGL1&3rddpi=1436365145&3rdpcid=L59CXBSV-3-4UE9&3rddpi=943214099&3rdpcid=&ckls=true&ci=11Vh4bgYpB&nc=false&trid=2094959689
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Server: 13.224.214.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-95.phl50.r.cloudfront.net
Software: Apache-Coyote/1.1 /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 534fd2eebbd6707fdf4614c97949ccac.cloudfront.net (CloudFront)
server: Apache-Coyote/1.1
x-amz-cf-pop: PHL50-C1
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
x-amz-cf-id: _vOUtFZm8ORKcdE7UIaA6Sb2rJeH-wXHFt5FVgC0sB0IU5du3149YQ==
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 534fd2eebbd6707fdf4614c97949ccac.cloudfront.net (CloudFront)
server: Apache-Coyote/1.1
x-amz-cf-pop: PHL50-C1
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
location: https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=1931007764&pcid=m66GW8FclGL1&3rddpi=1436365145&3rdpcid=L59CXBSV-3-4UE9&3rddpi=943214099&3rdpcid=&ckls=true&ci=11Vh4bgYpB&nc=false&trid=2094959689
cache-control: no-cache, no-store, must-revalidate
patent: https://www.almondnet.com/ip
content-type: image/gif
content-length: 43
x-amz-cf-id: cNGV2Z-4lOebMdpZGszNR2pFqcRQWoJnYpfcmMjIsbJfk4H6BAUSmQ==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

204

ImgSync
image8.pubmatic.com/AdServer/ Frame C257
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=161673&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D161673%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fcm.mg...
https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=4df80bba-fd08-11ec-a7ae-01d28394cfbb&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&gdpr=0&gdpr_consent=
https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=137068038f4c1210&is_secure=true&networkId=17100&version=1&nuid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAGahZyujOseANKl1CUAAAAAAA&expiration=1657183665&nuid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&...
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3118761177084706340&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=G5bYmBnHiJwAlt6ZGp2WlB7Ag5UAktqUT5xS77DH
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

0
109 B

23ms
23ms

Image
text/plain

8.28.7.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H2
Server: 8.28.7.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
date: Wed, 06 Jul 2022 08:47:45 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H3 200 712056.gif
id.rlcdn.com/ Frame C257 42 B
60 B 45ms
42ms Image
image/gif 35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/712056.gif?
Requested by: Host: cm.mgid.com
URL: https://cm.mgid.com/i.js?&cbuster=1657097264960751324003
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H/1.1 200
OK sync.html Show response
s.adtelligent.com/ Frame 0456 2 KB
1 KB 54ms
19ms Document
text/html 2a06:8640:683:0:ae1f:6bff:fec1:b062
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adtelligent.com/sync.html?aid=754484
Requested by: Host: cm.mgid.com
URL: https://cm.mgid.com/i.js?&cbuster=1657097264960751324003
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:8640:683:0:ae1f:6bff:fec1:b062 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: ecd272f4eb05aeae36a8f2546c4a78bf4d4d1928ea091966be688c63fee769d3

Request headers

Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 872
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2022 08:47:44 GMT
Server: Adtelligent
X-Robots-Tag: noindex

GET
H3

200

m
cm.mgid.com/ Frame C257
Redirect Chain

https://rtb-usw.mfadsrvr.com/sync?ssp=mgid
https://cm.mgid.com/m?cdsp=287839&c=d2238a2e-fc11-4134-b5f6-d623209392df

43 B
511 B

47ms
46ms

Image
image/gif

104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=287839&c=d2238a2e-fc11-4134-b5f6-d623209392df
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713d39df554cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

Redirect headers

location: //cm.mgid.com/m?cdsp=287839&c=d2238a2e-fc11-4134-b5f6-d623209392df
date: Wed, 06 Jul 2022 08:47:45 GMT
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET
H2

200

/ Show response
de.tynt.com/deb/ Frame B755
Redirect Chain

https://ic.tynt.com/r/d?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X

2 KB
3 KB

34ms
34ms

Document
text/html

67.202.105.32
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.32 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip32.67-202-105.static.steadfastdns.net
Software: /
Resource Hash: d17131bddf996a3a09cf02456553002740393aa0fe1291b9aa62ccc1f6038058

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
content-length: 1931
content-type: text/html
date: Wed, 06 Jul 2022 08:47:44 GMT
expires: Sat, 26 Jul 1997 05:00:00 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy: unsafe-url

Redirect headers

accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
content-length: 171
content-type: text/html; charset=utf-8
date: Wed, 06 Jul 2022 08:47:45 GMT
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
location: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
server: nginx/1.16.1

GET
H/1.1 200
OK sync.html Show response
s.console.adtarget.com.tr/ Frame BA2C 1 KB
1004 B 356ms
20ms Document
text/html 2a06:8640:471:0:ec4:7aff:fe7e:dd90
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.console.adtarget.com.tr/sync.html?aid=755289
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:8640:471:0:ec4:7aff:fe7e:dd90 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 8a77716d191bdcbb71ccafbe17e67b9e6f45d58e3c7477e3c9b7d7b9321c6f5a

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://s.adtelligent.com
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 699
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2022 08:47:44 GMT
Server: Adtelligent
X-Robots-Tag: noindex

GET
H/1.1 200
OK sync.html Show response
s.adtelligent.com/ Frame 71AD 1 KB
1 KB 23ms
18ms Document
text/html 2a06:8640:683:0:ae1f:6bff:fec1:b062
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adtelligent.com/sync.html?aid=651796
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:8640:683:0:ae1f:6bff:fec1:b062 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 780c6d2afbdf0810cb3df8f8619849a70b2221532586daebadfad8421511620d

Request headers

Referer: https://s.adtelligent.com/sync.html?aid=754484
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://s.adtelligent.com
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 744
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2022 08:47:44 GMT
Server: Adtelligent
X-Robots-Tag: noindex

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 9403 2 KB
814 B 14ms
9ms Document
text/html 51.222.39.187
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=59a18369e249bfb

Requested by

Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.222.39.187 , Canada, ASN16276 (OVH, FR),

Reverse DNS

ip187.ip-51-222-39.net

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
content-type: text/html
strict-transport-security: max-age=15552000

GET
H3

200

m
cm.mgid.com/ Frame 1FC7
Redirect Chain

https://sync.adtelligent.com/csync?redir=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D617666%26c%3D%7Buid%7D
https://cm.mgid.com/m?cdsp=617666&c=86a13ba6ab56d298

43 B
494 B

51ms
50ms

Image
image/gif

104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=617666&c=86a13ba6ab56d298
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: H3
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713d2ecf254cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

Redirect headers

Location: https://cm.mgid.com/m?cdsp=617666&c=86a13ba6ab56d298
Date: Wed, 06 Jul 2022 08:47:44 GMT
Server: VertaMedia 1.0
Etag: 86a13ba6ab56d298
Content-Length: 0

GET
H2 200 sync
vid.vidoomy.com/ Frame 1FC7 0
0 95ms
88ms Image
text/html 2a02:6ea0:c400::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vid.vidoomy.com/sync?gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D556847%26extuid%3D%7B%7BVID%7D%7D
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c400::11 New York, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H2 200 sync
vid.vidoomy.com/ Frame 0456 0
0 107ms
107ms Image
text/html 2a02:6ea0:c400::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vid.vidoomy.com/sync?gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D556847%26extuid%3D%7B%7BVID%7D%7D
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c400::11 New York, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 8F10 2 KB
814 B 11ms
10ms Document
text/html 51.222.39.187
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=59a18369e249bfb

Requested by

Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.222.39.187 , Canada, ASN16276 (OVH, FR),

Reverse DNS

ip187.ip-51-222-39.net

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
content-type: text/html
strict-transport-security: max-age=15552000

GET
H2

200

/ Show response
de.tynt.com/deb/ Frame FB11
Redirect Chain

https://ic.tynt.com/r/d?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X

2 KB
3 KB

38ms
36ms

Document
text/html

67.202.105.32
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.32 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip32.67-202-105.static.steadfastdns.net
Software: /
Resource Hash: 2c45470de3b92493c6e99abcd28f23f68da8ea5a351472f26c3c3090b1f81be0

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
content-length: 1931
content-type: text/html
date: Wed, 06 Jul 2022 08:47:44 GMT
expires: Sat, 26 Jul 1997 05:00:00 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy: unsafe-url

Redirect headers

accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
content-length: 171
content-type: text/html; charset=utf-8
date: Wed, 06 Jul 2022 08:47:45 GMT
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
location: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
server: nginx/1.16.1

GET
H/1.1 200
OK sync.html Show response
s.console.adtarget.com.tr/ Frame A4D9 1 KB
1004 B 355ms
18ms Document
text/html 2a06:8640:471:0:ec4:7aff:fe7e:dd90
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.console.adtarget.com.tr/sync.html?aid=755289
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:8640:471:0:ec4:7aff:fe7e:dd90 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 8a77716d191bdcbb71ccafbe17e67b9e6f45d58e3c7477e3c9b7d7b9321c6f5a

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://s.adtelligent.com
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 699
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2022 08:47:44 GMT
Server: Adtelligent
X-Robots-Tag: noindex

GET
H/1.1 200
OK sync.html Show response
s.adtelligent.com/ Frame 27FE 1 KB
1 KB 255ms
252ms Document
text/html 2a06:8640:683:0:ae1f:6bff:fec1:b062
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adtelligent.com/sync.html?aid=651796
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:8640:683:0:ae1f:6bff:fec1:b062 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: c407be5e6bdabeb973c986b3197259187b1d8418a0b19e1944c40ffe648380f4

Request headers

Referer: https://s.adtelligent.com/sync.html?aid=754484
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://s.adtelligent.com
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 733
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2022 08:47:44 GMT
Server: Adtelligent
X-Robots-Tag: noindex

GET
H3

200

m
cm.mgid.com/ Frame 0456
Redirect Chain

https://sync.adtelligent.com/csync?redir=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D617666%26c%3D%7Buid%7D
https://cm.mgid.com/m?cdsp=617666&c=86a13ba6ab56d298

43 B
494 B

43ms
41ms

Image
image/gif

104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=617666&c=86a13ba6ab56d298
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: H3
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 726713d30d2354cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

Redirect headers

Location: https://cm.mgid.com/m?cdsp=617666&c=86a13ba6ab56d298
Date: Wed, 06 Jul 2022 08:47:44 GMT
Server: VertaMedia 1.0
Etag: 86a13ba6ab56d298
Content-Length: 0

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 0050 2 KB
814 B 12ms
9ms Document
text/html 51.222.39.187
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=75a1922f904cc20

Requested by

Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=651796

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.222.39.187 , Canada, ASN16276 (OVH, FR),

Reverse DNS

ip187.ip-51-222-39.net

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
content-type: text/html
strict-transport-security: max-age=15552000

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 16B0 15 KB
6 KB 21ms
19ms Document
text/html 23.52.161.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=651796
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-161-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=87012
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Wed, 06 Jul 2022 08:47:45 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Thu, 07 Jul 2022 08:57:57 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK csync
sync.adtelligent.com/ Frame 71AD 43 B
323 B 19ms
17ms Image
image/gif 23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?redir=
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=651796
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:44 GMT
Server: VertaMedia 1.0
Etag: 86a13ba6ab56d298
Content-Length: 43
Content-Type: image/gif

GET
H3

200

cm Show response
us-u.openx.net/w/1.0/ Frame FE50
Redirect Chain

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1657097265119.3&ri=70&ru=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fcm%3Fid%3Dc6a5ba0d-ce02-41bd-a1ea-842c68bd5108%26ph%3D8f5ed5d4-642c-4222-968a-d709c...
https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D...

1 KB
751 B

55ms
41ms

Document
text/html

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/7f1e280 /
Resource Hash: 1d48b937e2ee1e97dc4d7f326aa653d9df817f9b1934137e77c4607debeb8218

Request headers

Referer: about:blank
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 732
content-type: text/html
date: Wed, 06 Jul 2022 08:47:45 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/7f1e280
vary: Accept, Accept-Encoding
via: 1.1 google

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-length: 0
date: Wed, 06 Jul 2022 08:47:44 GMT
expires: Thu, 01-Jan-70 00:00:01 GMT
location: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
pragma: no-cache
referrer-policy: unsafe-url
server: 33XP005
x-33x-status: 40000000008200000A

GET
H3

200

match
events-ssc.33across.com/ Frame B755
Redirect Chain

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1657097265119.1&ri=2&ru=https%3A%2F%2Fssum-sec.casalemedia.com%2Fusermatchredir%3Fs%3D191740%26us_privacy%3D%24%7BUS_PRIVACY%7D%26cb%3Dhttps%253A%252...
https://ssum-sec.casalemedia.com/usermatchredir?s=191740&us_privacy=&cb=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D2%26external_user_id%3D
https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=2&external_user_id=YsVMMO1Kr8iar2WzSRoTWgAA%26166

68 B
82 B

30ms
29ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=2&external_user_id=YsVMMO1Kr8iar2WzSRoTWgAA%26166
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Protocol: H3
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5KoO4RZYnsiL4AKbEeUxOxMUvyLieSorFZgfh4Y%2B72e%2FXm6%2BULsnmKxRgGc%2Fx8J6VM%2BStZJvEbDr7mt2fNFKGyvp49me3crdVKRBE23LPxlqDwrQnHpL%2Flqxe7Mn2DBrCsHdD3ANVgsOgg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=2&external_user_id=YsVMMO1Kr8iar2WzSRoTWgAA%26166
cache-control: no-cache
cf-ray: 726713d39d80a21d-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2

200

qmap
sync.crwdcntrl.net/ Frame B755
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=104&us_privacy=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D45%26xu%3D%7BuserId%7D
https://tags.bluekai.com/site/17724?id=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D1389%26tp%3DSTSC%26tpid%3D7193c592-1253-4b56-b320-5f6c4...
https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D4...
https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D4...

49 B
264 B

88ms
87ms

Image
image/gif

52.73.102.235
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D45%26xu%3D7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&ct=y
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Protocol: H2
Server: 52.73.102.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-73-102-235.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.13.88
content-type: image/gif
content-length: 49
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D45%26xu%3D7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&ct=y
cache-control: no-cache
x-server: 10.40.37.210
content-length: 0
expires: 0

GET
H3

200

match
events-ssc.33across.com/ Frame B755
Redirect Chain

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1657097265119.4&ri=90&ru=https%3A%2F%2Fib.adnxs.com%2Fgetuid%3Fhttps%253A%252F%252Fevents-ssc.33across.com%252Fmatch%253Fliv%253Dg%2526us_privacy%253...
https://ib.adnxs.com/getuid?https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D90%26external_user_id%3D%24UID
https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=90&external_user_id=3118761177084706340

68 B
82 B

28ms
28ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=90&external_user_id=3118761177084706340
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Protocol: H3
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

Pragma: no-cache
Date: Wed, 06 Jul 2022 08:47:45 GMT
X-Proxy-Origin: 149.56.153.188; 149.56.153.188; 555.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 57be03ad-5b37-412c-bca1-5752122dd383
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=90&external_user_id=3118761177084706340
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 149
match.deepintent.com/usersync/ Frame B755 0
222 B 79ms
24ms Image
image/gif 169.197.150.8
DEEPINTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/149?us_privacy=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS: g.deepintent.com
Software: c /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
server: c
content-type: image/gif
content-length: 0
p3p: policyref='http://cdn.deepintent.com/p3p.xml', CP='NON CUR DEV TAI'

GET
H3

200

match
events-ssc.33across.com/ Frame B755
Redirect Chain

https://bttrack.com/pixel/cookiesync?source=2c3b95b9-6513-42b2-beb7-260851c73b75&secure=1&us_privacy=&cb=1657097265119.6
https://ssc-cms.33across.com/ps/?xi=66&us_privacy=&xu=e5fc84c5-f83a-4778-92bb-59fad62cc6a5
https://events-ssc.33across.com/match?bidder_id=66&external_user_id=e5fc84c5-f83a-4778-92bb-59fad62cc6a5&ts=1657097265&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
82 B

37ms
34ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=66&external_user_id=e5fc84c5-f83a-4778-92bb-59fad62cc6a5&ts=1657097265&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Protocol: H3
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
referrer-policy: unsafe-url
server: 33XP003
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=66&external_user_id=e5fc84c5-f83a-4778-92bb-59fad62cc6a5&ts=1657097265&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H2

200

qmap
sync.crwdcntrl.net/ Frame FB11
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=104&us_privacy=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D45%26xu%3D%7BuserId%7D
https://tags.bluekai.com/site/17724?id=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D1389%26tp%3DSTSC%26tpid%3D7193c592-1253-4b56-b320-5f6c4...
https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D4...
https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D4...

49 B
732 B

44ms
44ms

Image
image/gif

52.73.102.235
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D45%26xu%3D7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&ct=y
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Protocol: H2
Server: 52.73.102.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-73-102-235.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.8.123
content-type: image/gif
content-length: 49
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D45%26xu%3D7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&ct=y
cache-control: no-cache
x-server: 10.40.14.190
content-length: 0
expires: 0

GET
H3

200

cm Show response
us-u.openx.net/w/1.0/ Frame CBF8
Redirect Chain

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1657097265150.3&ri=70&ru=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fcm%3Fid%3Dc6a5ba0d-ce02-41bd-a1ea-842c68bd5108%26ph%3D8f5ed5d4-642c-4222-968a-d709c...
https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D...

1 KB
751 B

42ms
41ms

Document
text/html

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/7f1e280 /
Resource Hash: 1d48b937e2ee1e97dc4d7f326aa653d9df817f9b1934137e77c4607debeb8218

Request headers

Referer: about:blank
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 732
content-type: text/html
date: Wed, 06 Jul 2022 08:47:45 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/7f1e280
vary: Accept, Accept-Encoding
via: 1.1 google

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-length: 0
date: Wed, 06 Jul 2022 08:47:44 GMT
expires: Thu, 01-Jan-70 00:00:01 GMT
location: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
pragma: no-cache
referrer-policy: unsafe-url
server: 33XP005
x-33x-status: 40000000008200000A

GET
H2 200 149
match.deepintent.com/usersync/ Frame FB11 0
127 B 55ms
24ms Image
image/gif 169.197.150.8
DEEPINTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/149?us_privacy=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS: g.deepintent.com
Software: c /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:44 GMT
server: c
content-type: image/gif
content-length: 0
p3p: policyref='http://cdn.deepintent.com/p3p.xml', CP='NON CUR DEV TAI'

GET
H3

200

match
events-ssc.33across.com/ Frame FB11
Redirect Chain

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1657097265150.1&ri=2&ru=https%3A%2F%2Fssum-sec.casalemedia.com%2Fusermatchredir%3Fs%3D191740%26us_privacy%3D%24%7BUS_PRIVACY%7D%26cb%3Dhttps%253A%252...
https://ssum-sec.casalemedia.com/usermatchredir?s=191740&us_privacy=&cb=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D2%26external_user_id%3D
https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=2&external_user_id=YsVMMO1Kr8iar2WzSRoTWgAA%26166

68 B
82 B

27ms
27ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=2&external_user_id=YsVMMO1Kr8iar2WzSRoTWgAA%26166
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Protocol: H3
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IQNn5yNjJj7vfrk0KBK49RvmnW2EGh0oHEMZ8B%2Bskx%2FuVRzeK27aUlK6LkVdiFVuEAsmD1fhgGzccwKAdC4CiQ7TSpiP72yrrlweL%2FF%2FpV1gdxL6IedLysSsPkI5%2FRCGXOoPeHR2ERmuZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=2&external_user_id=YsVMMO1Kr8iar2WzSRoTWgAA%26166
cache-control: no-cache
cf-ray: 726713d3cdd1a21d-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

match
events-ssc.33across.com/ Frame FB11
Redirect Chain

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1657097265150.4&ri=90&ru=https%3A%2F%2Fib.adnxs.com%2Fgetuid%3Fhttps%253A%252F%252Fevents-ssc.33across.com%252Fmatch%253Fliv%253Dg%2526us_privacy%253...
https://ib.adnxs.com/getuid?https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D90%26external_user_id%3D%24UID
https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=90&external_user_id=3118761177084706340

68 B
82 B

30ms
28ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=90&external_user_id=3118761177084706340
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Protocol: H3
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

Pragma: no-cache
Date: Wed, 06 Jul 2022 08:47:45 GMT
X-Proxy-Origin: 149.56.153.188; 149.56.153.188; 555.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 236002c2-b194-462f-ac47-b005220bb9ab
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=90&external_user_id=3118761177084706340
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

match
events-ssc.33across.com/ Frame FB11
Redirect Chain

https://bttrack.com/pixel/cookiesync?source=2c3b95b9-6513-42b2-beb7-260851c73b75&secure=1&us_privacy=&cb=1657097265150.6
https://ssc-cms.33across.com/ps/?xi=66&us_privacy=&xu=bdf9931a-4ed2-4770-9765-04852cb4ff74
https://events-ssc.33across.com/match?bidder_id=66&external_user_id=bdf9931a-4ed2-4770-9765-04852cb4ff74&ts=1657097265&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
82 B

28ms
27ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=66&external_user_id=bdf9931a-4ed2-4770-9765-04852cb4ff74&ts=1657097265&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Protocol: H3
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:44 GMT
referrer-policy: unsafe-url
server: 33XP004
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=66&external_user_id=bdf9931a-4ed2-4770-9765-04852cb4ff74&ts=1657097265&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F578 0
0 60ms
59ms Image
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220630&jk=134187575876917&bg=!UVKlUhbNAAaLlKKnq5Q7ACkAdvg8Wn8iu7VGIuctxlaNnCkTo1zrrA-R8F7i6Rrt4O7uTpEyMBkH6wIAAANKUgAAAAJoAQcKADuhnYlWcvzJRZG9jd-WQw3CJj1NuGGvsjJ1gCu01Gm1t7UVZO4ZWhtu8nMSqztjA4q4lBDrwvdNCVz2QpkC3ql1XiuCFyDc5wyQ5DUEQEk29Z0eEZj_1bUhRdD9EtSrkajGdo5Uu8yifYF36st1qzSpAH9-chR5GeoywFw36fzyL01bFU8eMGvKIvCjuTFRn26U7280CQqqQGiWE8ey_wlnY_eHgWep23oMGBSo39WOdDY51900kbuWP8BBNXktj5ILf_i2vOegsb8MU_LGsljcak-JNFLK7C2dCJ3PwfH5RSJHK64Ti3IhawOo6_JEqPm4mDJBouKxIg_eLOn3LFPwcabdi5cbZl28ISdT-COj9PbHABGp2O0DEj0yGKxunZRNF85GCw-8zOpNCVARJ4cGHCkr7xTrQaeYlhFh66oNZnF1zH8IIymth3GlvRMsx8-CUJG2hXf3GIA6GyDIxEdZY7UgKkkIsT7KSqTy27JsFZhHzBDG_gtgH2eFRRrWDHSoKd4OZRElNeN-kRxMwIsWz-unB3x1yPqrZDYda-lJjHUuGn_nduQqpOtrzp4qbtAhi_dJVmx6RdfSwSHqkbXjCaCvuKr8ZzeLKZI4cp88URYZEDUamNiYowxfy0tKE-p-P19DJ3SprJuKZwmSp2NKr644eqiNtI0XTflpR8-w_SnlHmLzvGxinQG6leJJPCXKifK5kg6v9lmjxATSkFI1Q3KyuRQkcNkRO_A2Qell-qjEKqYebVPT0Ef5ULl3MlZ04EYZlcp36arsCEvxsEkFk7WDt01TF_8NeVgXAvVqmzrUj9BYwMTQoCkm_-CqPU7qsWIcTMRzuPGJ3Yad_P94qYvsT3zdxBOj6Uj7b2GR7DDsV4ZejcRCxQHjoFK7Pd_awq4WMM0Loaq-AaqiV0hRPDw2w-70wFNLSYp9YWAhzi0UceNwMWPxqH1HTJ9lxxiQ9AEE7v2v17D0EUbRdyDw03snFcMHaJyj9rFARuK6Kodr0T86piGNEHZTiLJ-F9DjKXkqp-2ffuyk5yOOTyEZjv5euJThB0b6szGa
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H/1.1 200 ptrack Show response
a.audrte.com/ Frame F972 368 B
879 B 30ms
29ms XHR
text/plain 18.205.54.230
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.audrte.com/ptrack?arlocation=149.56.153.188&p=M1353665098&artime=2022-07-06T08:47:45.271Z&arlocation=YWRzLnVzLmUtcGxhbm5pbmcubmV0L3VzcGQvMT9jdD0xJmR1PWh0dHBzJTNBJTJGJTJGc3luYy5hZHRlbGxpZ2VudC5jb20lMkZjc3luYyUzRnQlM0RhJTI2ZXAlM0QzMDc5NzElMjZleHR1aWQlM0QlMjRVSUQ=&gdpr=0&gdpr_consent=null&gdpr_version=1&arreferer=cy5hZHRlbGxpZ2VudC5jb20v
Requested by: Host: a.audrte.com
URL: https://a.audrte.com/ptag?p=M1353665098
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.205.54.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-205-54-230.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: fa18e117cfda1ff26f31f1ab6386c472425317af935abe4b96abe32f2ff01483

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:45 GMT
Content-Encoding: gzip
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: text/plain;charset=UTF-8
Access-Control-Allow-Origin: https://ads.us.e-planning.net
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 262

GET
H2 200 optimus_rules.json Show response
tags.crwdcntrl.net/lt/c/15238/ Frame F972 155 B
630 B 282ms
19ms XHR
application/json 13.224.214.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/15238/optimus_rules.json
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-92.phl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1b92260a400bea230772ccfff1953fbe65deeb30da1a8aa146342d20833f24ff

Request headers

Referer: https://ads.us.e-planning.net/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 05 Jul 2022 13:10:18 GMT
via: 1.1 bf08d0f122cb7618f980954bd4f44e36.cloudfront.net (CloudFront)
age: 70648
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 155
last-modified: Wed, 15 Jun 2022 17:05:13 GMT
server: AmazonS3
etag: "1a1722e9cedbdc8af0dcd3345e46c73a"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age: 86400
x-amz-cf-pop: PHL50-C1
accept-ranges: bytes
x-amz-cf-id: tArGfiu3y3ADb4VPcTE2YmN4NwCxf3oKbFJ5L9HzCphdz6NDLQYPzA==

GET
H3 200 match
events-ssc.33across.com/ Frame FE50 68 B
82 B 31ms
29ms Image
image/png 34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=70&external_user_id=85b1de49-1304-4343-bc6e-cd2dabb72623
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58294/ Frame FE50 0
332 B 29ms
27ms Image
text/plain 54.175.87.114
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58294/sync?_origin=1&uid=dd1e51ae-15e5-49e5-837e-03f736404015

Requested by

Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.175.87.114 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-175-87-114.compute-1.amazonaws.com

Software

ATS/9.1.0.46 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:45 GMT
server: ATS/9.1.0.46
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

396846.gif
idsync.rlcdn.com/ Frame FE50
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fid.rlcdn.com%2F464246.gif%3Fpartner_uid%3D
https://id.rlcdn.com/464246.gif?partner_uid=a61cad41-00c8-45cc-8f20-420e9878d5a4
https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D
https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=a61cad41-00c8-45cc-8f20-420e9878d5a4

42 B
60 B

45ms
42ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=a61cad41-00c8-45cc-8f20-420e9878d5a4
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

date: Wed, 06 Jul 2022 08:47:45 GMT
content-encoding: gzip
server: OXGW/7f1e280
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=a61cad41-00c8-45cc-8f20-420e9878d5a4
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame FE50
Redirect Chain

https://ib.adnxs.com/getuid?https://us-u.openx.net/w/1.0/sd?id=537072399&val=$UID
https://us-u.openx.net/w/1.0/sd?id=537072399&val=3118761177084706340

43 B
61 B

39ms
39ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072399&val=3118761177084706340
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/7f1e280 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
server: OXGW/7f1e280
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 06 Jul 2022 08:47:45 GMT
X-Proxy-Origin: 149.56.153.188; 149.56.153.188; 555.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 1172be71-62e8-4e90-863e-ea76b60e9557
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://us-u.openx.net/w/1.0/sd?id=537072399&val=3118761177084706340
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK dcm
s.amazon-adsystem.com/ Frame FE50 43 B
932 B 33ms
29ms Image
image/gif 209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=ab0cae5a-d125-c856-1057-406ac9d07f9c

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Jul 2022 08:47:45 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: V6CH2HGC60JRRK5D0QPV
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame FE50
Redirect Chain

https://ad.turn.com/r/cs?pid=9&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537073061&val=3187058829708213451&gdpr=0&gdpr_consent=&us_privacy=

43 B
61 B

50ms
49ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537073061&val=3187058829708213451&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/7f1e280 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
server: OXGW/7f1e280
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?id=537073061&val=3187058829708213451&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame FE50
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YsVMMAAOOa2V7QAo

43 B
61 B

40ms
39ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537148856&val=YsVMMAAOOa2V7QAo
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/7f1e280 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
server: OXGW/7f1e280
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1657097265.288933,VS0,VE0
x-served-by: cache-yul12829-YUL
x-cache: HIT
location: https://us-u.openx.net/w/1.0/sd?id=537148856&val=YsVMMAAOOa2V7QAo
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 671db463-5d23-e1e5-e18e-d4085eb47935
pr-bh.ybp.yahoo.com/sync/openx/ Frame FE50 43 B
990 B 34ms
28ms Image
image/gif 2600:1f18:4e9:5a05:2903:4db6:5aa9:2a2
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/openx/671db463-5d23-e1e5-e18e-d4085eb47935?gdpr=0

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:4e9:5a05:2903:4db6:5aa9:2a2 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:45 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame FE50
Redirect Chain

https://match.adsrvr.org/track/cmf/openx?oxid=f3dad227-cd8f-73ac-d059-c2fda1e3b47c&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072971&val=8c96384d-bd43-4ecf-8a87-9d923f86652d&ttd_puid=f3dad227-cd8f-73ac-d059-c2fda1e3b47c&gdpr=0&gdpr_consent=

43 B
62 B

42ms
40ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072971&val=8c96384d-bd43-4ecf-8a87-9d923f86652d&ttd_puid=f3dad227-cd8f-73ac-d059-c2fda1e3b47c&gdpr=0&gdpr_consent=
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/7f1e280 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
server: OXGW/7f1e280
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072971&val=8c96384d-bd43-4ecf-8a87-9d923f86652d&ttd_puid=f3dad227-cd8f-73ac-d059-c2fda1e3b47c&gdpr=0&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 335

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame FE50 170 B
188 B 40ms
37ms Image
image/png 142.250.80.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZGZiNTAxZWQtMDRmOC0yZDA4LWM1YjktOTg0NDZiMDE3YTFj

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s36-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame FE50
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPd3n9OwhN_95TM-PsZJsmE&google_cver=1

43 B
61 B

59ms
57ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPd3n9OwhN_95TM-PsZJsmE&google_cver=1
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/7f1e280 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
server: OXGW/7f1e280
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPd3n9OwhN_95TM-PsZJsmE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 match
events-ssc.33across.com/ Frame CBF8 68 B
82 B 28ms
28ms Image
image/png 34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=70&external_user_id=85b1de49-1304-4343-bc6e-cd2dabb72623
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58294/ Frame CBF8 0
17 B 30ms
25ms Image
text/plain 54.175.87.114
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58294/sync?_origin=1&uid=dd1e51ae-15e5-49e5-837e-03f736404015

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.175.87.114 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-175-87-114.compute-1.amazonaws.com

Software

ATS/9.1.0.46 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:45 GMT
server: ATS/9.1.0.46
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

362358.gif
idsync.rlcdn.com/ Frame CBF8
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fid.rlcdn.com%2F464246.gif%3Fpartner_uid%3D
https://id.rlcdn.com/464246.gif?partner_uid=a61cad41-00c8-45cc-8f20-420e9878d5a4
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEFwswNnoaQfp-pcQG07GEeo&google_cver=1

42 B
60 B

42ms
41ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEFwswNnoaQfp-pcQG07GEeo&google_cver=1
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEFwswNnoaQfp-pcQG07GEeo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 289
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame CBF8
Redirect Chain

https://ib.adnxs.com/getuid?https://us-u.openx.net/w/1.0/sd?id=537072399&val=$UID
https://us-u.openx.net/w/1.0/sd?id=537072399&val=3118761177084706340

43 B
61 B

41ms
38ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072399&val=3118761177084706340
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/7f1e280 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
server: OXGW/7f1e280
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 06 Jul 2022 08:47:45 GMT
X-Proxy-Origin: 149.56.153.188; 149.56.153.188; 555.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 3b6cf9c6-b748-4734-b274-3d8213e5d412
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://us-u.openx.net/w/1.0/sd?id=537072399&val=3118761177084706340
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK dcm
s.amazon-adsystem.com/ Frame CBF8 43 B
932 B 288ms
262ms Image
image/gif 209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=ab0cae5a-d125-c856-1057-406ac9d07f9c

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Jul 2022 08:47:45 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: Q9E26D59XD2NN1W0F2HY
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame CBF8
Redirect Chain

https://ad.turn.com/r/cs?pid=9&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537073061&val=3187058829708213451&gdpr=0&gdpr_consent=&us_privacy=

43 B
61 B

40ms
39ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537073061&val=3187058829708213451&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/7f1e280 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
server: OXGW/7f1e280
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?id=537073061&val=3187058829708213451&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame CBF8
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YsVMMAAOOa2V7QAo

43 B
61 B

41ms
40ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537148856&val=YsVMMAAOOa2V7QAo
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/7f1e280 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
server: OXGW/7f1e280
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1657097265.298842,VS0,VE0
x-served-by: cache-yul12829-YUL
x-cache: HIT
location: https://us-u.openx.net/w/1.0/sd?id=537148856&val=YsVMMAAOOa2V7QAo
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 671db463-5d23-e1e5-e18e-d4085eb47935
pr-bh.ybp.yahoo.com/sync/openx/ Frame CBF8 43 B
990 B 32ms
28ms Image
image/gif 2600:1f18:4e9:5a05:2903:4db6:5aa9:2a2
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/openx/671db463-5d23-e1e5-e18e-d4085eb47935?gdpr=0

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:4e9:5a05:2903:4db6:5aa9:2a2 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:45 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame CBF8
Redirect Chain

https://match.adsrvr.org/track/cmf/openx?oxid=f3dad227-cd8f-73ac-d059-c2fda1e3b47c&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072971&val=8c96384d-bd43-4ecf-8a87-9d923f86652d&ttd_puid=f3dad227-cd8f-73ac-d059-c2fda1e3b47c&gdpr=0&gdpr_consent=

43 B
62 B

42ms
40ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072971&val=8c96384d-bd43-4ecf-8a87-9d923f86652d&ttd_puid=f3dad227-cd8f-73ac-d059-c2fda1e3b47c&gdpr=0&gdpr_consent=
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/7f1e280 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
server: OXGW/7f1e280
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072971&val=8c96384d-bd43-4ecf-8a87-9d923f86652d&ttd_puid=f3dad227-cd8f-73ac-d059-c2fda1e3b47c&gdpr=0&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 335

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame CBF8 170 B
188 B 38ms
35ms Image
image/png 142.250.80.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZGZiNTAxZWQtMDRmOC0yZDA4LWM1YjktOTg0NDZiMDE3YTFj

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s36-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame CBF8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPd3n9OwhN_95TM-PsZJsmE&google_cver=1

43 B
61 B

51ms
50ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPd3n9OwhN_95TM-PsZJsmE&google_cver=1
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/7f1e280 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
via: 1.1 google
server: OXGW/7f1e280
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPd3n9OwhN_95TM-PsZJsmE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200

p
a.audrte.com/ Frame F972
Redirect Chain

https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent=
https://a.audrte.com/a?adform_uid=3389439704098990724
https://a.audrte.com/p

68 B
617 B

25ms
24ms

Image
image/png

18.205.54.230
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.audrte.com/p
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: HTTP/1.1
Server: 18.205.54.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-205-54-230.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:45 GMT
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 68

Redirect headers

Date: Wed, 06 Jul 2022 08:47:45 GMT
Server: nginx/1.18.0
Access-Control-Allow-Origin: *
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Location: https://a.audrte.com:443/p
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

/
ps.eyeota.net/pixel/bounce/ Frame F972
Redirect Chain

https://ps.eyeota.net/pixel?pid=kh51m51&t=ajs&uid=73g104gog-2R8KJelRSdxCiKw&gdpr=0&gdpr_consent=
https://ps.eyeota.net/pixel/bounce/?pid=kh51m51&t=ajs&uid=73g104gog-2R8KJelRSdxCiKw&gdpr=0&gdpr_consent=

1 KB
1 KB

25ms
23ms

Image
application/javascript

3.234.8.37
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/pixel/bounce/?pid=kh51m51&t=ajs&uid=73g104gog-2R8KJelRSdxCiKw&gdpr=0&gdpr_consent=
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: HTTP/1.1
Server: 3.234.8.37 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-234-8-37.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:45 GMT
Content-Type: application/javascript
Content-Length: 1248
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Location: /pixel/bounce/?pid=kh51m51&t=ajs&uid=73g104gog-2R8KJelRSdxCiKw&gdpr=0&gdpr_consent=
Date: Wed, 06 Jul 2022 08:47:45 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H/1.1

200

p
a.audrte.com/ Frame F972
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=73g104gog-2R8KJelRSdxCiKw&gdpr=0&gdpr_consent=
https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=73g104gog-2R8KJelRSdxCiKw&gdpr=0&gdpr_consent=&google_gid=CAESED2Q_C5Ys29ozhwGkkfET_U&google_cver=1
https://a.audrte.com/p

68 B
617 B

66ms
65ms

Image
image/png

18.205.54.230
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.audrte.com/p
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=754484
Protocol: HTTP/1.1
Server: 18.205.54.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-205-54-230.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:45 GMT
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 68

Redirect headers

Date: Wed, 06 Jul 2022 08:47:45 GMT
Server: nginx/1.18.0
Access-Control-Allow-Origin: *
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Location: https://a.audrte.com:443/p
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C3F0 0
0 59ms
56ms Image
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220630&jk=3794386596553352&bg=!Hh2lHVnNAAaLlKKnq5Q7ACkAdvg8WtoObmh_gJoz6qw3strh0J6pEaNrpbyLtLHbS20ck00SrlcrdgIAAAMBUgAAAAJoAQeZAuVmhUxf31DDPPlYc3KpYeUTzGyhOR2qr4elfFwI4VHwpeaBG44OP5PjC4B7tw44pYRoETmb5MBCAgnqC0UGguIv9_Oi4hcEL7lgm7E1FIn3jy2yv0Ztv24HsHo3FsN_pPwLXli5QKK_YKzPfPO_zMMeGcieffJUVDxyxkxDXsdzEJ86zVGPQnsMDdjX5jYKrrYjCn-Wps-XRCC-W_MB6hMBZHYTwf-YzVVC1s-TSpVl0gI7ZRtEfRv6QEzkszQLMk2T63qZMW9ti_BV27W3p87FiOHmFiJzrC2tmxNglZfITl0UFP1XuZnB9L41EExRBi9qQkogvrlW7lpiz_3dfYz7FQnTvmic8HY91CnZAoROof-pz3jGQOWXWlNmkZ9yfSDo7XB-0OnGesngoxAG_QmJbVhtz4FlOlS4koMjrKoZS-SqTU4MTqo2rLw6iCC4YlECwWXlcXbprroHcWdohHm4SbCgmmRNVDzYiRfoih1ztnISVerUc6Gd4ox50W1REhnf7vNLTo6oJEasixJu2Vt4IGlC2mgdbYjoqAy3aJGMyR6sxUP4UPa9URTtlqBJ3r7vTmVaZAznZY1ixs3IdJXhEDiRln2ahA30bRSJSUfXzsFUdjr5FC57W8UscRpbQriBlGkqP5Uizng_K7iS73u4REy3IhCUfV-vzP1mmiIfOXDku4ehzDGVwxwnTNWvR6BSm1B5LonKAx5A33RL3FZIiQUn4cmh-zWTf5AU3Vbbxmtj5EoCml_l0d8fpigBgtHBudXcq1zLC_VXlQZEFMFDF0fJuzQM9sXdGql6CjlqoihpDHFrb6CWSQo5lopjF6wCxNCw5_Hy1JgGXslhIaVfbYoxwM_OD0-fYZPm735Llw2Yf3ZY2Jcp3f_nyPi2ZlmXluTquh5jgFHUISjy4ZXlcZaO7437qWMjWwXXh1quF2neSIZ2NRTYvGP7fphKY-pMp--V2WJcWcdmf9JQLrhw9yApY48
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7CAE 0
0 59ms
56ms Image
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220630&jk=1647480985394596&bg=!v7ylvPjNAAaLlKKnq5Q7ACkAdvg8WvxkE11mlEFL9i028mWwNqbpkWcpD8GZKeM_IdKYa9_ALy2ZmQIAAAL6UgAAAAFoAQeZAuJGo0rabTc6MJy6nnMYmTT9fTQT8IdRqORyMXtEkNceU3XMWGK__zMmIzHOh8YinndHZd5n7dzHk5-pS-KpXTPHEtVvfYzta-wTAVIqOsKf43Osac-ek8OlFrchECxUq-WhFTHc7IOqHhEEufhzNn_Yo2BPkWsNkFlUS6l_OSjg_UvM44mRGZ6GgD3StJgW373KpzwTITewBdGhbvEw_zUlAKxw0nVFiRC38s4otK1N8DkmFIJf3YjFZ8JJCpzzWxsWOHPFzTAtX_Sp8BQmRExeluPKgY2XbuTG6vfgNZQ27aClPC870aYuaC-Y334N1fFltteQHPouLjazn-AvvsFR8_wHDSk8CXsUgtOyk7V5tWvgnVl7MzVy5EW0MJMjCQ_V5Ans_abLnAOiHXGyNfQHePmTWJE3X2UfTjtlbJzb6Cml0Pg3z0e37ow_fUe4oRCy-L-LmUlQvz1uhR9JfXSbKEhrwCC_02DkoJWnyK-YdlOy38fvYPlfSdB79tENvOg-Fq2QvxinuFFXFCJZKkSdE4ScMcBhYDf0xvdm7OFpAqzLQ2hiHSKjnREjpGHmwIMuisp4Wflq70tB7wJkkPaqA9EadYsdxJb_Rcvc2uKRZSdqR65dGQz5tTL1PuP2preujXJ8jgvL3d_aMhGnlsuqZUtK-u1U-UidLZqdEhztehhiQBLyaNa3iOxEJp-p0aI_N5GHjs54UfewKQSYfWYcccdw8ts6k5h7wxuni7clyq5v_lR1MHL507NIs7H6dYRz78Bukc58Jh1SB8lzNi8T4Gsz2Vu8t4e0I6S8wAiQVaB_4ZurYzxLYyglfaXgtAtH8yJ1g0fTYISdybTbFtF5Cir0K25xDGBTsOoNHrh3kEfxsyLcl0ALbNVDDeddx66R5QRvzv9oY9p0yMYikdgHcVOBIuf-5KwDdcrI5465GgrowCLWYlYSwRQabx1ZDbDBM00XbLu1mAKpZyAhIpy4YiI
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame FA0F 15 KB
6 KB 24ms
19ms Document
text/html 23.52.161.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=651796
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-161-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=87012
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Wed, 06 Jul 2022 08:47:45 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Thu, 07 Jul 2022 08:57:57 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame C35A 2 KB
814 B 13ms
10ms Document
text/html 51.222.39.187
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=75a1922f904cc20

Requested by

Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=651796

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.222.39.187 , Canada, ASN16276 (OVH, FR),

Reverse DNS

ip187.ip-51-222-39.net

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
content-type: text/html
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK csync
sync.adtelligent.com/ Frame 27FE 43 B
323 B 20ms
18ms Image
image/gif 23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?redir=
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=651796
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:44 GMT
Server: VertaMedia 1.0
Etag: 86a13ba6ab56d298
Content-Length: 43
Content-Type: image/gif

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 51EB 0
0 56ms
56ms Image
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220630&jk=1639146198188895&bg=!mJulm9_NAAaLlKKnq5Q7ACkAdvg8Wv_2QiuukhjuHLBxHLPbOJ7KQ6-g9gdxfDfkdZ56CT1p8grOwQIAAAK6UgAAAAJoAQeZAvplA-BKKa4x9sMSGJe91yQdkkfIdcxFiw7OH5AVhAGHNy3xgqIaUvDFPthuTC0HMLL0Iqy1nUE6PAY1RIC554llwxvUsW35e0Vmq4Idn9gUW1wi3ANJSGaPA74oQScCqgZ8SnwVE9XA4TUgdEJ3fQK_Al-XcBGqAbSi8ykAht31cgyqJEYoBOIg4BmvwKPe3TXWyRcozAOvEmsF9vVa6v4FHCwBFf9WgP1TtFVP4uauPkTSZoVPsp9Fzxp_Z2KOzWStGqpjWzZi8ehTGaKqT3CIHgcHkXzomBc3AP3RkeCTmEE5rXqYOqcz1BosyfGShQUstxy7csCVkW3_S98xm7dU7S8WtzYDGUkTa2AX3t0-kQezY9Jfh2Uxjg7Bwr-fH2a5qQr1WSDjsX2FzPR3Gai748lyzuoXvPl0itmp8L290ih0SNHGLsgKSO9igMikCri2VtkUkINS8m6Aa9FKQ1I3XE7MDfYy5VdJvceR2e92iqYFiEn6CXTs6R_8dW2EyECPVFezrdFfXYl1YufqXjjiaRVPDCtO25S5WN7oB8Gnw8mTyRlq2qNRgQaADLEXbZ_w8ukFlBN7_ilILdc7FlsCcj3iUO1FpQnNiEejehw-t3ebSOWwyoIcpXx4G4PEH8jWaTRCbHO9QzdAAlGZSVHv60yLEC6ujKfxMa1WeFotHtKnVh_6Bju6lzO34lfD4UkblXeRA9HLy-GCQ5m9hkElVyf-FYmibXTYz0_5ZEWm773gdevs5bHwqOQLKskpOyF52io8TYCNTybI7iddqgQzHP0Gc7xYHVgNeqUQWAG4A2TKrd4Lc8jS5Nv2SjYevePnHnBXO5H-zYGeiA84eNYTbM22zaVHN1zZBjevVH5rha-l8tDmbW1qokpNeLZj5B0SmkElapfyd4ip02E3iYOodBBLbYEFHQ-Oum-8BnPjSz91on6rnkztfk89zisBncDvQyRd5D830GSuFvgjHsuhrLlZ_ueHei65HFafQR5AkdX5Gvn8A1lp85g
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame A692 0
0 54ms
53ms Image
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220630&jk=1983468088472933&bg=!CQqlCk7NAAaLlKKnq5Q7ACkAdvg8Ws8BwEgg3kn4icV5aYXuC5uzF0YKy8AcwI8b4BGpncwpy3Y2pQIAAALAUgAAAAJoAQcKABHSSw109WCEDhCq-izNu7DZn5kC6IIFlTCdlPcaDLLGnIcmHnRidkonUBw4wysztA9v2wJsotkCcaHAeU1C5fq08ZjjPteqX5z7PTeXWzE2dcKnmKp0ZCVnsgoWPCQx7NHZNyiuEdPV3cbdDCwx0L03Exbd-LrBzkeEfcOOL0_IiCjWBLvRne-4FDVy1v3WaWQOw2VACZN3Hpzpd3obbhr0ZFFU2kU0Q00njtmTQSf317LdwVNi3Jnqkcz2YZMVYOZ550UEuvkXKFph2bqhEE9w1f3WJ_axWNuQnqoash1YIKYFhaUVRdUuo-0fncEJudtn-d31Jg7fpn2V0r6vmtsGhTn-NhPhQ3FWngwROsAPn1YaCIApYoks3qQXEopobCgHpyaAvnRv2-syB71ygD-gEwvNcnLmnJVpDfvMjSRBp5JHJFCeZEXdDzvlK8_LoPGCCFXX6LiNXWWw3jKNzsRELWBVZYJrmYlJRskU8Pv_W54jIZxAUuPYnSEjhTcdfkd0wzB-OWwzZBN0u3fXRyftqS9IzoXy9vpCnLdf5XDrp-ySfyKcOoXoyP2BJ7BlNAy6ZUc2vwQ7IKthms9HPxKD26ShrG3RULZtsX0gAnAvBnQALSe5EkC2UDeflzowjRT-MSys7KIeWydKLvcL5prp4Yf3-BNUmwvElfdneigkLAHjR57Sp_8-SnD3603eRoeNrnLXxZmD38q-BnNC7U5bgD9DymTHs3MJXB1oNA81vsrR0nEWsS_pXirbFQ70MnvAf56q7k5Oii1N0LSkGBrWV_gzdDmzXrZyhq4nDyKjk87k6AhDbvDQvfmtflLaSuVAN4yMNSXwhdymzWwuvg4hYDOJJEjpX5VCmhLJ2K_EoZXY8phVa202GuSziP9mVznwVChKnDYG0_jzteEjbvwNibmeLI8jjpZt3GtF_FhNYub1Pv4qkcjp0pfNbMR8Z2yqBMrJ7A0VLfh86ooYxYGqh08WgzIw8OZ9bejYGdXAYZac6L84fZ23zO0Q7g
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F4B6 0
0 56ms
56ms Image
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220630&jk=1212025964126670&bg=!EBOlE1fNAAaLlKKnq5Q7ACkAdvg8WnLKs4e4BKTXAh5t9B75Rr2kBd_kgxSXfHuU7Q4JVR9my3DwCQIAAANJUgAAAAJoAQeZAuhQ0nmGStHBdA38S06jVmCryfzpTWXau8gJAY-9Xm0j4rJqI6uCurFW-UyCcZ9Fzcxz7ocwlb-hzMD-QlDLZ-dLLRUZHbcarwB7g7A0tH2n3TkpbcI8lXCpfnUsCjXp6PFOG3CiBw99JZ2CaP09sK_fhpy4FKm45poiZi5VaLvKqiOZ_0MwkhXoKpjzYRHHsjFWVUW9iLU85a-F3ohCIvjU2Gtw7bsb4o7OVVHOwwUI4DKVX7aw-VAsDOrzF72msnco8Lcx1Pd7_cQ1DMuyYLqggm6ZczbN74YDQDIL6WFe9CU1jiV0T2fa82m6m3omuhhyLQ_ysOwqQ6OzU3cwFec4CQITdP7UGHcnqQLtyQOaB-6m5O9uSGnLkdE0FD534MLSnZMvPMBqD21-HWJxz3omg8NIKvDaACqcy-76QBI5gRBlrSoJOQ-guhTcRfIXokvghhJcq1lJfBKqz1iXYkKj19-BuCA6Awtyelm3bGbwAulLBReGDG1AMBQ0D8omHTg-HXPdiV8x8Xs9wr3u_zA3bA1K18ay-akxkjCsCx_fBHynEI89Z9ftmRxPNFxHBq8jDDcYwVAEMImQr3jlls9IPH8PMACpJTDEa5PUZc64ffkDoGXpCyda8QF8jiA0SnL7gjpg_mcC7MbK5n0yJ1sTLFHDHSnWJbeKADAkLbKUnIBXxsdVLQMvabr3t0YDQF3DmG4L-lNMBC_8X4zsEANA_qV5QLah2maLCZW4-kIJP4zSnZtn_c_kBFeTIIqjL3gYRnJN7i86JBdipYIDEAmjvtxW2wczwmir2sNIp9Rbb-K1LnhI2UWedNcuwUnAC6DQ2aJ31aHTi05ws7iPonr3Kytl6p-fLWyZnT_-GsmTIxv0oOVWZd-y_X1jUMYh_C-zHNQU6J5NOl0XUzUZ1PEWOuy04oGhD-vji5-Q_fVUgoQfvbQFoyhdHy7q2mVtKIrxulkhNBZbDEH0y2ynHKMKArrcQEXXWvE
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H/1.1

200
OK

csync Show response
sync.console.adtarget.com.tr/ Frame DC23
Redirect Chain

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
https://sync.console.adtarget.com.tr/csync?t=a&ep=307457&extuid=3389439704098990724

0
406 B

19ms
18ms

Document
text/plain

23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=307457&extuid=3389439704098990724
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=755289
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://s.console.adtarget.com.tr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Content-Length: 0
Date: Wed, 06 Jul 2022 08:47:45 GMT
Etag: db3568928439bcef
Server: VertaMedia 1.0

Redirect headers

content-length: 0
content-type: text/plain
date: Wed, 06 Jul 2022 08:47:45 GMT
location: https://sync.console.adtarget.com.tr/csync?t=a&ep=307457&extuid=3389439704098990724
server: nginx

GET
H/1.1

200
OK

csync
sync.adtelligent.com/ Frame 88CE
Redirect Chain

https://sync.console.adtarget.com.tr/csync?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D318342%26extuid%3D%7Buid%7D
https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=db3568928439bcef

0
387 B

19ms
18ms

Image
text/plain

23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=db3568928439bcef
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=755289
Protocol: HTTP/1.1
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s.console.adtarget.com.tr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:45 GMT
Server: VertaMedia 1.0
Etag: 86a13ba6ab56d298
Content-Length: 0

Redirect headers

Location: https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=db3568928439bcef
Date: Wed, 06 Jul 2022 08:47:45 GMT
Server: VertaMedia 1.0
Etag: db3568928439bcef
Content-Length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1E11 0
0 56ms
56ms Image
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220630&jk=2558309577735024&bg=!9Pel97PNAAaLlKKnq5Q7ACkAdvg8WrnpgCgJybzF3ju6gwY1iTJbkHuhn5l7gkWZBtcpkovRGOTR3gIAAAKQUgAAAAJoAQcKAG3tvxUJn9Z0bocZwco8BKlfZ8-hcTp9mJF8xody3tNTwKfzFY40x9KQ-MIB42PrH-srRhB3AJBcDCifksGCI35dk5PDRZtTDL6jnDImguxThD7e3amt4Hf7TnC2bvn2gNBXXTqQy7Qa67NpScV5mQLrKzB8jYFw0Ad3EdnUWWrmNEGULA9Y26rSer1jQr-mwhYQY9NgK9VizP6Fq8W485ibhGC_8nAU1oSMamrkcwd0lK8A8cVGYnvqtgkYOfD-CUH1pkFNiW7bIg9m5_v6e6l04-n1p8kc-SW0Jl9XBRarD1bFZ2RL0kUxDvATvoDjHWVavvd3140OKd1joNicgcIkxuRw0v1xsskJTcWp0stBfOwecVc2sf4hHTC6t9UoPMzacZr8-M6bgufFXowh6mwdUBxJDpfmn1nLpEAzsx5B4-eSpMiwI4abeAYTQ8ioQkzeTz0JQ3hAYtPlkZsd4Y1hpQGmqLJOPPPkByo9XCrt4NzOMBxQtCrmrSJFwPDQYHPI0mlDMiaKsUKj-nVrzmxJvTeGZ0wS24ae_ETHd0mRH4xJYg65iBN4hlteO75msyBINH2zj7XGyVqU9DiPxt9bGdY241_v73NFmnHE-enPjmDRjKbctZqVl43h79lnNceWxb1fIOJj9eCE6NcGAQ5NcHNqIi1XStSKndx3Vsc2Bx0EG0IiJv26BWYqkiibVCpslp0Ex56Qu_gvFdYUigY6yX9rxRFkU5hxYV3vqjOc9z_RKqzO0UT2k9rRcCnsfHg4gTOZxm1rlM8FpjaNqo0X8v9L87PTUB45fPepAyY_9bacxqH31LHzySHRgaitjlerwbnH5hNsONAOridOih5HNdJ6suJEi0bH6Vgu4gJcy-rSqOuDuLNd9ayOr553njVnPPTbLUsqXgShLPOxjk_liheQH1dgzk_0WibPXr8d-Tyczh7qXOd_Pg7jQ7FkydMH1GOMNbBDqYpzntEVPAh8WtpWagsNZ3qHpgLIMdOECrU0Gdqqqj-LOt633nPpGsfygKUFGbOr0qpvk4Fet2AMulhFUZw3e93ec95TeEVBUmBjT29sYmp6PCJDTP84C8cQSP6Uva9Uf3_qY-X5715n6RxWp3Hn5C0tQEYNHhVu77tbGNjX0oD259mX
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AC77 0
0 82ms
82ms Image
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220630&jk=4227453080290102&bg=!ammlaS3NAAaLlKKnq5Q7ACkAdvg8Wsj5oRNYSVIcbnnF0FtbOC_Nlukpbs-Z_enn3-7EkmlqFrstOwIAAAJyUgAAAAJoAQeZAt6eube0tG2zj7uhR7ICqY_rqaQHs_bOerSC0OO44b3gbVT3x058G5U3KUxX38iC_hyMGZDZh4sBdhaPzEg5SB50tiVSSPvneTuw3hfYOHljGxRFOf8mLJ2u5LOv7FmZrrzTigoCRgRtEERbgKqiv5trBC3B3zhVY-nsh-ms5jAiAY2-qilG0H1Ws35q__G-V402VDiDjNYw4GrgPDHTsBxPa9QaRLvlZwQVrm6hMGCw9kzQ0BbimrYzyTeIlSRcCxKZAvJYkPtjKMuNsSXiKYm1oo4iMTmORjxVz5zcANfNn8yb9rNNuX1FyWsPxNkrLaZAhz64UJhtf4XJJaDex5CL-caRjGft_-mBPPGDDjMJeCuFQ_tUvCrpD5Pgi811m3atSpe9SbOxUtWNXbUNHNb0p58YSv8QOk8yQZCEY3MwsbrJNqkmHJhAc4ccF_e_WVIUzcrgGKAOrZLXWgRuNIXEFk0k7J35NGYeYUwxjvdlkyMQPWInvGbt7oKRz0QghDpT5RuseKWtw0azWv-aNhWFEiVEJciaUW0HJairyRgsyBDgRAIwsv0icSskzu5D9rnet-cbvZp1myWqw32jJrXLsQ86pxvMJLRcoxWrzPxCwZyrr_sB_lz0eHECR8EopF_gLgPx_aTUVD1I_eJTPQjzYO-xaznxbkC9wO2HjC9Oy4iB2V22It6ravwTapVJ4et099E58mSAgqHsrJZz4J2YFlQ0YtC3bai39TCwbzO70pr2i-HuYG-TwmxuN79OvrcZuPpiVSG8PE56adzFxVoZLGzLXMq3aClgQeFOV5PI8Vtmu9jbG0OGCEx2eF-tyTmZPq_ADYNnwxhBrYCtsqy48vASDcZgzxk6xQYarXYYqrfnNcPrpaYeveFnESiyYfCwJgmiYoZW_xCr4kwK2-cD3vkyIbfxnSQoEQul78WvktkzCug2Ky1nYjg524ty3-3IBhpAaPPDKt_w2E2UJA
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H/1.1

200
OK

csync Show response
sync.console.adtarget.com.tr/ Frame B89C
Redirect Chain

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
https://sync.console.adtarget.com.tr/csync?t=a&ep=307457&extuid=3389439704098990724

0
406 B

19ms
18ms

Document
text/plain

23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=307457&extuid=3389439704098990724
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=755289
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://s.console.adtarget.com.tr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Content-Length: 0
Date: Wed, 06 Jul 2022 08:47:45 GMT
Etag: db3568928439bcef
Server: VertaMedia 1.0

Redirect headers

content-length: 0
content-type: text/plain
date: Wed, 06 Jul 2022 08:47:45 GMT
location: https://sync.console.adtarget.com.tr/csync?t=a&ep=307457&extuid=3389439704098990724
server: nginx

GET
H/1.1

200
OK

csync
sync.adtelligent.com/ Frame BA2C
Redirect Chain

https://sync.console.adtarget.com.tr/csync?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D318342%26extuid%3D%7Buid%7D
https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=db3568928439bcef

0
387 B

19ms
19ms

Image
text/plain

23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=db3568928439bcef
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=755289
Protocol: HTTP/1.1
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s.console.adtarget.com.tr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:45 GMT
Server: VertaMedia 1.0
Etag: 86a13ba6ab56d298
Content-Length: 0

Redirect headers

Location: https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=db3568928439bcef
Date: Wed, 06 Jul 2022 08:47:45 GMT
Server: VertaMedia 1.0
Etag: db3568928439bcef
Content-Length: 0

GET
H/1.1

200
OK

csync Show response
sync.console.adtarget.com.tr/ Frame 2B84
Redirect Chain

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
https://sync.console.adtarget.com.tr/csync?t=a&ep=307457&extuid=3389439704098990724

0
406 B

20ms
19ms

Document
text/plain

23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=307457&extuid=3389439704098990724
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=755289
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://s.console.adtarget.com.tr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Content-Length: 0
Date: Wed, 06 Jul 2022 08:47:45 GMT
Etag: db3568928439bcef
Server: VertaMedia 1.0

Redirect headers

content-length: 0
content-type: text/plain
date: Wed, 06 Jul 2022 08:47:45 GMT
location: https://sync.console.adtarget.com.tr/csync?t=a&ep=307457&extuid=3389439704098990724
server: nginx

GET
H/1.1

200
OK

csync
sync.adtelligent.com/ Frame A4D9
Redirect Chain

https://sync.console.adtarget.com.tr/csync?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D318342%26extuid%3D%7Buid%7D
https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=db3568928439bcef

0
387 B

19ms
19ms

Image
text/plain

23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=db3568928439bcef
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=755289
Protocol: HTTP/1.1
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s.console.adtarget.com.tr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:45 GMT
Server: VertaMedia 1.0
Etag: 86a13ba6ab56d298
Content-Length: 0

Redirect headers

Location: https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=db3568928439bcef
Date: Wed, 06 Jul 2022 08:47:45 GMT
Server: VertaMedia 1.0
Etag: db3568928439bcef
Content-Length: 0

POST
H2 200 data Show response
bcp.crwdcntrl.net/6/ Frame F972 139 B
996 B 139ms
78ms XHR
application/json 52.1.175.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/data
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.175.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-175-157.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 250eb1a78b2f5a4738aead025e55baab20b06e96715e322139822f83096e65e4

Request headers

Referer: https://ads.us.e-planning.net/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://ads.us.e-planning.net
cache-control: no-cache
x-server: 10.40.11.49
access-control-allow-credentials: true
content-type: application/json;charset=utf-8
content-length: 139
expires: 0

GET
H2 200 lt.iframe.html Show response
tags.crwdcntrl.net/lt/shared/2/ Frame 4629 2 KB
1 KB 21ms
21ms Document
text/html 13.224.214.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/shared/2/lt.iframe.html?c=15238
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-92.phl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 63cf7a38baaaaebc012cfc355797544949b60c040b5da57560f26d88502d1372

Request headers

Referer: https://ads.us.e-planning.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 70650
cache-control: max-age: 86400
content-encoding: gzip
content-type: text/html
date: Tue, 05 Jul 2022 13:10:16 GMT
etag: W/"6fcf4f5197ab24c92d090f6ac8d87e01"
last-modified: Mon, 01 Feb 2021 20:35:17 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 c8e0acf79809da404c9ef6a70cdd4fde.cloudfront.net (CloudFront)
x-amz-cf-id: 5Uy23CZWrrRHzWEpb2kyfumanfM7UALbibuTeB0Af593X5BcrsTMvA==
x-amz-cf-pop: PHL50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront

GET
H2 200 pixels Show response
bcp.crwdcntrl.net/ Frame 0D42 997 B
1 KB 25ms
24ms Document
text/html 52.1.175.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/pixels?s=22%2C38%2C104%2C80%2C12%2C3&c=15238
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/shared/2/lt.iframe.html?c=15238
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.175.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-175-157.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 395a5a95d40fa465eb2042140c8129176c6719cf937b2232b4320c3cb5e4ebee

Request headers

Referer: https://tags.crwdcntrl.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-cache
content-length: 997
content-type: text/html
date: Wed, 06 Jul 2022 08:47:45 GMT
expires: 0
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
pragma: no-cache
server: Jetty(9.4.38.v20210224)
x-server: 10.40.36.224

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 0D42 170 B
188 B 36ms
36ms Image
image/png 142.250.80.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=OGJmMWY5YzhmZGM4MTJhMWIyMDQ4MmQzM2E4NTJkMQ&gdpr=0

Requested by

Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C38%2C104%2C80%2C12%2C3&c=15238

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s36-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

qmap
sync.crwdcntrl.net/ Frame 0D42
Redirect Chain

https://sync.mathtag.com/sync/img?sync=auto&mt_exid=10040&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D4735%26tp%3DMDMA%26tpid%3D%5BMM_UUID%5D%26src=lot%26gdpr%3D0
https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=e9ae62c5-4c30-4a00-a0b2-0083c4f1a87e&src=lot&gdpr=0

49 B
264 B

27ms
27ms

Image
image/gif

52.73.102.235
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=e9ae62c5-4c30-4a00-a0b2-0083c4f1a87e&src=lot&gdpr=0
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C38%2C104%2C80%2C12%2C3&c=15238
Protocol: H2
Server: 52.73.102.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-73-102-235.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.9.95
content-type: image/gif
content-length: 49
expires: 0

Redirect headers

Date: Wed, 06 Jul 2022 08:47:45 GMT
Server: MT3 4475 c1dc35a master iad-pixel-x14 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=e9ae62c5-4c30-4a00-a0b2-0083c4f1a87e&src=lot&gdpr=0
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 06 Jul 2022 08:47:44 GMT

GET
H2 204 sync.gif
dmp.truoptik.com/f2d2e39fc16bc9cc/ Frame 0D42 0
546 B 106ms
52ms Image
text/plain 104.16.112.154
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.truoptik.com/f2d2e39fc16bc9cc/sync.gif?cbp=tpid&cbk=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10832%2Ftp%3DTRUP

Requested by

Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C38%2C104%2C80%2C12%2C3&c=15238

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.112.154 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
x-content-type-options: nosniff
to-dmp-sync: s2a-dmp-use1-aws.truoptik.com
server: cloudflare
user-agent: Tru Optik DMP 1.3.1
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-origin: *
cache-control: no-store
strict-transport-security: max-age=15552000; includeSubDomains
cf-ray: 726713d78c83a202-YYZ
cf-cache-status: DYNAMIC
x-xss-protection: 1; mode=block
expires: 0

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame 0D42 0
338 B 88ms
23ms Image
text/plain 52.205.48.68
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=lotame&partner_uid=8bf1f9c8fdc812a1b20482d33a852d1
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C38%2C104%2C80%2C12%2C3&c=15238
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.48.68 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-48-68.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:45 GMT
cache-control: private, no-cache, no-store
x-request-time: D=99 t=1657097265
x-served-by: beacon-n014-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 5907
tags.bluekai.com/site/ Frame 0D42 62 B
451 B 80ms
79ms Image
image/gif 23.217.56.119
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/5907?limit=0&id=c9c7d8eaca41b3ec8b6f3df5d1db1643
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C38%2C104%2C80%2C12%2C3&c=15238
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.217.56.119 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-217-56-119.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:45 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
content-length: 62
content-type: image/gif

GET
H2

200

gdpr=0
sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=3187058829708213451/ Frame 0D42
Redirect Chain

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzQ4ODM4MC90LzI/dpuid/8bf1f9c8fdc812a1b20482d33a852d1/url/https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=$!%7BTURN_UUID%7D/gdpr=0
https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=3187058829708213451/gdpr=0

49 B
264 B

27ms
27ms

Image
image/gif

52.73.102.235
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=3187058829708213451/gdpr=0
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C38%2C104%2C80%2C12%2C3&c=15238
Protocol: H2
Server: 52.73.102.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-73-102-235.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.9.220
content-type: image/gif
content-length: 49
expires: 0

Redirect headers

location: https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=3187058829708213451/gdpr=0
pragma: no-cache
date: Wed, 06 Jul 2022 08:47:45 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H3 200 c
c.mgid.com/ Frame C257 43 B
278 B 42ms
41ms Image
image/gif 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.mgid.com/c?f=1&pv=3&v=314|274|8|6HO8IGkyEQE6mQw8Z8KsnhbCUIxuN5UtCi3TJw4iYkHsFEuXBqMMCWgsovReU0gd&fw=1&extjs=3&v=314|274|8|6HO8IGkyEQE6mQw8Z8KsnoPEOTx3pTwETxI6LSpS5dv3V_hg5rTJe-XJL3CgqaB4&v=314|274|8|6HO8IGkyEQE6mQw8Z8Ksnml5EleZD1YKlfTgMpS7CeV-vEBh98peAW9Y-KZ3CVH5&cid=1179917&h2=cWoLQ9d5sZtgNcwMrUoCi4Ls9v9xzA87NAs5eWhW3qc*&rid=4dc0b791-fd08-11ec-9b49-78ac440ce5be&tt=Referral&ts=banten.hallo.id&iv=11&pageImp=1&pvid=181d2b19aa587b48faa&muid=m66GW8FclGL1&cbuster=1657097266061747597032
Requested by: Host: banten.hallo.id
URL: https://banten.hallo.id/entertainment/pr-563825832/link-nonton-film-thor-love-and-thunder-melawan-gorr-the-god-butcher
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:46 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: 23060121-10ca-4b4b-9eeb-d8aa89aa3bb7
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cf-ray: 726713d8fc1954cd-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
server: cloudflare

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame FBE6 0
260 B 116ms
24ms Script
text/plain 8.28.7.84
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=0&gdpr={gdpr]&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr={gdpr]&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D558003%26extuid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.84 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:43 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 42ms
42ms XHR
application/json 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022062801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8e0674535a3d47d66380b298ae82d41654d4070ed686eeceff043fe981164c4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Jul 2022 08:47:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10836
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 46ms
45ms Script
text/javascript 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Jul 2022 08:47:46 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame BC97 13 KB
5 KB 20ms
19ms Document
text/html 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banten.hallo.id/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 24133
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 02:05:33 GMT
expires: Thu, 06 Jul 2023 02:05:33 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5D9C 783 B
536 B 41ms
39ms Document
text/html 2607:f8b0:4006:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2004 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

06bcc46e3c88e70f171d1589942240572491a507eabddcdd1e82e2842941d880

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-rAQCne0dzhDE6ZRUkw65GA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://banten.hallo.id/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-rAQCne0dzhDE6ZRUkw65GA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:46 GMT
expires: Wed, 06 Jul 2022 08:47:46 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 SDwrgNAjdQsa4VNQPO_RFNWmztQcb_iohgsAvJm3iSQ.js Show response
pagead2.googlesyndication.com/bg/ Frame BC97 35 KB
13 KB 19ms
19ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/SDwrgNAjdQsa4VNQPO_RFNWmztQcb_iohgsAvJm3iSQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

483c2b80d023750b1ae153503cefd114d5a6ced41c6ff8a8860b00bc99b78924

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 05:07:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13195
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13718
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Jul 2023 05:07:51 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5D9C 0
0 50ms
49ms Image
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022062801&jk=1953102225479114&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame BC97 0
9 B 20ms
19ms Image
text/plain 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?_le-5A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81c::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame BC91 5 KB
5 KB 24ms
24ms Script
text/html 8.28.7.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=45543128&p=156813&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.81 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 52de626a140344716929a35c04623b327127fbe9dcb6436eef3ca1fd0f1570e2

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:46 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame CC6F
Redirect Chain

https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzAmdGw9MTI5NjAw&piggybackCookie=di_36219b9470134ebfa1e5f

42 B
407 B

24ms
23ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzAmdGw9MTI5NjAw&piggybackCookie=di_36219b9470134ebfa1e5f
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Wed, 06 Jul 2022 08:47:47 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
content-type: image/gif
date: Wed, 06 Jul 2022 08:47:46 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzAmdGw9MTI5NjAw&piggybackCookie=di_36219b9470134ebfa1e5f
p3p: policyref='http://cdn.deepintent.com/p3p.xml', CP='NON CUR DEV TAI'
server: c

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame A432 43 B
363 B 73ms
23ms Document
image/gif 74.119.119.150
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-cache
content-type: image/gif
cross-origin-resource-policy: cross-origin
date: Wed, 06 Jul 2022 08:47:46 GMT
expires: Wed, 06 Jul 2022 00:00:00 GMT
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 686188
strict-transport-security: max-age=31536000; preload;
x-errorlevel: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 117B
Redirect Chain

https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=4f595dc4-fd08-11ec-a7aa-683779566213

42 B
244 B

24ms
24ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=4f595dc4-fd08-11ec-a7aa-683779566213
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Wed, 06 Jul 2022 08:47:47 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Content-Type: image/gif
Date: Wed, 06 Jul 2022 08:47:47 GMT
Expires: Thu, 23 Sep 2004 17:42:04 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=4f595dc4-fd08-11ec-a7aa-683779566213
P3P: CP="NOI OTC OTP OUR NOR"
Pragma: no-cache
X-RealServer-NX: lga-delivery-5
server: Cowboy

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame D5AB
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=KElQabhlS19wIXE0Qn0NFpU4mbw

42 B
203 B

24ms
23ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=KElQabhlS19wIXE0Qn0NFpU4mbw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Wed, 06 Jul 2022 08:47:47 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 159
Content-Type: text/html; charset=utf-8
Date: Wed, 06 Jul 2022 08:47:47 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=KElQabhlS19wIXE0Qn0NFpU4mbw

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame BB3B
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005&rndcb=7247901137
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=adconductor&bsw_custom_parameter=09b3299d-acd9-44cb-8002-aa2609ca1291
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=adconductor&bsw_custom_parameter=09b3299d-acd9-44cb-8002-aa2609ca1291
https://x.bidswitch.net/sync?dsp_id=4&user_id=ba71d331-d2a4-4461-b7ff-6e03ee2940be&ssp=adconductor&expires=30&user_group=5&bsw_param=09b3299d-acd9-44cb-8002-aa2609ca1291
https://sync.1rx.io/usersync/bidswitch/09b3299d-acd9-44cb-8002-aa2609ca1291?gdpr=&gdpr_consent=
https://sync.targeting.unrulymedia.com/csync/RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005

42 B
254 B

37ms
37ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Wed, 06 Jul 2022 08:47:47 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Type: text/html
Date: Wed, 06 Jul 2022 08:47:47 GMT
ETag: RX1eb7b0f4ce65495f872e8e080c7f362d005
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Transfer-Encoding: chunked

GET
H2

200

pbmtc.gif Show response
beacon.lynx.cognitivlabs.com/ Frame 6FB6
Redirect Chain

https://beacon.lynx.cognitivlabs.com/pbmtc.gif?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=adc8c6bb-3df4-4525-99c4-8e75d00dda9a&r=https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=$...
https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1

42 B
352 B

70ms
69ms

Document
image/gif

3.215.99.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.215.99.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-215-99-170.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-length: 42
content-type: image/gif
date: Wed, 06 Jul 2022 08:47:47 GMT
server: Kestrel

Redirect headers

cache-control: no-store, no-cache, private
date: Wed, 06 Jul 2022 08:47:47 GMT
location: https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 9A69
Redirect Chain

https://ums.acuityplatform.com/tum?umid=6
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=679010260583

42 B
190 B

25ms
23ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=679010260583
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Wed, 06 Jul 2022 08:47:46 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Access-Control-Allow-Origin: *
Content-Length: 0
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=679010260583

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 2C94
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:WL62lS3y1O90Hh5&gdpr=0&gdpr_consent=

42 B
196 B

24ms
24ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:WL62lS3y1O90Hh5&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Wed, 06 Jul 2022 08:47:47 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Date: Wed, 06 Jul 2022 08:47:46 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:WL62lS3y1O90Hh5&gdpr=0&gdpr_consent=
Pragma: no-cache
Server: PingMatch/658332f#658332fc5aaa95d8a9be88d89d84d3c319923363 i-0c0aa5ccbfd30ab7b@us-east-1d@dxedge-app-us-east-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains

GET
H2

200

i.match Show response
s.tribalfusion.com/z/ Frame C216
Redirect Chain

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...

43 B
417 B

97ms
85ms

Document
image/gif

2606:4700:4400::ac40:98f5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:98f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache private
cf-cache-status: DYNAMIC
cf-ray: 726713e0ad4e543d-YYZ
content-length: 43
content-type: image/gif; charset=utf-8
date: Wed, 06 Jul 2022 08:47:47 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
x-function: 302

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache private
cf-cache-status: DYNAMIC
cf-ray: 726713e00c2c543d-YYZ
content-type: text/html
date: Wed, 06 Jul 2022 08:47:47 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
x-function: 206
x-reuse-index: 4033

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame A288
Redirect Chain

https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID
https://px.owneriq.net/ecc?redir=https%3a%2f%2fsimage2.pubmatic.com%2fAdServer%2fPug%3fvcode%3dbz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw%26piggybackCookie%3dQ7103836671686527548&uid=Q710383667168652...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7103836671686527548

42 B
220 B

26ms
26ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7103836671686527548
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Wed, 06 Jul 2022 08:47:46 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Cache-Control: max-age=75809
Connection: keep-alive
Content-Length: 154
Content-Type: text/html
Date: Wed, 06 Jul 2022 08:47:47 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7103836671686527548
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: Apache/2.4.6 (CentOS)
Vary: Accept-Encoding
X-Powered-By: PHP/7.3.33

GET
H2

200

rtb-h Show response
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame A059
Redirect Chain

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=b30d8f4d-72b6-458e-8ecc-7c27b571c983-tuct9bed1b1&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...

0
149 B

62ms
30ms

Document
text/plain

151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=b30d8f4d-72b6-458e-8ecc-7c27b571c983-tuct9bed1b1&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
content-length: 0
date: Wed, 06 Jul 2022 08:47:47 GMT
server: nginx
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-yul12832-YUL
x-timer: S1657097267.244579,VS0,VE20

Redirect headers

accept-ranges: bytes
content-length: 0
date: Wed, 06 Jul 2022 08:47:47 GMT
location: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=b30d8f4d-72b6-458e-8ecc-7c27b571c983-tuct9bed1b1&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
server: nginx
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-yul12825-YUL
x-timer: S1657097267.180206,VS0,VE21
x-vcl-time-ms: 21

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 8641
Redirect Chain

https://gocm.c.appier.net/pubmatic
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=HNttt3EmC6GFyg9eM0zFYg

42 B
227 B

24ms
24ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=HNttt3EmC6GFyg9eM0zFYg
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Wed, 06 Jul 2022 08:47:47 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

cache-control: no-store
content-length: 153
content-type: text/html; charset=utf-8
date: Wed, 06 Jul 2022 08:47:47 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=HNttt3EmC6GFyg9eM0zFYg
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: nginx

GET
H/1.1 204
No Content pub
matching.truffle.bid/sync/ Frame 7499 0
0 317ms
102ms Document
text/plain 162.55.120.196
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://matching.truffle.bid/sync/pub?sid=161&suid=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDQmdGw9MjAxNjA=&piggybackCookie=$UID

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.55.120.196 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.196.120.55.162.clients.your-server.de

Software

nginx/1.21.6 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Connection: keep-alive
Date: Wed, 06 Jul 2022 08:47:47 GMT
Server: nginx/1.21.6
Strict-Transport-Security: max-age=15768000

GET
H/1.1 200
OK cookiesync Show response
core.iprom.net/ Frame EBD5 43 B
277 B 476ms
122ms Document
image/gif 195.5.165.20
IPROM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://core.iprom.net/cookiesync
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.5.165.20 , Slovenia, ASN44968 (IPROM-AS, SI),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Connection: close
Content-Length: 43
Content-Type: image/gif
Date: Wed, 06 Jul 2022 08:47:47 GMT
Vary: Accept-Encoding
X-adserver-worker: komodo-96064b315961@version_1.518
X-core-time: 0ms
X-server-arch: v2

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 18A9
Redirect Chain

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0

0
74 B

23ms
23ms

Document
text/html

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 06 Jul 2022 08:47:47 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 726713e1a868a1de-YYZ
content-length: 0
date: Wed, 06 Jul 2022 08:47:47 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
server: cloudflare

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 33E2
Redirect Chain

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=fa5ae6a3-8da4-4b55-8126-1b2ec63dce94

1 B
53 B

23ms
23ms

Document
text/html

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=fa5ae6a3-8da4-4b55-8126-1b2ec63dce94
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Wed, 06 Jul 2022 08:47:47 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Wed, 06 Jul 2022 08:47:47 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=fa5ae6a3-8da4-4b55-8126-1b2ec63dce94
strict-transport-security: max-age=15724800; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame B388
Redirect Chain

https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
https://um.simpli.fi/bnmlahttps%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D6%26uuid%3D%24UID
https://match.bnmla.com/usersync?dspid=6&uuid=B242526CF2DB4B7AB8F295AB005A6121
https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D170%26uuid%3D%5BUSER_ID%5D
https://match.bnmla.com/usersync?dspid=170&uuid=05E3B1D783FC47F086FF70DB86B71706
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw&piggybackCookie=7de9fb20-a6dd-402f-8b4f-12d864a17786

42 B
95 B

25ms
24ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw&piggybackCookie=7de9fb20-a6dd-402f-8b4f-12d864a17786
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Wed, 06 Jul 2022 08:47:46 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 0
Date: Wed, 06 Jul 2022 08:47:47 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw&piggybackCookie=7de9fb20-a6dd-402f-8b4f-12d864a17786
Server: nginx

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame BF32
Redirect Chain

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:B242526CF2DB4B7AB8F295AB005A6121

1 B
72 B

24ms
23ms

Document
text/html

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:B242526CF2DB4B7AB8F295AB005A6121
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Wed, 06 Jul 2022 08:47:46 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-length: 138
content-type: text/html
date: Wed, 06 Jul 2022 08:47:47 GMT
expires: Tue, 05 Jul 2022 08:47:47 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:B242526CF2DB4B7AB8F295AB005A6121
server: nginx
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff

GET
H/1.1 200
OK csync Show response
sync.adtelligent.com/ Frame 5E23 0
407 B 20ms
17ms Document
text/plain 23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.adtelligent.com/csync?t=a&ep=281178&extuid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Content-Length: 0
Date: Wed, 06 Jul 2022 08:47:46 GMT
Etag: 86a13ba6ab56d298
Server: VertaMedia 1.0

GET
H2

200

33141
tags.bluekai.com/site/ Frame BC91
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D0
https://pixel.onaudience.com/?partner=161&icm&cver&mapped=e7826a9689bba0687a38cf70e02de335&gdpr=0
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=e4750e7866378c5a/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%...
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=8bf1f9c8fdc812a1b20482d33a852d1&gdpr=0
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=0
https://pixel.onaudience.com/?partner=147&mapped=8c96384d-bd43-4ecf-8a87-9d923f86652d&icm&gdpr=0&gdpr_consent=&cver
https://pixel.onaudience.com/?partner=109&icm&cver&gdpr=0&smartmap=1&redirect=tags.bluekai.com%2Fsite%2F33141%3F%26id%3D%25m
https://tags.bluekai.com/site/33141?&id=25f439bb1dbad626

62 B
425 B

80ms
80ms

Image
image/gif

23.217.56.119
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/33141?&id=25f439bb1dbad626
Protocol: H2
Server: 23.217.56.119 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-217-56-119.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:47 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
content-length: 62
content-type: image/gif

Redirect headers

location: https://tags.bluekai.com/site/33141?&id=25f439bb1dbad626
content-length: 0

GET
H2

200

Artemis
aud.pubmatic.com/AdServer/ Frame BC91
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&gdpr=
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&gdpr=&fbounce=1
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&addseg=12,35,41

0
0

90ms
20ms

Image
application/json

162.248.18.10
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&addseg=12,35,41
Protocol: H2
Server: 162.248.18.10 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Redirect headers

date: Wed, 06 Jul 2022 08:47:47 GMT
via: 1.1 google
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&addseg=12,35,41
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: text/html; charset=utf-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame BC91
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&sInitiator=external&gdpr=0&gdpr_consent=

42 B
603 B

33ms
32ms

Image
image/gif

50.57.31.206
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&sInitiator=external&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 50.57.31.206 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Jul 2022 08:47:47 GMT
Frontend-ID: 4
P3P: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
Access-Control-Allow-Origin: *
UIP-Response-Status: Ok
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: image/gif
Content-Length: 42
Routing-Server-ID: -1
Expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 06 Jul 2022 08:47:47 GMT
Frontend-ID: 13
Location: /pubmatic/1/info2?sType=sync&sExtCookieId=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&sInitiator=external&gdpr=0&gdpr_consent=
P3P: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
Access-Control-Allow-Origin: *
UIP-Response-Status: Ok
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: Keep-Alive
Content-Length: 0
Routing-Server-ID: -1
Expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2 200 g.pixel
aa.agkn.com/adscores/ Frame BC91 43 B
656 B 101ms
29ms Image
image/gif 13.224.214.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212308278&puid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.214.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-214-59.phl50.r.cloudfront.net
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:47 GMT
via: 1.1 29cb8c298da4d2ced72495e99456ecc8.cloudfront.net (CloudFront)
server: AAWebServer
x-amz-cf-pop: PHL50-C1
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
x-cache: Miss from cloudfront
content-type: image/gif
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length: 43
x-amz-cf-id: TQvPN-bx17NHJVRfVP0-F1ofehSXt4a_nU_t0_ZNsUow3sKiYoE0Lw==
expires: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame BC91
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&gdpr=0&gdpr_consent=

42 B
296 B

24ms
23ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&gdpr=0&gdpr_consent=
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:45 GMT
cache-control: no-store, no-cache, private
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:46 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341&gdpr=0&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame BC91
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dpubmatic
https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dpubmatic
https://x.bidswitch.net/sync?dsp_id=59&user_id=73562566-a61e-45f2-b12a-33ea3e5695ec&ssp=pubmatic
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=09b3299d-acd9-44cb-8002-aa2609ca1291&gdpr=&gdpr_consent=&gdpr_pd=

1 B
166 B

25ms
25ms

Image
text/html

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=09b3299d-acd9-44cb-8002-aa2609ca1291&gdpr=&gdpr_consent=&gdpr_pd=
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:47 GMT
cache-control: no-store, no-cache, private
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=09b3299d-acd9-44cb-8002-aa2609ca1291&gdpr=&gdpr_consent=&gdpr_pd=
Date: Wed, 06 Jul 2022 08:47:47 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

sn.ashx
pmp.mxptint.net/ Frame BC91
Redirect Chain

https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R1B342_F2953F59_100891E55&r=https://pmp.mxptint.net/sn.ashx?ak=1
https://pmp.mxptint.net/sn.ashx?ak=1

43 B
266 B

58ms
57ms

Image
image/gif

204.2.255.233
NTT-LTD-2914

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pmp.mxptint.net/sn.ashx?ak=1

Protocol

HTTP/1.1

Server

204.2.255.233 Fort Lauderdale, United States, ASN2914 (NTT-LTD-2914, US),

Reverse DNS

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=-340084067; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Jul 2022 08:47:46 GMT
Cache-Control: no-cache
Expires: -1
Content-Length: 43
Strict-Transport-Security: max-age=-340084067; includeSubDomains
Content-Type: image/gif

Redirect headers

location: https://pmp.mxptint.net/sn.ashx?ak=1
date: Wed, 06 Jul 2022 08:47:47 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame BC91
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3389439704098990724

42 B
316 B

24ms
23ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3389439704098990724
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:46 GMT
cache-control: no-store, no-cache, private
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:47 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3389439704098990724
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame BC91
Redirect Chain

https://sync.resetdigital.co:10001/csync/pubmatic
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTgmdGw9NzIwMA==&piggybackCookie=000000B88BDB86CD

42 B
216 B

25ms
25ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTgmdGw9NzIwMA==&piggybackCookie=000000B88BDB86CD
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:47 GMT
cache-control: no-store, no-cache, private
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Wed, 06 Jul 2022 08:48:05 GMT
Server: nginx/1.18.0 (Ubuntu)
Front-End-Https: on
Content-Type: text/html
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTgmdGw9NzIwMA==&piggybackCookie=000000B88BDB86CD
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame BC91
Redirect Chain

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=3118761177084706340

42 B
95 B

24ms
23ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=3118761177084706340
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:47 GMT
cache-control: no-store, no-cache, private
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Wed, 06 Jul 2022 08:47:47 GMT
X-Proxy-Origin: 149.56.153.188; 149.56.153.188; 555.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: df6c9aff-d9cc-4264-ad5b-ba07b0fb443f
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=3118761177084706340
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame BC91
Redirect Chain

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:6de73ca6-8dc2-4b03-b735-5d67c932d6d6&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

42 B
95 B

23ms
23ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:6de73ca6-8dc2-4b03-b735-5d67c932d6d6&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:47 GMT
cache-control: no-store, no-cache, private
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:6de73ca6-8dc2-4b03-b735-5d67c932d6d6&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date: Wed, 06 Jul 2022 08:47:47 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H2 200 d1ba4609
rtb.gumgum.com/getuid/ Frame BC91 35 B
209 B 87ms
23ms Image
image/gif 23.22.176.202
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.22.176.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-22-176-202.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:47 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 61DE 312 B
609 B 251ms
251ms Script
text/html 8.28.7.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=34712713&p=156631&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D9ae569c9d990f0cd%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.81 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: a4fb321f04acd7d510eb86eca12a2b0c38d2a0bdd11c6f072b1c22e35b9ccd22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:47 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 312
content-type: text/html; charset=UTF-8

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 57ms
56ms Image
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022062801&jk=1953102225479114&bg=!TU6lTgrNAAaLlKKnq5Q7ACkAdvg8WhlpClfqBWMJPEgbV0JdIdLtHdRnHVQiXOuSPMTvuwlufRfH1wIAAABUUgAAAAJoAQcKAOlDPb4NQOvksYQlxxZztUjXFNERoTrWXQHFfp1ZGcSMovi3Cle5oKu22NvObkrKr5aaLpCC1p1CXWFPHO-_qALcE0o93ETSVWjo0WMMPzodTTJXwIsCiovVW8Vk3oI1mDRTCilnnjjqG2NOqUXrbhfgKeYOV5pj0vrHnVcOv3fjoSp4rQbRymvcFjWj9EiInphDHrw_a_eat33HJvFFeyUXz8z7gdEjTMnEwbEnKJBSpFnGk6iUq62BWdsrdB25GdZoEkpny_PUp0adFLA-P6kJR2ky4hNrVgvpTbNjielvkgKvPfn6NpTQxJkCoxeZR8ALd7XBw3s_IuIPgDhsx1IWZUujTTR8Wa1NjK5gXMbnaqQbjobiWZ5tAdYsZGeVIiVuI4cfSnGQyhwsj2ZsMZmxDlFL_hdTpSGqmQ2TccoeBRFqozlwJfHUalFzkAGXruIFJVPl0EvZ5aj9d0DmAnbUaXzvKGRxM9ernX3WDGgs9qtcVyWwjnMqK7QGMaSAC-Z1ByZlDV2aAduEUsVwQ2z4LGyKYw_0qHxg6wk4uEWsRDwNjRqMrXAOPvMiEbOUEM-ydckiLo8vTk2DlHOV8BVqGgNdxo4scdw_eRgbeAPYz8_-dH14RXGR1bH7xW-cEA95MDEUVvK6GRZZOg3lkDAEet13Is_XRLrlY-KUF4CH8_-a6jYcARw-Z9hd8lkxktkR9AQiS8MWLl6SLKpbzCJRpCgOW8qjZAjDaFmPGXppWhvpOfhvXGx09Jt1o0mpwCqtK2qQp4OepA2j13q-_llzqq0rwAcM_ZDHArJounPAsBcfD7adRIzieKa7CqWr0rfaaOnAZr8Bw_KHRREjxi753F-lqGozhJ2mWTAPzMv_eKJhsOPQytetDHZWvP1zNKYpCJHcPH1pnry5pPkut5fU08ZguL--HoKThtp8_1V5XR-vG1p2MMvW1PKsPt9A6rqaGBIP7xV-kSqClhDH-gHhyVHU-Zgs0GOiY1Pbv39_zKUP4p5hlbkgGbb47-v_XP3-BR3ZWJDUcx6MzhbHq5c0H1fdUV1s2WAP2Y00OwRUrDavDfBxbOhITfU1bhVHd4sh6rI5pTLFBvt8pndA2dm9I9Y42qBKcBzNs0Oo1V9cAQxnc9E_PMq8StYDMAXiMU8P2j-icvPmjxsF3JjZww0uOGbjOXGS5kqpkE_venAXCsrZy1d_SEBHZUym4qx31Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:820::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banten.hallo.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H2 200 um Show response
u-iad04.e-planning.net/ Frame 9665 42 B
103 B 25ms
25ms Document
image/gif 172.98.26.125
E-PLANNING-

General

Check archive.org

Show headers Download Go to

Full URL: https://u-iad04.e-planning.net/um?dc=a208d9366469aa64&fi=9ae569c9d990f0cd&uid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D9ae569c9d990f0cd%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-type: image/gif
date: Wed, 06 Jul 2022 08:47:47 GMT
server: openresty

GET
H/1.1

204
No Content

/
io.narrative.io/ Frame 61DE
Redirect Chain

https://io.narrative.io/?companyId=673&id=pubmatic_id:7E8BB788-EC0D-4AA0-8C08-440D68D578B1
https://io.narrative.io/?io.narrative.guid.v2=4f8896c0-fd08-11ec-ae86-0aa26e5cb0e9&companyId=673&id=pubmatic_id:7E8BB788-EC0D-4AA0-8C08-440D68D578B1

0
247 B

24ms
24ms

Image
text/plain

52.2.65.122
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://io.narrative.io/?io.narrative.guid.v2=4f8896c0-fd08-11ec-ae86-0aa26e5cb0e9&companyId=673&id=pubmatic_id:7E8BB788-EC0D-4AA0-8C08-440D68D578B1
Protocol: HTTP/1.1
Server: 52.2.65.122 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-2-65-122.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 06 Jul 2022 08:47:47 GMT
Cache-Control: no-cache
Server: nginx/1.18.0
Connection: keep-alive

Redirect headers

Location: https://io.narrative.io/?io.narrative.guid.v2=4f8896c0-fd08-11ec-ae86-0aa26e5cb0e9&companyId=673&id=pubmatic_id:7E8BB788-EC0D-4AA0-8C08-440D68D578B1
Date: Wed, 06 Jul 2022 08:47:47 GMT
Server: nginx/1.18.0
Connection: keep-alive
Content-Length: 0

GET
H2 200 qmap
sync.crwdcntrl.net/ Frame 61DE 49 B
265 B 37ms
36ms Image
image/gif 52.73.102.235
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.73.102.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-73-102-235.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Jul 2022 08:47:47 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.45.158
content-type: image/gif
content-length: 49
expires: 0

GET
H/1.1 200
OK csync Show response
sync.adtelligent.com/ Frame 9047 0
407 B 18ms
18ms Document
text/plain 23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.adtelligent.com/csync?t=a&ep=281178&extuid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Content-Length: 0
Date: Wed, 06 Jul 2022 08:47:47 GMT
Etag: 86a13ba6ab56d298
Server: VertaMedia 1.0

GET
H/1.1 200
OK csync Show response
sync.adtelligent.com/ Frame C0F5 0
407 B 738ms
738ms Document
text/plain 23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.adtelligent.com/csync?t=a&ep=281178&extuid=7E8BB788-EC0D-4AA0-8C08-440D68D578B1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Content-Length: 0
Date: Wed, 06 Jul 2022 08:47:49 GMT
Etag: 86a13ba6ab56d298
Server: VertaMedia 1.0

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame BC91 0
128 B 25ms
24ms Script
text/plain 8.28.7.84
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156813&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.84 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 08:47:47 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: an.yandex.ru
URL: https://an.yandex.ru/mapuid/operacom/?redir-setuniq=1

Domain: ssum.casalemedia.com
URL: https://ssum.casalemedia.com%2C%20r19.lb.indexww.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D9ae569c9d990f0cd%26uid%3D&s=190243&C=1

Verdicts & Comments Add Verdict or Comment

130 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

248 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.resetdigital.co/csync	1970-01-20 06:27:53	Name: ckbk Value: 000000B88BDB86CD
.t.co/	1970-01-20 21:49:29	Name: muc Value: d0cd8954-1083-49f4-bb2c-7cdae958cb9a
.t.co/	1970-01-20 21:49:29	Name: muc_ads Value: d0cd8954-1083-49f4-bb2c-7cdae958cb9a
.mgid.com/	1970-01-20 04:18:19	Name: __cf_bm Value: SaxH_ZSJvBchcD3QVByJHIMAkvBLYHF6qJcvi2gFwak-1657097261-0-AQGQDv3SNAamM6xYSlEBPWlb7zeF+5ozJeGGgKkSr7ZSv7Qiefak3Uos+Cff0QylXV7l3HIVngRjmuPPSx8A6/o=
.hallo.id/	1970-01-20 21:49:29	Name: _ga Value: GA1.2.801837761.1657097262
.hallo.id/	1970-01-20 04:19:43	Name: _gid Value: GA1.2.1784264422.1657097262
.hallo.id/	1970-01-20 04:18:17	Name: _gat_UA-205880106-1 Value: 1
.hallo.id/	1970-01-20 04:18:17	Name: _gat_UA-195466154-9 Value: 1
.hallo.id/	1970-01-20 04:18:19	Name: __asc Value: e002d8e5181d2b193717b8da13b
.hallo.id/	1970-01-20 13:05:19	Name: __auc Value: e002d8e5181d2b193717b8da13b
.hallo.id/	1970-01-20 13:39:53	Name: __gpi Value: UID=0000063e5c7ffacd:T=1657097261:RT=1657097261:S=ALNI_MZCz0IQIg-63Tq_IQIXQUCC-kk3Lg
.hallo.id/	1970-01-20 04:18:17	Name: _gat_gtag_UA_207405423_45 Value: 1
.hallo.id/	1970-01-20 13:39:53	Name: __gads Value: ID=b3d4c8dc2fd569ad:T=1657097261:S=ALNI_MYpMlql_h5hYcMPtbMpjut2ctMTeQ
.doubleclick.net/	1970-01-20 21:49:29	Name: IDE Value: AHWqTUkbVkJ4Ow_CgKdf1ELDXGXY8KOnxgZeqQPk5du7uFhAqPc_wVbgjFpp0uJ0LXk
.mgid.com/	1970-01-25 20:31:23	Name: muidn Value: m66GW8FclGL1
.hallo.id/	1970-01-20 13:03:53	Name: _ss_pp_id Value: fd55976e6eb310dac911657097263008
banten.hallo.id/	1969-12-31 23:59:59	Name: MgidStorage Value: %7B%220%22%3A%7B%22svspr%22%3A%22https%3A%2F%2Ft.co%2F%22%2C%22svsds%22%3A1%7D%2C%22C1179904%22%3A%7B%22page%22%3A1%2C%22time%22%3A1657097263273%7D%7D
.hallo.id/	1970-01-20 21:49:29	Name: _td Value: 78cc0819-5061-48b6-a017-7e9297620252
.360yield.com/	1970-01-20 06:27:53	Name: tuuid Value: ea078dcd-ed1b-4065-a7ae-c9bdf6241b93
.360yield.com/	1970-01-20 06:27:53	Name: tuuid_lu Value: 1657097263
.rubiconproject.com/	1970-01-20 13:03:53	Name: khaos Value: L59CXBSV-3-4UE9
.pubmatic.com/	1970-01-20 06:27:53	Name: KADUSERCOOKIE Value: 7E8BB788-EC0D-4AA0-8C08-440D68D578B1
.openx.net/	1970-01-20 13:03:53	Name: i Value: 2076ed7e-6408-4c5b-8a8f-0a15c5c48781\|1657097263
.adnxs.com/	1970-01-20 06:27:53	Name: uuid2 Value: 3118761177084706340
.adx.opera.com/	1970-01-20 05:01:29	Name: UID Value: 4ba92145d7644c20b4631cabe199be3b
.lijit.com/	1970-01-20 13:03:53	Name: ljt_reader Value: E7evjLZHduBErJVZTJiI06fm
ads.us.e-planning.net/	1969-12-31 23:59:59	Name: CT Value: 1
.tynt.com/	1970-01-20 13:03:53	Name: uid Value: CoIKR2LFTC+lck/qBgZCAg==
.adtelligent.com/	1970-01-20 05:47:34	Name: vmuid Value: 86a13ba6ab56d298
.adtelligent.com/	1970-01-20 05:47:34	Name: a584890 Value: 3118761177084706340
.bidswitch.net/	1970-01-20 13:03:53	Name: tuuid Value: 09b3299d-acd9-44cb-8002-aa2609ca1291
.bidswitch.net/	1970-01-20 13:03:53	Name: c Value: 1657097263
.e-planning.net/	1970-01-22 17:37:29	Name: E Value: AG3iQzRW0QztTdBk
.adtelligent.com/	1970-01-20 05:47:34	Name: a289656 Value: ea078dcd-ed1b-4065-a7ae-c9bdf6241b93
.adtelligent.com/	1970-01-20 05:47:34	Name: a319130 Value: 2709fb28-e68c-4bdc-af39-4d72cf8bd176
.adtelligent.com/	1970-01-20 05:47:34	Name: a297253 Value: 3118761177084706340
.adtelligent.com/	1970-01-20 05:47:34	Name: a309255 Value: ca045de8-7410-4045-bbd5-02e820b876f1
.adtelligent.com/	1970-01-20 05:47:34	Name: a310570 Value: E7evjLZHduBErJVZTJiI06fm
.popin.cc/	1970-01-20 13:03:53	Name: uid Value: fd55976e6eb310dac911657097263008
.e-volution.ai/	1970-01-20 04:38:26	Name: v_usr Value: 90a2b818-c545-4628-aab4-ea3ea60e7db5
a4p.adpartner.pro/	1970-01-20 05:44:41	Name: apuid Value: 08e91465-96f4-4292-bbbb-b8c2373e2484
.sitescout.com/	1970-01-20 13:03:53	Name: ssi Value: 7193c592-1253-4b56-b320-5f6c43d8720e#1657097264105
.adsrvr.org/	1970-01-20 13:03:53	Name: TDID Value: 8c96384d-bd43-4ecf-8a87-9d923f86652d
.adtelligent.com/	1970-01-20 05:47:34	Name: a307558 Value: 08e91465-96f4-4292-bbbb-b8c2373e2484
.bidswitch.net/	1970-01-20 13:03:53	Name: tuuid_lu Value: 1657097264
.go.sonobi.com/	1970-01-20 05:01:29	Name: __uis Value: bde8a076-aa5d-4bb4-9a2b-345dcd8baaab
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB8S Value: s8651\|YsVMJ
.casalemedia.com/	1970-01-20 13:03:53	Name: CMID Value: YsVMMO1Kr8iar2WzSRoTWgAA
.casalemedia.com/	1970-01-20 06:27:53	Name: CMPS Value: 129
.emxdgt.com/	1970-01-20 06:27:53	Name: uid Value: 64381657097264204469b6
.yahoo.com/	1970-01-20 13:04:14	Name: A3 Value: d=AQABBDBMxWICEOfuoHwr2PzP3mp_98mgEPIFEgEBAQGdxmLPYgAAAAAA_eMAAA&S=AQAAApyrgjAqdFnB49q9GSdNnI4
.smartadserver.com/	1970-01-20 13:48:31	Name: pid Value: 2541039644928651045
.postrelease.com/	1970-01-20 13:03:53	Name: visitor Value: 0d39938c-17a7-41be-a3e9-9602b5d6eafe
.postrelease.com/	1970-01-20 13:03:53	Name: status Value: 0
.adtelligent.com/	1970-01-20 05:47:34	Name: a558003 Value: 7E8BB788-EC0D-4AA0-8C08-440D68D578B1
.emxdgt.com/	1970-01-20 06:27:53	Name: apn_id Value: 3118761177084706340
.everesttech.net/	1970-01-20 13:03:53	Name: everest_g_v2 Value: g_surferid~YsVMMAAOOa2V7QAo
.adtelligent.com/	1970-01-20 05:47:34	Name: a323557 Value: L59CXBSV-3-4UE9
.adtelligent.com/	1970-01-20 05:47:34	Name: a307971 Value: AG3iQzRW0QztTdBk
.disqus.com/	1970-01-20 13:03:53	Name: zeta-ssp-user-id Value: 86581681-90df-f7e2-9cc7-5e292fc99232
.mathtag.com/	1970-01-20 13:44:12	Name: uuid Value: e9ae62c5-4c30-4a00-a0b2-0083c4f1a87e
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_27 Value: 16735-uid:305c62c5-4c30-4200-9500-44bd64b53559&KRTB&16736-uid:305c62c5-4c30-4200-9500-44bd64b53559&KRTB&23019-uid:305c62c5-4c30-4200-9500-44bd64b53559&KRTB&23208-uid:305c62c5-4c30-4200-9500-44bd64b53559
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_218 Value: 4056-YsVMMAAOOa2V7QAo&KRTB&22978-YsVMMAAOOa2V7QAo&KRTB&23194-YsVMMAAOOa2V7QAo&KRTB&23209-YsVMMAAOOa2V7QAo
.adform.net/	1970-01-20 05:02:55	Name: C Value: 1
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_377 Value: 6810-8c96384d-bd43-4ecf-8a87-9d923f86652d&KRTB&22918-8c96384d-bd43-4ecf-8a87-9d923f86652d&KRTB&22926-8c96384d-bd43-4ecf-8a87-9d923f86652d&KRTB&23031-8c96384d-bd43-4ecf-8a87-9d923f86652d
.bidr.io/	1970-01-20 13:46:50	Name: bito Value: AABu3k7FipgAABGGkTTQSg
.bidr.io/	1970-01-20 13:46:50	Name: bitoIsSecure Value: ok
.adform.net/	1970-01-20 05:44:41	Name: uid Value: 3389439704098990724
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_80 Value: 16514-CAESEMoYhwG5d6t5a9RIv5I8CXw&KRTB&22987-CAESEMoYhwG5d6t5a9RIv5I8CXw&KRTB&23025-CAESEMoYhwG5d6t5a9RIv5I8CXw&KRTB&23386-CAESEMoYhwG5d6t5a9RIv5I8CXw
.simpli.fi/	1970-01-20 13:05:19	Name: suid Value: B242526CF2DB4B7AB8F295AB005A6121
.quantumdex.io/	1970-01-20 04:32:41	Name: uid Value: 51c00962-bfcd-48ef-87ca-8c95ccdc4037
.pippio.com/	1970-01-20 13:03:53	Name: did Value: zhhSl7Ef726_J745
.pippio.com/	1970-01-20 13:03:53	Name: didts Value: 1657097264
.pippio.com/	1970-01-20 05:44:41	Name: nnls Value:
.creativecdn.com/	1970-01-20 13:03:53	Name: u Value: YG02ktO8Cn3rt9A3jqGj
.creativecdn.com/	1970-01-20 13:03:53	Name: ts Value: 1657097264
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_148 Value: 19421-uid:B242526CF2DB4B7AB8F295AB005A6121
.contextweb.com/	1970-01-20 12:56:41	Name: V Value: hcQlKBoXu77U
.contextweb.com/	1970-01-20 13:03:53	Name: pb_rtb_ev Value: 3-1esr\|7dN.0.AABu3k7FipgAABGGkTTQSg
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: 67ba8331ff9e1e9a
.tapad.com/	1970-01-20 05:44:41	Name: TapAd_TS Value: 1657097264678
.tapad.com/	1970-01-20 05:44:41	Name: TapAd_DID Value: 7450dd1e-380b-4d64-af71-d4e8b6704002
.turn.com/	1970-01-20 08:37:29	Name: uid Value: 3187058829708213451
.amazon-adsystem.com/	1970-01-20 10:45:38	Name: ad-id Value: Azqm-mgN5UDJj6PTGBzwfvE
.amazon-adsystem.com/	1970-01-22 02:13:00	Name: ad-privacy Value: 0
.targeting.unrulymedia.com/	1970-01-20 13:03:53	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005%22%7D
.tapad.com/	1970-01-20 05:44:41	Name: TapAd_3WAY_SYNCS Value:
.technoratimedia.com/	1970-01-22 00:06:17	Name: tads_uid Value: 05E3B1D783FC47F086FF70DB86B71706
.technoratimedia.com/	1970-01-22 00:06:17	Name: tads_uid_cd Value: 20220706044744-0400
.technoratimedia.com/	1970-01-22 00:06:17	Name: tads_zora Value: 2
.technoratimedia.com/	1970-01-22 00:06:17	Name: tads_uidp_73 Value: AABu3k7FipgAABGGkTTQSg
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_22 Value: 14911-3187058829708213451&KRTB&23150-3187058829708213451
.rubiconproject.com/	1970-01-20 13:03:53	Name: audit Value: 1\|hpJuCU5a4iQURaR1aj0VcvskxSMK9flg52jrYjP5xGbWaDs14xzbSN6hEf32WAY5pG+eXOp8H7FCqQ3+tQhlLHMDvubSxZCGuJqroeLplSNkaZNfayZkBMcq9IayR2KL
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 21:50:11	Name: bcookie Value: "v=2&90b3e2a4-c2fd-4749-8a65-6706684046ca"
.linkedin.com/	1970-01-20 04:19:43	Name: lidc Value: "b=TGST02:s=T:r=T:a=T:p=T:g=2817:u=1:x=1:i=1657097264:t=1657183664:v=2:sig=AQHcZnHpmRoU64PRr5HTJ5EPEOFIqxjl"
.pippio.com/	1970-01-20 05:44:41	Name: pxrc Value: CLCYlZYGEgQIAhAAEgYI7OsBEAA=
.smaato.net/	1970-01-20 04:48:31	Name: SCM Value: 02fe9eba
.smaato.net/	1970-01-20 04:33:24	Name: SCMp Value: 02fe9eba
.media.net/	1970-01-20 13:03:53	Name: visitor-id Value: 3000988641455662000V10
.media.net/	1970-01-20 13:03:53	Name: data-pbs Value: setstatuscode~~1
.sharethrough.com/	1970-01-20 05:01:29	Name: stx_user_id Value: 645188bc-d8bc-4d12-b0dd-3e4651dd433a
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_699 Value: 22727-AABu3k7FipgAABGGkTTQSg
.casalemedia.com/	1970-01-20 06:27:53	Name: CMPRO Value: 166
.casalemedia.com/	1970-01-20 13:03:53	Name: CMRUM3 Value: 0562c54c3005a00&9862c54c3005a0&8262c54c30a8c0&2d62c54c3005a0&0462c54c3005a0&f162c54c3005a0&2762c54c300b40&e662c54c302760
.casalemedia.com/	1970-01-20 04:19:43	Name: CMST Value: YsVMMGLFTDAA
.betweendigital.com/	1970-01-20 13:03:53	Name: dc Value: was1
.betweendigital.com/	1970-01-20 13:03:53	Name: tuuid Value: 2696a6dc-272c-53bb-8847-31c4ea827df4
.betweendigital.com/	1970-01-20 13:03:53	Name: ss Value: 1
.linksynergy.com/	1970-01-20 13:03:53	Name: rmuid Value: 05419d98-7d48-47e4-8c05-60b38b69e503
.linksynergy.com/	1970-01-20 13:03:53	Name: icts Value: 2022-07-06T08:47:44Z
.betweendigital.com/	1970-01-20 13:03:53	Name: ut Value: YsVMMAAOuYgWxOjifkjyqf7D0n3Ysu9ug7AclA==
.rlcdn.com/	1970-01-20 13:03:53	Name: rlas3 Value: 6D1txHQnxM8ENziBgFksKInX6W4IXl0hALAYibvi/Xs=
.id5-sync.com/	1970-01-20 04:18:17	Name: cf Value:
.id5-sync.com/	1970-01-20 04:18:17	Name: cip Value:
.id5-sync.com/	1970-01-20 04:18:17	Name: cnac Value:
.id5-sync.com/	1970-01-20 04:18:17	Name: car Value:
.id5-sync.com/	1970-01-20 04:18:17	Name: gdpr Value:
.adx.opera.com/	1970-01-20 05:01:29	Name: OPRA-VUMP Value: eyI2MDAzOSI6IllHMDJrdE84Q24zcnQ5QTNqcUdqIiwiNjAxNDEiOiIzMTE4NzYxMTc3MDg0NzA2MzQwIiwiNjAxNTgiOiI4NjU4MTY4MS05MGRmLWY3ZTItOWNjNy01ZTI5MmZjOTkyMzIifQ%3D%3D
.intentiq.com/	1970-01-20 21:49:29	Name: IQver Value: 1.9
.ipredictive.com/	1970-01-20 13:03:53	Name: cu Value: 4df80bba-fd08-11ec-a7ae-01d28394cfbb\|1657097265131
.tynt.com/	1970-01-20 06:27:53	Name: pids Value: %5B%7B%22p%22%3A%22af668bdd51%22%2C%22f%22%3A1%2C%22ts%22%3A1657097265150%7D%2C%7B%22p%22%3A%223bfd58deb3%22%2C%22f%22%3A1%2C%22ts%22%3A1657097265150%7D%2C%7B%22p%22%3A%22029cc11ae7%22%2C%22f%22%3A1%2C%22ts%22%3A1657097265150%7D%2C%7B%22p%22%3A%227daaa56bb0%22%2C%22f%22%3A1%2C%22ts%22%3A1657097263912%7D%2C%7B%22p%22%3A%227912d88d74%22%2C%22f%22%3A1%2C%22ts%22%3A1657097265150%7D%2C%7B%22p%22%3A%2224c05c7b76%22%2C%22f%22%3A1%2C%22ts%22%3A1657097263912%7D%2C%7B%22p%22%3A%22bac1bc34e2%22%2C%22f%22%3A1%2C%22ts%22%3A1657097263912%7D%2C%7B%22p%22%3A%22d26852f088%22%2C%22f%22%3A1%2C%22ts%22%3A1657097263912%7D%2C%7B%22p%22%3A%2222833ea406%22%2C%22f%22%3A1%2C%22ts%22%3A1657097263912%7D%2C%7B%22p%22%3A%225cb91279ed%22%2C%22f%22%3A1%2C%22ts%22%3A1657097265150%7D%2C%7B%22p%22%3A%22f9a4a8fd15%22%2C%22f%22%3A1%2C%22ts%22%3A1657097263912%7D%2C%7B%22p%22%3A%22008c314e8f%22%2C%22f%22%3A1%2C%22ts%22%3A1657097265150%7D%5D
.fg8dgt.com/	1970-01-20 21:49:29	Name: tuuid Value: 1eba42a9-7b3b-4b93-a403-f2ca6264f024
.fg8dgt.com/	1970-01-20 21:49:29	Name: c Value: 1657097265
.fg8dgt.com/	1970-01-20 21:49:29	Name: tuuid_lu Value: 1657097265
.id5-sync.com/	1970-01-20 06:27:53	Name: id5 Value: 115f26cd-4578-4760-a3c0-124146f20dbd#1657097265038#2
.id5-sync.com/	1970-01-20 06:27:53	Name: 3pi Value:
.id5-sync.com/	1970-01-20 04:18:17	Name: callback Value:
.quantserve.com/	1970-01-20 13:48:31	Name: mc Value: 62c54c31-2e479-93d88-6a9b8
.mfadsrvr.com/	1970-01-20 21:49:29	Name: c Value: 1657097265
.mfadsrvr.com/	1970-01-20 21:49:29	Name: tuuid_lu Value: 1657097265
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_279 Value: 22890-4df80bba-fd08-11ec-a7ae-01d28394cfbb&KRTB&23011-4df80bba-fd08-11ec-a7ae-01d28394cfbb&KRTB&23355-4df80bba-fd08-11ec-a7ae-01d28394cfbb
.intentiq.com/	1970-01-20 21:49:29	Name: intentIQCDate Value: 1657097265199
.intentiq.com/	1970-01-20 04:28:22	Name: IIQMgidCookieSync Value: 1657097265201
.intentiq.com/	1970-01-20 21:49:29	Name: ASDT Value: 0
.intentiq.com/	1970-01-20 21:49:29	Name: intentIQ Value: RK3IpY4AJ5
.mfadsrvr.com/	1970-01-20 21:49:29	Name: bsw_uid Value: 09b3299d-acd9-44cb-8002-aa2609ca1291
.3lift.com/	1970-01-20 06:27:53	Name: tluid Value: 4498649742313079059162
.deepintent.com/	1970-01-20 17:25:58	Name: CDIUSER Value: di_36219b9470134ebfa1e5f
.aralego.com/	1970-01-20 13:03:53	Name: sspid Value: 511af5b5-388e-36cb-85ab-4482f54203bd
.openx.net/	1970-01-20 04:39:53	Name: pd Value: v2\|1657097265\|vMbwgag2gKvPhEkWgyiK
.intentiq.com/	1970-01-20 04:28:22	Name: IQPubmaticCookieSync Value: 1657097265254
.casalemedia.com/	1970-01-20 06:27:53	Name: CMTS Value: 123
.bttrack.com/	1970-01-20 06:27:53	Name: GLOBALID Value: 2uKlc8-sIBd987FnX32_nWT6A3ICJy-GcXI4nQ2xILsOPjxpCIpDr_uznh2tm_UtIWr2_w1gf5QC4TM1
.dotomi.com/	1970-01-20 04:18:17	Name: DotomiTest Value: 137068038f4c1210
.openx.net/	1970-01-20 04:39:53	Name: univ_id Value: 537072971\|8c96384d-bd43-4ecf-8a87-9d923f86652d\|1657097265343602
.mfadsrvr.com/	1970-01-20 21:49:29	Name: tuuid Value: 6d18d6d8-458c-4f27-b8a4-9765be99ae76
.mfadsrvr.com/	1970-01-20 21:49:29	Name: ssh Value: !mgid,1657097265
.intentiq.com/	1970-01-20 04:38:26	Name: IQAppnexusCookieSync Value: 1657097265363
.taboola.com/	1970-01-20 13:03:53	Name: t_gid Value: b30d8f4d-72b6-458e-8ecc-7c27b571c983-tuct9bed1b1
.rlcdn.com/	1970-01-20 05:44:41	Name: pxrc Value: CLCYlZYGEgUI6EcQABIGCLrqARABEgYIkLwrEAA=
.audrte.com/	1970-01-20 04:39:53	Name: arcki2_ddp Value: CAESED2Q_C5Ys29ozhwGkkfET_U!20210804!1657097265369
.audrte.com/	1970-01-20 04:28:22	Name: arcki2_TTT Value: 1657097265370!73g104gog-2R8KJelRSdxCiKw!H4sIAAAAAAAAAEVWO5IGNwo+jGKq9AAJwg02cG2tA5cvABLc/wj++k88wUzXtFqC74VG9FnClyZ7EOd4ZFmd+O1a45ZEWdvXnO0JndJJKzcW9cITPu7b1htubRRPmW8TNnLi2EY6fVLssJm6+Qxr81pV75tOhtCSkeQjlAI77JBe92p778xjAzUpK7FsvLcjdNPPta0m5a1P5nXdSUweodRBGhokrx8ZfZxps92nGv1uQodJfHVRKAqfoVbric1t7Y8///+fv/73379JVAfNPrSP3mbKVbsTp6ITjhQUif27WuiTyigBMLtyK7buhsYnC7kUE9cUVNR7OLfoOVlN6fkS4oFyzGORsq9tvlNnARg1H4D4xQMP/JIASFAcvtu488BxR3Xm6YcUTwDmFdmUS2Ox1ZsxVo722EZdlFtvozBbRbF2pxu2squwxGpecwBzAJd9oHCcaRs7vcu7l18pHJc2+ptox32hp+NCOriTd3wZKEQV2mCxMwYUY4zCwzp2wp7Xt+ca856zm98TZzt2mhMQcAHMuEG11tnr3Hwzm48J8As4VgHx+VOZog/QucUjdgftqbb9Oi2ABwEtJwvoNQ/3wQD37N5WZaEsHKJjf1IWsvE6cLhsOsOYtZnwybyPcnlhkTCWi0AFEPV9x8eRdneoz7OI971YNCfZCaOsx8m6qmOnlPXUeNNc9eChjoMhdzzdAyGusWZv/C5erEmyHWDlSgpWxzcrtN8aV3pDkVcGL6hAP1r2pZAJ5bzFebDo2Whlw0DAop0btOxATWLY6bBClhr4aYMTcpAFxB8q0U9PAhWk37Ta+0CGbQpI/HBe+AdosSJ9HTjsvjUmSjurbSiL3xAaDrcyH6OAtClh4/d6rNqzPUBgGQfy/3wNB5N/boyFj0pcxUCwqt85i7YpwAwU7t6DfFd/zvxZq50C2eN9UvyOW9/76k4dIWQKfYKohvpKDT3bSeBUCBzrYEl1iwElP/O1cx4/PCK1bH1gHjIGrJZ3DUV6lAj0JMexkMoOIDj8IbbQouFPjLmXZ0NYaN33kAUKPSFbYF4eMPTlOK/LxU7K55XyJKQh9NTnwCYwgjqiYN1+7I7GGgVGi65J0IIosAjV9wr8++FZVltIl+GwhwUEwJA7mW7/+tDlkxcSqHG/dyI76a2J7iSZ1GBjXf2FjD30cuML5yOLSNIRGO6G7s4gqYVQPkP69PYuVPxDvC8sgszAyFVKpPO9sEHVhXzZE5In/+YA/INFvAficIlK4XdmS+aYndHdL3oALCGX0ALOOfrqCaQyLBBpyJq0L5N7oDskDhVSI9MNSYnuZun+0DswGribD1IaB3EVCYyv8tMG0SY7eLi/OCxkRXyuh/dSQAdcchsMlYWog7K/7vxhIi27pP3E7QZRFRAfUs/7pT4/myPAoCfsBGjiAkOoQP+dE7xWh9sw+UaDn6I/jIk9oQqWAU1DYOTpc7smXL0aeB3IFByvBa4GuIADPgQchu0w0ZCGJO8dI+wbY2gZsxHucKRER2QZDBvcW36x+jCExT6fIfVIBRlmBd8gaRyh/wXpyffhqgpN14CcO1YiNmd1kO7jtlu5+oQI59ctUgTSMMRbxMuhvuD/1yYcCRPAzGYfDRhiCH8ERI4490fEhDtO96iifB94lWB9JqY/XgCKDQ9pQzzcgLZQ0/qSjR8G/8fvw5eFbXhjvvmMeRFaFQiQFXAkpjfy4g3bCKwtc7cNDBW5AsSvfLkMM34Gj7tzsDAuD984PQc9o6bvboPQ/03KTb3nRU7OjAu5mj++uPHEXr8UAUQlBm8+CCJdpp0WErwxjxGfEDbL7N8EwEAxz0pfK9c33y4cuhYh3gy2RkbaqySR/NIBggHBYBNqQ/ifb2bzw33LX054/wUX8uDxaPMXKbj7LBVwB2mAkYmrEPSGC0l9lP8DvwEMY7QJAAA=
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_32 Value: 11175-AAAGahZyujOseANKl1CUAAAAAAA&KRTB&22713-AAAGahZyujOseANKl1CUAAAAAAA&KRTB&22715-AAAGahZyujOseANKl1CUAAAAAAA
.eyeota.net/	1970-01-20 13:03:53	Name: mako_uid Value: 181d2b1a100-2a140000010a592d
.eyeota.net/	1970-01-20 04:18:17	Name: SERVERID Value: 22829~DM
.33across.com/	1970-01-20 13:03:53	Name: 33x_ps Value: u%3D211849633999630%3As1%3D1657097265420%3Ats%3D1657097265420
.intentiq.com/	1970-01-20 04:38:26	Name: IQOpenxPrimisCookieSync Value: 1657097265455
.audrte.com/	1970-01-20 04:39:53	Name: arcki2_adform Value: 3389439704098990724!20210804!1657097265486
.analytics.yahoo.com/	1970-01-20 13:03:53	Name: IDSYNC Value: "190u~25uw:192w~25uw:18za~25uw:194k~25uw"
.audrte.com/	1970-01-20 04:39:53	Name: arcki2 Value: 73g104gog-2R8KJelRSdxCiKw!20210804!1657097265518
.console.adtarget.com.tr/	1970-01-20 05:47:34	Name: vmuid Value: db3568928439bcef
.adtelligent.com/	1970-01-20 05:47:34	Name: a318342 Value: db3568928439bcef
.lijit.com/	1970-01-20 13:03:53	Name: _ljtrtb_8101 Value: RK3IpY4AJ5
.crwdcntrl.net/	1970-01-20 10:47:02	Name: _cc_dc Value: 0
.crwdcntrl.net/	1970-01-20 10:47:02	Name: _cc_id Value: 8bf1f9c8fdc812a1b20482d33a852d1
.intentiq.com/	1970-01-20 04:28:22	Name: IQSovernCookieSync Value: 1657097265596
.intentiq.com/	1970-01-20 21:49:29	Name: IQadv Value: 1657097265596
.crwdcntrl.net/	1970-01-20 10:47:05	Name: _cc_cc Value: "ACZ4XmOQt0hKM0yzTLZIS0m2MDRKNEwyMjCxMEoxNk60MDVKMWQAgqSjPmAaAvgnTnqhythWzvCfkZGhC4k9BYn95MVHXZiavrebtGDsTX8KYcxni%2BewwNjnjh5ihrG%2Fb5wCF9%2B977IATPwwkvrV659yw8Qnn1CHMd8tQRjZixAGAPVZSNM%3D"
.crwdcntrl.net/	1970-01-20 10:47:05	Name: _cc_aud Value: "ABR4XmNgYGBIOupjCKQggImBgWsGiMnV9BlIAgA50API"
.spotxchange.com/	1970-01-20 04:58:36	Name: audience Value: 4e511a0a-fd08-11ec-9696-1f1e7c470303
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_57 Value: 22776-3118761177084706340&KRTB&23339-3118761177084706340&KRTB&23388-3118761177084706340
.quantserve.com/	1970-01-20 06:27:53	Name: d Value: EIcBEgHGJvijD9r7EA
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_153 Value: 1923-G5bYmBnHiJwAlt6ZGp2WlB7Ag5UAktqUT5xS77DH&KRTB&19420-G5bYmBnHiJwAlt6ZGp2WlB7Ag5UAktqUT5xS77DH&KRTB&22979-G5bYmBnHiJwAlt6ZGp2WlB7Ag5UAktqUT5xS77DH
.krxd.net/	1970-01-20 08:37:29	Name: _kuid_ Value: O8M86VLL
.truoptik.com/	1970-01-20 13:03:53	Name: to_master_s Value: 76937536d8e271d38975d85d9863b4ec
.truoptik.com/	1970-01-20 13:03:53	Name: to_version_s Value: b2
.console.adtarget.com.tr/	1970-01-20 05:47:34	Name: a307457 Value: 3389439704098990724
.intentiq.com/	1970-01-20 04:28:22	Name: IQSpotXPrimisCookieSync Value: 1657097266011
.intentiq.com/	1970-01-20 04:38:26	Name: IQMediaMathCookieSync Value: 1657097266074
.intentiq.com/	1970-01-20 21:49:29	Name: CSDT Value: UEQ6MTUxMjBfMCZUQW5MRmlGIzEwMjExXzAmVEFuTEZrbSMyM18wJlRBbkxGYlkjMjRfMCZUQW5MRlcyIzEwMjM0XzAmVEFuTEZWQiMxMDEzOV8wJlRBbkxGWG4jMTUxMTVfMCZUQW5MRlpIIzEwMTQwXzAmVEFuTEZqRw
.intentiq.com/	1970-01-20 21:49:29	Name: IQPData Value: 2503514556#1657097266167#0#1657097265197
.yandex.ru/	1970-01-23 19:54:17	Name: yuidss Value: 5915718861657097266
.yandex.ru/	1970-01-23 19:54:17	Name: yandexuid Value: 5915718861657097266
cm.mgid.com/	1970-01-20 05:01:29	Name: mg_sync Value: {"265689":1657097263,"287839":1657097265,"363887":1657097263,"371158":1657097264,"43070":1657097263,"433145":1657097265,"433146":1657097263,"501037":1657097264,"516418":1657097263,"528163":1657097266,"617666":1657097264,"665953":1657097263,"709071":1657097263,"712807":1657097265}
.pubmatic.com/	1970-01-20 06:27:53	Name: SyncRTB3 Value: 1658275200%3A55_99_240_243_234_178_13_48_165_222_204_3_56_96_239_220_7_238_166_22_54_231_5_176_81_189_8_104_233_21_71_57%7C1657670400%3A2_223_15_38%7C1657929600%3A63%7C1658361600%3A35%7C1659657600%3A224%7C1657497600%3A216%7C1662249600%3A69
.deepintent.com/	1970-01-20 17:25:58	Name: CDIPARTNERS Value: %7B%22141%22%3A%2220220706%22%7D
.adtelligent.com/	1970-01-20 05:47:34	Name: a281178 Value: 7E8BB788-EC0D-4AA0-8C08-440D68D578B1
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_1251 Value: 23269-di_36219b9470134ebfa1e5f
.sitescout.com/	1970-01-20 05:01:29	Name: _ssuma Value: eyI0NSI6MTY1NzA5NzI2NzE2NiwiMyI6MTY1NzA5NzI2NTI1NiwiNCI6MTY1NzA5NzI2NDIwNSwiMzkiOjE2NTcwOTcyNjQyMDUsIjciOjE2NTcwOTcyNjUyNTYsIjcwIjoxNjU3MDk3MjY0MjA1fQ
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_391 Value: 22924-3389439704098990724&KRTB&23263-3389439704098990724
ads.playground.xyz/	1970-01-20 04:26:42	Name: connect.sid Value: s%3AGkAdouUCBGfVLCIN4epdliqZZp08COCH.4MB92XBOFZwT4krAaVZ3z27bFcVrlMAg4Q%2F1o%2BlLpew
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_188 Value: 3189-7193c592-1253-4b56-b320-5f6c43d8720e-62c54c30-4341
.acuityplatform.com/	1970-01-20 13:03:53	Name: auid Value: 679010260583
.acuityplatform.com/	1970-01-20 13:03:53	Name: aum Value: "OikKAfqbdXNlck1hdGNoQnlVc2VyTWF0Y2hpbmdJZE1hcPqANvqNdXNlck1hdGNoaW5nSWTMkWxhc3REcm9wVGltZU1pbGxpcyUBQHRWGkCUmGxhc3RTdWNjZXNzZnVsTWF0Y2hNaWxsaXMlAUB0VhpAlI90aGlyZFBhcnR5VXNlcklkIfv7hnZlcnNpb27C+w=="
.fiftyt.com/	1970-01-20 13:03:53	Name: fifid Value: f82532ff-69ab-4769-76f6-b93c52b7f540
.fiftyt.com/	1970-01-20 13:03:53	Name: cs Value: MTY1NzA5NzI2N3xEdi1CQkFFQ180SUFBUkFCRUFBQUJQLUNBQUE9fLJo6cXywHDm79bQmOAlhpUEO22Ov47nCm-rrioyez7s
.owneriq.net/	1970-01-20 04:32:41	Name: p2 Value: pmc
.owneriq.net/	1970-01-20 21:49:29	Name: si Value: Q7103836671686527548P
.owneriq.net/	1970-01-20 04:32:41	Name: pmc Value: 1
sync.srv.stackadapt.com/	1970-01-20 13:03:53	Name: sa-user-id Value: s%3A0-28495069-b865-4b5f-7021-7134427d0d16.bbucYc4q8Kyg4wu4O4lqUlUTi2Ox3ZdLPV4gK4A099Y
.srv.stackadapt.com/	1970-01-20 13:03:53	Name: sa-user-id-v2 Value: s%3AKElQabhlS19wIXE0Qn0NFpU4mbw.jUpn7pQPp7dZQFhWzfzrENpYTcrq%2Bf2o9dpszTjG4Fo
.agkn.com/	1970-01-20 13:03:53	Name: ab Value: 0001%3Afyvco2%2BZFYflOfOCq7O7nUA7C6h%2Fv2uA
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_469 Value: 8273-679010260583
.w55c.net/	1970-01-20 13:48:31	Name: wfivefivec Value: WL62lS3y1O90Hh5
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_860 Value: 16335-KElQabhlS19wIXE0Qn0NFpU4mbw
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_1278 Value: 23329-adc8c6bb-3df4-4525-99c4-8e75d00dda9a&KRTB&23340-adc8c6bb-3df4-4525-99c4-8e75d00dda9a
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_1199 Value: 23168-000000B88BDB86CD&KRTB&23175-000000B88BDB86CD
.inmobi.com/	1970-01-20 06:27:53	Name: idsp_c Value: fa5ae6a3-8da4-4b55-8126-1b2ec63dce94
.w55c.net/	1970-01-20 05:01:29	Name: matchpubmatic Value: 5
ads.avct.cloud/	1970-01-20 13:03:53	Name: uuid Value: 73562566-a61e-45f2-b12a-33ea3e5695ec
.fiftyt.com/	1970-01-20 04:28:22	Name: fppm Value: 20220706084747
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_107 Value: 1471-uid:WL62lS3y1O90Hh5
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_286 Value: 5193-Q7103836671686527548&KRTB&22521-Q7103836671686527548
.creative-serving.com/	1970-01-20 13:39:53	Name: tuuid Value: ba71d331-d2a4-4461-b7ff-6e03ee2940be
.creative-serving.com/	1970-01-20 13:39:53	Name: c Value: 1657097267
.creative-serving.com/	1970-01-20 13:39:53	Name: tuuid_lu Value: 1657097267
.semasio.net/	1970-01-20 13:03:53	Name: SEUNCY Value: 44342DEBE690674C
beacon.lynx.cognitivlabs.com/	1970-01-20 13:03:53	Name: UID Value: a4e3ee6d-4c54-49f8-ae31-73dbd3c3d5c0
beacon.lynx.cognitivlabs.com/	1970-01-20 13:03:53	Name: ss Value: thgc7Xcx9gDm8K2BKusdJVObcjhcQv6fNBSq%2BkXuEjWZcNOa3IiNVQ%2FYcdoLitObBRBGoIolMmlWrp34qIVisg%3D%3D
.bnmla.com/	1970-01-20 04:18:17	Name: rx_sspurl_10738 Value: https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D7de9fb20-a6dd-402f-8b4f-12d864a17786
.bnmla.com/	1970-01-20 04:39:53	Name: rx_uuid Value: 7de9fb20-a6dd-402f-8b4f-12d864a17786
.bnmla.com/	1970-01-20 04:39:53	Name: rx_maxage_10738 Value: 1658393267
.mxptint.net/	1970-01-20 21:50:55	Name: mxpim Value: R1B342_F2953F59_100891E55.1.000000000000000062C54C33
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_52 Value: 22772-R1B342_F2953F59_100891E55&KRTB&23092-R1B342_F2953F59_100891E55
.pubmatic.com/	1970-01-20 05:01:29	Name: PugT Value: 1657097267
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_466 Value: 16530-09b3299d-acd9-44cb-8002-aa2609ca1291
.tribalfusion.com/	1970-01-20 06:27:53	Name: ANON_ID Value: aEnseFRZdySaAIUMnYFxnHmK9fb4j8ZcgStHraIlZapcNkdrZbydrEDtoxtlsgggTZbT7VtrAvkUYBGTTfK3o6lkS
.1rx.io/	1970-01-20 13:03:53	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005%22%2C%22nxtrdr%22%3Afalse%7D
.onaudience.com/	1970-01-20 13:03:53	Name: cookie Value: e4750e7866378c5a
.onaudience.com/	1970-01-20 04:19:43	Name: done_redirects161 Value: 1
.adgrx.com/	1970-01-20 13:47:05	Name: ADGRX_UID Value: 4f595dc4-fd08-11ec-a7aa-683779566213
.adsby.bidtheatre.com/	1970-01-20 04:28:22	Name: __kuid Value: 6de73ca6-8dc2-4b03-b735-5d67c932d6d6.426311267
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_594 Value: 17105-RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005&KRTB&17107-RX-1eb7b0f4-ce65-495f-872e-8e080c7f362d-005
.adgrx.com/	1970-01-20 04:19:43	Name: ADGRX_CM_PUBMATIC_BRIDGED Value: 1
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_1003 Value: 22761-4f595dc4-fd08-11ec-a7aa-683779566213&KRTB&23275-4f595dc4-fd08-11ec-a7aa-683779566213
.onaudience.com/	1970-01-20 04:19:43	Name: done_redirects104 Value: 1
.pubmatic.com/	1970-01-20 06:27:53	Name: chkChromeAb67Sec Value: 10
.pubmatic.com/	1970-01-20 06:27:53	Name: DPSync3 Value: 1657152000%3A174%7C1658275200%3A201_226_197_245_219_221_228_236%7C1657670400%3A164
.ads.pubmatic.com/	1970-01-20 04:19:43	Name: pubsyncexp Value: 1657118867651
.bnmla.com/	1970-01-20 04:18:17	Name: rx_sspid_10738 Value: 170
.onaudience.com/	1970-01-20 04:19:43	Name: done_redirects147 Value: 1
.adsrvr.org/	1970-01-20 13:03:53	Name: TDCPM Value: CAESFwoIcHVibWF0aWMSCwjC0aigx83vOhAFEhYKB3J1Ymljb24SCwjOmuGhx83vOhAFEhUKBmNhc2FsZRILCNSmu6XHze86EAUYASABKAIyCwiCpNbs3c3vOhAFOAFaB3hrc3c5bGFgAg..
.c.appier.net/	1970-01-20 13:03:53	Name: _auid Value: HNttt3EmC6GFyg9eM0zFYg
io.narrative.io/	1970-01-20 17:26:15	Name: io.narrative.guid.v2 Value: 4f8896c0-fd08-11ec-ae86-0aa26e5cb0e9
.pubmatic.com/	1970-01-20 05:01:29	Name: KRTBCOOKIE_904 Value: 16787-HNttt3EmC6GFyg9eM0zFYg&KRTB&23130-HNttt3EmC6GFyg9eM0zFYg
.onaudience.com/	1970-01-20 04:19:43	Name: done_redirects109 Value: 1
.pubmatic.com/	1970-01-20 05:01:29	Name: SPugT Value: 1657097267

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://assets.promediateknologi.com/promedia/network/56/desktop/images/bg/bg_footer.svg Message: Failed to load resource: the server responded with a status of 403 ()
javascript	warning	URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179914.es6.js(Line 233) Message: The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
javascript	warning	URL: https://jsc.mgid.com/b/a/banten.hallo.id.1179917.es6.js(Line 233) Message: The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
network	error	URL: https://an.yandex.ru/mapuid/operacom/?redir-setuniq=1 Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

33across-match.dotomi.com
33d1dddc660c78bd847ed7b48d16ce1f.safeframe.googlesyndication.com
a.audrte.com
a.tribalfusion.com
a4p.adpartner.pro
aa.agkn.com
ad.360yield.com
ad.turn.com
ad4m.at
ads.avct.cloud
ads.betweendigital.com
ads.creative-serving.com
ads.playground.xyz
ads.pubmatic.com
ads.us.e-planning.net
adservice.google.ca
adservice.google.com
advertnative.com
an.yandex.ru
ap.lijit.com
api.popin.cc
assets.promediateknologi.com
aud.pubmatic.com
banten.hallo.id
bcp.crwdcntrl.net
beacon.krxd.net
beacon.lynx.cognitivlabs.com
bh.contextweb.com
bttrack.com
c.mgid.com
c1.adform.net
cdn.mgid.com
ce.lijit.com
certify-js.alexametrics.com
certify.alexametrics.com
click.advertnative.com
cm.adform.net
cm.adgrx.com
cm.g.doubleclick.net
cm.idealmedia.io
cm.mgid.com
cms-xch-chicago.33across.com
core.iprom.net
creativecdn.com
cs.emxdgt.com
cs.mobfox.com
csync.loopme.me
d.turn.com
de.tynt.com
dis.criteo.com
dmp.adform.net
dmp.truoptik.com
dsum-sec.casalemedia.com
eb2.3lift.com
eus.rubiconproject.com
events-ssc.33across.com
fonts.googleapis.com
fonts.gstatic.com
gocm.c.appier.net
googleads.g.doubleclick.net
hbx.media.net
i.e-planning.net
ib.adnxs.com
ic.tynt.com
id.popin.cc
id.rlcdn.com
id5-sync.com
idsync.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
image8.pubmatic.com
io.narrative.io
jadserve.postrelease.com
js.cookieless-data.com
js.rfp.fout.jp
jsc.mgid.com
loada.exelator.com
loadm.exelator.com
log.popin.cc
m.fg8dgt.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.bnmla.com
match.deepintent.com
match.prod.bidr.io
match.sharethrough.com
match.taboola.com
matching.truffle.bid
mweb.ck.inmobi.com
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pippio.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.sitescout.com
pixel.tapad.com
pm.w55c.net
pmp.mxptint.net
pr-bh.ybp.yahoo.com
propsid.b-cdn.net
ps.eyeota.net
pubmatic-match.dotomi.com
px.ads.linkedin.com
px.owneriq.net
r.popin.cc
redirect.prod.experiment.routing.cloudfront.aws.a2z.com
rtb-usw.mfadsrvr.com
rtb.adentifi.com
rtb.gumgum.com
rtb.mfadsrvr.com
rtb.openx.net
s-img.mgid.com
s.ad.smaato.net
s.adtelligent.com
s.amazon-adsystem.com
s.console.adtarget.com.tr
s.e-planning.net
s.tribalfusion.com
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
servicer.mgid.com
simage2.pubmatic.com
simage4.pubmatic.com
spl.zeotap.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.adtelligent.com
sync.aralego.com
sync.console.adtarget.com.tr
sync.crwdcntrl.net
sync.e-planning.net
sync.e-volution.ai
sync.extend.tv
sync.go.sonobi.com
sync.intentiq.com
sync.ipredictive.com
sync.mathtag.com
sync.quantumdex.io
sync.resetdigital.co
sync.search.spotxchange.com
sync.srv.stackadapt.com
sync.taboola.com
sync.targeting.unrulymedia.com
sync.technoratimedia.com
sync1.intentiq.com
t.adx.opera.com
t.co
tags.bluekai.com
tags.crwdcntrl.net
tags.rd.linksynergy.com
token.rubiconproject.com
tpc.googlesyndication.com
trc.taboola.com
u-iad04.e-planning.net
u.openx.net
uipglob.semasio.net
um.simpli.fi
ums.acuityplatform.com
ups.analytics.yahoo.com
us-u.openx.net
usermatch.targeting.unrulymedia.com
vid.vidoomy.com
visitor.fiftyt.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
an.yandex.ru
ssum.casalemedia.com
104.16.112.154
104.16.199.73
104.18.19.126
104.19.133.78
104.19.136.78
104.244.42.5
104.36.115.114
104.45.178.220
107.178.246.49
107.178.254.65
108.168.159.145
109.206.161.21
119.63.193.220
119.63.197.150
119.63.198.143
119.63.198.188
13.224.214.11
13.224.214.22
13.224.214.59
13.224.214.72
13.224.214.83
13.224.214.92
13.224.214.95
132.226.63.138
139.99.126.163
139.99.126.164
141.226.224.48
141.95.98.71
142.250.80.98
142.251.35.162
146.59.148.16
151.101.1.44
151.101.130.49
162.248.18.10
162.55.120.196
169.197.150.8
172.104.64.149
172.98.26.121
172.98.26.125
173.231.178.85
178.62.202.251
18.205.54.230
185.167.164.39
185.184.8.90
192.132.33.46
192.35.249.120
192.96.200.41
195.5.165.20
198.148.27.140
199.127.204.142
199.187.193.197
204.2.255.233
205.234.175.175
207.198.113.230
207.198.113.93
209.54.180.144
23.211.130.59
23.217.18.198
23.217.56.119
23.22.176.202
23.227.139.243
23.23.94.10
23.52.161.180
23.52.167.93
23.73.244.44
2600:1400:d:58c::7ca
2600:1f18:4e9:5a05:2903:4db6:5aa9:2a2
2600:9000:20ed:ea00:1b:5138:8a40:93a1
2606:4700:10::6816:2560
2606:4700:10::ac43:db6
2606:4700:20::ac43:4a81
2606:4700:4400::ac40:98f5
2606:4700::6813:ac6c
2606:ae80:1450:16::2010
2607:f8b0:4004:c09::9b
2607:f8b0:4006:809::2002
2607:f8b0:4006:809::2004
2607:f8b0:4006:809::200a
2607:f8b0:4006:80b::2008
2607:f8b0:4006:80c::2003
2607:f8b0:4006:80d::200e
2607:f8b0:4006:80e::2003
2607:f8b0:4006:81c::2001
2607:f8b0:4006:81d::2002
2607:f8b0:4006:820::2002
2607:f8b0:4006:822::2001
2607:f8b0:4006:824::2002
2620:112:f002:bbbb::21
2620:112:f002:bbbb::23
2620:116:800b:21:b08a:1dc5:659b:4055
2620:1ec:21::14
2a02:6b8::90
2a02:6ea0:c400::11
2a02:6ea0:d137::1
2a04:4e42::300
2a06:8640:471:0:ec4:7aff:fe7e:dd90
2a06:8640:683:0:ae1f:6bff:fec1:b062
3.209.55.159
3.215.99.170
3.224.19.68
3.234.8.37
3.94.241.28
34.102.253.54
34.117.239.71
34.193.2.214
34.197.2.134
34.201.85.55
34.216.244.244
34.98.67.3
35.169.213.151
35.190.60.146
35.201.96.126
35.207.24.140
35.211.141.197
35.211.178.172
35.212.212.222
35.227.252.103
35.244.159.8
35.71.131.137
37.157.4.39
38.27.122.158
44.201.217.92
45.35.192.162
50.57.31.206
51.158.28.82
51.222.39.187
51.83.220.94
52.0.156.250
52.1.175.157
52.2.65.122
52.205.48.68
52.223.22.214
52.73.102.235
54.175.87.114
54.198.132.111
54.234.88.163
63.251.86.51
67.202.105.23
67.202.105.31
67.202.105.32
68.67.181.202
69.166.1.10
69.173.151.100
69.90.254.78
74.119.119.150
74.121.140.14
75.101.196.240
8.2.110.206
8.28.7.81
8.28.7.82
8.28.7.83
8.28.7.84
8.43.72.97
82.145.213.8
96.46.183.20
00b2dc3677e4761e3b9d038223c77197813bd26014c60bc36e9adb2afbbfe521
02a5233771455f33030057ceec962485d1117a10960a094d634e8d71e4b0092d
031d49d33916a3e5daec3662381cd81903d3fd6a8045f82054555d8d2369896f
044457c87e80eb187b7108c91fb0680f2eea35757c234318cf322f54b5ceb874
06bcc46e3c88e70f171d1589942240572491a507eabddcdd1e82e2842941d880
06eed8e682c13618d1183842a88bb5eb7af96acc4d2284fb6739aa8663d60c4f
074691f1175a4040f292124afbff0c87cd24290b7b9672577f33b7c7de205384
0a38cf7423f9f7060c66183e74e7e138bed849de551199c490e3a1e97ce291e7
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0ca2c65001d72f5c043c1a0a62e3629f543b8849f4fed395cfc8774380a73981
0dd13172611bb9c2a46b731bdafcc9dcf2741b80196bb85a6aed0f287d131614
1129b70c4d04913ce7070d8761720cd2e784d852916b2a80ebfbc09d657b3f06
113f61a617334fa86931c2b0c512c0d2c268d603b033e0f9bc51575cbd20f867
139c364496769ac0100a185f160285c66bc071192cbcba07d6aaf6dd375bda15
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a
1517b5246f24efd5abf47f90c676a2e70fc62d28fb0f7e199e249111d4450a21
169e9df0356308147ad06c23e9c5e7fd562e2066b010adf551ea85c3d626fafd
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1991ee2bf02fcdcdc2f412b39e69222ada40a5603514b9f279755d7102fe0158
19bfbd81c70637ae0a6fe5f07f112bdab13cf9c2ea5d54b70320df8f54fcc07b
1b92260a400bea230772ccfff1953fbe65deeb30da1a8aa146342d20833f24ff
1d48b937e2ee1e97dc4d7f326aa653d9df817f9b1934137e77c4607debeb8218
1d4ad6a861281625aabb5e0681cccf4fff34cb366517aaa82c9c9afff2f55ab8
20ec648a59748adf40ac915ac3262db7757ea0ee476a98da9de240b3b5ccbfbb
22034e07e58d0925f58e2fe8283475311193f47ad244fdf5bfca7a45204b4c13
2214d41b278709c873fdb298e1c176c1a8c2e2f40538d1b242a48e7c871611d2
236c92a729a42aafd2c31e8cd361b2debe0ac0dd14f6c6118d80f55a059dd088
23a7a772f258be3aec21ea1617a951c1f8a8867c69f446740826d0f6709b2129
23d71a3e5a18a64faeb1c6d399d8f77832f6f70fa3d66f3669c4da9a8d620dfc
23ec91eca9ac21dd98565d90eb2a87359de92a5573d5174254542ad98f72c632
2482b27cf385c3b1661f2bd315f34c413d7d928036711f6e6174d2ed9ace280f
250eb1a78b2f5a4738aead025e55baab20b06e96715e322139822f83096e65e4
281805d66f31d517f8037a2604634f2ed1447f05a9814618cd699ce08ee21c28
29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb
2a93ca4ed0c3c4436f499c0e03ba6b24acdd15407285b703ec0657e8c8e55926
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2c45470de3b92493c6e99abcd28f23f68da8ea5a351472f26c3c3090b1f81be0
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e136c5d9037d7f69d9b9c7058d0d5d49e0d7a1f63b20951efbf9719cf53153c
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
312057a157c24a869d083c2dcdcfdd80d92e5ebd1fad998762be4ec0f11ce40d
33ca849eae1fa1032fc9c3b3fac000cd645550c5dd33e70008b2ed522f3b0ab3
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
36d408e8754124b846b0d299369bb82f32c9d40c18a89ea7edff72fd89dc98e5
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
37d6875c9ceea49c49a32ebbe080092918e7de2cbe8b13937f55553475c71910
3816171d91731818bf187d4b0ad06c6ea348a6516e72769f534c21bed954a53b
38adf36fa11dc240b0b5ca6d1478b01ee35b35e93bc5a4c8dbcca0a718c56acd
38ea69101b6808abc6482ec2d5fdc03c874237626c1041b30f5adb2c23c0d40d
395a5a95d40fa465eb2042140c8129176c6719cf937b2232b4320c3cb5e4ebee
3a29aa570f1989f556ef9dad6fa41ec6d4b914ff59271e3f1a57ee75eee7678f
3a8717b1c866759c800df22bdc5b34545730d2790473892a4cf31dce49bf1170
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40da1f2bb18419fdeb462e7468c95a3ce82767d881695aaa0800bd567ed53a00
4266bebcda49a5b55a0c290ac92254f8a8ca8e742b2f104652dfb63e4c5dad06
42d2d2f5ca7d4a74d4cec7eb892236bd4ca4790ef0446d15a1cde9d1e1d555d0
4598c2f4a5f75426b778df46bea9bb8111ab375003677e3cf18b5b954c3a87b9
45c55e6e124dd6df7d8fa5c40948a33e0e1fa0affc08047c59ff82d91181084b
483c2b80d023750b1ae153503cefd114d5a6ced41c6ff8a8860b00bc99b78924
483cfe17928907548131a6f664fb7cffcdb98a7efaffe0f8b82fc484b52dc419
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48a7058210529c8c7bc0d564271a7726d14eb8cc7240848056b12891ee920076
4a411ecc4f2769a81a8f2fc5a796ae019bbaa0ca05aa70ef91d7029e6a3f54b4
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
4f618d20d85f3163d72432606f3afa3c17b6c79954f967ec3df9a710503c9df4
4ff49c8e3d31562183bed99d7bd87b051c8d256530a67b9dd82eb526f6de23c8
50211975b8296041333a111713e8e7f0d012427f435faae4ecebb1f54cf4076d
51bd385689fe680fbe4bf8f840baba23a09f95b7fe9c356b6c77b612fcbbb7e8
51fa72d0a472d4e3650387ebcd857ab03ab8c476e4ff0a0339e65d8229a57496
52de626a140344716929a35c04623b327127fbe9dcb6436eef3ca1fd0f1570e2
53562c7b6ab89593a4f2ce2d48273609483c95ff96b3b58291d51d04e2646d43
54b537d4224ad6e2e0d129abe36be105add8a095397095a9cc6aa30a56b88359
555122bd8f4a2794904ffaf28d99fff2b52eeba7c545877b77074fdb07cfcd8c
556a9fe478f81ccf139cd3a1638b6562d50ee3aa8bcb3ec66e32878a697d94af
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5828331c624622262155b5d23a34f1f98c624191e35746d0b13f5fd533ac7c7e
59f1a3d0c116e168f87501e3c0b350e1b64e9921237605327b5682131739db4f
5caebcdf8a42c8c0be2fb4f336a45367768d8cb3eda88f162f3c8bf85d3bea7d
5e59f0a44d9639a27e2439185156fae9113c97be37174cdcfe6d96df2891f8ef
5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f
60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61c53d92b094f1eaedfcd139625b47b576b114486c47e2c409615ed54396a542
63cf7a38baaaaebc012cfc355797544949b60c040b5da57560f26d88502d1372
63d11c72f8b71c14b1904608ea2b30df898ae7231a40570ef8d574f56f1bba48
65192ab51c34b3042504aa2fe731a68b6e04dd13679afbbe46858457ab47d0a5
654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e
69b2906e60f091da37046596fe7cd56a16d3a1d49f90fc5714a72e812d709b5c
69e6415a45448f4728de81ba7b14a36623e401dee7f78da611c03e7290621bed
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bd59dc4787129e3d7b3d7d337fb5ec03b79ddcfca74d5c1f6f30d7e454d1042
6be12476381cc8ee3f9b742b9baae3903ec927696c4e05d8bf5e4df37d80d25d
6be54b777041bad187c11ea4706fc709018e56f893a6485afff4c8095915e8af
6dd0012871c73934601c74a33ceb370a232586f6e9470dbffc015286d075538b
70d5c4de881e718d0b7638959680ba86722d44eecbe4058d20dd77b8d0d97155
7220c4faeccd366f0084aaf0c562bd35fa79b4ed4b7dee07facf04af62bca45d
75a2067c9dff8e58ae83cdb8ee4fe896013966ac4e8f3f1d5e8a75f27c9a1ae2
77d3a6b19e6eac0ab89be6d6d6754ca0fd0ee47beb8b39350ecc6b534ee95281
780c6d2afbdf0810cb3df8f8619849a70b2221532586daebadfad8421511620d
794db768c144a461fe24335291e66e3254a79d43b3c7146a4daa85b43b3b0d23
7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7f6426b3e969eb94bb3624f1c29ed57526e7a17c67bb6374085f625e21b1f1eb
82344474b81f1a6305c105aaa41076916b1952cbe722232239f675150efadc37
8312836e3ccb8b7016be7e5e6d28644dde1136111c88c10e1d8f1289313294cd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
839d5b822ce5af930ab5634269981fec3c1f713a4386b471e719d39d8972265b
84c07a0e9097f42eff116ba2f5308e5bed921a5ac6f3e1e5ee4d7f27a6dae5a7
85305dc3fcecc413eaaf031d9d91f7bb015a5f57e4aa02df7724311eef5ec6bd
858ef04b54848edd3d60f714b05817ab2b8a7f877127124165ba9b6a3604eddb
87168816a78067b954cc8a2f32b5b2e446186a553082bfaffe37ff140e918297
87ba778871da0259ba1233548a55f627256e1e53f831156ba600f63a082eeaf6
87e5f0b8a014155c8c48ae1a95487b9717c0c4067fe5a64cb862931c8893e212
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a77716d191bdcbb71ccafbe17e67b9e6f45d58e3c7477e3c9b7d7b9321c6f5a
8bfc314db8d39871dba2bd83d163a2dfb552c573ea77358b3b64ce803f3880d1
8e0674535a3d47d66380b298ae82d41654d4070ed686eeceff043fe981164c4e
8efc2fca483ee59ef1bde167eea0c7609c4ab1e99a52742e340a37e1778ae275
91cc06354008896c28d2ced00065f239fdb211595fbddb240a1b88b74a8aa4da
9219d0bea81ae3dba3fd1870dc74fb0d0e7865c4786ed837300c8f2c3ba9b86c
94a21867464639561fa1a461ec6b44f24e1163767ac1ee6f83774405b23c34e8
94c02d1c654a9f7eb518e281b757994e3b6f286a1393ad4fa997356226127ed0
95c60b60f1ab58f37432fb7024f1c3638d97031f5fa738db542bb179c075469d
97fa9f699daad049c155d613673cf8b1353d5a19fb9c4d01e42e849168fbbb1f
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
999050cb652c07f45f7c7cfb58ea4b65dc5bab5263e7d599b66ae00452102189
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
99e531d0b20dd4cea74d57353cb94fdd5e581574d3a229f8e4ad607840465c7f
9bbbc76ddcccd62b1c094e1dda9c224f36d82d30d18b887d489c868959a0bf29
9c504f85997c7bb45f9f0cde52a55e55ce7c7fa902da33bbece3c389e0429981
9c79af78cb324a3ca6c879d38313c4eb4025972decd05170d88f4b486f43acef
9db819fcacffaf3e9d603f594ce05f8594bcbb8389c59e687c97c26966c2d850
9de5a9ee5dc9d4ca558268b7bcd6ead5eaff468a4a13f526738b4e5f65b32855
9e73701d6e7bc8b793b8e74076819863748660c13c753e5459ceea60338bcc00
a01d097c5485efe912c3ac768415907401ede6052803323f19d4dcc626c3f977
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0aa0322e96e88b48e1e6187777cc8e0cb5b53464223d3404401cc4abc49ebc6
a163abe2674350c1bfc7484f3508aad78dba67946f610363b48a0ba289fcc060
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a29652e90f17c9db656a99a3a86923183ed6140065a140fbe9e227b5572273aa
a3ee9d81c72f0ab88e4e5e928306ada85c889bac5e50d1d5b54f29fc6d8d6c3a
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4fb321f04acd7d510eb86eca12a2b0c38d2a0bdd11c6f072b1c22e35b9ccd22
a5f7312ffc225f202c5dd43838aab6e815417dbe5b2c2bd136484bc9b59c3073
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a759381e8760351ce76fce168ec3b4a5fa28cd19cf6fec8dcfe52a812a559bc5
a8f6176fe0a491db2dec67996e109131157ebdde3ef88eefda3c71b409a31f9e
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
ad35886a5e1009a5bc48997b5bea960291e54b7db92f87c25b04c1206b7e7721
ade7bb37b31387940a93efda8dc0910914940501da873c4d62517eb9df8aa2fc
ae17fc41507a16f21d63967e129cfd04088484c951ec3c9fec0c6f5a151b1634
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b259b8aa8fc311e672a210a654a4cc6c41629dc363013198314a67058b140643
b3666a186442bd2c45fa35041df1de8216fa11bc4a97424d1014eb0147664cbb
b69638346196b3e0efca0ddedab6546386d13976555a02f19596099ac4ddec8c
b770d9316c2bc6f37f5ecaa99b03736fa24cbb2bb5435018c748c47165bf0b38
b8b63ded51bc284cf96c0d8c3b7bcf5eb538e12073de0255f87bc9503ed96b1c
bc66a7958526629d2524eacc4ba459acba4b535a183ebdc633effa89a9ee0af8
bf30df93e04926fe11cfa7f2d7693a769cb0163c4054676544c40a88ede355f5
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c407be5e6bdabeb973c986b3197259187b1d8418a0b19e1944c40ffe648380f4
c5f9f57f62443be2e87a9dafde7296dc2daa4ba5109b877e4e3915b978f4ea01
c7b314bede193e724fbaddea45d80bdd780ce70251905b7c5fb3f745567c4d87
c8bbcede01cbca734adaa0677bd23392ca06beff4a6cfc99cfa8714e0203fbe2
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cc8d77fb6e80916a06eab7171c46e8cd21cb7565e032390efbc408b894c8304b
cd45bb3214279d6b01a7c5fb82e909c4a6d6b752be321f05efb3e01aa1654ae8
ce246b13a7f316521adad2d9a6af151a26d5d8ba56628b82b6afcb44ae4b2cc3
d08d2069ff4038255715ab5e00dd2ef311ca4c85f2f26a7faf1d6d8021ff31a6
d17131bddf996a3a09cf02456553002740393aa0fe1291b9aa62ccc1f6038058
d2059d8cc61db3e6ccf98e76ade7ff4d9d247a02bdd5587e7f29d64a69fca781
d68edf3c87c6a6d87223649e8162ef1584ea6faad6f20e80fdd5f72c21b16a17
d78993dbdf5dea43df26b58b6047b30a45635602f8c2ebad95a3f47ece6c4c92
d7c2249c4f39bc0dbaceafeb7a4ab9f599441c6265927ad20920991fa22bf362
dc7a1098fbd137208274ed4c4eb158a1d91a529d2439a70da89c7e4cd9b46cb2
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de33fe1ba0d81147fc56ff19149e85914d13c4c4d7a5969aeda463d9f4787848
df384796d2bbd44160efdbcc05da9e9af6a465de23bde239b0d9f2dc5b293eec
df654d9a0adfc485d463c57d861b113ae1edba2960f08070b2e53a9db6300e6e
e12c7543ce84abd257389c31041a26a8609aaaafc9e87c312e48fcf0ed7d6501
e329a718ceb89482f2465db3faf92c2e0db7db57470b5a08276f14bafdf20bab
e34a2e083b3ae2f62aae56c9a8aa67827753afebed130c96b1cac29fa4cf4ffa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6b33c8ead4f6cf2f6d43034dda52dd7e330ff2c3993d62e55dd6cad6a15966b
e9b316c29dcbca021b0f383acc7f116a420f57ead1e3bcad6bae207f904e2910
e9bbcb01dc9ba2a6a0feecb91e5bd17c24d11dcfc816a45ec9b22439bc82ebb2
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ec326fb4de1d26fd1863f383cec1a9228cd8b04f7bcb7b0c5690e5620ba3846c
eccebc225e0bcf031ec882bfb87870956fe78bc705e9353756afad121ee094a7
ecd272f4eb05aeae36a8f2546c4a78bf4d4d1928ea091966be688c63fee769d3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
eff6139411eb6c6835215310519531930f89b00ebbedbb04ca13d0e3a2935dd1
f1772dc2f491c044f0a42efee3dd4e57000f33c629a24d0575ce16ae4476bde8
f330c9e8124c01f559e29f7ec8a03c070d222b24d7bb4a69e3e06b1d85a921bb
f36a4e4e8ae0751c9a3655afb8f84c1742191a87fb9b2369b9731bd54c688335
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f5e55a21dfa3a20ceb298737c8f4c517a83d7960468c7f53b3f33c567bacff3c
f8e6eb26cc0bb5738a989271c3926ee7b24b5238c011e21d4e903acaa54d488c
fa18e117cfda1ff26f31f1ab6386c472425317af935abe4b96abe32f2ff01483
fbdfb569a822814aaabae3da4b8bfe552450ba1c628314d6a3ff66ef60098237
fda04c7b27b3db6bda165e1d1324e7c475edc1f3cc06e927a78f739d74992fcb

banten.hallo.id Open in urlscan Pro 13.224.214.72 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

546 Requests

77 %HTTPS

21 %IPv6

121 Domains

180 Subdomains

88 IPs

12 Countries

3818 kBTransfer

10246 kBSize

248 Cookies

33 Outgoing links

Page URL History

Redirected requests

546 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

banten.hallo.id Open in urlscan Pro
13.224.214.72 Public Scan

Screenshot
Live screenshot

Full Image

546
Requests

77 %
HTTPS

21 %
IPv6

121
Domains

180
Subdomains

88
IPs

12
Countries

3818 kB
Transfer

10246 kB
Size

248
Cookies

546 HTTP transactions
10 data transactions