www.sfweekly.com Open in urlscan Pro
34.71.19.215 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Submission: On June 26 via manual (June 26th 2021, 5:54:51 am UTC) from IN

Summary HTTP 280 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 78 IPs in 10 countries across 74 domains to perform 280 HTTP transactions. The main IP is 34.71.19.215, located in Council Bluffs, United States and belongs to GOOGLE, US. The main domain is www.sfweekly.com.
TLS certificate: Issued by R3 on June 14th 2021. Valid for: 3 months.

This is the only time www.sfweekly.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	34.71.19.215 34.71.19.215	15169 (GOOGLE) (GOOGLE)
33	94.31.29.99 94.31.29.99	33438 (HIGHWINDS2) (HIGHWINDS2)
2	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
2	18.211.226.152 18.211.226.152	14618 (AMAZON-AES) (AMAZON-AES)
3	151.101.1.194 151.101.1.194	54113 (FASTLY) (FASTLY)
19	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
7	65.9.77.89 65.9.77.89	16509 (AMAZON-02) (AMAZON-02)
9	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
2	2600:9000:210... 2600:9000:2104:1c00:d:77c3:2dc0:21	16509 (AMAZON-02) (AMAZON-02)
1	65.9.77.33 65.9.77.33	16509 (AMAZON-02) (AMAZON-02)
9	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
2	35.190.74.157 35.190.74.157	15169 (GOOGLE) (GOOGLE)
13	13.225.87.84 13.225.87.84	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:400c:c08::9a	15169 (GOOGLE) (GOOGLE)
1	65.9.77.116 65.9.77.116	16509 (AMAZON-02) (AMAZON-02)
2 8	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	65.9.77.45 65.9.77.45	16509 (AMAZON-02) (AMAZON-02)
2	54.234.151.247 54.234.151.247	14618 (AMAZON-AES) (AMAZON-AES)
2	23.20.158.212 23.20.158.212	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
1	2600:9000:210... 2600:9000:2104:f000:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	185.86.137.17 185.86.137.17	201081 (SMARTADSE...) (SMARTADSERVER)
2 2	2.19.35.65 2.19.35.65	16625 (AKAMAI-AS) (AKAMAI-AS)
4	104.109.78.125 104.109.78.125	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	161.117.111.214 161.117.111.214	45102 (CNNIC-ALI...) (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co.)
1 2	2600:1f18:612... 2600:1f18:612b:4200:8331:bab2:3072:ce38	14618 (AMAZON-AES) (AMAZON-AES)
1 1	88.214.206.142 88.214.206.142	46636 (NATCOWEB) (NATCOWEB)
1	54.78.254.47 54.78.254.47	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
1	44.230.206.19 44.230.206.19	16509 (AMAZON-02) (AMAZON-02)
4	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:1f18:612... 2600:1f18:612b:4200:f618:eaed:4120:e6cb	14618 (AMAZON-AES) (AMAZON-AES)
2	52.45.23.26 52.45.23.26	14618 (AMAZON-AES) (AMAZON-AES)
17	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	2600:1f18:612... 2600:1f18:612b:4264:d706:ca06:12eb:ef2b	14618 (AMAZON-AES) (AMAZON-AES)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	18.220.40.30 18.220.40.30	16509 (AMAZON-02) (AMAZON-02)
3	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2 10	72.251.249.13 72.251.249.13	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
4	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	52.35.253.100 52.35.253.100	16509 (AMAZON-02) (AMAZON-02)
3 4	185.33.220.244 185.33.220.244	29990 (ASN-APPNEX) (ASN-APPNEX)
2 7	52.88.39.224 52.88.39.224	16509 (AMAZON-02) (AMAZON-02)
3 7	13.248.242.197 13.248.242.197	16509 (AMAZON-02) (AMAZON-02)
4 4	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
6 10	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
3 3	34.246.39.97 34.246.39.97	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:62:... 2a04:4e42:62::300	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6812:be	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	216.52.2.30 216.52.2.30	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1	104.111.233.227 104.111.233.227	16625 (AKAMAI-AS) (AKAMAI-AS)
1	3.124.210.90 3.124.210.90	16509 (AMAZON-02) (AMAZON-02)
3 4	34.253.109.165 34.253.109.165	16509 (AMAZON-02) (AMAZON-02)
16	72.251.249.9 72.251.249.9	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
2 2	2620:116:800d... 2620:116:800d:21:8c6e:cf2c:8d6:9fb5	16509 (AMAZON-02) (AMAZON-02)
2	52.58.102.227 52.58.102.227	16509 (AMAZON-02) (AMAZON-02)
2 2	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
1 2	159.253.128.188 159.253.128.188	36351 (SOFTLAYER) (SOFTLAYER)
2 2	198.148.27.139 198.148.27.139	19189 (PULSEPOINT) (PULSEPOINT)
1 1	52.21.23.66 52.21.23.66	14618 (AMAZON-AES) (AMAZON-AES)
1	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	185.29.133.52 185.29.133.52	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1	8.43.72.97 8.43.72.97	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	52.21.173.249 52.21.173.249	14618 (AMAZON-AES) (AMAZON-AES)
3 3	185.184.8.65 185.184.8.65	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
2 2	18.159.8.206 18.159.8.206	16509 (AMAZON-02) (AMAZON-02)
1 2	52.95.124.165 52.95.124.165	16509 (AMAZON-02) (AMAZON-02)
1 1	66.155.71.25 66.155.71.25	13768 (COGECO-PEER1) (COGECO-PEER1)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2 3	104.111.242.53 104.111.242.53	16625 (AKAMAI-AS) (AKAMAI-AS)
4 4	213.19.147.45 213.19.147.45	26120 (RHYTHMONE) (RHYTHMONE)
1 16	52.50.187.150 52.50.187.150	16509 (AMAZON-02) (AMAZON-02)
2 7	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::13	56396 (TURN) (TURN)
1	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	44.239.227.182 44.239.227.182	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
6	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
2 2	37.157.2.237 37.157.2.237	198622 (ADFORM) (ADFORM)
1	34.120.133.55 34.120.133.55	15169 (GOOGLE) (GOOGLE)
4 5	70.42.32.127 70.42.32.127	13789 (INTERNAP-...) (INTERNAP-BLK3)
3 3	185.64.190.79 185.64.190.79	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	185.64.189.114 185.64.189.114	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	54.175.198.118 54.175.198.118	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
1 1	54.226.209.67 54.226.209.67	14618 (AMAZON-AES) (AMAZON-AES)
1	150.136.26.45 150.136.26.45	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	169.197.150.8 169.197.150.8	398989 (DEEPINTENT) (DEEPINTENT)
2 2	52.57.251.82 52.57.251.82	16509 (AMAZON-02) (AMAZON-02)
1 1	185.86.139.104 185.86.139.104	201081 (SMARTADSE...) (SMARTADSERVER)
2 2	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY)
1	208.100.17.177 208.100.17.177	32748 (STEADFAST) (STEADFAST)
1	18.195.155.181 18.195.155.181	16509 (AMAZON-02) (AMAZON-02)
1 1	124.146.215.46 124.146.215.46	2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications)
280	78

2 34.71.19.215 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 215.19.71.34.bc.googleusercontent.com

www.sfweekly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 94.31.29.99 (United Kingdom)

ASN33438 (HIGHWINDS2, US)
PTR: 94.31.29.99.IPYX-077437-ZYO.above.net

1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.211.226.152 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-211-226-152.compute-1.amazonaws.com

powerad.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.1.194 (United States)

ASN54113 (FASTLY, US)

includemodal.global.ssl.fastly.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 65.9.77.89 (United States)

ASN16509 (AMAZON-02, US)

static.freeskreen.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2104:1c00:d:77c3:2dc0:21 (United States)

ASN16509 (AMAZON-02, US)

d2s8wlbatk24s7.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.77.33 (United States)

ASN16509 (AMAZON-02, US)

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.74.157 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 157.74.190.35.bc.googleusercontent.com

richstring.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 13.225.87.84 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-84.fra2.r.cloudfront.net

sb.freeskreen.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400c:c08::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.77.116 (United States)

ASN16509 (AMAZON-02, US)

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.77.45 (United States)

ASN16509 (AMAZON-02, US)

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.234.151.247 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-234-151-247.compute-1.amazonaws.com

reporting.powerad.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.20.158.212 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-20-158-212.compute-1.amazonaws.com

hb.brainlyads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2104:f000:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.17 (France)

ASN201081 (SMARTADSERVER, FR)

ww1772.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.19.35.65 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-35-65.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.109.78.125 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-109-78-125.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 161.117.111.214 (Singapore) 1 redirects

ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN)

sync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:612b:4200:8331:bab2:3072:ce38 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

scm.publishers.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.214.206.142 (United Kingdom) 1 redirects

ASN46636 (NATCOWEB, US)

cs.admanmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.78.254.47 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

loadeu.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.230.206.19 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-230-206-19.us-west-2.compute.amazonaws.com

a.ad.gt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4200:f618:eaed:4120:e6cb (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

51uav-eqocf.ads.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.45.23.26 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

ads.freeskreen.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4264:d706:ca06:12eb:ef2b (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

51uav-sg2ba.ads.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.220.40.30 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-220-40-30.us-east-2.compute.amazonaws.com

includemodal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 72.251.249.13 (Amsterdam, Netherlands) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vap2ams1.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.35.253.100 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-35-253-100.us-west-2.compute.amazonaws.com

aufp.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.ad.gt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.220.244 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.88.39.224 (Boardman, United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-88-39-224.us-west-2.compute.amazonaws.com

ids.ad.gt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 13.248.242.197 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
data.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.189.110 (United Kingdom) 4 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.185.226 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.246.39.97 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:62::300 (United States)

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:be (United States)

ASN13335 (CLOUDFLARENET, US)

surgeprice.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.52.2.30 (United States)

ASN30282 (AS-INAPCDN-OCY, US)

gslbeacon.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.233.227 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)

pxdrop.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.124.210.90 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.253.109.165 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
id.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 72.251.249.9 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.58.102.227 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-102-227.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.0.160.128 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.253.128.188 (Amsterdam, Netherlands) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: bc.80.fd9f.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.148.27.139 (New York, United States) 2 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.21.23.66 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

jadserve.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.133.52 (United Kingdom) 3 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.43.72.97 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel-us-east.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.21.173.249 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

aorta.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.184.8.65 (Amsterdam, Netherlands) 3 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.159.8.206 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.95.124.165 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.25 (Portsmouth, United Kingdom) 1 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel-eu.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.242.53 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-53.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 213.19.147.45 (United Kingdom) 4 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 52.50.187.150 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-187-150.eu-west-1.compute.amazonaws.com

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 35.244.159.8 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::13 (United Kingdom) 1 redirects

ASN56396 (TURN, GB)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.115 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.239.227.182 (Boardman, United States)

ASN16509 (AMAZON-02, US)

pixels.ad.gt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.2.237 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.133.55 (Kansas City, United States)

ASN15169 (GOOGLE, US)

api.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 70.42.32.127 (United States) 4 redirects

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.190.79 (United Kingdom) 3 redirects

ASN62713 (AS-PUBMATIC, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.114 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.175.198.118 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::8000 (Dublin, Ireland) 1 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.226.209.67 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 150.136.26.45 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.197.150.8 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.251.82 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.104 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.114.49 (Frankfurt am Main, Germany) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 208.100.17.177 (United States)

ASN32748 (STEADFAST, US)
PTR: ip177.208-100-17.static.steadfastdns.net

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

cs.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 124.146.215.46 (Minato-ku, Japan) 1 redirects

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
37	doubleclick.net 6 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	247 KB
33	netdna-ssl.com 1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com	1 MB
28	lijit.com 2 redirects ap.lijit.com gslbeacon.lijit.com vap2ams1.lijit.com pxdrop.lijit.com ce.lijit.com	72 KB
27	googlesyndication.com a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	196 KB
22	freeskreen.com static.freeskreen.com sb.freeskreen.com ads.freeskreen.com	299 KB
16	gumgum.com 1 redirects rtb.gumgum.com	5 KB
13	pubmatic.com 8 redirects ads.pubmatic.com image2.pubmatic.com image6.pubmatic.com image8.pubmatic.com image4.pubmatic.com	74 KB
11	rubiconproject.com 2 redirects secure-assets.rubiconproject.com eus.rubiconproject.com token.rubiconproject.com pixel-us-east.rubiconproject.com pixel-eu.rubiconproject.com	22 KB
10	ad.gt 2 redirects a.ad.gt p.ad.gt ids.ad.gt pixels.ad.gt	15 KB
9	google.com 2 redirects www.google.com adservice.google.com	2 KB
9	gstatic.com fonts.gstatic.com	143 KB
9	google-analytics.com www.google-analytics.com	42 KB
7	openx.net 2 redirects us-u.openx.net eu-u.openx.net	2 KB
7	adsrvr.org 3 redirects match.adsrvr.org data.adsrvr.org	3 KB
5	googletagservices.com www.googletagservices.com	178 KB
4	outbrain.com 3 redirects sync.outbrain.com	2 KB
4	crwdcntrl.net 3 redirects bcp.crwdcntrl.net id.crwdcntrl.net	3 KB
4	adnxs.com 3 redirects secure.adnxs.com	3 KB
4	criteo.com 1 redirects gum.criteo.com mug.criteo.com	1 KB
4	tremorhub.com 1 redirects scm.publishers.tremorhub.com 51uav-eqocf.ads.tremorhub.com 51uav-sg2ba.ads.tremorhub.com	1 KB
4	smartadserver.com 2 redirects ww1772.smartadserver.com sync.smartadserver.com ssbsync.smartadserver.com	2 KB
4	powerad.ai powerad.ai reporting.powerad.ai	36 KB
4	googleapis.com fonts.googleapis.com ajax.googleapis.com	183 KB
3	1rx.io 3 redirects sync.1rx.io	1 KB
3	owneriq.net 2 redirects px.owneriq.net	1 KB
3	creativecdn.com 3 redirects creativecdn.com	990 B
3	mathtag.com 3 redirects sync.mathtag.com	1 KB
3	bidr.io 3 redirects match.prod.bidr.io	1 KB
3	google.de www.google.de	692 B
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	62 KB
3	fastly.net includemodal.global.ssl.fastly.net	31 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net	630 B
2	360yield.com 2 redirects ad.360yield.com	618 B
2	adform.net 2 redirects c1.adform.net	926 B
2	facebook.com www.facebook.com	312 B
2	facebook.net connect.facebook.net	101 KB
2	amazon-adsystem.com 1 redirects aax-eu.amazon-adsystem.com	474 B
2	mfadsrvr.com 2 redirects rtb.mfadsrvr.com	1 KB
2	contextweb.com 2 redirects bh.contextweb.com	695 B
2	simpli.fi 1 redirects um.simpli.fi	843 B
2	rfihub.com 2 redirects p.rfihub.com	1 KB
2	bidswitch.net x.bidswitch.net	291 B
2	quantserve.com 2 redirects pixel.quantserve.com	912 B
2	includemodal.com includemodal.com	265 B
2	brainlyads.com hb.brainlyads.com	148 KB
2	richstring.com richstring.com	30 KB
2	cloudfront.net d2s8wlbatk24s7.cloudfront.net	28 KB
2	sfweekly.com www.sfweekly.com	29 KB
1	socdm.com 1 redirects tg.socdm.com	694 B
1	emxdgt.com cs.emxdgt.com
1	33across.com ssc-cms.33across.com
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	469 B
1	zemanta.com 1 redirects b1sync.zemanta.com	288 B
1	deepintent.com match.deepintent.com	44 B
1	technoratimedia.com sync.technoratimedia.com	294 B
1	ipredictive.com 1 redirects sync.ipredictive.com	428 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com	834 B
1	stackadapt.com sync.srv.stackadapt.com	168 B
1	rlcdn.com api.rlcdn.com	222 B
1	turn.com 1 redirects d.turn.com	418 B
1	sitescout.com 1 redirects pixel-sync.sitescout.com	270 B
1	clickagy.com 1 redirects aorta.clickagy.com	664 B
1	media.net contextual.media.net	371 B
1	postrelease.com 1 redirects jadserve.postrelease.com	417 B
1	eyeota.net ps.eyeota.net	344 B
1	surgeprice.com surgeprice.com
1	taboola.com trc.taboola.com	230 B
1	aufp.io aufp.io	3 KB
1	googletagmanager.com www.googletagmanager.com	36 KB
1	exelator.com loadeu.exelator.com	324 B
1	admanmedia.com 1 redirects cs.admanmedia.com	348 B
1	adsafeprotected.com static.adsafeprotected.com	482 B
1	google.se adservice.google.se	853 B
0	acuityplatform.com Failed ums.acuityplatform.com Failed
280	74

	Domain	Requested by
33	1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com	www.sfweekly.com 1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com
19	securepubads.g.doubleclick.net	www.sfweekly.com securepubads.g.doubleclick.net www.googletagservices.com a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
17	tpc.googlesyndication.com	securepubads.g.doubleclick.net a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com www.sfweekly.com tpc.googlesyndication.com
16	rtb.gumgum.com	1 redirects gslbeacon.lijit.com rtb.gumgum.com
16	ce.lijit.com	a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com gslbeacon.lijit.com us-u.openx.net rtb.gumgum.com
13	sb.freeskreen.com	static.freeskreen.com www.sfweekly.com
10	cm.g.doubleclick.net	6 redirects www.sfweekly.com gslbeacon.lijit.com us-u.openx.net rtb.gumgum.com
9	ap.lijit.com	2 redirects a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com ap.lijit.com gslbeacon.lijit.com
9	fonts.gstatic.com	fonts.googleapis.com
9	www.google-analytics.com	www.sfweekly.com www.google-analytics.com www.googletagmanager.com
8	www.google.com	2 redirects www.sfweekly.com securepubads.g.doubleclick.net a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com tpc.googlesyndication.com
7	ids.ad.gt	2 redirects www.sfweekly.com
7	static.freeskreen.com	www.sfweekly.com
6	pagead2.googlesyndication.com	www.googletagservices.com securepubads.g.doubleclick.net tpc.googlesyndication.com
6	match.adsrvr.org	3 redirects us-u.openx.net ads.pubmatic.com rtb.gumgum.com
5	us-u.openx.net	2 redirects gslbeacon.lijit.com us-u.openx.net
5	www.googletagservices.com	securepubads.g.doubleclick.net a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
4	sync.outbrain.com	3 redirects rtb.gumgum.com
4	image2.pubmatic.com	4 redirects
4	secure.adnxs.com	3 redirects gslbeacon.lijit.com
4	googleads.g.doubleclick.net	a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
4	ads.pubmatic.com	www.sfweekly.com gslbeacon.lijit.com rtb.gumgum.com
4	eus.rubiconproject.com	sb.freeskreen.com ww1772.smartadserver.com eus.rubiconproject.com
4	a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	stats.g.doubleclick.net	www.google-analytics.com
3	image8.pubmatic.com	3 redirects
3	sync.1rx.io	3 redirects
3	px.owneriq.net	2 redirects gslbeacon.lijit.com
3	creativecdn.com	3 redirects
3	sync.mathtag.com	3 redirects
3	bcp.crwdcntrl.net	3 redirects
3	match.prod.bidr.io	3 redirects
3	token.rubiconproject.com	eus.rubiconproject.com www.sfweekly.com
3	www.google.de	www.sfweekly.com
3	includemodal.global.ssl.fastly.net	www.sfweekly.com securepubads.g.doubleclick.net a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
2	sync-tm.everesttech.net	2 redirects
2	ad.360yield.com	2 redirects
2	c1.adform.net	2 redirects
2	eu-u.openx.net	us-u.openx.net
2	www.facebook.com	www.sfweekly.com connect.facebook.net
2	connect.facebook.net	p.ad.gt connect.facebook.net
2	aax-eu.amazon-adsystem.com	1 redirects gslbeacon.lijit.com
2	rtb.mfadsrvr.com	2 redirects
2	bh.contextweb.com	2 redirects
2	um.simpli.fi	1 redirects gslbeacon.lijit.com
2	p.rfihub.com	2 redirects
2	x.bidswitch.net	gslbeacon.lijit.com rtb.gumgum.com
2	pixel.quantserve.com	2 redirects
2	includemodal.com	www.sfweekly.com a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
2	mug.criteo.com	www.sfweekly.com
2	gum.criteo.com	1 redirects
2	ads.freeskreen.com	ajax.googleapis.com
2	ajax.googleapis.com	www.sfweekly.com
2	scm.publishers.tremorhub.com	1 redirects www.sfweekly.com
2	sync.smartadserver.com	1 redirects www.sfweekly.com
2	secure-assets.rubiconproject.com	2 redirects
2	hb.brainlyads.com	powerad.ai www.sfweekly.com
2	reporting.powerad.ai	powerad.ai
2	richstring.com	www.sfweekly.com richstring.com
2	d2s8wlbatk24s7.cloudfront.net	includemodal.global.ssl.fastly.net
2	powerad.ai	www.sfweekly.com powerad.ai
2	fonts.googleapis.com	www.sfweekly.com tpc.googlesyndication.com
2	www.sfweekly.com	1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com
1	tg.socdm.com	1 redirects
1	cs.emxdgt.com	rtb.gumgum.com
1	ssc-cms.33across.com	rtb.gumgum.com
1	ssbsync.smartadserver.com	1 redirects
1	sync.targeting.unrulymedia.com	1 redirects
1	b1sync.zemanta.com	1 redirects
1	match.deepintent.com	rtb.gumgum.com
1	sync.technoratimedia.com	rtb.gumgum.com
1	sync.ipredictive.com	1 redirects
1	pr-bh.ybp.yahoo.com	1 redirects
1	sync.srv.stackadapt.com	rtb.gumgum.com
1	image4.pubmatic.com	1 redirects
1	id.crwdcntrl.net	ads.pubmatic.com
1	api.rlcdn.com	ads.pubmatic.com
1	pixels.ad.gt	p.ad.gt
1	image6.pubmatic.com	ads.pubmatic.com
1	d.turn.com	1 redirects
1	data.adsrvr.org	gslbeacon.lijit.com
1	pixel-eu.rubiconproject.com	gslbeacon.lijit.com
1	pixel-sync.sitescout.com	1 redirects
1	aorta.clickagy.com	1 redirects
1	pixel-us-east.rubiconproject.com	gslbeacon.lijit.com
1	contextual.media.net	gslbeacon.lijit.com
1	jadserve.postrelease.com	1 redirects
1	ps.eyeota.net	a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
1	pxdrop.lijit.com	www.sfweekly.com
1	vap2ams1.lijit.com	a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
1	gslbeacon.lijit.com	ap.lijit.com
1	surgeprice.com	ap.lijit.com
1	trc.taboola.com	www.sfweekly.com
1	p.ad.gt	a.ad.gt
1	aufp.io	a.ad.gt
1	51uav-sg2ba.ads.tremorhub.com	ajax.googleapis.com
1	51uav-eqocf.ads.tremorhub.com	ajax.googleapis.com
1	a.ad.gt	www.sfweekly.com
1	www.googletagmanager.com	powerad.ai
1	loadeu.exelator.com	www.sfweekly.com
1	cs.admanmedia.com	1 redirects
1	ww1772.smartadserver.com	sb.freeskreen.com
1	static.adsafeprotected.com	www.sfweekly.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.se	securepubads.g.doubleclick.net
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	static.hotjar.com	www.sfweekly.com
0	ums.acuityplatform.com Failed	gslbeacon.lijit.com
280	109

This site contains links to these domains. Also see Links.

Domain
sfevergreen.com
archives.sfweekly.com
www.facebook.com
twitter.com
www.instagram.com
edition.pagesuite-professional.co.uk
docs.google.com
soundcloud.com
reddit.com
www.cinderellasolutionreview.org

Subject Issuer	Validity	Valid
www.sfweekly.com R3	`2021-06-14` - `2021-09-12`	3 months	crt.sh
*.netdna-ssl.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-22` - `2022-03-18`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.powerad.ai Go Daddy Secure Certificate Authority - G2	`2020-10-12` - `2021-10-12`	a year	crt.sh
*.freetls.fastly.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-04-27` - `2022-05-29`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.freeskreen.com Amazon	`2021-01-19` - `2022-02-16`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
richstring.com R3	`2021-06-23` - `2021-09-21`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
hb.brainlyads.com Go Daddy Secure Certificate Authority - G2	`2020-11-23` - `2021-12-25`	a year	crt.sh
*.google.se GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2020-10-03` - `2021-11-03`	a year	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-04-01` - `2022-04-04`	a year	crt.sh
*.tremorhub.com Amazon	`2020-07-25` - `2021-08-25`	a year	crt.sh
*.exelator.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-06-07`	a year	crt.sh
*.ad.gt Amazon	`2021-06-09` - `2022-07-08`	a year	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2021-03-30` - `2022-04-04`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
includemodal.com Amazon	`2020-11-15` - `2021-12-14`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
aufp.io Amazon	`2020-12-26` - `2022-01-24`	a year	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-12-29` - `2021-12-28`	a year	crt.sh
cert1.a2.atm.aqfer.net R3	`2021-05-18` - `2021-08-16`	3 months	crt.sh
*.eyeota.net R3	`2021-04-29` - `2021-07-28`	3 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
*.simpli.fi DigiCert SHA2 Secure Server CA	`2019-09-18` - `2021-12-12`	2 years	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2021-04-12` - `2022-04-20`	a year	crt.sh
aax-eu.amazon-adsystem.com Amazon	`2021-04-09` - `2022-03-20`	a year	crt.sh
*.owneriq.net GeoTrust RSA CA 2018	`2021-01-29` - `2022-02-02`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.gumgum.com Amazon	`2021-06-05` - `2022-07-04`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-05-26` - `2021-08-24`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2021-04-29` - `2022-05-31`	a year	crt.sh
*.outbrain.com Thawte RSA CA 2018	`2019-10-29` - `2021-11-23`	2 years	crt.sh
*.srv.stackadapt.com Amazon	`2020-12-09` - `2022-01-07`	a year	crt.sh
*.technoratimedia.com DigiCert SHA2 High Assurance Server CA	`2020-07-28` - `2021-10-01`	a year	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2020-04-09` - `2022-06-08`	2 years	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-01` - `2021-09-30`	a year	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2021-05-18` - `2022-06-19`	a year	crt.sh

This page contains 33 frames:

Primary Page: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Frame ID: 21073D1E21857B9069C7C76606543932
Requests: 117 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Frame ID: 67AE203352A01AD4B2506374FC5328F6
Requests: 1 HTTP requests in this frame

Frame: https://hb.brainlyads.com/pbjs_wrapper.v1.0.js
Frame ID: AABC88F0412AC40321444FC2699BAA1A
Requests: 7 HTTP requests in this frame

Frame: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: A8C61D2514516FAE0316C35859614B45
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
Frame ID: EA81BEC526357C363F7B600C92821498
Requests: 3 HTTP requests in this frame

Frame: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Frame ID: 368065B2013D9998039A369C2103D06D
Requests: 12 HTTP requests in this frame

Frame: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Frame ID: 9C710C37F96784879FC913B73A5C157A
Requests: 11 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=eu
Frame ID: 3394E9828F3B0A31D9818166077350EB
Requests: 3 HTTP requests in this frame

Frame: https://includemodal.global.ssl.fastly.net/pw.js
Frame ID: 3403082CFD5614D492359163935447BA
Requests: 11 HTTP requests in this frame

Frame: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 96E990A404000229A5D76698A7FCFE06
Requests: 22 HTTP requests in this frame

Frame: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 892D9D2CA34D55480C200C0BB11868F0
Requests: 8 HTTP requests in this frame

Frame: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 7FE82B4D31FDF97950C47624356F4400
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: A446ACCE24B6E8276610B79D2E56AA08
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5493320164060083006/300x600/index_300x600.html
Frame ID: 2C1AEADAA99D13697DD30C451DE0E801
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: E4025BEEF042BBB555FC651A7074B3A1
Requests: 2 HTTP requests in this frame

Frame: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Frame ID: 4BA90733CE3E4C21636F12300029C990
Requests: 25 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
Frame ID: 01A96D69E4BD8D5FE0021B2251B43AB4
Requests: 2 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Frame ID: 8578DD5D32AF2DE72AA9B0D26A002042
Requests: 16 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
Frame ID: 72EF217ED7234AF120F05D7C8404EA0E
Requests: 1 HTTP requests in this frame

Frame: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Frame ID: BC6AEF5F38C22238EC2176789498CB62
Requests: 8 HTTP requests in this frame

Frame: https://ce.lijit.com/merge?pid=1&3pid=8919356679667100101&gdpr=1&gdpr_consent=
Frame ID: 026057934D8ED43E9805231973CDA7AB
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=876560d6-c113-4200-8aa1-81894cb771d4&gdpr=1&gdpr_consent=
Frame ID: 7301AE4AF755D03CAB89EC8C91BFDC5F
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=atm&i=YNbBFQACLrxVDQA4&gdpr=1&gdpr_consent=&_test=YNbBFQACLrxVDQA4
Frame ID: 760ABE05D39179AC8D51FC5A67104D2A
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9kNDNjZmY5MS00ZWIwLTRmYTQtOTNjYy0wZWZmNjk2OGU1ZWU=&gdpr=1&gdpr_consent=
Frame ID: 0A21A876F0C3D2CF8DC9BD0F3802705F
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Frame ID: F02136B9545836B237F187156C2635A0
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Frame ID: C7381525BEA6173F9665743259CC1687
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
Frame ID: AEC6128F3B0178D0EC67DC071543AF57
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Frame ID: E0FD7527EE6264A54ED87BC17338D2DA
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YNbBFsCo8YwAADHzWqsAAAAA
Frame ID: 430B8BC71C749C5CAA35E752E383EC99
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=zet&i=1871316021121709418
Frame ID: CE0F46CC5AA54810317356C005900B59
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=3v9MOiKH0LyT9jp19FFa&pi=gumgum
Frame ID: EF96B557A5B45710D39A735D45BB28F0
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 3529455B3279AEEE2FFAE30CFD590E74
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 276F7158D5CF4B176500F18BC534345B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
script /google-analytics\.com\/plugins\/ua\/(?:ec|ecommerce)\.js/i

Google Analytics Enhanced eCommerce (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/plugins\/ua\/(?:ec|ecommerce)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

Page Statistics

280
Requests

99 %
HTTPS

28 %
IPv6

74
Domains

109
Subdomains

78
IPs

10
Countries

3495 kB
Transfer

7553 kB
Size

9
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: http://sfevergreen.com/
Title: Cannabis

Search URL Search Domain Scan URL

URL: http://archives.sfweekly.com/
Title: Archives

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sfweekly/

Search URL Search Domain Scan URL

URL: https://twitter.com/sfweekly/

Search URL Search Domain Scan URL

URL: https://www.instagram.com/sfweekly/

Search URL Search Domain Scan URL

URL: https://edition.pagesuite-professional.co.uk/launch.aspx?eid=74d92e67-e7e2-4f83-852d-eb6a504fc670
Title: Click For Our Latest Print Edition

Search URL Search Domain Scan URL

URL: https://docs.google.com/forms/d/1qhROZ9vkKf7gwra950rTMMtD5-YxrDjyejpD-BkKqtc
Title: Vote For Best Of 2021 Now!

Search URL Search Domain Scan URL

URL: https://soundcloud.com/sfweeklypodcast

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F
Title:

Search URL Search Domain Scan URL

URL: http://twitter.com/home?status=PhenQ+Reviews%3A+Does+Ingredients+In+This+Weight+Loss+Pills+Work%3F+-+https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F
Title:

Search URL Search Domain Scan URL

URL: http://reddit.com/submit?url=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&title=PhenQ+Reviews%3A+Does+Ingredients+In+This+Weight+Loss+Pills+Work%3F
Title:

Search URL Search Domain Scan URL

URL: https://www.cinderellasolutionreview.org/phenq
Title: PhenQ weight loss pills

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=%url%&text=%text%
Title: Tweet

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 78

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=123456&endpoint=us-west HTTP 301
https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west

Request Chain 79

https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Fsa%3D%5Bsas_uid%5D HTTP 302
https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Fsa%3D%5Bsas_uid%5D&cklb=1

Request Chain 80

https://scm.publishers.tremorhub.com/pubsync?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Ftlr%3D%5Btvid%5D HTTP 302
https://scm.publishers.tremorhub.com/pubsync/verify?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Ftlr%3D%5Btvid%5D

Request Chain 81

https://cs.admanmedia.com/sync/smaato?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Fac%3D{$UID} HTTP 302
https://sb.freeskreen.com/um?ac={$UID}

Request Chain 93

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=smartadserver&endpoint=eu HTTP 301
https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=eu

Request Chain 116

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.sfweekly.com%2F&domain=www.sfweekly.com&cw=1 HTTP 302
https://mug.criteo.com/sid?cpp=IRzojnxrN1QybVNPQmh2YlZYa1hsT2FsR1V0d2NrSGFPRkxITzNGUW9hVFltR29uaTRwNVhMZHZmeVF3cTJRSmo5SjhLRVRuYVlMUW16cjRKVUt1L016TXFPMTByZnN1em1GRzlyQU9zVlZwNG9lSjBITWxLdm5zVnc0c0tIRFRmajYwQkRhOGl1QWpLRmFSYXI3TmxwbmpnN0VRSU1MbUJ3VlkwUkJFb1ByTXFFOUR1eXNUQW90U1F5NVlZUGlGL0VBRTR5NnJZeE1wQW1rdWVaYzR4RkVNQWxjWG40K1FOODkzanhZS0NGR1lUbk1nPXw&cppv=2

Request Chain 156

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 160

https://secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=0e03afbe-156d-4b7d-b9e0-99014fd53faa&adnxs_id=$UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmatch%3Fid%3D0e03afbe-156d-4b7d-b9e0-99014fd53faa%26adnxs_id%3D%24UID HTTP 302
https://ids.ad.gt/api/v1/match?id=0e03afbe-156d-4b7d-b9e0-99014fd53faa&adnxs_id=4353039743070324981

Request Chain 161

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&gpdr=0&ttd_puid=0e03afbe-156d-4b7d-b9e0-99014fd53faa HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=8gkxb6n&ttd_tpi=1&gpdr=0&ttd_puid=0e03afbe-156d-4b7d-b9e0-99014fd53faa HTTP 302
https://ids.ad.gt/api/v1/t_match?tdid=b674bed5-6e05-40fa-9306-61c602f5e0fa&id=0e03afbe-156d-4b7d-b9e0-99014fd53faa

Request Chain 162

https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3D0e03afbe-156d-4b7d-b9e0-99014fd53faa HTTP 302
https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3D0e03afbe-156d-4b7d-b9e0-99014fd53faa HTTP 302
https://ids.ad.gt/api/v1/pbm_match?pbm=FE69C282-0667-496E-9322-C2DB18BFB5CB&id=0e03afbe-156d-4b7d-b9e0-99014fd53faa

Request Chain 163

https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=0e03afbe-156d-4b7d-b9e0-99014fd53faa HTTP 302
https://ids.ad.gt/api/v1/g_match?id=0e03afbe-156d-4b7d-b9e0-99014fd53faa&google_gid=CAESEEynhpbFXsz3wCTHuo2jaHU&google_cver=1&google_ula=450542624,0

Request Chain 164

https://ids.ad.gt/api/v1/g_hosted?id=0e03afbe-156d-4b7d-b9e0-99014fd53faa HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=MGUwM2FmYmUtMTU2ZC00YjdkLWI5ZTAtOTkwMTRmZDUzZmFh

Request Chain 165

https://match.prod.bidr.io/cookie-sync/audigent?buyer_user_id=0e03afbe-156d-4b7d-b9e0-99014fd53faa HTTP 303
https://match.prod.bidr.io/cookie-sync/audigent?buyer_user_id=0e03afbe-156d-4b7d-b9e0-99014fd53faa&_bee_ppp=1 HTTP 303
https://ids.ad.gt/api/v1/beeswax_match?beeswax_id=AABtrU7BrYIAADe3d2U3Aw&id=0e03afbe-156d-4b7d-b9e0-99014fd53faa

Request Chain 167

https://ids.ad.gt/api/v1/rub?id=0e03afbe-156d-4b7d-b9e0-99014fd53faa HTTP 302
https://token.rubiconproject.com/token?pid=50242&puid=0e03afbe-156d-4b7d-b9e0-99014fd53faa&gdpr=0

Request Chain 171

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 191

https://bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=7cb113ce84b11fcaeac55eeb/gdpr=1/gdpr_consent=/pv=y?https://ce.lijit.com/merge?pid=5001&3pid=${profile_id}&gdpr=1&gdpr_consent= HTTP 302
https://bcp.crwdcntrl.net/5/ct=y/c=5436/tp=SVRN/tpid=7cb113ce84b11fcaeac55eeb/gdpr=1/gdpr_consent=/pv=y?https://ce.lijit.com/merge?pid=5001&3pid=${profile_id}&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=5001&3pid=99557c22e17ffc55bdd4e8a7ed71d4fb&gdpr=1&gdpr_consent=

Request Chain 193

https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=43&gdpr=1&gdpr_consent=&us_privacy=&3pid=PIZpPGmHPDkngWhsPY4gbm-GOzgnjms6PtApVN-9

Request Chain 195

https://p.rfihub.com/cm?in=1&pub=1827&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=10&3pid=1871316021121709418

Request Chain 196

https://um.simpli.fi/lj_match?r=1624686867456&gdpr=1&gdpr_consent= HTTP 302
https://um.simpli.fi/no_match_opted_out

Request Chain 198

https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=1&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=N2NiMTEzY2U4NGIxMWZjYWVhYzU1ZWVi&gdpr=1 HTTP 302
https://ap.lijit.com/dsp/google/reporting?gdpr=1

Request Chain 199

https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=49&3pid=8U7NubzW0Jqs&ev=1&pid=558511&gdpr_consent=&gdpr=1

Request Chain 201

https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=1&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=N2NiMTEzY2U4NGIxMWZjYWVhYzU1ZWVi&gdpr=1

Request Chain 202

https://jadserve.postrelease.com/suid/101957?ntv_r=https://ce.lijit.com/merge?pid=90&3pid=NTV_USER_ID&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=90&3pid=NTV_USER_ID&gdpr=1&gdpr_consent=

Request Chain 204

https://sync.mathtag.com/sync/img?mt_exid=17&mt_exuid=7cb113ce84b11fcaeac55eeb&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D3%263pid%3D%5BUUID%5D&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=3&3pid=876560d6-c113-4200-8aa1-81894cb771d4&gdpr=1&gdpr_consent=

Request Chain 206

https://bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=7cb113ce84b11fcaeac55eeb/pv=y?https://ce.lijit.com%2Fmerge%3Fpid%3D5001%263pid%3D%24%7Bprofile_id%7D&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=5001&3pid=99557c22e17ffc55bdd4e8a7ed71d4fb&gdpr=1&gdpr_consent=

Request Chain 207

https://aorta.clickagy.com/pixel.gif?ch=185&cm=7cb113ce84b11fcaeac55eeb&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=84&3pid=c:cb45ec586b4b3139fed08c39b6f20c55

Request Chain 208

https://creativecdn.com/cm-notify?pi=sovrn&gdpr=1&gdpr_consent= HTTP 302
https://creativecdn.com/cm-notify?pi=sovrn&gdpr=1&gdpr_consent=&tc=1 HTTP 302
https://ce.lijit.com/merge?pid=86&3pid=3v9MOiKH0LyT9jp19FFa&pi=sovrn&gdpr_consent=&gdpr=1&tc=1

Request Chain 209

https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=1&gdpr_consent= HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=sovrn&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=87&3pid=074afe96-a7ea-41cb-94ea-cdebe7c45095

Request Chain 210

https://match.prod.bidr.io/cookie-sync/svr?gdpr=1&gdpr_consent= HTTP 303
https://ce.lijit.com/merge?pid=85&3pid=AABtrU7BrYIAADe3d2U3Aw&gdpr=1

Request Chain 211

https://aax-eu.amazon-adsystem.com/s/x/ae12848777b41970a5f2?gdpr=1&gdpr_consent= HTTP 302
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=sovrn&gdpr=1&gdpr_consent=&dcc=t

Request Chain 212

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=16&3pid=no-consent&gdpr=1&gdpr_consent=

Request Chain 214

https://px.owneriq.net/eucm/p/sv?gdpr=1&gdpr_consent= HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fpx.owneriq.net%2ffr%2fepx.gif&uid=Q6779732682052506596&ref=%2Feucm%2Fp%2Fsv HTTP 302
https://px.owneriq.net/noop?ct=image%2Fgif

Request Chain 216

https://sync.1rx.io/usersync2/sovrn?gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=56&3pid=OPTOUT

Request Chain 220

https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent= HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=

Request Chain 221

https://d.turn.com/r/dd/id/L21rdC8xMjcvY2lkLzI4NTUyOTczL3QvMg/url/https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1%263pid%3D%24!%7BTURN_UUID%7D&gdpr=1&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=1&3pid=8919356679667100101&gdpr=1&gdpr_consent=

Request Chain 236

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=876560d6-c113-4200-8aa1-81894cb771d4

Request Chain 237

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=i11m9N5cM_GQWmekilUvpthdNPCQVWTyiQvDJiNE

Request Chain 238

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2967956833627946580

Request Chain 241

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGe1uWxkUzI6qn1-ihm3hQI&google_cver=1

Request Chain 245

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
https://rtb.gumgum.com/usersync?b=apn&i=4353039743070324981

Request Chain 247

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=1&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
https://rtb.gumgum.com/usersync?b=obn&i=ENC%28GICd3vxIxDJb53r6iNOxctjIh-3t-b5g0XPRogR0cKhtK6Kf9bwU8mUvOOFrUfRd%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28GICd3vxIxDJb53r6iNOxctjIh-3t-b5g0XPRogR0cKhtK6Kf9bwU8mUvOOFrUfRd%29 HTTP 302
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_d43cff91-4eb0-4fa4-93cc-0eff6968e5ee&obuid=ENC(GICd3vxIxDJb53r6iNOxctjIh-3t-b5g0XPRogR0cKhtK6Kf9bwU8mUvOOFrUfRd) HTTP 302
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=160065&gdpr=PM_GDPR&gdpr_consent=PM_CONSENT&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160065%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fsync.outbrain.com%252Fcookie-sync%253Fp%253Dpubmatic%2526obUid%253DGICd3vxIxDJb53r6iNOxctjIh-3t-b5g0XPRogR0cKhtK6Kf9bwU8mUvOOFrUfRd%2526uid%253D%2523PMUID HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RkU2OUMyODItMDY2Ny00OTZFLTkzMjItQzJEQjE4QkZCNUNC&gdpr=0&gdpr_consent=PM_CONSENT HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RkU2OUMyODItMDY2Ny00OTZFLTkzMjItQzJEQjE4QkZCNUNC&gdpr=0&gdpr_consent=PM_CONSENT&google_tc= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=PM_CONSENT HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=PM_CONSENT HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=PM_CONSENT HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=PM_CONSENT&piggybackCookie=CAESEG3xgiHGSoLmMKh2yDQeTZ0&google_cver=1 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=PM_CONSENT HTTP 302
https://image4.pubmatic.com/AdServer/SPug?p=160065&pmc=1&pr=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dpubmatic%26obUid%3DGICd3vxIxDJb53r6iNOxctjIh-3t-b5g0XPRogR0cKhtK6Kf9bwU8mUvOOFrUfRd%26uid%3DFE69C282-0667-496E-9322-C2DB18BFB5CB HTTP 302
https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=GICd3vxIxDJb53r6iNOxctjIh-3t-b5g0XPRogR0cKhtK6Kf9bwU8mUvOOFrUfRd&uid=FE69C282-0667-496E-9322-C2DB18BFB5CB

Request Chain 248

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=1&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=opx&i=5fddcc97-cdfc-0733-1f45-99f35f355a66

Request Chain 250

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=1&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=oth&i=y-OO9p8edE2pdWtpPXHLdVYzPdM96RHItrgmun~A

Request Chain 251

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=1&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=vnt&i=f937a136-d642-11eb-a906-fd616201f0c1

Request Chain 254

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_d43cff91-4eb0-4fa4-93cc-0eff6968e5ee&gdpr=1&gdpr_consent=&us_privacy= HTTP 302
https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1

Request Chain 255

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://rtb.gumgum.com/usersync?b=idi&i=787627f8-7df9-41e9-a580-2ff5f27380a8

Request Chain 256

https://sync.1rx.io/usersync2/floor6&gdpr=1&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3447895070 HTTP 302
https://sync.1rx.io/usersync/tradedesk/b674bed5-6e05-40fa-9306-61c602f5e0fa HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-eb7a8ef7-acbb-4040-9713-571af667fc4c-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-eb7a8ef7-acbb-4040-9713-571af667fc4c-003 HTTP 302
https://rtb.gumgum.com/usersync?b=rhy&i=RX-eb7a8ef7-acbb-4040-9713-571af667fc4c-003

Request Chain 257

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
https://rtb.gumgum.com/usersync?b=pln&i=spRSXiZVJvqO&ev=1&pid=558355

Request Chain 258

https://ssbsync.smartadserver.com/api/sync?callerId=15 HTTP 302
https://rtb.gumgum.com/usersync?b=sad&i=5370632105907331666&gdpr=1&gdpr_consent=

Request Chain 260

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=1&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
https://rtb.gumgum.com/usersync?b=mmh&i=876560d6-c113-4200-8aa1-81894cb771d4&gdpr=1&gdpr_consent=

Request Chain 261

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=&_test=YNbBFQACLrxVDQA4 HTTP 302
https://rtb.gumgum.com/usersync?b=atm&i=YNbBFQACLrxVDQA4&gdpr=1&gdpr_consent=&_test=YNbBFQACLrxVDQA4

Request Chain 267

https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
https://rtb.gumgum.com/usersync?b=sus&i=YNbBFsCo8YwAADHzWqsAAAAA

Request Chain 268

https://p.rfihub.com/cm?pub=42796&in=1 HTTP 302
https://rtb.gumgum.com/usersync?b=zet&i=1871316021121709418

Request Chain 269

https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
https://rtb.gumgum.com/usersync?b=rth&i=3v9MOiKH0LyT9jp19FFa&pi=gumgum

280 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/ 116 KB
28 KB 859ms
181ms Document
text/html 34.71.19.215
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.71.19.215 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

215.19.71.34.bc.googleusercontent.com

Software

nginx / WP Engine

Resource Hash

dcab34f7c20677d9ab03841ae1b09b6f0304a8492dd8ad343cf3840ed38cc6a8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

:method: GET
:authority: www.sfweekly.com
:scheme: https
:path: /sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: nginx
date: Sat, 26 Jun 2021 05:54:25 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
link: <https://www.sfweekly.com/wp-json/>; rel="https://api.w.org/" <https://www.sfweekly.com/?p=251611>; rel=shortlink
x-powered-by: WP Engine
content-security-policy: upgrade-insecure-requests
x-cacheable: SHORT
cache-control: max-age=600, must-revalidate
x-cache: HIT: 2
x-cache-group: normal
content-encoding: br

GET
H2 200 style.min.css
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-includes/css/dist/block-library/ 40 KB
6 KB 167ms
51ms Stylesheet
text/css 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-includes/css/dist/block-library/style.min.css?ver=5.3.8
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: dfd6d929422d1f69a727fb6b525f610562eab183a333576516bec0b0503cb049

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
content-encoding: gzip
last-modified: Wed, 10 Jun 2020 15:48:08 GMT
server: NetDNA-cache/2.2
etag: W/"5ee100b8-a055"
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 ai-aos.css
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/plugins/ad-inserter-pro/includes/aos/ 33 KB
3 KB 235ms
119ms Stylesheet
text/css 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/plugins/ad-inserter-pro/includes/aos/ai-aos.css?ver=2.6.2
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 522cc4ddf3c2daf42d71bd1ce57b9bd0c118068c0b4e363ebcb438f48dab7c0a

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
content-encoding: gzip
last-modified: Mon, 29 Mar 2021 10:26:12 GMT
server: NetDNA-cache/2.2
etag: W/"6061ab44-85c7"
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 mmenu.css
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/plugins/mmenu/css/ 55 KB
8 KB 233ms
118ms Stylesheet
text/css 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/plugins/mmenu/css/mmenu.css?ver=3
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 38a1e8685db844db2f4fdf44030186e2054286aad8a8e7d00a7d35b1a4d62bf3

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
content-encoding: gzip
last-modified: Mon, 29 Mar 2021 10:26:12 GMT
server: NetDNA-cache/2.2
etag: W/"6061ab44-dce0"
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 frontend.css
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/plugins/pc-google-analytics/assets/css/ 0
222 B 229ms
114ms Stylesheet
text/css 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/plugins/pc-google-analytics/assets/css/frontend.css?ver=1.0.0
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
last-modified: Mon, 29 Mar 2021 10:26:12 GMT
server: NetDNA-cache/2.2
etag: "6061ab44-0"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 0

GET
H2 200 css
fonts.googleapis.com/ 32 KB
1 KB 18ms
16ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%3A300%2C300i%2C400%2C400i%2C600%2C600i%2C700%2C700i%2C800%2C800i%7CMerriweather%3A400%2C400i%2C700%2C700i%2C900%2C900i&display=swap&ver=5.3.8

Requested by

Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6f780911a8781269b89ee6225f5b047c14df0581f73bada33612462529a1d16a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 26 Jun 2021 05:54:25 GMT
server: ESF
date: Sat, 26 Jun 2021 05:54:25 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 26 Jun 2021 05:54:25 GMT

GET
H2 200 theme.min.css
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/css/ 381 KB
63 KB 192ms
77ms Stylesheet
text/css 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/css/theme.min.css?ver=1.1.1617013572
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: dbf45a4ab6a93d6ed8919dbbb2a99ea1bb7b56dbcae714530f5f6f627a59f977

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
content-encoding: gzip
last-modified: Mon, 29 Mar 2021 10:26:12 GMT
server: NetDNA-cache/2.2
etag: W/"6061ab44-5f57b"
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 highlight-and-share-emails.css
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/plugins/highlight-and-share/css/ 2 KB
938 B 228ms
114ms Stylesheet
text/css 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/plugins/highlight-and-share/css/highlight-and-share-emails.css?ver=3.1.5
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: cc46822c1efd215f4382b351af79ca830874c08b9177a5131b6cc6a971a3832c

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
content-encoding: gzip
last-modified: Mon, 29 Mar 2021 10:26:12 GMT
server: NetDNA-cache/2.2
etag: W/"6061ab44-8a7"
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 highlight-and-share-black.css
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/plugins/highlight-and-share/css/ 4 KB
1 KB 229ms
115ms Stylesheet
text/css 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/plugins/highlight-and-share/css/highlight-and-share-black.css?ver=3.1.5
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 156187e022caad5e50fc56c6fd80ab78c62897281a9db23a4edc3ebc0a92824a

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
content-encoding: gzip
last-modified: Mon, 29 Mar 2021 10:26:12 GMT
server: NetDNA-cache/2.2
etag: W/"6061ab44-e60"
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery.js Show response
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-includes/js/jquery/ 95 KB
34 KB 248ms
133ms Script
application/javascript 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
content-encoding: gzip
last-modified: Fri, 17 May 2019 04:25:54 GMT
server: NetDNA-cache/2.2
etag: W/"5cde37d2-17a69"
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery-migrate.min.js Show response
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-includes/js/jquery/ 10 KB
4 KB 254ms
140ms Script
application/javascript 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
content-encoding: gzip
last-modified: Fri, 20 May 2016 06:11:28 GMT
server: NetDNA-cache/2.2
etag: W/"573eaa90-2748"
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 ai-jquery.js Show response
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/plugins/ad-inserter-pro/includes/js/ 18 B
252 B 254ms
140ms Script
application/javascript 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/plugins/ad-inserter-pro/includes/js/ai-jquery.js?ver=5.3.8+2.6.2
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 5257f9ca13e924a41ca83bdec64768c6b1eaaa16fbb0e9a0fe22873f0c6efa7c

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
last-modified: Mon, 29 Mar 2021 10:26:13 GMT
server: NetDNA-cache/2.2
etag: "6061ab45-12"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 18

GET
H2 200 mmenu.js Show response
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/plugins/mmenu/js/ 75 KB
21 KB 240ms
126ms Script
application/javascript 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/plugins/mmenu/js/mmenu.js?ver=3
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: bc91edebf695ab675bb36ce72cd9437ab7edcb66091224cf03066d98b575fb9d

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
content-encoding: gzip
last-modified: Mon, 29 Mar 2021 10:26:12 GMT
server: NetDNA-cache/2.2
etag: W/"6061ab44-12bd2"
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 frontend.min.js Show response
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/plugins/pc-google-analytics/assets/js/ 37 B
271 B 253ms
139ms Script
application/javascript 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/plugins/pc-google-analytics/assets/js/frontend.min.js?ver=1.0.0
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 9120fc5e7b83f3083c39b6ee71d2cd0322451890f95440289b32dca28294e68f

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
last-modified: Mon, 29 Mar 2021 10:26:12 GMT
server: NetDNA-cache/2.2
etag: "6061ab44-25"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 37

GET
H/1.1 200
OK script.js Show response
powerad.ai/ 158 KB
33 KB 479ms
225ms Script
application/javascript 18.211.226.152
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://powerad.ai/script.js
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 18.211.226.152 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-226-152.compute-1.amazonaws.com
Software: nginx/1.10.3 (Ubuntu) / Express
Resource Hash: b3aade6189cb058b28b28e97335a8e17a68e3a61160f8e83cc60989c9d5c9955

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 26 Jun 2021 05:54:25 GMT
Content-Encoding: gzip
Last-Modified: Thu, 24 Jun 2021 16:08:29 GMT
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
X-Powered-By: Express
ETag: W/"27835-17a3ec7a494"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Access-Control-Allow-Credentials: true
Connection: close
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK sp.js Show response
includemodal.global.ssl.fastly.net/ 40 KB
12 KB 94ms
28ms Script
application/javascript 151.101.1.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://includemodal.global.ssl.fastly.net/sp.js
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f8f38aa8f67c0e9e168ba7f4d5e0e0467c82ccb002a337841dd178fd5560608e

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: Rwznl4isfCVd0OnIaRCLtzTucgPCizWv
Content-Encoding: gzip
ETag: "8c0e846cb2571fcc913e635e81b0264a"
Age: 646
X-Cache: HIT
Connection: keep-alive
Content-Length: 11863
x-amz-id-2: pnQHg5Q6S0mKlafbl6DjeTUdvGllDCI4BY/TqDGY2CAEMRo7Uh4mah0167/tZ5/TDi8dtivIYdw=
X-Served-By: cache-bma1651-BMA
Last-Modified: Fri, 11 Jun 2021 18:19:22 GMT
Server: AmazonS3
X-Timer: S1624686865.316566,VS0,VE0
Date: Sat, 26 Jun 2021 05:54:25 GMT
Vary: Accept-Encoding
x-amz-request-id: CGWMB9KNZYJTWKMM
Via: 1.1 varnish
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Hits: 1

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 67 KB
24 KB 184ms
64ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

sffe /

Resource Hash

5c91d0d443201121d27bab38d853a67ca055aa4de1b8969ddb9674b3463db008

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "913 / 384 of 1000 / last-modified: 1624659045"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23677
x-xss-protection: 0
expires: Sat, 26 Jun 2021 05:54:25 GMT

GET
H2 200 phenq.jpeg
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/uploads/2021/04/ 33 KB
33 KB 417ms
414ms Image
image/jpeg 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/uploads/2021/04/phenq.jpeg
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 3c789aeddb7bb57e2abe36b502a590c63230222bb5ea8a68f986d7d68dffbe81

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
last-modified: Mon, 05 Apr 2021 22:45:00 GMT
server: NetDNA-cache/2.2
etag: "606b92ec-8265"
vary: Accept-Encoding
x-cache: MISS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public, max-age=31536000
accept-ranges: bytes
content-length: 33381
expires: Mon, 26 Jul 2021 05:54:25 GMT

GET
H2 200 phenq-review.jpeg
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/uploads/2021/04/ 119 KB
119 KB 417ms
414ms Image
image/jpeg 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/uploads/2021/04/phenq-review.jpeg
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 0ca494a07eaddaddc0cdafd9b489ba8ca5351646045ea13f2412562422b09656

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
last-modified: Mon, 05 Apr 2021 22:45:00 GMT
server: NetDNA-cache/2.2
etag: "606b92ec-1daec"
vary: Accept-Encoding
x-cache: MISS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public, max-age=31536000
accept-ranges: bytes
content-length: 121580
expires: Mon, 26 Jul 2021 05:54:25 GMT

GET
H2 200 phenq-price.jpeg
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/uploads/2021/04/ 61 KB
61 KB 417ms
414ms Image
image/jpeg 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/uploads/2021/04/phenq-price.jpeg
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 4272575cf8e122c28736c3c5ff0edd5b7f0e563863a29e601d8bc254926c2094

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
last-modified: Mon, 05 Apr 2021 22:44:59 GMT
server: NetDNA-cache/2.2
etag: "606b92eb-f3f7"
vary: Accept-Encoding
x-cache: MISS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public, max-age=31536000
accept-ranges: bytes
content-length: 62455
expires: Mon, 26 Jul 2021 05:54:25 GMT

GET
H2 200 kimzy-nanney-b2haCjfk_cM-unsplash-570x355.jpg
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/uploads/2021/06/ 31 KB
32 KB 63ms
60ms Image
image/jpeg 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/uploads/2021/06/kimzy-nanney-b2haCjfk_cM-unsplash-570x355.jpg
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 14f1428061eb9b33ac8861b25d1fc65a2f080d3f80c13cedf7a4c44d4f27aa54

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
last-modified: Fri, 25 Jun 2021 19:04:24 GMT
server: NetDNA-cache/2.2
etag: "60d628b8-7df7"
vary: Accept-Encoding
x-cache: HIT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public, max-age=31536000
accept-ranges: bytes
content-length: 32247
expires: Sun, 25 Jul 2021 21:54:41 GMT

GET
H2 200 image1-30-2-570x355.png
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/uploads/2021/06/ 180 KB
180 KB 67ms
65ms Image
image/png 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/uploads/2021/06/image1-30-2-570x355.png
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: f9bc3196867522f7f288ec310a147c9fd1890566851f6c7218d043998d938a93

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
last-modified: Fri, 25 Jun 2021 18:50:52 GMT
server: NetDNA-cache/2.2
etag: "60d6258c-2cffa"
vary: Accept-Encoding
x-cache: HIT
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000, public, max-age=31536000
accept-ranges: bytes
content-length: 184314
expires: Sun, 25 Jul 2021 21:54:41 GMT

GET
H2 200 shutterstock_1704534943-570x355.jpg
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/uploads/2021/06/ 48 KB
48 KB 90ms
88ms Image
image/jpeg 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/uploads/2021/06/shutterstock_1704534943-570x355.jpg
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: a73bfcb6deda1ba543391d350f64dc4c56dd75b3d280872741c194ea5ed42033

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
last-modified: Fri, 25 Jun 2021 00:05:49 GMT
server: NetDNA-cache/2.2
etag: "60d51ddd-bf3b"
vary: Accept-Encoding
x-cache: HIT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public, max-age=31536000
accept-ranges: bytes
content-length: 48955
expires: Sun, 25 Jul 2021 21:54:41 GMT

GET
H2 200 honey-yanibel-minaya-cruz-UFTg6L9ZWJ8-unsplash-570x355.jpg
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/uploads/2021/06/ 30 KB
30 KB 95ms
93ms Image
image/jpeg 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/uploads/2021/06/honey-yanibel-minaya-cruz-UFTg6L9ZWJ8-unsplash-570x355.jpg
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: fe4108d909a63ac862501d5ecd0c70239453c08c982d7ccc64d5d4e3ea142177

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
last-modified: Wed, 23 Jun 2021 21:17:55 GMT
server: NetDNA-cache/2.2
etag: "60d3a503-7864"
vary: Accept-Encoding
x-cache: HIT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public, max-age=31536000
accept-ranges: bytes
content-length: 30820
expires: Sun, 25 Jul 2021 22:02:01 GMT

GET
H2 200 aos.js Show response
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/plugins/ad-inserter-pro/includes/aos/ 14 KB
5 KB 50ms
50ms Script
application/javascript 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/plugins/ad-inserter-pro/includes/aos/aos.js?ver=2.6.2
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 8acb04628394993656dad11f23029fc6ad13cf90cfaa1f5df89150b2727684a9

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
content-encoding: gzip
last-modified: Mon, 29 Mar 2021 10:26:12 GMT
server: NetDNA-cache/2.2
etag: W/"6061ab44-37a4"
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 theme.min.js Show response
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/js/ 78 KB
23 KB 53ms
53ms Script
application/javascript 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/js/theme.min.js?ver=1.1.1617013572
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 47c3a2686255802406b8e765d65380930ada5fa4bbcd35ca5c32c6459b1288c0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
content-encoding: gzip
last-modified: Mon, 29 Mar 2021 10:26:12 GMT
server: NetDNA-cache/2.2
etag: W/"6061ab44-13977"
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 comment-reply.min.js Show response
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-includes/js/ 2 KB
1 KB 52ms
49ms Script
application/javascript 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-includes/js/comment-reply.min.js?ver=5.3.8
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 3d5ae546163be6946a8ae9f9040891688b6ef62d1852a0d5d72f8e04ddbe7af5

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
content-encoding: gzip
last-modified: Fri, 26 Mar 2021 19:23:55 GMT
server: NetDNA-cache/2.2
etag: W/"605e34cb-921"
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 sweetalert2.all.min.js Show response
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/plugins/highlight-and-share/js/ 62 KB
15 KB 55ms
52ms Script
application/javascript 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/plugins/highlight-and-share/js/sweetalert2.all.min.js?ver=7.28.4
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: aadc94f9bdb8f6bc3fe4f435297191b718e5820ea17d4d842b9d183a57349f9d

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
content-encoding: gzip
last-modified: Mon, 29 Mar 2021 10:26:12 GMT
server: NetDNA-cache/2.2
etag: W/"6061ab44-f863"
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 wp-polyfill.min.js Show response
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-includes/js/dist/vendor/ 97 KB
34 KB 58ms
55ms Script
application/javascript 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 96ed609b415be6ee67eadb8d2de7ce64d13de9c928bce8e1373bec97e233e74c

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
content-encoding: gzip
last-modified: Thu, 19 Sep 2019 15:19:18 GMT
server: NetDNA-cache/2.2
etag: W/"5d839c76-1833d"
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 i18n.min.js Show response
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-includes/js/dist/ 9 KB
4 KB 61ms
57ms Script
application/javascript 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-includes/js/dist/i18n.min.js?ver=3.6.1
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 5f4e00ecd9e1a6d454db55802d379f4d3ce99bbfa046fbf9b98aac9d443fb8ff

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
content-encoding: gzip
last-modified: Fri, 05 Feb 2021 03:16:11 GMT
server: NetDNA-cache/2.2
etag: W/"601cb87b-233d"
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 highlight-and-share.js Show response
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/plugins/highlight-and-share/js/ 24 KB
4 KB 61ms
58ms Script
application/javascript 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/plugins/highlight-and-share/js/highlight-and-share.js?ver=3.1.5
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: d32a36d8dc793802de2280a21161e890801c411e4e0cab83d78d64f7fd5248ff

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
content-encoding: gzip
last-modified: Mon, 29 Mar 2021 10:26:12 GMT
server: NetDNA-cache/2.2
etag: W/"6061ab44-6079"
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 wp-embed.min.js Show response
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-includes/js/ 1 KB
990 B 61ms
58ms Script
application/javascript 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-includes/js/wp-embed.min.js?ver=5.3.8
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 5138d39633dc69fcd0ed7f33a5e38dc339123f682fa7f5242066879c2bbc8c9b

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
content-encoding: gzip
last-modified: Fri, 05 Feb 2021 03:16:11 GMT
server: NetDNA-cache/2.2
etag: W/"601cb87b-56f"
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H/1.1 200
OK freeskreen.min.js Show response
static.freeskreen.com/publisher/4329/ 25 KB
9 KB 175ms
57ms Script
text/javascript 65.9.77.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.freeskreen.com/publisher/4329/freeskreen.min.js
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4fc81f46ab48df9279cdf0b17cb6e8e1e2990b76ece6d17f8cb3e3cb47da98e4

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 25 Jun 2021 18:49:32 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 Jan 2021 17:19:38 GMT
Server: AmazonS3
Age: 39894
ETag: "0bf6e3033d4c4f3d50c3ecb5e046feae"
X-Cache: Hit from cloudfront
x-amz-version-id: kgVtLemKbS_sOl3J7Jc3hRpIhsR0wLIl
Via: 1.1 38785d3727bf0cfa7ca4399bb481ee5a.cloudfront.net (CloudFront)
Connection: keep-alive
X-Amz-Cf-Pop: AMS1-C1
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 9109
X-Amz-Cf-Id: lzhzZUCheOW_cTKm7l03kvTkx91oIHsqYBaQovnGjSSryw2GG_PskQ==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 26ms
5ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 1360
date: Sat, 26 Jun 2021 05:31:45 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19661
expires: Sat, 26 Jun 2021 07:31:45 GMT

GET
H2 200 91532438-f31b-4086-8018-7cd68ddba2a3.js Show response
d2s8wlbatk24s7.cloudfront.net/service/js/ 41 KB
14 KB 66ms
36ms XHR
application/javascript 2600:9000:2104:1c00:d:77c3:2dc0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2s8wlbatk24s7.cloudfront.net/service/js/91532438-f31b-4086-8018-7cd68ddba2a3.js
Requested by: Host: includemodal.global.ssl.fastly.net
URL: https://includemodal.global.ssl.fastly.net/sp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:1c00:d:77c3:2dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 86dd93fcfdc7834687acff38fc672420945476c9811e036ef68e591d7c111e66

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:32:05 GMT
content-encoding: gzip
server: nginx/1.10.3 (Ubuntu)
age: 1340
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 14400
cache-control: public, max-age=14400
x-cache: Hit from cloudfront
x-amz-cf-pop: AMS1-C1
access-control-allow-headers: *
x-amz-cf-id: 2xGxUxzCVrZBIolzvHCMYkr-Q58uVCmfbExKcqTriCT9zJc5zKqoqw==
via: 1.1 254622ebfed5feb6e2d8380b3f9c4c10.cloudfront.net (CloudFront)

GET
H2 200 hotjar-1671606.js Show response
static.hotjar.com/c/ 4 KB
2 KB 185ms
75ms Script
application/javascript 65.9.77.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1671606.js?sv=6

Requested by

Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.77.33 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

c9d24b2f47ee47117f633d30128b659006b7592953ba764d6d1985e8f403d9ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: AMS1-C1
etag: W/94acf52932651bfbbabd6f5cb3c4ece8
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
content-length: 1903
via: 1.1 cc03ea6a31b592e93e84115778cdc495.cloudfront.net (CloudFront)
x-amz-cf-id: VAFOoVA3tDlTkYV1znyqiao2MsZnHQcnpflDg8VTfXqs-2vyTCafHQ==

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v20/ 14 KB
14 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A300%2C300i%2C400%2C400i%2C600%2C600i%2C700%2C700i%2C800%2C800i%7CMerriweather%3A400%2C400i%2C700%2C700i%2C900%2C900i&display=swap&ver=5.3.8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.sfweekly.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 22:24:53 GMT
x-content-type-options: nosniff
age: 286172
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14440
x-xss-protection: 0
last-modified: Tue, 18 May 2021 21:21:19 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 22:24:53 GMT

GET
H2 200 fa-regular-400.woff2
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/fonts/ 156 KB
157 KB 148ms
49ms Font
font/woff2 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/fonts/fa-regular-400.woff2
Requested by: Host: 1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com
URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/css/theme.min.css?ver=1.1.1617013572
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 42d979d54a12b76d10c5f34709c774b14aedcbf25f268f332a7e9163011b658b

Request headers

Origin: https://www.sfweekly.com
Referer: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/css/theme.min.css?ver=1.1.1617013572
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
last-modified: Mon, 29 Mar 2021 10:26:12 GMT
server: NetDNA-cache/2.2
etag: "6061ab44-2708c"
vary: Accept-Encoding
x-cache: HIT
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 159884

GET
H2 200 mem5YaGs126MiZpBA-UNirkOUuhp.woff2
fonts.gstatic.com/s/opensans/v20/ 15 KB
15 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UNirkOUuhp.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c298433cc9eb86f4c0be0a447b0faf398dee9186d2bcf26683297de2758cddc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.sfweekly.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 20:30:42 GMT
x-content-type-options: nosniff
age: 293023
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14956
x-xss-protection: 0
last-modified: Tue, 18 May 2021 21:21:26 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 20:30:42 GMT

GET
H2 200 fa-solid-900.woff2
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/fonts/ 127 KB
127 KB 245ms
146ms Font
font/woff2 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/fonts/fa-solid-900.woff2
Requested by: Host: 1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com
URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/css/theme.min.css?ver=1.1.1617013572
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 0c103ae844c36c58f5947f4ffac0ef3edf1d447d0650fe33437071d3e13645ca

Request headers

Origin: https://www.sfweekly.com
Referer: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/css/theme.min.css?ver=1.1.1617013572
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
last-modified: Mon, 29 Mar 2021 10:26:12 GMT
server: NetDNA-cache/2.2
etag: "6061ab44-1fb28"
vary: Accept-Encoding
x-cache: HIT
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 129832

GET
H2 200 fa-brands-400.woff2
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/fonts/ 74 KB
74 KB 248ms
149ms Font
font/woff2 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/fonts/fa-brands-400.woff2
Requested by: Host: 1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com
URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/css/theme.min.css?ver=1.1.1617013572
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: b55616e4eada60d4e94a044efa03f45c3550056a0e93a55a993b0b85a7e7689b

Request headers

Origin: https://www.sfweekly.com
Referer: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/css/theme.min.css?ver=1.1.1617013572
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
last-modified: Mon, 29 Mar 2021 10:26:12 GMT
server: NetDNA-cache/2.2
etag: "6061ab44-1262c"
vary: Accept-Encoding
x-cache: HIT
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 75308

GET
H3-29 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
882 B 14ms
13ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:37:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 1036
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Sat, 26 Jun 2021 06:37:09 GMT

GET
H2 200 newsletter-background.jpg
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/img/ 50 KB
50 KB 52ms
49ms Image
image/jpeg 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/img/newsletter-background.jpg
Requested by: Host: 1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com
URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/css/theme.min.css?ver=1.1.1617013572
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 75a315598423af7b8dbc25b957c07b5c90c1c9705ff81957e2fa7e6b08f285b4

Request headers

Referer: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/css/theme.min.css?ver=1.1.1617013572
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
last-modified: Mon, 29 Mar 2021 10:26:12 GMT
server: NetDNA-cache/2.2
etag: "6061ab44-c798"
vary: Accept-Encoding
x-cache: HIT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 51096

GET
H3-29 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v20/ 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.sfweekly.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 18:46:29 GMT
x-content-type-options: nosniff
age: 299276
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15112
x-xss-protection: 0
last-modified: Tue, 18 May 2021 21:21:50 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 18:46:29 GMT

GET
H3-29 200 mem6YaGs126MiZpBA-UFUK0Zdc0.woff2
fonts.gstatic.com/s/opensans/v20/ 13 KB
13 KB 10ms
9ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem6YaGs126MiZpBA-UFUK0Zdc0.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa4607112a6b3245394fee13973cf8cf8a22b727f919f60636436a945886005b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.sfweekly.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 23 Jun 2021 11:07:53 GMT
x-content-type-options: nosniff
age: 240392
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13792
x-xss-protection: 0
last-modified: Tue, 18 May 2021 21:21:17 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 11:07:53 GMT

GET
H3-29 200 u-440qyriQwlOrhSvowK_l5-fCZM.woff2
fonts.gstatic.com/s/merriweather/v22/ 19 KB
19 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-440qyriQwlOrhSvowK_l5-fCZM.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e19e5fec549d0d871301c8196f4a954abe8d6913464a1ac511f81ef71529f89b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.sfweekly.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 24 Jun 2021 03:05:52 GMT
x-content-type-options: nosniff
age: 182913
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19300
x-xss-protection: 0
last-modified: Thu, 10 Sep 2020 17:09:53 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Jun 2022 03:05:52 GMT

GET
H3-29 200 u-4n0qyriQwlOrhSvowK_l52xwNZWMf6.woff2
fonts.gstatic.com/s/merriweather/v22/ 18 KB
19 KB 13ms
12ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-4n0qyriQwlOrhSvowK_l52xwNZWMf6.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0d93254e392f7361b334641f8781721fd31c7b18283c88fe67df7d3123e1c24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.sfweekly.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 14:00:29 GMT
x-content-type-options: nosniff
age: 316436
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18924
x-xss-protection: 0
last-modified: Thu, 10 Sep 2020 17:08:44 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 14:00:29 GMT

GET
H2 200 fa-duotone-900.woff2
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/fonts/ 171 KB
171 KB 197ms
149ms Font
font/woff2 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/fonts/fa-duotone-900.woff2
Requested by: Host: 1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com
URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/css/theme.min.css?ver=1.1.1617013572
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 9f116dbbaf4f0d636fa01fba1c0a0fbed796632077c936724150f2346e74f649

Request headers

Origin: https://www.sfweekly.com
Referer: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/css/theme.min.css?ver=1.1.1617013572
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
last-modified: Mon, 29 Mar 2021 10:26:12 GMT
server: NetDNA-cache/2.2
etag: "6061ab44-2aa84"
vary: Accept-Encoding
x-cache: HIT
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 174724

GET
H3-29 200 u-4n0qyriQwlOrhSvowK_l52_wFZWMf6.woff2
fonts.gstatic.com/s/merriweather/v22/ 19 KB
19 KB 11ms
10ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-4n0qyriQwlOrhSvowK_l52_wFZWMf6.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b5c9e4876832936836619c0b253bd8fd6c739560a6d5f287f51ac71b2edf7ae9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.sfweekly.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 17:34:14 GMT
x-content-type-options: nosniff
age: 303611
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19056
x-xss-protection: 0
last-modified: Thu, 10 Sep 2020 17:10:05 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 17:34:14 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UN8rsOUuhp.woff2
fonts.gstatic.com/s/opensans/v20/ 15 KB
15 KB 10ms
10ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN8rsOUuhp.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47300f73d115d5d1586ff7b01cc7319166b160bdad6e54a54ad02ac9312f6426

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.sfweekly.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 22:01:44 GMT
x-content-type-options: nosniff
age: 287561
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15188
x-xss-protection: 0
last-modified: Tue, 18 May 2021 21:21:56 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 22:01:44 GMT

GET
H2 200 fa-light-300.woff2
1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/fonts/ 170 KB
170 KB 196ms
149ms Font
font/woff2 94.31.29.99
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/fonts/fa-light-300.woff2
Requested by: Host: 1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com
URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/css/theme.min.css?ver=1.1.1617013572
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: f6d6e49e8971c9b702e31bb9ad580eb9d374a13af6e713e3673282c9e52ac7bc

Request headers

Origin: https://www.sfweekly.com
Referer: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-content/themes/SF-Weekly-2020/css/theme.min.css?ver=1.1.1617013572
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
last-modified: Mon, 29 Mar 2021 10:26:12 GMT
server: NetDNA-cache/2.2
etag: "6061ab44-2a62c"
vary: Accept-Encoding
x-cache: HIT
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 173612

GET
H2 200 249fa1afb610589da05d00c0896a527e7f57951f93f9c34b74f70cfbcd77141aab669461f9d66998bccc5e08775954d565fc7102835c600098515927fb1d Show response
richstring.com/ 103 KB
30 KB 348ms
251ms Script
text/javascript 35.190.74.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://richstring.com/249fa1afb610589da05d00c0896a527e7f57951f93f9c34b74f70cfbcd77141aab669461f9d66998bccc5e08775954d565fc7102835c600098515927fb1d

Requested by

Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.74.157 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

157.74.190.35.bc.googleusercontent.com

Software

Resource Hash

dfbb01aa242e6b25c3bf941dfb0c26a928e49337ba789f95c73f1ee2d7ca8bd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
x-datacenter: gce-europe-west1
etag: "a17211564b5e57eba932038375c64ed80b1cb4a8a6a4b0932c99cf92fa9cc835"
vary: Accept-Encoding, Accept-Language
x-hostname: 3391a05c
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
date: Sat, 26 Jun 2021 05:54:26 GMT
timing-allow-origin: *

GET
H2 200 script.js Show response
sb.freeskreen.com/publisher/ 79 KB
22 KB 407ms
273ms Script
text/html 13.225.87.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.freeskreen.com/publisher/script.js?pid=4329&ut=&uts=&flc=sponsored&slc=&windowlocation=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&usp=&gdpr=-1&cs=-1
Requested by: Host: static.freeskreen.com
URL: https://static.freeskreen.com/publisher/4329/freeskreen.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-84.fra2.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: 36feff763065469b02e773c09b189e8d20d42e3effbef135d17ab331118c56bf

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: gzip
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: FRA2-C2
vary: Accept-Encoding
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
via: 1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
cache-control: no-cache, no-store, must-revalidate
content-type: text/html;charset=UTF-8
content-length: 21753
x-amz-cf-id: 54MU91w20-cTxsusoR2l75D--mcxA9il2Vf3HcYuzbQN9EurgcSn5A==
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
464 B 42ms
15ms XHR
text/plain 2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j91&tid=UA-58316615-2&cid=551872362.1624686866&jid=1292312451&gjid=1327393228&_gid=1569635977.1624686866&_u=KGBAgEAjAAAAAE~&z=1613403844

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 26 Jun 2021 05:54:25 GMT
content-type: text/plain
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
5ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j91&a=184133359&t=pageview&_s=1&dl=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&ul=en-us&de=UTF-8&dt=PhenQ%20Reviews%3A%20Does%20Ingredients%20In%20This%20Weight%20Loss%20Pills%20Work%3F%20-%20SF%20Weekly&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KGBAgEAj~&jid=1292312451&gjid=1327393228&cid=551872362.1624686866&tid=UA-58316615-2&_gid=1569635977.1624686866&z=1035219048

Requested by

Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Jun 2021 16:52:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 46898
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.1b9e3db873e774f8aa4f.js Show response
script.hotjar.com/ 219 KB
58 KB 185ms
78ms Script
application/javascript 65.9.77.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.1b9e3db873e774f8aa4f.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1671606.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.77.116 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d124233dd510f9b5bfe1a1d5c7114be3f549d55ab17e4126377d6abf341b722d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 24 Jun 2021 09:53:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 158480
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59004
access-control-allow-origin: *
last-modified: Thu, 24 Jun 2021 09:52:18 GMT
etag: "25e61257d01cfa3f1f4d0b0a6a78d5c7"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 83bc0649a33d85c1cf516bf48779a390.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: ImY5Ik_HdZuSQFVbCnzChDzfXfeIIzWA77TmGZUjFUKLZ0uPWwIMaw==

GET
H3-29 200 pubads_impl_2021062403.js Show response
securepubads.g.doubleclick.net/gpt/ 324 KB
112 KB 129ms
65ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

sffe /

Resource Hash

e0ce6ddc2a39953a15778ba7a490605f1c25d2dd12bc8a54d1263a85f7166d62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 24 Jun 2021 17:10:22 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114933
x-xss-protection: 0
expires: Sat, 26 Jun 2021 05:54:25 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
293 B 17ms
16ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-58316615-2&cid=551872362.1624686866&jid=1292312451&_u=KGBAgEAjAAAAAE~&z=1283728583

Requested by

Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
522 B 35ms
16ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-58316615-2&cid=551872362.1624686866&jid=1292312451&_u=KGBAgEAjAAAAAE~&z=1283728583

Requested by

Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 67AE 2 KB
1 KB 162ms
53ms Document
text/html 65.9.77.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1671606.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.sfweekly.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.sfweekly.com/

Response headers

content-type: text/html
content-length: 1044
date: Thu, 03 Jun 2021 10:15:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 03 Jun 2021 10:14:54 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8dfd7af0583283ff28c8cd8eea759112.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-amz-cf-id: XSfndCcuV1KM5fdbnKdOV_qk8vGvU6hHkTcmdIK4zbCALAt5AVSvfA==
age: 1971561

POST
H/1.1 200
OK /
reporting.powerad.ai/ 2 B
412 B 385ms
125ms Ping
text/plain 54.234.151.247
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://reporting.powerad.ai/
Requested by: Host: powerad.ai
URL: https://powerad.ai/script.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 54.234.151.247 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-234-151-247.compute-1.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) / Express
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sat, 26 Jun 2021 05:54:26 GMT
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 2

GET
H2 200 pbjs_wrapper.v1.0.js Show response
hb.brainlyads.com/ Frame AABC 24 KB
8 KB 381ms
125ms Script
application/javascript 23.20.158.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hb.brainlyads.com/pbjs_wrapper.v1.0.js

Requested by

Host: powerad.ai
URL: https://powerad.ai/script.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.20.158.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-20-158-212.compute-1.amazonaws.com

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

ada1ee100c80b9ba79e51a13677a0a80d548cb4be23149544fad104d6882ed4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: gzip
last-modified: Mon, 21 Jun 2021 09:45:33 GMT
server: nginx/1.10.3 (Ubuntu)
etag: W/"60d05fbd-611d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
expires: Sun, 27 Jun 2021 05:54:26 GMT

GET
H/1.1 200
OK / Show response
powerad.ai/pubPls/ 12 KB
2 KB 384ms
130ms XHR
text/html 18.211.226.152
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://powerad.ai/pubPls/?width=1600&url=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F
Requested by: Host: powerad.ai
URL: https://powerad.ai/script.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 18.211.226.152 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-226-152.compute-1.amazonaws.com
Software: nginx/1.10.3 (Ubuntu) / Express
Resource Hash: 115966688781aebe7e9e584c14c29fc4e2be21fdbe5928a232caaa738af29ef3

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 26 Jun 2021 05:54:26 GMT
Content-Encoding: gzip
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
X-Powered-By: Express
ETag: W/"2f84-1odD5sgzUjdICJcU3ddxQjhi++U"
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: https://www.sfweekly.com
Access-Control-Allow-Credentials: true
Connection: close
Access-Control-Allow-Headers: *

GET
H2 200 integrator.js Show response
adservice.google.se/adsid/ 107 B
853 B 36ms
15ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.se/adsid/integrator.js?domain=www.sfweekly.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 34ms
14ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.sfweekly.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 449 B
267 B 88ms
88ms XHR
text/plain 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1363992120516965&correlator=1993266708404971&output=ldjh&impl=fif&eid=31061290%2C31061705%2C31060890%2C44744170&vrg=2021062403&ptt=17&sc=1&sfv=1-0-38&ecs=20210626&iu_parts=8565528%2CSFW-ROS_320x480&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x480&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1624686866&dt=1624686866175&dlt=1624686865231&idt=876&frm=20&biw=1600&bih=1200&oid=3&adxs=-12245933&adys=-12245933&adks=2698126491&ucis=1&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x480&msz=0x-1&ga_vid=551872362.1624686866&ga_sid=1624686866&ga_hid=184133359&ga_fc=false&fws=128&ohw=0&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

0516f00e005786be0536c610daded0edd4ec9d1fc5bfd83ae6589ef8ea5f026f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 237
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A8C6 6 KB
3 KB 46ms
13ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.sfweekly.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.sfweekly.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 26 Jun 2021 05:54:26 GMT
expires: Sun, 26 Jun 2022 05:54:26 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 449 B
267 B 89ms
89ms XHR
text/plain 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1363992120516965&correlator=3261838364986634&output=ldjh&impl=fif&eid=31061290%2C31061705%2C31060890%2C44744170&vrg=2021062403&ptt=17&sc=1&sfv=1-0-38&ecs=20210626&iu_parts=8565528%2CSFW-ROS_600x480&enc_prev_ius=%2F0%2F1&prev_iu_szs=550x400%7C600x480&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1624686866&dt=1624686866182&dlt=1624686865231&idt=876&frm=20&biw=1600&bih=1200&oid=3&adxs=-12245933&adys=-12245933&adks=2197514731&ucis=2&ifi=2&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x0&msz=0x0&ga_vid=551872362.1624686866&ga_sid=1624686866&ga_hid=184133359&ga_fc=false&fws=128&ohw=0&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

3878718aefca30fdf38d22a62cc0f42ea8c19221bbc6dde971548be490e6a787

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 237
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 453 B
267 B 91ms
90ms XHR
text/plain 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1363992120516965&correlator=4053362597793394&output=ldjh&impl=fif&eid=31061290%2C31061705%2C31060890%2C44744170&vrg=2021062403&ptt=17&sc=1&sfv=1-0-38&ecs=20210626&iu_parts=8565528%2CSFW-ROS_Left300x900&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x900&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1624686866&dt=1624686866185&dlt=1624686865231&idt=876&frm=20&biw=1600&bih=1200&oid=3&adxs=-12245933&adys=-12245933&adks=26210686&ucis=3&ifi=3&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&ga_vid=551872362.1624686866&ga_sid=1624686866&ga_hid=184133359&ga_fc=false&fws=640&ohw=0&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

d77f13f4c659781e45220de008c0cae324b5564047c84c0ef545891ac7a869e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 237
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 454 B
268 B 93ms
92ms XHR
text/plain 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1363992120516965&correlator=2310396514576913&output=ldjh&impl=fif&eid=31061290%2C31061705%2C31060890%2C44744170&vrg=2021062403&ptt=17&sc=1&sfv=1-0-38&ecs=20210626&iu_parts=8565528%2CSFW-ROS_Right300x900&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x900&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1624686866&dt=1624686866187&dlt=1624686865231&idt=876&frm=20&biw=1600&bih=1200&oid=3&adxs=-12245933&adys=-12245933&adks=292628719&ucis=4&ifi=4&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&ga_vid=551872362.1624686866&ga_sid=1624686866&ga_hid=184133359&ga_fc=false&fws=640&ohw=0&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

03adc8964fa8c0fc5b6e30c447135d1bb870730c0d540411b306011e2447c99f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 238
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 16 KB
8 KB 390ms
390ms XHR
text/plain 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1363992120516965&correlator=1445113330671868&output=ldjh&impl=fif&eid=31061290%2C31061705%2C31060890%2C44744170&vrg=2021062403&ptt=17&sc=1&sfv=1-0-38&ecs=20210626&iu_parts=8565528%2CSFW-ROS_Top728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1624686866&dt=1624686866201&dlt=1624686865231&idt=876&frm=20&biw=1600&bih=1200&oid=3&adxs=648&adys=56&adks=1696152264&ucis=5&ifi=5&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x90&msz=728x0&ga_vid=551872362.1624686866&ga_sid=1624686866&ga_hid=184133359&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

8ff9b3854bfb7358d2cc3f22cea74750c623571bf4e7d57763339817cfbcb4da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8340
x-xss-protection: 0
google-lineitem-id: 5714559345
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138352793554
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 444 B
263 B 95ms
94ms XHR
text/plain 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1363992120516965&correlator=4095199548904675&output=ldjh&impl=fif&eid=31061290%2C31061705%2C31060890%2C44744170&vrg=2021062403&ptt=17&sc=1&sfv=1-0-38&ecs=20210626&iu_parts=8565528%2CSFW-ROS_975x30&enc_prev_ius=%2F0%2F1&prev_iu_szs=975x30&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1624686866&dt=1624686866204&dlt=1624686865231&idt=876&frm=20&biw=1600&bih=1200&oid=3&adxs=313&adys=206&adks=3325031515&ucis=6&ifi=6&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x38&msz=975x-1&ga_vid=551872362.1624686866&ga_sid=1624686866&ga_hid=184133359&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

cfb2d34e70cbfda5fa65d3b23ac4928b91acd34b40b6c16dd2901a6a2d9f05f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 233
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 8 KB
4 KB 503ms
502ms XHR
text/plain 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1363992120516965&correlator=2128467550411240&output=ldjh&impl=fif&eid=31061290%2C31061705%2C31060890%2C44744170&vrg=2021062403&ptt=17&sc=1&sfv=1-0-38&ecs=20210626&iu_parts=8565528%2CSFW-ROS_300x250-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1624686866&dt=1624686866206&dlt=1624686865231&idt=876&frm=20&biw=1600&bih=1200&oid=3&adxs=1076&adys=305&adks=1185675676&ucis=7&ifi=7&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x-1&ga_vid=551872362.1624686866&ga_sid=1624686866&ga_hid=184133359&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

b981a573fb68a0a62121fb1a43eefd91004bb4f030fe46ad642bc958ef421908

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4215
x-xss-protection: 0
google-lineitem-id: 166604528
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138219895683
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 83 KB
26 KB 574ms
574ms XHR
text/plain 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1363992120516965&correlator=1158153403897120&output=ldjh&impl=fif&eid=31061290%2C31061705%2C31060890%2C44744170&vrg=2021062403&ptt=17&sc=1&sfv=1-0-38&ecs=20210626&iu_parts=8565528%2CSFW_Home_970x250&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x250&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1624686866&dt=1624686866209&dlt=1624686865231&idt=876&frm=20&biw=1600&bih=1200&oid=3&adxs=402&adys=7316&adks=689597882&ucis=8&ifi=8&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x0&msz=970x0&ga_vid=551872362.1624686866&ga_sid=1624686866&ga_hid=184133359&ga_fc=false&fws=0&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

6d1e78bac9315a0788579db4571773cbaeeb12fae54d6c3c3618088fdb56ca7e

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4907962237377155438/970x250/index_970x250.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4907962237377155438/970x250/index_970x250.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COnbpJzOtPECFQIb4AodjVgL9Q&gqi=&layout=/sadbundle/%24csp%253Der3%24/4907962237377155438/970x250/index_970x250.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4907962237377155438/970x250/index_970x250.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4907962237377155438/970x250/index_970x250.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COnbpJzOtPECFQIb4AodjVgL9Q&gqi=&layout=/sadbundle/%24csp%253Der3%24/4907962237377155438/970x250/index_970x250.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26958
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Sat, 26 Jun 2021 05:54:26 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 41 KB
10 KB 412ms
410ms XHR
text/plain 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1363992120516965&correlator=2821219920299186&output=ldjh&impl=fif&eid=31061290%2C31061705%2C31060890%2C44744170&vrg=2021062403&ptt=17&sc=1&sfv=1-0-38&ecs=20210626&iu_parts=8565528%2CSFW-ROS_Bottom970x90-Responsive&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1624686866&dt=1624686866212&dlt=1624686865231&idt=876&frm=20&biw=1600&bih=1200&oid=3&adxs=224&adys=7959&adks=2176109332&ucis=9&ifi=9&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1152x0&msz=1152x0&ga_vid=551872362.1624686866&ga_sid=1624686866&ga_hid=184133359&ga_fc=false&fws=0&ohw=0&btvi=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

495013e580810e5b206fe3f538c928f680a0009426f6d0188747283c0eebde73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10438
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.sfweekly.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 94 KB
32 KB 581ms
578ms XHR
text/plain 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1363992120516965&correlator=178846966137968&output=ldjh&impl=fif&eid=31061290%2C31061705%2C31060890%2C44744170&vrg=2021062403&ptt=17&sc=1&sfv=1-0-38&ecs=20210626&iu_parts=8565528%2CSFW-ROS_300x250-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1624686866&dt=1624686866215&dlt=1624686865231&idt=876&frm=20&biw=1600&bih=1200&oid=3&adxs=1076&adys=1162&adks=3505380472&ucis=a&ifi=10&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x256&msz=300x-1&ga_vid=551872362.1624686866&ga_sid=1624686866&ga_hid=184133359&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

e14c33132460a35699ccc43e651f29cb4a61633be86f7d9236e924b6a895eced

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6700921981448717773/Morris_300x250.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6700921981448717773/Morris_300x250.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMTopJzOtPECFa_ZEQgd-WQKiA&gqi=&layout=/sadbundle/%24csp%253Der3%24/6700921981448717773/Morris_300x250.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6700921981448717773/Morris_300x250.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6700921981448717773/Morris_300x250.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMTopJzOtPECFa_ZEQgd-WQKiA&gqi=&layout=/sadbundle/%24csp%253Der3%24/6700921981448717773/Morris_300x250.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33181
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Sat, 26 Jun 2021 05:54:26 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 83 KB
26 KB 642ms
641ms XHR
text/plain 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1363992120516965&correlator=2432768804315899&output=ldjh&impl=fif&eid=31061290%2C31061705%2C31060890%2C44744170&vrg=2021062403&ptt=17&sc=1&sfv=1-0-38&ecs=20210626&iu_parts=8565528%2CSFW-ROS_300x600-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1624686866&dt=1624686866217&dlt=1624686865231&idt=876&frm=20&biw=1600&bih=1200&oid=3&adxs=1076&adys=1148&adks=2729329965&ucis=b&ifi=11&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x24&msz=300x0&ga_vid=551872362.1624686866&ga_sid=1624686866&ga_hid=184133359&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

92345807373a0f7ceba59b4de7ed47caa9a94ddaa7973b6445404ff234d7dd07

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5493320164060083006/300x600/index_300x600.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5493320164060083006/300x600/index_300x600.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKPkpJzOtPECFZG73god7nkMaA&gqi=&layout=/sadbundle/%24csp%253Der3%24/5493320164060083006/300x600/index_300x600.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5493320164060083006/300x600/index_300x600.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5493320164060083006/300x600/index_300x600.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKPkpJzOtPECFZG73god7nkMaA&gqi=&layout=/sadbundle/%24csp%253Der3%24/5493320164060083006/300x600/index_300x600.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26860
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Sat, 26 Jun 2021 05:54:26 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
482 B 49ms
17ms Image
image/gif 2600:9000:2104:f000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:f000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 06 Mar 2021 08:09:03 GMT
via: 1.1 3ffec0ecfde687fb371812ad42f5cfc2.cloudfront.net (CloudFront)
age: 9668724
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
cache-control: max-age=315360000
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
content-type: image/gif
x-amz-cf-id: dVr1UIS5KZBOV2C8WLEyWbqSrFBWWITcSixWjw3wlnbW0_0ikMYC8Q==

GET
H/1.1 200
OK ac Show response
ww1772.smartadserver.com/ 2 KB
1 KB 212ms
63ms Script
application/javascript 185.86.137.17
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://ww1772.smartadserver.com/ac?pgid=662773&insid=7974420&tmstp=5889385409&out=js
Requested by: Host: sb.freeskreen.com
URL: https://sb.freeskreen.com/publisher/script.js?pid=4329&ut=&uts=&flc=sponsored&slc=&windowlocation=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&usp=&gdpr=-1&cs=-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.17 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 49e90e0b934d3a353cf9c68e5971594386388d23a99d19726af18f4f60cd29a0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:25 GMT
content-encoding: br
vary: Accept-Encoding
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
x-smrt-i: 7974420
cache-control: no-cache,no-store
transfer-encoding: chunked
content-type: application/javascript; charset=UTF-8

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame EA81
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=123456&endpoint=us-west
https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west

281 B
554 B

162ms
53ms

Document
text/html

104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
Requested by: Host: sb.freeskreen.com
URL: https://sb.freeskreen.com/publisher/script.js?pid=4329&ut=&uts=&flc=sponsored&slc=&windowlocation=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&usp=&gdpr=-1&cs=-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.sfweekly.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.sfweekly.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 23 Feb 2021 20:47:52 GMT
ETag: "402b0-119-5bc0708346e00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sat, 26 Jun 2021 05:54:26 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
Date: Sat, 26 Jun 2021 05:54:26 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *

GET
H2

200

getuid
sync.smartadserver.com/
Redirect Chain

https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Fsa%3D%5Bsas_uid%5D
https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Fsa%3D%5Bsas_uid%5D&cklb=1

0
37 B

289ms
289ms

Image
text/plain

161.117.111.214
CNNIC-ALIBABA-US-...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Fsa%3D%5Bsas_uid%5D&cklb=1
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 161.117.111.214 , Singapore, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:27 GMT
content-length: 0

Redirect headers

location: https://sync.smartadserver.com:443/getuid?url=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Fsa%3D%5Bsas_uid%5D&cklb=1
pragma: no-cache
date: Sat, 26 Jun 2021 05:54:26 GMT
cache-control: no-cache,no-store
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H2

200

verify
scm.publishers.tremorhub.com/pubsync/
Redirect Chain

https://scm.publishers.tremorhub.com/pubsync?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Ftlr%3D%5Btvid%5D
https://scm.publishers.tremorhub.com/pubsync/verify?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Ftlr%3D%5Btvid%5D

43 B
182 B

96ms
95ms

Image
image/gif

2600:1f18:612b:4200:8331:bab2:3072:ce38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scm.publishers.tremorhub.com/pubsync/verify?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Ftlr%3D%5Btvid%5D
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4200:8331:bab2:3072:ce38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:26 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

Redirect headers

location: pubsync/verify?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Ftlr%3D%5Btvid%5D
date: Sat, 26 Jun 2021 05:54:26 GMT
server: Apache-Coyote/1.1
content-length: 0
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'

GET
H2

200

um
sb.freeskreen.com/
Redirect Chain

https://cs.admanmedia.com/sync/smaato?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Fac%3D{$UID}
https://sb.freeskreen.com/um?ac={$UID}

43 B
579 B

113ms
113ms

Image
image/gif

13.225.87.84
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/um?ac={$UID}
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-84.fra2.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:26 GMT
via: 1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: 7An5nHNJGKMmyDRRL_yDyg0r0QyGxh6QioWOQi7jeTc7vKcklFv3Jw==
expires: -1

Redirect headers

Location: https://sb.freeskreen.com/um?ac={$UID}
Date: Sat, 26 Jun 2021 05:54:26 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked

GET
H2 204 /
loadeu.exelator.com/load/ 0
324 B 209ms
68ms Image
text/plain 54.78.254.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadeu.exelator.com/load/?p=204&g=1300&j=0
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.78.254.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:26 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ Frame 3680 90 KB
91 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:40:06 GMT
x-content-type-options: nosniff
age: 860
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 92629
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Jun 2022 05:40:06 GMT

GET
H/1.1 200
OK fsk.css
static.freeskreen.com/css/20210107205009/default/ Frame 3680 50 KB
29 KB 73ms
72ms Stylesheet
text/css 65.9.77.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.freeskreen.com/css/20210107205009/default/fsk.css
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 31ace63fa339896dc045f21da77b1ffdc57160e2db5690b132766b0086d6f58e

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 5DtU9pV9aPv90d5PMlXs6Og9O1cWT0Fu
Content-Encoding: gzip
ETag: "ba07184144408ada0c1691c69221a457"
Age: 103665
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 28958
Last-Modified: Thu, 07 Jan 2021 20:54:53 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1610052891/ctime:1610052892/gid:497/gname:jenkins/md5:ba07184144408ada0c1691c69221a457/mode:33188/mtime:1610052892/uid:498/uname:jenkins
Date: Fri, 25 Jun 2021 18:24:38 GMT
Content-Type: text/css
Via: 1.1 38785d3727bf0cfa7ca4399bb481ee5a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-C1
Accept-Ranges: bytes
X-Amz-Cf-Id: rKoQclSaDYLlPtpDEFdosBiHG8ZTwiV_VZMjtQ3Mgt4GiC4N7CYG4g==

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ Frame 9C71 90 KB
91 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:40:06 GMT
x-content-type-options: nosniff
age: 860
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 92629
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Jun 2022 05:40:06 GMT

GET
H/1.1 200
OK fsk.css
static.freeskreen.com/css/20210107205009/default/ Frame 9C71 50 KB
29 KB 135ms
60ms Stylesheet
text/css 65.9.77.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.freeskreen.com/css/20210107205009/default/fsk.css
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 31ace63fa339896dc045f21da77b1ffdc57160e2db5690b132766b0086d6f58e

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 5DtU9pV9aPv90d5PMlXs6Og9O1cWT0Fu
Content-Encoding: gzip
ETag: "ba07184144408ada0c1691c69221a457"
Age: 103665
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 28958
Last-Modified: Thu, 07 Jan 2021 20:54:53 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1610052891/ctime:1610052892/gid:497/gname:jenkins/md5:ba07184144408ada0c1691c69221a457/mode:33188/mtime:1610052892/uid:498/uname:jenkins
Date: Fri, 25 Jun 2021 18:24:38 GMT
Content-Type: text/css
Via: 1.1 38785d3727bf0cfa7ca4399bb481ee5a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-C1
Accept-Ranges: bytes
X-Amz-Cf-Id: lymvQmX3N8G_YwTbT7SyiQq7QvqScf-8CD4tjzmIh_9gkmAKoYm3NA==

GET
H/1.1 200
OK player-hb.js Show response
static.freeskreen.com/scm/player/20210119a/ Frame 3680 265 KB
68 KB 148ms
59ms Script
text/javascript 65.9.77.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.freeskreen.com/scm/player/20210119a/player-hb.js
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: eb8b1b4a5fe4e1a1e7ee49bcd6cb07b6e56241a8d2718c1dc9928b3e5b727359

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: YDT3w.3tTghYPiJN2Xp7Eh4mZtOYFe5I
Content-Encoding: gzip
ETag: "c60d74c8a8cea6a2ea292e3e380da599"
Age: 14150
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 69007
Last-Modified: Tue, 19 Jan 2021 09:08:10 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1611047278/ctime:1611047286/gid:20/gname:staff/md5:c60d74c8a8cea6a2ea292e3e380da599/mode:33188/mtime:1611047278/uid:501/uname:mickael
Date: Sat, 26 Jun 2021 01:59:32 GMT
Content-Type: text/javascript
Via: 1.1 f5046bb9ebd1a8f25b2025d7d9a283f3.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-C1
Accept-Ranges: bytes
X-Amz-Cf-Id: Eg45TkvHx5PP7BeJRErh26360BiUbrRahObhGV1UbDWEcB8TGoDPAw==

GET
H/1.1 200
OK player-hb.js Show response
static.freeskreen.com/scm/player/20210119a/ Frame 9C71 265 KB
68 KB 153ms
61ms Script
text/javascript 65.9.77.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.freeskreen.com/scm/player/20210119a/player-hb.js
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: eb8b1b4a5fe4e1a1e7ee49bcd6cb07b6e56241a8d2718c1dc9928b3e5b727359

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: YDT3w.3tTghYPiJN2Xp7Eh4mZtOYFe5I
Content-Encoding: gzip
ETag: "c60d74c8a8cea6a2ea292e3e380da599"
Age: 14150
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 69007
Last-Modified: Tue, 19 Jan 2021 09:08:10 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1611047278/ctime:1611047286/gid:20/gname:staff/md5:c60d74c8a8cea6a2ea292e3e380da599/mode:33188/mtime:1611047278/uid:501/uname:mickael
Date: Sat, 26 Jun 2021 01:59:32 GMT
Content-Type: text/javascript
Via: 1.1 a06d82f018833bef3e7f2e9fd230e5ee.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-C1
Accept-Ranges: bytes
X-Amz-Cf-Id: 8rXFKzBvpYwVnMTel4yhPvuvC2spzx5E7m5JBEYwhP0vBwoicnIvsA==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 90 KB
36 KB 37ms
18ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-137034616-164

Requested by

Host: powerad.ai
URL: https://powerad.ai/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

755a97e09ce74a9929d596808336cea2b7003deef1f3cc8490b1041be05623d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36329
x-xss-protection: 0
last-modified: Sat, 26 Jun 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 26 Jun 2021 05:54:26 GMT

GET
H2 200 251 Show response
a.ad.gt/api/v1/u/matches/ 3 KB
4 KB 619ms
214ms Script
application/javascript 44.230.206.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.ad.gt/api/v1/u/matches/251?url=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&ref=
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.230.206.19 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-206-19.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: f8d8093f1e6c2d1c21196b0eb31c86a4e72871ea749a1bd94e156f27f6fa4482

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:26 GMT
server: nginx/1.18.0
content-length: 3205
content-type: application/javascript

POST
H/1.1 200
OK /
reporting.powerad.ai/ 2 B
412 B 125ms
124ms Ping
text/plain 54.234.151.247
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://reporting.powerad.ai/
Requested by: Host: powerad.ai
URL: https://powerad.ai/script.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 54.234.151.247 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-234-151-247.compute-1.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) / Express
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sat, 26 Jun 2021 05:54:26 GMT
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 2

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/157577/2378// Frame AABC 169 KB
55 KB 183ms
59ms Script
text/javascript 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/157577/2378//pwt.js
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 5b912a789556a9204298fda6cad09ad6cbf255e6efe8cb75f96d4dba640b025b

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: gzip
last-modified: Thu, 13 May 2021 07:54:25 GMT
server: Apache/2.2.15 (CentOS)
etag: "10a1110-2a203-5c2316fa15c01"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: public, max-age=62216
accept-ranges: bytes
content-type: text/javascript
content-length: 55286
expires: Sat, 26 Jun 2021 23:11:22 GMT

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 3394
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=smartadserver&endpoint=eu
https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=eu

281 B
554 B

114ms
53ms

Document
text/html

104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=eu
Requested by: Host: ww1772.smartadserver.com
URL: https://ww1772.smartadserver.com/ac?pgid=662773&insid=7974420&tmstp=5889385409&out=js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.sfweekly.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.sfweekly.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 23 Feb 2021 20:47:52 GMT
ETag: "402b0-119-5bc0708346e00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sat, 26 Jun 2021 05:54:26 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=eu
Date: Sat, 26 Jun 2021 05:54:26 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 12ms
12ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j91&a=184133359&t=pageview&_s=1&dl=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&ul=en-us&de=UTF-8&dt=PhenQ%20Reviews%3A%20Does%20Ingredients%20In%20This%20Weight%20Loss%20Pills%20Work%3F%20-%20SF%20Weekly&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAUAjAAAAAG~&jid=1393357662&gjid=252706217&cid=551872362.1624686866&tid=UA-137034616-164&_gid=1569635977.1624686866&_r=1&gtm=2ou6n0&z=1829134551

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-137034616-164

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 1361
date: Sat, 26 Jun 2021 05:31:45 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19661
expires: Sat, 26 Jun 2021 07:31:45 GMT

POST
H3-29 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
22 B 28ms
14ms XHR
text/plain 2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j91&tid=UA-137034616-164&cid=551872362.1624686866&jid=1393357662&gjid=252706217&_gid=1569635977.1624686866&_u=aGDAAUAjAAAAAG~&z=237430692

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 26 Jun 2021 05:54:26 GMT
content-type: text/plain
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK F44630BFF8F3C6CE4CE115B339AF014D.cache.js Show response
static.freeskreen.com/gwt/20210107205009/advertisement/freeskreen_splitbox_client/ Frame 3680 98 KB
34 KB 55ms
54ms Script
application/javascript 65.9.77.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.freeskreen.com/gwt/20210107205009/advertisement/freeskreen_splitbox_client/F44630BFF8F3C6CE4CE115B339AF014D.cache.js
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 19ac7f7f03270e923c602d544845da674a088cbb610a4c76a6445f0d075b7d0f

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: jP3BhKySKcISIxarwq4cPXWHxkq.8vAk
Content-Encoding: gzip
ETag: "ffc2c23e98e50d5acfafe8ccfc4dc585"
Age: 5742
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 34110
Last-Modified: Thu, 07 Jan 2021 20:54:06 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1610052721/ctime:1610052845/gid:497/gname:jenkins/md5:ffc2c23e98e50d5acfafe8ccfc4dc585/mode:33188/mtime:1610052721/uid:498/uname:jenkins
Date: Sat, 26 Jun 2021 04:18:51 GMT
Content-Type: application/javascript
Via: 1.1 f5046bb9ebd1a8f25b2025d7d9a283f3.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-C1
Accept-Ranges: bytes
X-Amz-Cf-Id: SgmgbcKDtpKh7zldaMJI3_MWkjX64F1llxMMOJ77QkBzaVNJehirbw==

GET
H2 200 t.gif
sb.freeskreen.com/ Frame 3680 43 B
410 B 109ms
109ms Image
image/gif 13.225.87.84
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1624686866&p=4329&c=5635&s=undefined&d=&v=&t=01c64522-7326-4921-9639-4fa56c01935c&co=SE&pr=AB&ci=Stockholm&dm=null&flc=sponsored&slc=&ttm=1624686866069&gdpr=1&gdpr_consent=-1&e=AdOpened&m=2&x=null
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-84.fra2.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:26 GMT
via: 1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: OooKWItMz9nAiF5VZa_t5h-UuOtrFYO5Tuy0--Az4G6rXsxgXf7eTQ==
expires: -1

GET
H/1.1 200
OK F44630BFF8F3C6CE4CE115B339AF014D.cache.js Show response
static.freeskreen.com/gwt/20210107205009/advertisement/freeskreen_splitbox_client/ Frame 9C71 98 KB
34 KB 55ms
54ms Script
application/javascript 65.9.77.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.freeskreen.com/gwt/20210107205009/advertisement/freeskreen_splitbox_client/F44630BFF8F3C6CE4CE115B339AF014D.cache.js
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 19ac7f7f03270e923c602d544845da674a088cbb610a4c76a6445f0d075b7d0f

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: jP3BhKySKcISIxarwq4cPXWHxkq.8vAk
Content-Encoding: gzip
ETag: "ffc2c23e98e50d5acfafe8ccfc4dc585"
Age: 5742
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 34110
Last-Modified: Thu, 07 Jan 2021 20:54:06 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1610052721/ctime:1610052845/gid:497/gname:jenkins/md5:ffc2c23e98e50d5acfafe8ccfc4dc585/mode:33188/mtime:1610052721/uid:498/uname:jenkins
Date: Sat, 26 Jun 2021 04:18:51 GMT
Content-Type: application/javascript
Via: 1.1 a06d82f018833bef3e7f2e9fd230e5ee.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-C1
Accept-Ranges: bytes
X-Amz-Cf-Id: CF1bAmWc2R7dqTVxoPzDQ72KbJM4_X-rrfyIfJFhjgmyy6h2k7_zVA==

GET
H2 200 t.gif
sb.freeskreen.com/ Frame 9C71 43 B
411 B 107ms
107ms Image
image/gif 13.225.87.84
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1624686866&p=4329&c=5636&s=undefined&d=&v=&t=219bf954-d0e3-44db-bccd-136a4dc75cbd&co=SE&pr=AB&ci=Stockholm&dm=null&flc=sponsored&slc=&ttm=1624686866133&gdpr=1&gdpr_consent=-1&e=AdOpened&m=2&x=null
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-84.fra2.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:26 GMT
via: 1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: s8Yk68fZLlXc2WMbnIaoLIimFzbE31FMCqAywQi0vUGaJYH8-W45Gg==
expires: -1

GET
H2 200 prebid.js Show response
hb.brainlyads.com/ Frame AABC 454 KB
139 KB 128ms
128ms Script
application/javascript 23.20.158.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hb.brainlyads.com/prebid.js

Requested by

Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.20.158.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-20-158-212.compute-1.amazonaws.com

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

dd1258d919cf8339da7ac93feb40c0c49682256e0ca9cca1bd2c19530d43ff1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: gzip
last-modified: Mon, 14 Jun 2021 20:38:01 GMT
server: nginx/1.10.3 (Ubuntu)
etag: W/"60c7be29-71711"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
expires: Sun, 27 Jun 2021 05:54:26 GMT

GET
H2 200 tag Show response
51uav-eqocf.ads.tremorhub.com/ad/ Frame 3680 55 B
502 B 405ms
206ms XHR
application/json 2600:1f18:612b:4200:f618:eaed:4120:e6cb
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://51uav-eqocf.ads.tremorhub.com/ad/tag?adCode=51uav-p4tyo&playerWidth=603&playerHeight=338&playerPosition=3&srcPageUrl=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&gdpr=1&gdpr_consent=&custom=5635&c2=en-us&floor=USD:5&us_privacy=&fmt=json
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4200:f618:eaed:4120:e6cb Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: ff7d833fe34dca3b008fbd2eeb92c58d70e2ea600e88eae7c1d978efbbc18104

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: gzip
server: Apache-Coyote/1.1
vary: accept-encoding
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-tremorvideo-status: NO_AD
content-type: application/json;charset=UTF-8

GET
H2 204 bid Show response
ads.freeskreen.com/ Frame 3680 0
198 B 603ms
343ms XHR
text/plain 52.45.23.26
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.freeskreen.com/bid?pid=4329&tid=01c64522-7326-4921-9639-4fa56c01935c&w=603&h=338&u=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&ip=45.12.220.52&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&g_co=SE&g_p=AB&g_ci=Stockholm&g_d=null&s_1=sponsored&s_2=&cid=5635&sid=undefined&vid=298&did=893310&pf=500&ttm=1624686866069&eu_c=-1&eu_g=1&eu_ggl=0
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.45.23.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/xml, text/xml, */*; q=0.01
Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
server: Apache-Coyote/1.1
access-control-allow-methods: GET
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, no-store
access-control-allow-credentials: true
expires: -1

GET
H2 200 t.gif
sb.freeskreen.com/ Frame 3680 43 B
411 B 107ms
107ms Image
image/gif 13.225.87.84
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1624686866&p=4329&c=5635&s=undefined&d=&v=&t=01c64522-7326-4921-9639-4fa56c01935c&co=SE&pr=AB&ci=Stockholm&dm=null&flc=sponsored&slc=&ttm=1624686866069&gdpr=1&gdpr_consent=-1&e=AdOpportunity&m=1&x=
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-84.fra2.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:26 GMT
via: 1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: 6G-wkqLXthteTTqvGQq9UDY-on-3VNtJLh-NmZMIe9mL4uOy0c4qYg==
expires: -1

GET
H/1.1 200
OK pw.js Show response
includemodal.global.ssl.fastly.net/ Frame 3403 29 KB
10 KB 28ms
28ms Script
application/javascript 151.101.1.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://includemodal.global.ssl.fastly.net/pw.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 23946e3fdaa22a10906f4ab1c106f4a2d80eda71a4b49e4b028fefdf38ee76da

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: JUYUj7BadvH48FdLiwF5DnG.TanxIHHR
Content-Encoding: gzip
ETag: "ccfbdb14920044c6375bafd9411e5313"
Age: 635
X-Cache: HIT
Connection: keep-alive
Content-Length: 9127
x-amz-id-2: LiuLafiKSsp/1YLm2ZVf0qp+t3mAxrj0nplTu43buEnfHJ1myH9xuGR9FLoqW5rz7NcuHqWwE44=
X-Served-By: cache-bma1651-BMA
Last-Modified: Wed, 09 Jun 2021 22:12:17 GMT
Server: AmazonS3
X-Timer: S1624686867.702973,VS0,VE0
Date: Sat, 26 Jun 2021 05:54:26 GMT
Vary: Accept-Encoding
x-amz-request-id: MZKZWCYDP1QY39VA
Via: 1.1 varnish
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Hits: 3

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3403 0
0 68ms
67ms Fetch
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstglx38oj2UzojjkxXw0wCeKleLsQSr-N3-2r0JPJNgL_LrbG9bmF8nf5Dai1Vk0OvVvHiPnPcE_SNcX0hnuZb8J23BwXrgxMgDG4caK3VxSqTfF-kCpu9bQ3Kuvsf1i52s6TLfd6inHU5VZrV6OlDsifHVTPiuuTLk8LnPVHSnJOg_wIdrov_aKCrb9dsgWjvd1CwQHifvvYtWApZW_EguIFUdkHZrrEf53GfYAgE1yC-wePeQpEnEtC3_zka0VnQ-VcV1hOsRfyco8ES_oV2-LJ4zvM-Ee69IsAp_mEwP4-QWZpHxfX55Rw&sai=AMfl-YQuyO-A6r9NTyuBJfjyw5yiCZucBQFL56MzWza6UlLG_AvV0JLmBsHVOnREwne_jyk8Ek5kfIdiIrT8OaOSA1-FjFOKZNET_6oBCRYtBEYX2SLxaU9rEVY8ebQGcZ4&sig=Cg0ArKJSzI5qAeBZ8nfUEAE&adurl=

Requested by

Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Jun 2021 05:54:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 26 Jun 2021 05:54:26 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/ Frame 3403 3 KB
2 KB 27ms
5ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 10 Jul 2021 05:54:01 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3403 125 KB
38 KB 34ms
13ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b35a4ef06e319281153f0f4b026996a350853075e70204a388d524eab724433f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1624469964731542"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38558
x-xss-protection: 0
expires: Sat, 26 Jun 2021 05:54:26 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 3403 0
0 15ms
14ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ5JLg9fLSkRhqxPmIqWrIDhwM1SlmGP95_sAkV62PCgj5Uf8TMAebJYSjFe7ssQ7U52RAxrp0GFFpy7JMJZ0N7zP3Pzg
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 11513858110892231459
tpc.googlesyndication.com/simgad/ Frame 3403 16 KB
16 KB 26ms
6ms Image
image/jpeg 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11513858110892231459

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9cb356c55f44ea347dcb9b488b91ec21740eb2558deef12a2b86eb4a8e3199e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 03:59:13 GMT
x-content-type-options: nosniff
age: 93313
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16462
x-xss-protection: 0
last-modified: Thu, 02 Apr 2020 21:44:49 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Jun 2022 03:59:13 GMT

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 36ms
18ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92857904df325afe1f29a64b2382eb7df89626a03d79bd16be4dac1296c3aef1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1624469958711216"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27719
x-xss-protection: 0
expires: Sat, 26 Jun 2021 05:54:26 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame EA81 31 KB
9 KB 58ms
57ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: bd3fdc50768b3f75b1260a1b865bded5686ef24220a3a186fae1ab7f90faaf80

Request headers

Referer: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 26 Jun 2021 05:54:26 GMT
Content-Encoding: gzip
Last-Modified: Mon, 14 Jun 2021 16:13:39 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=42442
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9274
Expires: Sat, 26 Jun 2021 17:41:48 GMT

GET
H2 200 tag Show response
51uav-sg2ba.ads.tremorhub.com/ad/ Frame 9C71 55 B
502 B 470ms
273ms XHR
application/json 2600:1f18:612b:4264:d706:ca06:12eb:ef2b
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://51uav-sg2ba.ads.tremorhub.com/ad/tag?adCode=51uav-1mn6p&playerWidth=832&playerHeight=467&playerPosition=3&srcPageUrl=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&gdpr=1&gdpr_consent=&custom=5636&c2=en-us&floor=USD:5&us_privacy=&fmt=json
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4264:d706:ca06:12eb:ef2b Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: e2792ac0f368fde46c7199d5ebae00a63fbc289240909e89dff8bf5ef4fde369

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
content-encoding: gzip
server: Apache-Coyote/1.1
vary: accept-encoding
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-tremorvideo-status: NO_AD
content-type: application/json;charset=UTF-8

GET
H2 204 bid Show response
ads.freeskreen.com/ Frame 9C71 0
197 B 569ms
383ms XHR
text/plain 52.45.23.26
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.freeskreen.com/bid?pid=4329&tid=219bf954-d0e3-44db-bccd-136a4dc75cbd&w=832&h=467&u=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&ip=45.12.220.52&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&g_co=SE&g_p=AB&g_ci=Stockholm&g_d=null&s_1=sponsored&s_2=&cid=5636&sid=undefined&vid=298&did=893311&pf=500&ttm=1624686866133&eu_c=-1&eu_g=1&eu_ggl=0
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.45.23.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/xml, text/xml, */*; q=0.01
Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
server: Apache-Coyote/1.1
access-control-allow-methods: GET
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, no-store
access-control-allow-credentials: true
expires: -1

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 77ms
29ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.sfweekly.com%2F&domain=www.sfweekly.com&cw=1

Protocol

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://www.sfweekly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: https://www.sfweekly.com
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1525
date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/ Frame AABC
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.sfweekly.com%2F&domain=www.sfweekly.com&cw=1
https://mug.criteo.com/sid?cpp=IRzojnxrN1QybVNPQmh2YlZYa1hsT2FsR1V0d2NrSGFPRkxITzNGUW9hVFltR29uaTRwNVhMZHZmeVF3cTJRSmo5SjhLRVRuYVlMUW16cjRKVUt1L016TXFPMTByZnN1em1GRzlyQU9zVlZwNG9lSjBITWxLdm5zVnc0c0...

353 B
611 B

189ms
64ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=IRzojnxrN1QybVNPQmh2YlZYa1hsT2FsR1V0d2NrSGFPRkxITzNGUW9hVFltR29uaTRwNVhMZHZmeVF3cTJRSmo5SjhLRVRuYVlMUW16cjRKVUt1L016TXFPMTByZnN1em1GRzlyQU9zVlZwNG9lSjBITWxLdm5zVnc0c0tIRFRmajYwQkRhOGl1QWpLRmFSYXI3TmxwbmpnN0VRSU1MbUJ3VlkwUkJFb1ByTXFFOUR1eXNUQW90U1F5NVlZUGlGL0VBRTR5NnJZeE1wQW1rdWVaYzR4RkVNQWxjWG40K1FOODkzanhZS0NGR1lUbk1nPXw&cppv=2

Requested by

Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

adda0268f0668026f688955be82a205e6e876baf7b0481ff2514edcbff3c02dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Sat, 26 Jun 2021 05:54:26 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2054
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sat, 26 Jun 2021 05:54:25 GMT
location: https://mug.criteo.com/sid?cpp=IRzojnxrN1QybVNPQmh2YlZYa1hsT2FsR1V0d2NrSGFPRkxITzNGUW9hVFltR29uaTRwNVhMZHZmeVF3cTJRSmo5SjhLRVRuYVlMUW16cjRKVUt1L016TXFPMTByZnN1em1GRzlyQU9zVlZwNG9lSjBITWxLdm5zVnc0c0tIRFRmajYwQkRhOGl1QWpLRmFSYXI3TmxwbmpnN0VRSU1MbUJ3VlkwUkJFb1ByTXFFOUR1eXNUQW90U1F5NVlZUGlGL0VBRTR5NnJZeE1wQW1rdWVaYzR4RkVNQWxjWG40K1FOODkzanhZS0NGR1lUbk1nPXw&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1698
content-length: 482
expires: 0

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 3394 31 KB
9 KB 56ms
56ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: bd3fdc50768b3f75b1260a1b865bded5686ef24220a3a186fae1ab7f90faaf80

Request headers

Referer: https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 26 Jun 2021 05:54:26 GMT
Content-Encoding: gzip
Last-Modified: Mon, 14 Jun 2021 16:13:39 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=42442
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9274
Expires: Sat, 26 Jun 2021 17:41:48 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3403 0
0 134ms
68ms Fetch
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuDgT1FGHrTYJNf8ntgAmExc5oVieRcliBG3qySX3lblGdRPma4fNsYbh-eISfD9pjLc1PupZNsY-uIS1Xzof7rBvIHzLO2qir_JIRay7c6TzuvH1XHXZg5jOxzCe2qsg9lKfAnaX4HxgJ3xKrla_r6drYt8xCSEsSBlv2PzUnpQJ5C7M-8yXqxTmDPFRs6ojJrJx96jNUQEjpACN_d_N-1n9q1cYCs5HeLFX7-HczbwqF-OnanNvUn6AFX0wdGQAbJdSjIJ47HkTx0phX-atlcsA9QPxDMZBaV53X4yNW0scAuPW6cMPAKthp5&sai=AMfl-YQKVZyoPj4o819rWsgL78RYCiezA1p3zEdNECH4RZd1BN6-rxIOa1jhMatNy9M06lonyVVVD9CCT2fyOuw8mI_asqbHUyxk6hizGrCgthyLHp8EFs7chg_I-wdpNaA&sig=Cg0ArKJSzLUGlI9FPqSUEAE&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Jun 2021 05:54:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 26 Jun 2021 05:54:26 GMT

GET
H2 200 /
includemodal.com/service/imp/91532438-f31b-4086-8018-7cd68ddba2a3/ Frame 3403 42 B
133 B 426ms
145ms Image
image/gif 18.220.40.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://includemodal.com/service/imp/91532438-f31b-4086-8018-7cd68ddba2a3/?rand=745817&referer=https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.220.40.30 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-220-40-30.us-east-2.compute.amazonaws.com
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:27 GMT
server: nginx/1.10.3 (Ubuntu)
content-length: 42
content-type: image/gif

GET
DATA 200
OK truncated
/ Frame 3403 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6a8cda63d038aabdcd5f007123ba4cc5de3d742f7a3c02b2b2bf617ce0da7d8b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
BLOB 200
OK 139f986d-efa0-4878-99c3-632e1143df4a
https://www.sfweekly.com/ Frame 3403 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.sfweekly.com/139f986d-efa0-4878-99c3-632e1143df4a
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 785feac29ca49a8578ef880c201e269990a0a95a9d4de72503191cba3694a0e3

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 1590
Content-Type: application/javascript

GET
H3-29 200 container.html Show response
a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 96E9 6 KB
3 KB 19ms
6ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.sfweekly.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.sfweekly.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 26 Jun 2021 05:54:26 GMT
expires: Sun, 26 Jun 2022 05:54:26 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame EA81 284 B
536 B 240ms
60ms Image
image/jpg 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: 611afce88997db6fdd35eb213e662871
Content-Type: image/jpg

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame 3394 284 B
536 B 237ms
60ms Image
image/jpg 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: 611afce88997db6fdd35eb213e662871
Content-Type: image/jpg

GET
H3-29 200 container.html Show response
a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 892D 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.sfweekly.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.sfweekly.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 26 Jun 2021 05:54:26 GMT
expires: Sun, 26 Jun 2022 05:54:26 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 189ms
62ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1044
date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H/1.1 200
OK pw.js Show response
includemodal.global.ssl.fastly.net/ Frame 96E9 29 KB
10 KB 29ms
28ms Script
application/javascript 151.101.1.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://includemodal.global.ssl.fastly.net/pw.js
Requested by: Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 23946e3fdaa22a10906f4ab1c106f4a2d80eda71a4b49e4b028fefdf38ee76da

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: JUYUj7BadvH48FdLiwF5DnG.TanxIHHR
Content-Encoding: gzip
ETag: "ccfbdb14920044c6375bafd9411e5313"
Age: 635
X-Cache: HIT
Connection: keep-alive
Content-Length: 9127
x-amz-id-2: LiuLafiKSsp/1YLm2ZVf0qp+t3mAxrj0nplTu43buEnfHJ1myH9xuGR9FLoqW5rz7NcuHqWwE44=
X-Served-By: cache-bma1651-BMA
Last-Modified: Wed, 09 Jun 2021 22:12:17 GMT
Server: AmazonS3
X-Timer: S1624686867.923157,VS0,VE0
Date: Sat, 26 Jun 2021 05:54:26 GMT
Vary: Accept-Encoding
x-amz-request-id: MZKZWCYDP1QY39VA
Via: 1.1 varnish
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Hits: 4

GET
H3-29 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 96E9 22 KB
7 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 03:34:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8376
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Jun 2022 03:34:50 GMT

GET
H/1.1 200
OK fpi.js Show response
ap.lijit.com/www/delivery/ Frame 96E9 5 KB
3 KB 153ms
51ms Script
text/javascript 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/www/delivery/fpi.js?z=435514&width=300&height=250
Requested by: Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: 53d3b513684b230591b0203df937048eb52f4e03e470ecf1ac2bf2477476da70

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:27 GMT
Content-Encoding: gzip
Server: nginx
ETag: W/"60468d89-1540"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Transfer-Encoding: chunked
X-Sovrn-Pod: ad_ap2ams1
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 96E9 125 KB
38 KB 28ms
14ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b35a4ef06e319281153f0f4b026996a350853075e70204a388d524eab724433f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1624469964731542"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38558
x-xss-protection: 0
expires: Sat, 26 Jun 2021 05:54:26 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 892D 0
0 68ms
68ms Fetch
text/html 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C-_N-EsHWYMSXEa-zx_AP-cmpwAiF5rmoY_-awPDvDRQQASC305x6YPGt_IWkH6AB3cvxyQPIAQmpAhuS_nywnH8-4AIAqAMByANIqgSnAk_Q4ek1Qvb_Z5739FSKEB5d1xB-V0ZRUU5d9rZTFpHUh1DToLlYVRY2MxROdeLj_TnEOdlQjyv0aA-FUO9V2sIC7I2tSrhN4bgF2ZktR02ZL_NcwUocb74m0Ut9DP-5WhmZalZ_XGo6mnJawt_tD5quZzrwMBrkk659HpT8YSZRjxaSvS3jfbRxW7iaooAyAZOXLzK03vfGhjJeNGqhm-1vG48gomnUBAJMt28I_TUmfVmVDqnhBrIOg4YNKv6dLRyLIQs1f8qJwtD1SQwePJ7q97UWk6AIMyHByeSAKrtAn7Zzg_naSt1JTBWK88YmIK1OpgpX8DXVauyIxj7LZrHEE4_mUj7hGz4RhI0AKQyLhapaEwtot1F5vt4iBo0Tro-bDwbyMAbABMTUrfjJA-AEAaAGLoAHi7SONqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBDH-hLSCAkIiOGAEBABGB2ACgPICwHYEwPQFQGAFwGyFxoKGAgAEhRwdWItNjUyMTU5OTE5NTQ3NTY3NA&sigh=ZcrIMEZUVmQ&template_id=419
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s22-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/ Frame 892D 17 KB
7 KB 13ms
6ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/abg_lite_fy2019.js

Requested by

Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

013bec3910ad3d4838f46d1a0095d9e6f0ea3e676e786daf0147dce032b651b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:39:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 911
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7112
x-xss-protection: 0
server: cafe
etag: 12276874145846594193
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 10 Jul 2021 05:39:15 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/ Frame 892D 3 KB
1 KB 15ms
8ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/window_focus_fy2019.js

Requested by

Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:45:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 531
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 10 Jul 2021 05:45:35 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 892D 125 KB
38 KB 20ms
14ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b35a4ef06e319281153f0f4b026996a350853075e70204a388d524eab724433f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1624469964731542"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38558
x-xss-protection: 0
expires: Sat, 26 Jun 2021 05:54:26 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/ Frame 892D 13 KB
6 KB 14ms
7ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c969efceff108562296b3425ced4ae3921ebf7baf40958c4b500c7d075ae350a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:52:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 116
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5706
x-xss-protection: 0
server: cafe
etag: 5108850372203985220
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 10 Jul 2021 05:52:30 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 892D 0
0 14ms
14ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR2zc0Nby-O8WfjaTQF9LwtCfcqIYOr6__oCN5GUn1bsdw1IX15saemABu52DpEBJBse_H4GTavWmdLwvVx-cEt5qTRpA
Requested by: Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 container.html Show response
a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7FE8 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.sfweekly.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.sfweekly.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 26 Jun 2021 05:54:26 GMT
expires: Sun, 26 Jun 2022 05:54:26 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A446 143 B
230 B 6ms
6ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnqHtSyW7yr4pfJ2D2abbsgBDHHc1T_DoZ3Akmz_27KevlxpL61E5aLP7AcJNU; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 26 Jun 2021 05:09:03 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2723
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 96E9 0
0 67ms
67ms Fetch
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstoINPc_4J6O3Il-B2mc1MVt64dljtgSckiDa3Lq1NmEFwK5xMOfLIk9oRpBKkTUJv_Zk8sF_QfacFJ4pfOZ2TeolapPyXNXUZEbs6MWNd5uPx68Kg8DUOceBSl5IuuQvIzomaLCsiOrHsL0cZr0t63iFqcOxKDzTyysED9TKc2-dG_FbMImrKEAGLqdUrv5YgqZOOlV0FcxV3phM7q4oDPZUGtuXW1aj98drZqI41Bg3Y9mwYjJg51ZY37COI5c32v8WLjt19kjxNeCYRGqSLqwpd6Pj5si7pmV45tEYQ_d2xWrtAg3M_YbYFkgl7LMsioS9ZN6NfLRA&sai=AMfl-YRZh4ErYUQGTnp_xwXXj34B6-Btm-I64mzpg1KVEGzlKQkOkL_cjD007qODat8r9hN1YRVoIwJn4ly1gq64i6fNMaAJKj7-4wd86zdd5mHHQqnQSvifvXS1ycerJ_4&sig=Cg0ArKJSzMf0vcuQfXkCEAE&urlfix=1&adurl=

Requested by

Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Jun 2021 05:54:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 index_300x600.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5493320164060083006/300x600/ Frame 2C1A 163 KB
54 KB 7ms
7ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5493320164060083006/300x600/index_300x600.html

Requested by

Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b9cb1b58d6f562f49ba28320c7ac12e78802b2f85e966e3857933a97bfed254

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/5493320164060083006/300x600/index_300x600.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Tue, 22 Jun 2021 12:12:01 GMT
expires: Wed, 22 Jun 2022 12:12:01 GMT
last-modified: Mon, 21 Jun 2021 11:18:55 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
content-length: 54925
age: 322945
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7FE8 0
0 68ms
68ms Fetch
text/html 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CIVL3EsHWYKOTEZH3-gbu87HABunE7sxi2cPBp9oNnd33iJsfEAEgt9OcemDxrfyFpB-gAYWp9cwCyAEJ4AIAqAMByAMIqgSdAk_Qn-1sbTnWfLRsbkaI2pC8WhPl9-zO1wOcxHxAAGW0ApkKnZ4O5KKYdroxg-au85P9ukMv_o8SST_AIO3biaDJ5GnUcq3PFSzz-RX1FMLUKzNvNWihHieEegfIvEvREy_8v_4wdjbxZL2Y-2RaOJUPqxvDA51_N_fl5T2B0Out7vUv8h5VZXY5_89kD9_VnKIdnSd7e0ND3FbxUU3cTS0s4nCU-zYf6KUTglOZReVHAq8psmetZQxFw6p0P-0vh2pHmYQcWsYPp570W2RgRbd4PA4N7B4Fw7onRc9VvwTqkfD4DfsWjhoH4JP7pIHNJ7WPj8bHY21NYilcGHBieCUmF44n5n--MwJm8lLNMsZjUT6kKtBzwvJHgal2I8AEv6ODzssD4AQBkgUECAQYAZIFBAgFGASgBi6AB-PWirMBqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEKa_CtIICQiI4YAQEAEYHYAKA8gLAdgTDdAVAYAXAbIXGgoYCAASFHB1Yi02NTIxNTk5MTk1NDc1Njc0&sigh=j8vF3rbbSlQ&template_id=419
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s22-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/ Frame 7FE8 17 KB
7 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/abg_lite_fy2019.js

Requested by

Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

013bec3910ad3d4838f46d1a0095d9e6f0ea3e676e786daf0147dce032b651b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:39:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 911
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7112
x-xss-protection: 0
server: cafe
etag: 12276874145846594193
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 10 Jul 2021 05:39:15 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/ Frame 7FE8 3 KB
1 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/window_focus_fy2019.js

Requested by

Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:45:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 531
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 10 Jul 2021 05:45:35 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7FE8 125 KB
38 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b35a4ef06e319281153f0f4b026996a350853075e70204a388d524eab724433f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:26 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1624469964731542"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38558
x-xss-protection: 0
expires: Sat, 26 Jun 2021 05:54:26 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/ Frame 7FE8 13 KB
6 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c969efceff108562296b3425ced4ae3921ebf7baf40958c4b500c7d075ae350a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:52:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 116
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5706
x-xss-protection: 0
server: cafe
etag: 5108850372203985220
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 10 Jul 2021 05:52:30 GMT

GET
DATA 200
OK truncated
/ Frame 892D 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7b7b30290f6e86520bea73cb3f606aa56beb34f596b2181a7f4a8acc94adf6d6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 2C1A 9 KB
3 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5493320164060083006/300x600/index_300x600.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 23:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23823
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 26 Jun 2021 23:17:24 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 2C1A 26 KB
10 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5493320164060083006/300x600/index_300x600.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 13:15:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59960
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 26 Jun 2021 13:15:07 GMT

GET
H3-29 200 image-1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5493320164060083006/300x600/ Frame 2C1A 15 KB
15 KB 6ms
6ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5493320164060083006/300x600/image-1.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5493320164060083006/300x600/index_300x600.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d3949c069a81e329e846104bb8fa4c37a238b2c22a8d40b3ed6b937af9dacba

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 295697
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15045
x-xss-protection: 0
last-modified: Mon, 21 Jun 2021 11:18:55 GMT
server: sffe
date: Tue, 22 Jun 2021 19:46:10 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 19:46:10 GMT

GET
H3-29 200 image-2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5493320164060083006/300x600/ Frame 2C1A 12 KB
12 KB 7ms
7ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5493320164060083006/300x600/image-2.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5493320164060083006/300x600/index_300x600.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5c542ee2cda1cfd07cfce2a5b0ee840279808560c3d75004b4932c66358770c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 233800
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12576
x-xss-protection: 0
last-modified: Mon, 21 Jun 2021 11:18:55 GMT
server: sffe
date: Wed, 23 Jun 2021 12:57:47 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/content-ads-owners
expires: Thu, 23 Jun 2022 12:57:47 GMT

GET
H3-29 200 image-3.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5493320164060083006/300x600/ Frame 2C1A 10 KB
10 KB 6ms
6ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5493320164060083006/300x600/image-3.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5493320164060083006/300x600/index_300x600.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2fb83e186612a002aa173367aa98d43e3f1e5d51ecf6963eac8a71742aedb724

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 302793
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10461
x-xss-protection: 0
last-modified: Mon, 21 Jun 2021 11:18:55 GMT
server: sffe
date: Tue, 22 Jun 2021 17:47:54 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 17:47:54 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E402 143 B
163 B 11ms
6ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnqHtSyW7yr4pfJ2D2abbsgBDHHc1T_DoZ3Akmz_27KevlxpL61E5aLP7AcJNU; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 26 Jun 2021 05:09:03 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2724
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 7FE8 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f14ec0ba60d6c5906a72b22aee564a03f1aa4dc61c0ffef317bddf20bf1d1053

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 css
fonts.googleapis.com/ Frame 2C1A 2 KB
536 B 22ms
22ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400&subset=latin

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5493320164060083006/300x600/index_300x600.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

99155f31d46dc469aa872ce824309fae9210fb9357f463b889d617b85b35eb61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 26 Jun 2021 04:16:14 GMT
server: ESF
date: Sat, 26 Jun 2021 05:54:27 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 26 Jun 2021 05:54:27 GMT

GET
DATA 200
OK truncated
/ Frame 2C1A 4 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f451845a33b6518fb307714fabf90f791252b0fc23395857f52593b36c9310a0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A446
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

14ms
14ms

Document
text/html

2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnqHtSyW7yr4pfJ2D2abbsgBDHHc1T_DoZ3Akmz_27KevlxpL61E5aLP7AcJNU; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 26 Jun 2021 05:54:27 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 26-Jun-2021 06:54:27 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 26 Jun 2021 05:54:27 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 26 Jun 2021 05:54:27 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 2C1A 25 KB
25 KB Font
application/font-opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cc17e9fffa7d9103924b1196491673dc298e7e9ebb4c697ba22b291458f16bdd

Request headers

Origin: null
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-opentype;charset=utf-8

GET
H2 200 haloid Show response
aufp.io/api/v1/ 6 KB
3 KB 603ms
196ms Script
application/javascript 52.35.253.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aufp.io/api/v1/haloid
Requested by: Host: a.ad.gt
URL: https://a.ad.gt/api/v1/u/matches/251?url=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&ref=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.35.253.100 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-35-253-100.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 57b07a8f1e2dc3af5e71f893b4239659f4944f97d0b2a827856d87d89e00a631

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:27 GMT
content-encoding: gzip
last-modified: Fri, 25 Jun 2021 00:36:02 GMT
server: nginx/1.18.0
etag: W/"1624581362.0-6114-2958560116"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *, *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: public, max-age=43200
origin-trial: A/KTxPuSXtwcggydvUxw5B4dXspsb2iweedc7KDi2xv9M89MtnOpULTs7DQJVHBxGDV5wj5a3LW9S4ev3WfQkwIAAAB+eyJvcmlnaW4iOiJodHRwczovL2hhbG9mbG9jLmNvbTo0NDMiLCJmZWF0dXJlIjoiSW50ZXJlc3RDb2hvcnRBUEkiLCJleHBpcnkiOjE2MjYyMjA3OTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
expires: Sat, 26 Jun 2021 17:54:27 GMT

GET
H2 200 251 Show response
p.ad.gt/api/v1/p/ 25 KB
8 KB 605ms
200ms Script
application/javascript 52.35.253.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://p.ad.gt/api/v1/p/251
Requested by: Host: a.ad.gt
URL: https://a.ad.gt/api/v1/u/matches/251?url=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&ref=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.35.253.100 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-35-253-100.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 3a20349c43a611abcb68446d9aff52bb8e4c6ff3e1581eef2ff564794cb26333

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:27 GMT
content-encoding: gzip
last-modified: Fri, 25 Jun 2021 00:34:44 GMT
server: nginx/1.18.0
etag: W/"1624581284.0-25674-2710964840"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: public, max-age=43200
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
expires: Sat, 26 Jun 2021 17:54:27 GMT

GET
H2

200

match
ids.ad.gt/api/v1/
Redirect Chain

https://secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=0e03afbe-156d-4b7d-b9e0-99014fd53faa&adnxs_id=$UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmatch%3Fid%3D0e03afbe-156d-4b7d-b9e0-99014fd53faa%26adnxs_id%3D%24UID
https://ids.ad.gt/api/v1/match?id=0e03afbe-156d-4b7d-b9e0-99014fd53faa&adnxs_id=4353039743070324981

43 B
471 B

397ms
215ms

Image
image/gif

52.88.39.224
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/match?id=0e03afbe-156d-4b7d-b9e0-99014fd53faa&adnxs_id=4353039743070324981
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.88.39.224 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-88-39-224.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:27 GMT
cache-control: public, max-age=43200
server: nginx/1.18.0
content-type: image/gif
expires: Sat, 26 Jun 2021 17:54:27 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:27 GMT
X-Proxy-Origin: 45.12.220.52; 45.12.220.52; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 8c3bcd1f-657a-4432-a0d2-900f74564523
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ids.ad.gt/api/v1/match?id=0e03afbe-156d-4b7d-b9e0-99014fd53faa&adnxs_id=4353039743070324981
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

t_match
ids.ad.gt/api/v1/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&gpdr=0&ttd_puid=0e03afbe-156d-4b7d-b9e0-99014fd53faa
https://match.adsrvr.org/track/cmb/generic?ttd_pid=8gkxb6n&ttd_tpi=1&gpdr=0&ttd_puid=0e03afbe-156d-4b7d-b9e0-99014fd53faa
https://ids.ad.gt/api/v1/t_match?tdid=b674bed5-6e05-40fa-9306-61c602f5e0fa&id=0e03afbe-156d-4b7d-b9e0-99014fd53faa

43 B
478 B

496ms
365ms

Image
image/gif

52.88.39.224
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/t_match?tdid=b674bed5-6e05-40fa-9306-61c602f5e0fa&id=0e03afbe-156d-4b7d-b9e0-99014fd53faa
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.88.39.224 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-88-39-224.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:27 GMT
cache-control: public, max-age=43200
server: nginx/1.18.0
content-type: image/gif
expires: Sat, 26 Jun 2021 17:54:27 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://ids.ad.gt/api/v1/t_match?tdid=b674bed5-6e05-40fa-9306-61c602f5e0fa&id=0e03afbe-156d-4b7d-b9e0-99014fd53faa
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 259

GET
H2

200

pbm_match
ids.ad.gt/api/v1/
Redirect Chain

https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3D0e03afbe-156d-4b7d-b9e0-99014fd53faa
https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3D0e03afbe-156d-4b7d-b9e0-99014fd53faa
https://ids.ad.gt/api/v1/pbm_match?pbm=FE69C282-0667-496E-9322-C2DB18BFB5CB&id=0e03afbe-156d-4b7d-b9e0-99014fd53faa

43 B
481 B

397ms
214ms

Image
image/gif

52.88.39.224
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/pbm_match?pbm=FE69C282-0667-496E-9322-C2DB18BFB5CB&id=0e03afbe-156d-4b7d-b9e0-99014fd53faa
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.88.39.224 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-88-39-224.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:27 GMT
cache-control: public, max-age=43200
server: nginx/1.18.0
content-type: image/gif
expires: Sat, 26 Jun 2021 17:54:27 GMT

Redirect headers

location: https://ids.ad.gt/api/v1/pbm_match?pbm=FE69C282-0667-496E-9322-C2DB18BFB5CB&id=0e03afbe-156d-4b7d-b9e0-99014fd53faa
date: Sat, 26 Jun 2021 05:54:25 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

g_match
ids.ad.gt/api/v1/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=0e03afbe-156d-4b7d-b9e0-99014fd53faa
https://ids.ad.gt/api/v1/g_match?id=0e03afbe-156d-4b7d-b9e0-99014fd53faa&google_gid=CAESEEynhpbFXsz3wCTHuo2jaHU&google_cver=1&google_ula=450542624,0

43 B
480 B

581ms
365ms

Image
image/gif

52.88.39.224
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/g_match?id=0e03afbe-156d-4b7d-b9e0-99014fd53faa&google_gid=CAESEEynhpbFXsz3wCTHuo2jaHU&google_cver=1&google_ula=450542624,0
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.88.39.224 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-88-39-224.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:27 GMT
cache-control: public, max-age=43200
server: nginx/1.18.0
content-type: image/gif
expires: Sat, 26 Jun 2021 17:54:27 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ids.ad.gt/api/v1/g_match?id=0e03afbe-156d-4b7d-b9e0-99014fd53faa&google_gid=CAESEEynhpbFXsz3wCTHuo2jaHU&google_cver=1&google_ula=450542624,0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 357
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/
Redirect Chain

https://ids.ad.gt/api/v1/g_hosted?id=0e03afbe-156d-4b7d-b9e0-99014fd53faa
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=MGUwM2FmYmUtMTU2ZC00YjdkLWI5ZTAtOTkwMTRmZDUzZmFh

170 B
188 B

67ms
66ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=MGUwM2FmYmUtMTU2ZC00YjdkLWI5ZTAtOTkwMTRmZDUzZmFh

Requested by

Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=MGUwM2FmYmUtMTU2ZC00YjdkLWI5ZTAtOTkwMTRmZDUzZmFh
date: Sat, 26 Jun 2021 05:54:27 GMT
server: nginx/1.18.0
content-length: 473
content-type: text/html; charset=utf-8

GET
H2

200

beeswax_match
ids.ad.gt/api/v1/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/audigent?buyer_user_id=0e03afbe-156d-4b7d-b9e0-99014fd53faa
https://match.prod.bidr.io/cookie-sync/audigent?buyer_user_id=0e03afbe-156d-4b7d-b9e0-99014fd53faa&_bee_ppp=1
https://ids.ad.gt/api/v1/beeswax_match?beeswax_id=AABtrU7BrYIAADe3d2U3Aw&id=0e03afbe-156d-4b7d-b9e0-99014fd53faa

43 B
477 B

423ms
364ms

Image
image/gif

52.88.39.224
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/beeswax_match?beeswax_id=AABtrU7BrYIAADe3d2U3Aw&id=0e03afbe-156d-4b7d-b9e0-99014fd53faa
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.88.39.224 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-88-39-224.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:27 GMT
cache-control: public, max-age=43200
server: nginx/1.18.0
content-type: image/gif
expires: Sat, 26 Jun 2021 17:54:27 GMT

Redirect headers

location: https://ids.ad.gt/api/v1/beeswax_match?beeswax_id=AABtrU7BrYIAADe3d2U3Aw&id=0e03afbe-156d-4b7d-b9e0-99014fd53faa
Date: Sat, 26 Jun 2021 05:54:27 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
strict-transport-security: max-age=2592000; includeSubDomains

GET
H2 200 cm
trc.taboola.com/sg/audigent/1/ 43 B
230 B 29ms
14ms Image
image/gif 2a04:4e42:62::300
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/audigent/1/cm?redirect=http%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Ftaboola%3Fpartner_uid%3D%3CTUID%3E%3Fid%3D0e03afbe-156d-4b7d-b9e0-99014fd53faa
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:62::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 9
pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
via: 1.1 varnish
server: nginx
x-timer: S1624686867.253070,VS0,VE9
x-served-by: cache-hhn11557-HHN
x-cache: MISS
cache-control: no-cache, no-store
accept-ranges: bytes
x-cache-hits: 0

GET
H/1.1

204
No Content

token
token.rubiconproject.com/
Redirect Chain

https://ids.ad.gt/api/v1/rub?id=0e03afbe-156d-4b7d-b9e0-99014fd53faa
https://token.rubiconproject.com/token?pid=50242&puid=0e03afbe-156d-4b7d-b9e0-99014fd53faa&gdpr=0

0
214 B

59ms
59ms

Image
text/plain

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/token?pid=50242&puid=0e03afbe-156d-4b7d-b9e0-99014fd53faa&gdpr=0
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 611afce88997db6fdd35eb213e662871
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location: https://token.rubiconproject.com/token?pid=50242&puid=0e03afbe-156d-4b7d-b9e0-99014fd53faa&gdpr=0
date: Sat, 26 Jun 2021 05:54:27 GMT
server: nginx/1.18.0
content-length: 417
content-type: text/html; charset=utf-8

GET
H2 200 t.gif
sb.freeskreen.com/ Frame 3680 43 B
412 B 110ms
110ms Image
image/gif 13.225.87.84
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1624686867&p=4329&c=5635&s=undefined&d=891734&v=9316&t=01c64522-7326-4921-9639-4fa56c01935c&co=SE&pr=AB&ci=Stockholm&dm=null&flc=sponsored&slc=&ttm=1624686866069&gdpr=1&gdpr_consent=-1&e=VastRequest&m=1&x=https%3A%2F%2F51uav-eqocf.ads.tremorhub.com%2Fad%2Ftag%3FadCode%3D51uav-p4tyo%26playerWidth%3D603%26playerHeight%3D338%26playerPosition%3D3%26srcPageUrl%3Dhttps%253A%252F%252Fwww.sfweekly.com%252Fsponsored%252Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%252F%26gdpr%3D1%26gdpr_consent%3D%26custom%3D5635%26c2%3Den-us%26floor%3DUSD%3A5%26us_privacy%3D%26fmt%3Djson
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-84.fra2.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
via: 1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: gf-UrlG_O2ynSjOLRP-gJM00rq84QGDw7Op7xTHQmxKmB80rL6LnQQ==
expires: -1

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 2C1A 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400&subset=latin

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 22:24:55 GMT
x-content-type-options: nosniff
age: 286172
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 22:24:55 GMT

GET
H/1.1 200
OK sync Show response
ap.lijit.com/ Frame 96E9 87 KB
20 KB 59ms
59ms Script
text/javascript 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/sync
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/www/delivery/fpi.js?z=435514&width=300&height=250
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: bf7c9484fdc988e2ee44d62563d76afcd64cd75e1c9aae4c2fd195d9ba4fe649

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 26 Jun 2021 05:54:27 GMT
Content-Encoding: gzip
Last-Modified: Mon, 08 Mar 2021 20:48:41 GMT
Server: nginx
ETag: W/"60468da9-15bdc"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=86400, must-revalidate
Transfer-Encoding: chunked
X-Sovrn-Pod: ad_ap2ams1
Expires: Sun, 27 Jun 2021 05:54:27 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E402
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

14ms
14ms

Document
text/html

2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnqHtSyW7yr4pfJ2D2abbsgBDHHc1T_DoZ3Akmz_27KevlxpL61E5aLP7AcJNU; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 26 Jun 2021 05:54:27 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 26-Jun-2021 06:54:27 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 26 Jun 2021 05:54:27 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 26 Jun 2021 05:54:27 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK adcfg Show response
ap.lijit.com/ Frame 96E9 159 B
549 B 52ms
51ms Script
application/x-javascript 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/adcfg?zoneid=435514&tid=0bede99fe86c4ebe8b659f3c6e6633d2dced0b40&mode=1&dmn=www.sfweekly.com
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: 61b1b1db3765956309e63eda160ea122f3e1fa5df3c09584ef66bca68084b3a1

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 26 Jun 2021 05:54:27 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 145

GET
H2 200 91532438-f31b-4086-8018-7cd68ddba2a3.js Show response
d2s8wlbatk24s7.cloudfront.net/service/js/ Frame 96E9 41 KB
14 KB 16ms
16ms XHR
application/javascript 2600:9000:2104:1c00:d:77c3:2dc0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2s8wlbatk24s7.cloudfront.net/service/js/91532438-f31b-4086-8018-7cd68ddba2a3.js
Requested by: Host: includemodal.global.ssl.fastly.net
URL: https://includemodal.global.ssl.fastly.net/pw.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:1c00:d:77c3:2dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 86dd93fcfdc7834687acff38fc672420945476c9811e036ef68e591d7c111e66

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:32:05 GMT
content-encoding: gzip
server: nginx/1.10.3 (Ubuntu)
age: 1342
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 14400
cache-control: public, max-age=14400
x-cache: Hit from cloudfront
x-amz-cf-pop: AMS1-C1
access-control-allow-headers: *
x-amz-cf-id: jo0G5gbSbKs2YfSY7ZfIS13typpFUSZeWMzRcIw2eWREp5GRdV_WMg==
via: 1.1 254622ebfed5feb6e2d8380b3f9c4c10.cloudfront.net (CloudFront)

GET
H2 200 /
includemodal.com/service/imp/91532438-f31b-4086-8018-7cd68ddba2a3/ Frame 96E9 42 B
132 B 138ms
138ms Image
image/gif 18.220.40.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://includemodal.com/service/imp/91532438-f31b-4086-8018-7cd68ddba2a3/?rand=602249&referer=https://www.sfweekly.com/
Requested by: Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.220.40.30 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-220-40-30.us-east-2.compute.amazonaws.com
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:27 GMT
server: nginx/1.10.3 (Ubuntu)
content-length: 42
content-type: image/gif

GET
DATA 200
OK truncated
/ Frame 96E9 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2002e6633787271759d472c2ede1e90dee4e78932b5acf6b4adf1873022ddddd

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 t.gif
sb.freeskreen.com/ Frame 9C71 43 B
411 B 88ms
88ms Image
image/gif 13.225.87.84
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1624686867&p=4329&c=5636&s=undefined&d=891735&v=9316&t=219bf954-d0e3-44db-bccd-136a4dc75cbd&co=SE&pr=AB&ci=Stockholm&dm=null&flc=sponsored&slc=&ttm=1624686866133&gdpr=1&gdpr_consent=-1&e=VastRequest&m=1&x=https%3A%2F%2F51uav-sg2ba.ads.tremorhub.com%2Fad%2Ftag%3FadCode%3D51uav-1mn6p%26playerWidth%3D832%26playerHeight%3D467%26playerPosition%3D3%26srcPageUrl%3Dhttps%253A%252F%252Fwww.sfweekly.com%252Fsponsored%252Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%252F%26gdpr%3D1%26gdpr_consent%3D%26custom%3D5636%26c2%3Den-us%26floor%3DUSD%3A5%26us_privacy%3D%26fmt%3Djson
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-84.fra2.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
via: 1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: SJoSYP2qMaB_0uZ-T6nLd1f6qp812BnL3x9O5V4b5zQHX6k8_9DnwA==
expires: -1

GET
BLOB 200
OK f5eefbbd-d204-4bf8-9c1f-e0c3a35b178a
https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/ Frame 96E9 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/f5eefbbd-d204-4bf8-9c1f-e0c3a35b178a
Requested by: Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 785feac29ca49a8578ef880c201e269990a0a95a9d4de72503191cba3694a0e3

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 1590
Content-Type: application/javascript

GET
H/1.1 200
OK addelivery Show response
ap.lijit.com/ Frame 96E9 1 KB
1 KB 96ms
96ms Script
application/x-javascript 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/addelivery?zoneid=435514&tid=a_435514_8047b444762d4bdabc76ef4504dbff80&cb=undefined&mode=1&flv=0.0.0&ifr=true&od=www.sfweekly.com&time=05%3A54%3A27&fd=1&be=sf&loc=https%3A%2F%2Fwww.sfweekly.com%2F&orig_loc=http%3A%2F%2Fhttps%3A%2F%2Fwww.sfweekly.com%2F&abf=true&dpz=false&cv=undefined&dop=0&ndw=1&spif=true&btid=a_435514_8047b444762d4bdabc76ef4504dbff80
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: 9225661f51d937f6ccc983e3756cc0c75ef5895137a64d289565424a35a2a85f

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 26 Jun 2021 05:54:27 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 712

GET
H2 200 t.gif
sb.freeskreen.com/ Frame 3680 43 B
411 B 108ms
108ms Image
image/gif 13.225.87.84
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1624686867&p=4329&c=5635&s=undefined&d=893310&v=298&t=01c64522-7326-4921-9639-4fa56c01935c&co=SE&pr=AB&ci=Stockholm&dm=null&flc=sponsored&slc=&ttm=1624686866069&gdpr=1&gdpr_consent=-1&e=VastRequest&m=1&x=https%3A%2F%2Fads.freeskreen.com%2Fbid%3Fpid%3D4329%26tid%3D01c64522-7326-4921-9639-4fa56c01935c%26w%3D603%26h%3D338%26u%3Dhttps%253A%252F%252Fwww.sfweekly.com%252Fsponsored%252Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%252F%26ip%3D45.12.220.52%26ua%3DMozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64)%2520AppleWebKit%252F537.36%2520(KHTML%252C%2520like%2520Gecko)%2520Chrome%252F89.0.4389.72%2520Safari%252F537.36%26g_co%3DSE%26g_p%3DAB%26g_ci%3DStockholm%26g_d%3Dnull%26s_1%3Dsponsored%26s_2%3D%26cid%3D5635%26sid%3Dundefined%26vid%3D298%26did%3D893310%26pf%3D500%26ttm%3D1624686866069%26eu_c%3D-1%26eu_g%3D1%26eu_ggl%3D0
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-84.fra2.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
via: 1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: uqEuhRUhO3ODIJmp5RcDA1say4kPtrvVPbV0m8gw_cJqwyeSrtzXRg==
expires: -1

GET
H2 200 t.gif
sb.freeskreen.com/ Frame 3680 43 B
412 B 111ms
111ms Image
image/gif 13.225.87.84
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1624686867&p=4329&c=5635&s=undefined&d=893310&v=298&t=01c64522-7326-4921-9639-4fa56c01935c&co=SE&pr=AB&ci=Stockholm&dm=null&flc=sponsored&slc=&ttm=1624686866069&gdpr=1&gdpr_consent=-1&e=VastEmpty&m=1&x=
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-84.fra2.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
via: 1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: 4Grw1vtZ_7TVjADYS_jI6ioqBPz5oK5xf5QHWKJdZQe7P4_Zvugh8w==
expires: -1

GET
H2 200 t.gif
sb.freeskreen.com/ Frame 3680 43 B
411 B 107ms
106ms Image
image/gif 13.225.87.84
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1624686867&p=4329&c=5635&s=undefined&d=&v=&t=01c64522-7326-4921-9639-4fa56c01935c&co=SE&pr=AB&ci=Stockholm&dm=null&flc=sponsored&slc=&ttm=1624686866069&gdpr=1&gdpr_consent=-1&e=VideoError&m=1&x=ErrorNoPlayableAd
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-84.fra2.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
via: 1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: o9GAmQPuWTps80rL6egPGLfWDpypCBc8JqusCv8ZIt3_1xqNpBtxJQ==
expires: -1

GET
H2 200 t.gif
sb.freeskreen.com/ Frame 9C71 43 B
412 B 109ms
109ms Image
image/gif 13.225.87.84
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1624686867&p=4329&c=5636&s=undefined&d=893311&v=298&t=219bf954-d0e3-44db-bccd-136a4dc75cbd&co=SE&pr=AB&ci=Stockholm&dm=null&flc=sponsored&slc=&ttm=1624686866133&gdpr=1&gdpr_consent=-1&e=VastRequest&m=1&x=https%3A%2F%2Fads.freeskreen.com%2Fbid%3Fpid%3D4329%26tid%3D219bf954-d0e3-44db-bccd-136a4dc75cbd%26w%3D832%26h%3D467%26u%3Dhttps%253A%252F%252Fwww.sfweekly.com%252Fsponsored%252Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%252F%26ip%3D45.12.220.52%26ua%3DMozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64)%2520AppleWebKit%252F537.36%2520(KHTML%252C%2520like%2520Gecko)%2520Chrome%252F89.0.4389.72%2520Safari%252F537.36%26g_co%3DSE%26g_p%3DAB%26g_ci%3DStockholm%26g_d%3Dnull%26s_1%3Dsponsored%26s_2%3D%26cid%3D5636%26sid%3Dundefined%26vid%3D298%26did%3D893311%26pf%3D500%26ttm%3D1624686866133%26eu_c%3D-1%26eu_g%3D1%26eu_ggl%3D0
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-84.fra2.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
via: 1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: hK4GDYqPHvm-RFfxkfbjWFcrK66yLEEFxU1g7RJc_uLt_jFGExRTHA==
expires: -1

GET
H2 200 t.gif
sb.freeskreen.com/ Frame 9C71 43 B
411 B 109ms
109ms Image
image/gif 13.225.87.84
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1624686867&p=4329&c=5636&s=undefined&d=893311&v=298&t=219bf954-d0e3-44db-bccd-136a4dc75cbd&co=SE&pr=AB&ci=Stockholm&dm=null&flc=sponsored&slc=&ttm=1624686866133&gdpr=1&gdpr_consent=-1&e=VastEmpty&m=1&x=
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-84.fra2.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
via: 1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: vVVjeHtDQoqdoEmcR4MXIOw5Vp14988euDJUAQm6oDA4zkkEIOFQgw==
expires: -1

GET
H2 200 t.gif
sb.freeskreen.com/ Frame 9C71 43 B
411 B 108ms
108ms Image
image/gif 13.225.87.84
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1624686867&p=4329&c=5636&s=undefined&d=&v=&t=219bf954-d0e3-44db-bccd-136a4dc75cbd&co=SE&pr=AB&ci=Stockholm&dm=null&flc=sponsored&slc=&ttm=1624686866133&gdpr=1&gdpr_consent=-1&e=VideoError&m=1&x=ErrorNoPlayableAd
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-84.fra2.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
via: 1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: Z-rc9EgbnkZBfN7HF6yUpwa8yoK4FkWtuqP2vMVzdyKEsn_btHPYng==
expires: -1

GET
H2 503 ariel.js
surgeprice.com/display/async/Kg3RFMmSZ8i2rGAQi/sfweekly.com/ Frame 96E9 0
0 50ms
24ms Script
text/plain 2606:4700::6812:be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://surgeprice.com/display/async/Kg3RFMmSZ8i2rGAQi/sfweekly.com/ariel.js
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0ae87b4b9a00004de2f515a000000001
cf-cache-status: MISS
server: cloudflare
date: Sat, 26 Jun 2021 05:54:27 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-ray: 66542e58f9354de2-FRA
content-length: 0

GET
H/1.1 200
OK Cookie set beacon Show response
gslbeacon.lijit.com/ Frame 4BA9 6 KB
2 KB 154ms
53ms Document
text/html 216.52.2.30
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: dc324db104115db560b64f97e80a6548cd4cb82621d1dd88e4d2a202740f24bc

Request headers

Host: gslbeacon.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D; ljt_reader=7cb113ce84b11fcaeac55eeb
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/

Response headers

Server: nginx
Date: Sat, 26 Jun 2021 05:54:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Vary: Accept-Encoding
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: ljtrtbexp=eJxdkDkSA0EIA%2F8ysQNghstfc%2Fnv9m5tQoetEkjwWbreGnYyt0W%2Blt3o1XEujJi8J6ZOdhEoKmAE5BNgrXFxd%2Bd0%2FJWaSnEnShZa1gE7GPPGeTSqhj%2BeH26RuzH6Wc4bN%2FIO8g72O%2Fxe%2FPFs%2FP0BxSVdYQ%3D%3D;Path=/;Domain=.lijit.com;Expires=Sun, 26-Jun-2022 05:54:27 GMT;Max-Age=31536000;Secure;SameSite=None ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D;Path=/;Domain=.lijit.com;Expires=Sun, 26-Jun-2022 05:54:27 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=7cb113ce84b11fcaeac55eeb;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
Content-Encoding: gzip
X-Sovrn-Pod: ad_ap6ams1

GET
H/1.1 200
OK containertag Show response
ap.lijit.com/ Frame 96E9 49 KB
6 KB 60ms
60ms Script
application/json 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/containertag?containerId=18&zoneId=435514&v=2
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: 5e39d64ff1029ff4dfbe107f5c91f0b5ea00ef904508e62489011248250a0851

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:27 GMT
Content-Encoding: gzip
Server: nginx
X-Powered-By: raptor
Vary: Accept-Encoding
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Transfer-Encoding: chunked
X-Sovrn-Pod: ad_ap2ams1
Content-Type: application/json
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1 200
OK impression
vap2ams1.lijit.com/addelivery/ Frame 96E9 43 B
567 B 150ms
49ms Image
image/gif 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vap2ams1.lijit.com/addelivery/impression?i_data=CH9LhBHeR2S4R7FTWr9x6K9x5V8BPvifk7-dBZUBbiMIQ3swmAxC67DGucX8hBNKu_ehkxEQGYtgqbEtBBt5lCBrmCuFDn5_CEQLKvObe9CnSx-xGQt74NKQsbEhNhiWODU_Yi0AwnwfP4K2QbHryVy3uGQ5kB0_pxvqN7AuFvs_mPafQ_nSrB_nZ1CAc8h_Cf1GQWXmKISDWgopUb1OMEsqmwABIptHa8zaYAFHCOzxz8YXeQ2VqbodJNY-Jj8VEeiNxqHJBYLwg7rql7VcKzzCsSYs1zuG_yblLSIfnzWz0k5NYw~~&bannerid=165651&campaignid=232&endpoint=WATERFALL&zoneid=435514&tid=a_435514_8047b444762d4bdabc76ef4504dbff80
Requested by: Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:27 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
P3P: CP="CUR ADM OUR NOR STA NID"
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Content-Type: image/gif
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1 204
No Content t.dhj Show response
pxdrop.lijit.com/1/d/ Frame 96E9 0
225 B 212ms
61ms Script
text/plain 104.111.233.227
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pxdrop.lijit.com/1/d/t.dhj?dmn=a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com&GDPR_v2=
Requested by: Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.233.227 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Expires: Sat, 26 Jun 2021 05:54:27 GMT

GET
H/1.1 200
OK pixel
ps.eyeota.net/ Frame 96E9 0
344 B 214ms
53ms Image
text/plain 3.124.210.90
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/pixel?gdpr=1&gdpr_consent=&pid=51md42u&t=gif
Requested by: Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.124.210.90 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 26 Jun 2021 05:54:27 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 96E9
Redirect Chain

https://bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=7cb113ce84b11fcaeac55eeb/gdpr=1/gdpr_consent=/pv=y?https://ce.lijit.com/merge?pid=5001&3pid=${profile_id}&gdpr=1&gdpr_consent=
https://bcp.crwdcntrl.net/5/ct=y/c=5436/tp=SVRN/tpid=7cb113ce84b11fcaeac55eeb/gdpr=1/gdpr_consent=/pv=y?https://ce.lijit.com/merge?pid=5001&3pid=${profile_id}&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=5001&3pid=99557c22e17ffc55bdd4e8a7ed71d4fb&gdpr=1&gdpr_consent=

43 B
1 KB

149ms
55ms

Image
image/gif

72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=5001&3pid=99557c22e17ffc55bdd4e8a7ed71d4fb&gdpr=1&gdpr_consent=
Requested by: Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:27 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap3ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://ce.lijit.com/merge?pid=5001&3pid=99557c22e17ffc55bdd4e8a7ed71d4fb&gdpr=1&gdpr_consent=
cache-control: no-cache
x-server: 10.45.4.31
content-length: 0
expires: 0

GET
H/1.1 200
OK ct
ap.lijit.com/data/ Frame 96E9 43 B
206 B 56ms
55ms Image
image/gif 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/data/ct?tid=a_435514_8047b444762d4bdabc76ef4504dbff80&zoneid=435514&cid=18&geo=SE&all_tags=185%2C203%2C205%2C248%2C429%2C458%2C462%2C465%2C515%2C520%2C523%2C539%2C541%2C543%2C561%2C563%2C565%2C578%2C589%2C590%2C600&tss=66%2C66%2C67&fired_tags=520%2C541%2C590&count=3&status=8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C1%2C8%2C8%2C1%2C8%2C8%2C8%2C8%2C8%2C8%2C1%2C32&elapsed_ms=68
Requested by: Host: a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
URL: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 26 Jun 2021 05:54:27 GMT
Server: nginx
X-Sovrn-Pod: ad_ap2ams1
X-Powered-By: raptor
Content-Length: 43
Content-Type: image/gif

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 4BA9
Redirect Chain

https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=43&gdpr=1&gdpr_consent=&us_privacy=&3pid=PIZpPGmHPDkngWhsPY4gbm-GOzgnjms6PtApVN-9

43 B
1 KB

292ms
54ms

Image
image/gif

72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=43&gdpr=1&gdpr_consent=&us_privacy=&3pid=PIZpPGmHPDkngWhsPY4gbm-GOzgnjms6PtApVN-9
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:27 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap3ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://ce.lijit.com/merge?pid=43&gdpr=1&gdpr_consent=&us_privacy=&3pid=PIZpPGmHPDkngWhsPY4gbm-GOzgnjms6PtApVN-9
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 sync
x.bidswitch.net/ Frame 4BA9 43 B
146 B 172ms
54ms Image
image/gif 52.58.102.227
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=fmx&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.102.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-102-227.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:27 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 4BA9
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=1827&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=10&3pid=1871316021121709418

43 B
1 KB

139ms
50ms

Image
image/gif

72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=10&3pid=1871316021121709418
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:27 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap3ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Location: https://ce.lijit.com/merge?pid=10&3pid=1871316021121709418
Date: Sat, 26 Jun 2021 05:54:27 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

204

no_match_opted_out
um.simpli.fi/ Frame 4BA9
Redirect Chain

https://um.simpli.fi/lj_match?r=1624686867456&gdpr=1&gdpr_consent=
https://um.simpli.fi/no_match_opted_out

0
272 B

47ms
46ms

Image
text/plain

159.253.128.188
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/no_match_opted_out

Requested by

Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.253.128.188 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),

Reverse DNS

bc.80.fd9f.ip4.static.sl-reverse.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 26 Jun 2021 05:54:27 GMT
x-content-type-options: nosniff
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS

Redirect headers

date: Sat, 26 Jun 2021 05:54:27 GMT
x-content-type-options: nosniff
server: nginx
location: /no_match_opted_out
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Fri, 25 Jun 2021 05:54:27 GMT

GET tum
ums.acuityplatform.com/ Frame 4BA9 0
0

GET
H/1.1

200
OK

reporting
ap.lijit.com/dsp/google/ Frame 4BA9
Redirect Chain

https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=N2NiMTEzY2U4NGIxMWZjYWVhYzU1ZWVi&gdpr=1
https://ap.lijit.com/dsp/google/reporting?gdpr=1

43 B
567 B

51ms
51ms

Image
image/gif

72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/dsp/google/reporting?gdpr=1
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:27 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
P3P: CP="CUR ADM OUR NOR STA NID"
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Content-Type: image/gif
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ap.lijit.com/dsp/google/reporting?gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 245
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 4BA9
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=49&3pid=8U7NubzW0Jqs&ev=1&pid=558511&gdpr_consent=&gdpr=1

43 B
2 KB

53ms
51ms

Image
image/gif

72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=49&3pid=8U7NubzW0Jqs&ev=1&pid=558511&gdpr_consent=&gdpr=1
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:27 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap3ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://ce.lijit.com/merge?pid=49&3pid=8U7NubzW0Jqs&ev=1&pid=558511&gdpr_consent=&gdpr=1
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-stage-0
expires: -1

GET
H/1.1 400
Request failed due to privacy signals getuid
secure.adnxs.com/ Frame 4BA9 0
0 78ms
72ms Image
text/html 185.33.220.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.adnxs.com/getuid?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D12%263pid%3D%24UID&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4BA9
Redirect Chain

https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=N2NiMTEzY2U4NGIxMWZjYWVhYzU1ZWVi&gdpr=1

170 B
188 B

68ms
66ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=N2NiMTEzY2U4NGIxMWZjYWVhYzU1ZWVi&gdpr=1

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 26 Jun 2021 05:54:27 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=N2NiMTEzY2U4NGIxMWZjYWVhYzU1ZWVi&gdpr=1
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 4BA9
Redirect Chain

https://jadserve.postrelease.com/suid/101957?ntv_r=https://ce.lijit.com/merge?pid=90&3pid=NTV_USER_ID&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=90&3pid=NTV_USER_ID&gdpr=1&gdpr_consent=

43 B
2 KB

68ms
51ms

Image
image/gif

72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=90&3pid=NTV_USER_ID&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:27 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap3ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
server: nginx/1.12.1
location: https://ce.lijit.com/merge?pid=90&3pid=NTV_USER_ID&gdpr=1&gdpr_consent=
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2 200 cksync.php
contextual.media.net/ Frame 4BA9 45 B
371 B 443ms
71ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=sov&ovsid=7cb113ce84b11fcaeac55eeb&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1023%263pid%3D%24%7BUSER%7D&gdpr=1&gdpr_consent=

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
server: Apache
date: Sat, 26 Jun 2021 05:54:28 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 45
x-mnet-hl2: E
expires: Sat, 26 Jun 2021 05:54:28 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 4BA9
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=17&mt_exuid=7cb113ce84b11fcaeac55eeb&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D3%263pid%3D%5BUUID%5D&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=3&3pid=876560d6-c113-4200-8aa1-81894cb771d4&gdpr=1&gdpr_consent=

43 B
2 KB

55ms
55ms

Image
image/gif

72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=3&3pid=876560d6-c113-4200-8aa1-81894cb771d4&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:27 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap3ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Date: Sat, 26 Jun 2021 05:54:23 GMT
Server: MT3 3799 851f7e8 master zrh-pixel-x12
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ce.lijit.com/merge?pid=3&3pid=876560d6-c113-4200-8aa1-81894cb771d4&gdpr=1&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 26 Jun 2021 05:54:22 GMT

GET
H/1.1 204
No Content sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame 4BA9 0
239 B 3633ms
144ms Image
image/gif 8.43.72.97
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=sovrn&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 8.43.72.97 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 87d839cc3e00ba41df3f5dd9eab06282
Content-Type: image/gif

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 4BA9
Redirect Chain

https://bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=7cb113ce84b11fcaeac55eeb/pv=y?https://ce.lijit.com%2Fmerge%3Fpid%3D5001%263pid%3D%24%7Bprofile_id%7D&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=5001&3pid=99557c22e17ffc55bdd4e8a7ed71d4fb&gdpr=1&gdpr_consent=

43 B
2 KB

138ms
54ms

Image
image/gif

72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=5001&3pid=99557c22e17ffc55bdd4e8a7ed71d4fb&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:27 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap3ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://ce.lijit.com/merge?pid=5001&3pid=99557c22e17ffc55bdd4e8a7ed71d4fb&gdpr=1&gdpr_consent=
cache-control: no-cache
x-server: 10.45.23.241
content-length: 0
expires: 0

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 4BA9
Redirect Chain

https://aorta.clickagy.com/pixel.gif?ch=185&cm=7cb113ce84b11fcaeac55eeb&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=84&3pid=c:cb45ec586b4b3139fed08c39b6f20c55

43 B
3 KB

55ms
54ms

Image
image/gif

72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=84&3pid=c:cb45ec586b4b3139fed08c39b6f20c55
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:29 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap3ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date: Sat, 26 Jun 2021 05:54:29 GMT
server: Aorta/2.4.14-20210304.4cf0ca0
access-control-allow-origin
access-control-max-age: 31536000
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/plain
Location: https://ce.lijit.com/merge?pid=84&3pid=c:cb45ec586b4b3139fed08c39b6f20c55
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
X-Aorta-Region: us-east-1
Connection: keep-alive
X-Aorta-Host: ip-10-42-19-14.ec2.internal
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
Content-Length: 0

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 4BA9
Redirect Chain

https://creativecdn.com/cm-notify?pi=sovrn&gdpr=1&gdpr_consent=
https://creativecdn.com/cm-notify?pi=sovrn&gdpr=1&gdpr_consent=&tc=1
https://ce.lijit.com/merge?pid=86&3pid=3v9MOiKH0LyT9jp19FFa&pi=sovrn&gdpr_consent=&gdpr=1&tc=1

43 B
3 KB

52ms
51ms

Image
image/gif

72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=86&3pid=3v9MOiKH0LyT9jp19FFa&pi=sovrn&gdpr_consent=&gdpr=1&tc=1
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:28 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap3ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location: https://ce.lijit.com/merge?pid=86&3pid=3v9MOiKH0LyT9jp19FFa&pi=sovrn&gdpr_consent=&gdpr=1&tc=1
pragma: no-cache
date: Sat, 26 Jun 2021 05:54:28 GMT, Sat, 26 Jun 2021 05:54:28 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 4BA9
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=1&gdpr_consent=
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=sovrn&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=87&3pid=074afe96-a7ea-41cb-94ea-cdebe7c45095

43 B
3 KB

59ms
57ms

Image
image/gif

72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=87&3pid=074afe96-a7ea-41cb-94ea-cdebe7c45095
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:28 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap3ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Location: //ce.lijit.com/merge?pid=87&3pid=074afe96-a7ea-41cb-94ea-cdebe7c45095
Date: Sat, 26 Jun 2021 05:54:28 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 4BA9
Redirect Chain

https://match.prod.bidr.io/cookie-sync/svr?gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=85&3pid=AABtrU7BrYIAADe3d2U3Aw&gdpr=1

43 B
2 KB

59ms
58ms

Image
image/gif

72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=85&3pid=AABtrU7BrYIAADe3d2U3Aw&gdpr=1
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:27 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap3ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location: https://ce.lijit.com/merge?pid=85&3pid=AABtrU7BrYIAADe3d2U3Aw&gdpr=1
Date: Sat, 26 Jun 2021 05:54:27 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
strict-transport-security: max-age=2592000; includeSubDomains

GET
H/1.1

200
OK

iu3
aax-eu.amazon-adsystem.com/s/ Frame 4BA9
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/x/ae12848777b41970a5f2?gdpr=1&gdpr_consent=
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=sovrn&gdpr=1&gdpr_consent=&dcc=t

0
0

71ms
70ms

Image
text/html

52.95.124.165
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=sovrn&gdpr=1&gdpr_consent=&dcc=t
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:28 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=sovrn&gdpr=1&gdpr_consent=&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 4BA9
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=16&3pid=no-consent&gdpr=1&gdpr_consent=

43 B
3 KB

52ms
51ms

Image
image/gif

72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=16&3pid=no-consent&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:28 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap3ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://ce.lijit.com/merge?pid=16&3pid=no-consent&gdpr=1&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H/1.1 204
No Content sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 4BA9 0
239 B 1508ms
63ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Content-Type: image/gif

GET
H/1.1

200
OK

noop
px.owneriq.net/ Frame 4BA9
Redirect Chain

https://px.owneriq.net/eucm/p/sv?gdpr=1&gdpr_consent=
https://px.owneriq.net/ecc?redir=https%3a%2f%2fpx.owneriq.net%2ffr%2fepx.gif&uid=Q6779732682052506596&ref=%2Feucm%2Fp%2Fsv
https://px.owneriq.net/noop?ct=image%2Fgif

0
287 B

62ms
61ms

Image
image/gif

104.111.242.53
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.owneriq.net/noop?ct=image%2Fgif
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.242.53 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-53.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 26 Jun 2021 05:54:28 GMT
Server: Apache/2.2.15 (CentOS)
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Powered-By: PHP/5.3.3
Content-Length: 0
Content-Type: image/gif

Redirect headers

Location: https://px.owneriq.net/noop?ct=image%2Fgif
Date: Sat, 26 Jun 2021 05:54:28 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H2 200 generic
data.adsrvr.org/track/cmf/ Frame 4BA9 70 B
264 B 94ms
67ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adsrvr.org/track/cmf/generic?ttd_pid=federatedmedia&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:28 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 4BA9
Redirect Chain

https://sync.1rx.io/usersync2/sovrn?gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=56&3pid=OPTOUT

43 B
3 KB

52ms
50ms

Image
image/gif

72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=56&3pid=OPTOUT
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gslbeacon.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:28 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap3ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:28 GMT
server: Tengine
etag: OPTOUT
content-type: text/html
location: https://ce.lijit.com/merge?pid=56&3pid=OPTOUT
cache-control: no-store, no-cache, must-revalidate
expires: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 01A9 14 KB
5 KB 103ms
100ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gslbeacon.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KTPCACOOKIE=true; KADUSERCOOKIE=FE69C282-0667-496E-9322-C2DB18BFB5CB
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=157310
expires: Mon, 28 Jun 2021 01:36:17 GMT
date: Sat, 26 Jun 2021 05:54:27 GMT
vary: Accept-Encoding

GET
H2 200 0608867b Show response
rtb.gumgum.com/usync/ Frame 8578 4 KB
2 KB 1241ms
69ms Document
text/html 52.50.187.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.187.150 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-187-150.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1c4b80e979ddd3af804e857d21b4878e53441489f0fcda826439059b34974df8

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gslbeacon.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

date: Sat, 26 Jun 2021 05:54:28 GMT
content-type: text/html;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
set-cookie: vst=e_d43cff91-4eb0-4fa4-93cc-0eff6968e5ee; Domain=.gumgum.com; Expires=Sun, 26-Jun-2022 05:54:28 GMT; Path=/; Secure; SameSite=None
etag: W/"0dc6074b7006220d5bdd51f1b243e409f"
timing-allow-origin: *
content-encoding: gzip

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 72EF 14 KB
5 KB 102ms
100ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gslbeacon.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KTPCACOOKIE=true; KADUSERCOOKIE=FE69C282-0667-496E-9322-C2DB18BFB5CB
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=157310
expires: Mon, 28 Jun 2021 01:36:17 GMT
date: Sat, 26 Jun 2021 05:54:27 GMT
vary: Accept-Encoding

GET
H2

200

cm Show response
us-u.openx.net/w/1.0/ Frame BC6A
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_c...
https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&g...

776 B
811 B

58ms
57ms

Document
text/html

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.209.0 /
Resource Hash: 636642334ed9134c00cc6f04984bbc88f45f24987867c1b4cc6a26a855324cbc

Request headers

:method: GET
:authority: us-u.openx.net
:scheme: https
:path: /w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gslbeacon.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=7b4c57be-4c6e-0092-22e8-41f6f34268dd|1624686868
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=7b4c57be-4c6e-0092-22e8-41f6f34268dd|1624686868; Version=1; Expires=Sun, 26-Jun-2022 05:54:28 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1624686868|gekin0vNiygu; Version=1; Expires=Sun, 11-Jul-2021 05:54:28 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.209.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Sat, 26 Jun 2021 05:54:28 GMT
content-type: text/html
content-length: 476
content-encoding: gzip
via: 1.1 google
alt-svc: clear

Redirect headers

set-cookie: i=7b4c57be-4c6e-0092-22e8-41f6f34268dd|1624686868; Version=1; Expires=Sun, 26-Jun-2022 05:54:28 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.209.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
date: Sat, 26 Jun 2021 05:54:28 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H/1.1

200
OK

Cookie set merge Show response
ce.lijit.com/ Frame 0260
Redirect Chain

https://d.turn.com/r/dd/id/L21rdC8xMjcvY2lkLzI4NTUyOTczL3QvMg/url/https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1%263pid%3D%24!%7BTURN_UUID%7D&gdpr=1&gdpr_consent=
https://ce.lijit.com/merge?pid=1&3pid=8919356679667100101&gdpr=1&gdpr_consent=

43 B
1 KB

150ms
50ms

Document
image/gif

72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ce.lijit.com/merge?pid=1&3pid=8919356679667100101&gdpr=1&gdpr_consent=
Requested by: Host: gslbeacon.lijit.com
URL: https://gslbeacon.lijit.com/beacon?viewId=a_435514_8047b444762d4bdabc76ef4504dbff80&rand=2622&informer=13390776&type=fpads&loc=https%3A%2F%2Fwww.sfweekly.com%2F&v=1.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Host: ce.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://gslbeacon.lijit.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D; ljt_reader=7cb113ce84b11fcaeac55eeb; ctag=561:1627278867|515:1627278867|563:1627278867|565:1624773267|520:1627278867|185:1624773267|203:1625896467|205:1624773267|541:1625896467|589:1627278867|462:1624773267; ljtrtbexp=eJxdkDkSA0EIA%2F8ysQNghstfc%2Fnv9m5tQoetEkjwWbreGnYyt0W%2Blt3o1XEujJi8J6ZOdhEoKmAE5BNgrXFxd%2Bd0%2FJWaSnEnShZa1gE7GPPGeTSqhj%2BeH26RuzH6Wc4bN%2FIO8g72O%2Fxe%2FPFs%2FP0BxSVdYQ%3D%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gslbeacon.lijit.com/

Response headers

Server: nginx
Date: Sat, 26 Jun 2021 05:54:27 GMT
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: _ljtrtb_1=8919356679667100101;Path=/;Domain=.lijit.com;Expires=Sun, 26-Jun-2022 05:54:27 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=7cb113ce84b11fcaeac55eeb;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None ctag=561:1627278867|515:1627278867|563:1627278867|565:1624773267|520:1627278867|185:1624773267|203:1625896467|205:1624773267|541:1625896467|589:1627278867|462:1624773267;Path=/;Domain=.lijit.com;Expires=Mon, 26-Jul-2021 05:54:27 GMT;Max-Age=2592000;Secure;SameSite=None ljtrtbexp=eJxdkDkSA0EIA%2F8ysQNghstfc%2Fnv9m5tQoetEkjwWbreGnYyt0W%2Blt3o1XEujJi8J6ZOdhEoKmAE5BNgrXFxd%2Bd0%2FJWaSnEnShZa1gE7GPPGeTSqhj%2BeH26RuzH6Wc4bN%2FIO8g72O%2Fxe%2FPFs%2FP0BxSVdYQ%3D%3D;Path=/;Domain=.lijit.com;Expires=Sun, 26-Jun-2022 05:54:27 GMT;Max-Age=31536000;Secure;SameSite=None ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D;Path=/;Domain=.lijit.com;Expires=Sun, 26-Jun-2022 05:54:27 GMT;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap3ams1

Redirect headers

p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
pragma: no-cache
set-cookie: uid=8919356679667100101; Domain=.turn.com; Expires=Thu, 23-Dec-2021 05:54:27 GMT; Path=/; Secure; SameSite=None
location: https://ce.lijit.com/merge?pid=1&3pid=8919356679667100101&gdpr=1&gdpr_consent=
content-length: 0
date: Sat, 26 Jun 2021 05:54:26 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 01A9 0
42 B 1173ms
52ms Script
text/plain 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=63482450&p=137711&s=137812&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:26 GMT
content-length: 0

GET
H2 204 getpixels Show response
pixels.ad.gt/api/v1/ 0
344 B 4587ms
223ms Script
text/plain 44.239.227.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixels.ad.gt/api/v1/getpixels?tagger_id=089e6f3d358c7e4ad84c01230a4bc06e&url=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&code=%27none%27
Requested by: Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/251
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.239.227.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 26 Jun 2021 05:54:32 GMT
server: nginx/1.18.0
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 94 KB
25 KB 18ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/251

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f35fd99c15de392199c3c5b116fab65bb8aaaaa74bcf1c1729e9e01bb26780e7

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 24632
x-xss-protection: 0
pragma: public
x-fb-debug: mICpO+A03/IH7m1Eq2OvBRsttm0T3wChoD/4I4qPZH3Fwz0H2MasuMwg+8LOX523fYV1ksdUGIsVk6q1UBr22A==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
date: Sat, 26 Jun 2021 05:54:27 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 200 ecommerce.js Show response
www.google-analytics.com/plugins/ua/ 1 KB
761 B 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ecommerce.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:07:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 2791
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
expires: Sat, 26 Jun 2021 06:07:56 GMT

GET
H3-29 200 ec.js Show response
www.google-analytics.com/plugins/ua/ 3 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ec.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:33:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 1285
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1306
x-xss-protection: 0
expires: Sat, 26 Jun 2021 06:33:02 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 13ms
12ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j91&aip=1&a=184133359&t=pageview&_s=1&dl=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&ul=en-us&de=UTF-8&dt=PhenQ%20Reviews%3A%20Does%20Ingredients%20In%20This%20Weight%20Loss%20Pills%20Work%3F%20-%20SF%20Weekly&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAUI7AAAAAG~&jid=274260989&gjid=1431867672&cid=551872362.1624686866&tid=UA-87198801-1&_gid=1569635977.1624686866&_r=1&_slc=1&cd1=0e03afbe-156d-4b7d-b9e0-99014fd53faa&cd2=none&cd3=251&cd4=www.sfweekly.com&cd5=%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&cd6=Passive%20Tagger&cd7=089e6f3d358c7e4ad84c01230a4bc06e&z=467831613

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 1853083501571805 Show response
connect.facebook.net/signals/config/ 264 KB
76 KB 8ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1853083501571805?v=2.9.42&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

45f3fd951239eea8f05ce06b66b7a93cdc7c6962531bc599e652d36b04aedf7a

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 77865
x-xss-protection: 0
pragma: public
x-fb-debug: 5J3ygqNiVwl3kwWKzRvJOP4nW4SXB5hpsAu+tbRZbyN7XKnl4j4JRzoBWe6kPuOXslvrLK6/0df7CCwAJDcEQg==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sat, 26 Jun 2021 05:54:27 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3-29 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j91&tid=UA-87198801-1&cid=551872362.1624686866&jid=274260989&gjid=1431867672&_gid=1569635977.1624686866&_u=aGDAAUI7AAAAAG~&z=1363091752

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 26 Jun 2021 05:54:27 GMT
content-type: text/plain
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 17ms
16ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-87198801-1&cid=551872362.1624686866&jid=274260989&_u=aGDAAUI7AAAAAG~&z=504734517

Requested by

Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.de/ads/ 42 B
63 B 26ms
26ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-87198801-1&cid=551872362.1624686866&jid=274260989&_u=aGDAAUI7AAAAAG~&z=504734517

Requested by

Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 18ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1853083501571805&ev=PageView&dl=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&rl=&if=false&ts=1624686867767&cd[partner_id]=251&cd[tagger_id]=089e6f3d358c7e4ad84c01230a4bc06e&sw=1600&sh=1200&v=2.9.42&r=stable&ec=0&o=30&fbp=fb.1.1624686867766.281024572&it=1624686867725&coo=false&tm=1&rqm=GET

Requested by

Host: www.sfweekly.com
URL: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:27 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Sat, 26 Jun 2021 05:54:27 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3403 42 B
518 B 59ms
39ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstQXRFz2Qq1Lt3W_fI0fdFZWJ-Td-G0M28xT9ka3v0SJw0ntUuRyWyM-d1Uf_t0HpGJfZPWn8nfaxL1yeAXuzZq24XOpwPoFUgoWRnHHaPh-EAOVMdP&sig=Cg0ArKJSzE4tspd65YPcEAE&id=lidar2&mcvt=1000&p=56,648,146,1376&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210623&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=3&adk=1696152264&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1624686866689&rpt=133&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 /
www.facebook.com/tr/ 0
15 B 15ms
6ms Ping
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryHRkU2D2fsCK87sG6

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Sat, 26 Jun 2021 05:54:28 GMT
content-type: text/plain
access-control-allow-origin: https://www.sfweekly.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i

GET
H/1.1 200
OK merge
ce.lijit.com/ Frame BC6A 43 B
3 KB 51ms
50ms Image
image/gif 72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=76&3pid=c40eb627-0f5d-0568-3f82-3fb8efd46472&gdpr=1&gdpr_consent=
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:28 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap3ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame BC6A
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=876560d6-c113-4200-8aa1-81894cb771d4

43 B
106 B

65ms
63ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=876560d6-c113-4200-8aa1-81894cb771d4
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.209.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:28 GMT
via: 1.1 google
server: OXGW/16.209.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Sat, 26 Jun 2021 05:54:24 GMT
Server: MT3 3799 851f7e8 master zrh-pixel-x24
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=876560d6-c113-4200-8aa1-81894cb771d4
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 26 Jun 2021 05:54:23 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame BC6A
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=i11m9N5cM_GQWmekilUvpthdNPCQVWTyiQvDJiNE

43 B
180 B

57ms
55ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=i11m9N5cM_GQWmekilUvpthdNPCQVWTyiQvDJiNE
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.209.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:28 GMT
via: 1.1 google
server: OXGW/16.209.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:28 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=i11m9N5cM_GQWmekilUvpthdNPCQVWTyiQvDJiNE
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame BC6A
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2967956833627946580

43 B
106 B

55ms
55ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2967956833627946580
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.209.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:29 GMT
via: 1.1 google
server: OXGW/16.209.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:29 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2967956833627946580
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame BC6A 70 B
264 B 70ms
67ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=a8e068e7-e5e9-3f65-783e-891e97655b20&gdpr=1
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:28 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-29 200 pixel
cm.g.doubleclick.net/ Frame BC6A 170 B
188 B 69ms
66ms Image
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ODQ4ZmJiMmQtMmM5ZS02MWMxLTZkZGUtZDNhNzVkODc5NTQw

Requested by

Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame BC6A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGe1uWxkUzI6qn1-ihm3hQI&google_cver=1

43 B
106 B

55ms
55ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGe1uWxkUzI6qn1-ihm3hQI&google_cver=1
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.209.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:28 GMT
via: 1.1 google
server: OXGW/16.209.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:28 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGe1uWxkUzI6qn1-ihm3hQI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 envelope Show response
api.rlcdn.com/api/identity/ Frame AABC 0
222 B 1130ms
54ms XHR
text/plain 34.120.133.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.rlcdn.com/api/identity/envelope?pid=1258
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/157577/2378//pwt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.133.55 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 26 Jun 2021 05:54:29 GMT
via: 1.1 google
alt-svc: clear
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://www.sfweekly.com
access-control-allow-credentials: true
access-control-allow-headers: Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
content-length: 0

GET
H2 200 id Show response
id.crwdcntrl.net/ Frame AABC 77 B
743 B 79ms
74ms XHR
application/json 34.253.109.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.crwdcntrl.net/id
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/157577/2378//pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.109.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.4.38.v20210224) /
Resource Hash: ec171f334c972c7aa964936b473bbe6f2afe187a318af9e46e634865b9f51569

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:28 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache
x-server: 10.45.12.35
access-control-allow-credentials: true
content-type: application/json;charset=utf-8
content-length: 77
expires: 0

GET
H2 200 rid Show response
match.adsrvr.org/track/ Frame AABC 108 B
651 B 72ms
67ms XHR
application/json 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/157577/2378//pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 89c9493e36f64f98549aeaddbf51e3a38f3ac9ecaafbf810f242f73516445b18

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 26 Jun 2021 05:54:28 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.sfweekly.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 108
expires: Mon, 26 Jul 2021 05:54:28 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame 8578
Redirect Chain

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
https://rtb.gumgum.com/usersync?b=apn&i=4353039743070324981

35 B
237 B

70ms
70ms

Image
image/gif

52.50.187.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=apn&i=4353039743070324981
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.187.150 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-187-150.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:31 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:31 GMT
X-Proxy-Origin: 45.12.220.52; 45.12.220.52; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: cf58d573-a522-4b54-a0d9-8c56031e4864
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://rtb.gumgum.com/usersync?b=apn&i=4353039743070324981
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 sync
x.bidswitch.net/ Frame 8578 43 B
145 B 53ms
52ms Image
image/gif 52.58.102.227
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_d43cff91-4eb0-4fa4-93cc-0eff6968e5ee&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.102.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-102-227.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:28 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/ Frame 8578
Redirect Chain

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=1&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
https://rtb.gumgum.com/usersync?b=obn&i=ENC%28GICd3vxIxDJb53r6iNOxctjIh-3t-b5g0XPRogR0cKhtK6Kf9bwU8mUvOOFrUfRd%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_d43cff91-4eb0-4fa4-93cc-0eff6968e5ee&obuid=ENC(GICd3vxIxDJb53r6iNOxctjIh-3t-b5g0XPRogR0cKhtK6Kf9bwU8mUvOOFrUfRd)
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
https://image8.pubmatic.com/AdServer/ImgSync?p=160065&gdpr=PM_GDPR&gdpr_consent=PM_CONSENT&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160065%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%...
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RkU2OUMyODItMDY2Ny00OTZFLTkzMjItQzJEQjE4QkZCNUNC&gdpr=0&gdpr_consent=PM_CONSENT
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RkU2OUMyODItMDY2Ny00OTZFLTkzMjItQzJEQjE4QkZCNUNC&gdpr=0&gdpr_consent=PM_CONSENT&google_tc=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=PM_CONSENT
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=PM_CONSENT
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=PM_CONSENT
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=PM_CONSENT&piggybackCookie=CAESEG3xgiHGSoLmMKh2yDQeTZ0&google_cver=1
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=PM_CONSENT
https://image4.pubmatic.com/AdServer/SPug?p=160065&pmc=1&pr=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dpubmatic%26obUid%3DGICd3vxIxDJb53r6iNOxctjIh-3t-b5g0XPRogR0cKhtK6Kf9bwU8mUvOOFrUfRd%2...
https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=GICd3vxIxDJb53r6iNOxctjIh-3t-b5g0XPRogR0cKhtK6Kf9bwU8mUvOOFrUfRd&uid=FE69C282-0667-496E-9322-C2DB18BFB5CB

0
474 B

122ms
122ms

Image
text/plain

70.42.32.127
INTERNAP-BLK3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=GICd3vxIxDJb53r6iNOxctjIh-3t-b5g0XPRogR0cKhtK6Kf9bwU8mUvOOFrUfRd&uid=FE69C282-0667-496E-9322-C2DB18BFB5CB
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.127 , United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 26 Jun 2021 05:54:32 GMT
Cache-Control: no-cache
X-TraceId: d69a3a9c4e928304ad3d78290fd18573
Content-Length: 0

Redirect headers

location: https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=GICd3vxIxDJb53r6iNOxctjIh-3t-b5g0XPRogR0cKhtK6Kf9bwU8mUvOOFrUfRd&uid=FE69C282-0667-496E-9322-C2DB18BFB5CB
date: Sat, 26 Jun 2021 05:54:30 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

usersync
rtb.gumgum.com/ Frame 8578
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=1&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://rtb.gumgum.com/usersync?b=opx&i=5fddcc97-cdfc-0733-1f45-99f35f355a66

35 B
237 B

76ms
74ms

Image
image/gif

52.50.187.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=opx&i=5fddcc97-cdfc-0733-1f45-99f35f355a66
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.187.150 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-187-150.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:28 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Sat, 26 Jun 2021 05:54:28 GMT
content-encoding: gzip
server: OXGW/16.209.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://rtb.gumgum.com/usersync?b=opx&i=5fddcc97-cdfc-0733-1f45-99f35f355a66
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H/1.1 200
OK sync
sync.srv.stackadapt.com/ Frame 8578 43 B
168 B 3547ms
125ms Image
image/gif 54.175.198.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.srv.stackadapt.com/sync?nid=1&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.175.198.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 26 Jun 2021 05:54:32 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2

200

usersync
rtb.gumgum.com/ Frame 8578
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=1&gdpr_consent=
https://rtb.gumgum.com/usersync?b=oth&i=y-OO9p8edE2pdWtpPXHLdVYzPdM96RHItrgmun~A

35 B
237 B

74ms
74ms

Image
image/gif

52.50.187.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=oth&i=y-OO9p8edE2pdWtpPXHLdVYzPdM96RHItrgmun~A
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.187.150 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-187-150.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:28 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Sat, 26 Jun 2021 05:54:28 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://rtb.gumgum.com/usersync?b=oth&i=y-OO9p8edE2pdWtpPXHLdVYzPdM96RHItrgmun~A
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame 8578
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=1&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%...
https://rtb.gumgum.com/usersync?b=vnt&i=f937a136-d642-11eb-a906-fd616201f0c1

35 B
237 B

74ms
73ms

Image
image/gif

52.50.187.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=vnt&i=f937a136-d642-11eb-a906-fd616201f0c1
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.187.150 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-187-150.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:30 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=vnt&i=f937a136-d642-11eb-a906-fd616201f0c1
Date: Sat, 26 Jun 2021 05:54:29 GMT
Server: Apache-Coyote/1.1
Connection: keep-alive
Content-Length: 0
X-CI-RTID: f937a137-d642-11eb-a906-fd616201f0c1

GET
H2 204 services
sync.technoratimedia.com/ Frame 8578 0
294 B 386ms
125ms Image
text/plain 150.136.26.45
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 150.136.26.45 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:29 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 215788360
access-control-allow-origin: https://rtb.gumgum.com/
access-control-allow-credentials: true

GET
H2 200 142
match.deepintent.com/usersync/ Frame 8578 0
44 B 1418ms
131ms Image
text/plain 169.197.150.8
DEEPINTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/142?redir=http%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS: g.deepintent.com
Software: a /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:29 GMT
content-length: 0
server: a

GET
H2

200

usersync
rtb.gumgum.com/ Frame 8578
Redirect Chain

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_d43cff91-4eb0-4fa4-93cc-0eff6968e5ee&gdpr=1&gdpr_consent=&us_privacy=
https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1

35 B
237 B

70ms
70ms

Image
image/gif

52.50.187.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.187.150 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-187-150.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:30 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=1
Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:30 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 78
Content-Type: text/html; charset=utf-8

GET
H2

200

usersync
rtb.gumgum.com/ Frame 8578
Redirect Chain

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://rtb.gumgum.com/usersync?b=idi&i=787627f8-7df9-41e9-a580-2ff5f27380a8

35 B
237 B

74ms
74ms

Image
image/gif

52.50.187.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=idi&i=787627f8-7df9-41e9-a580-2ff5f27380a8
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.187.150 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-187-150.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:30 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=idi&i=787627f8-7df9-41e9-a580-2ff5f27380a8
date: Sat, 26 Jun 2021 05:54:29 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

usersync
rtb.gumgum.com/ Frame 8578
Redirect Chain

https://sync.1rx.io/usersync2/floor6&gdpr=1&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3447895070
https://sync.1rx.io/usersync/tradedesk/b674bed5-6e05-40fa-9306-61c602f5e0fa
https://sync.targeting.unrulymedia.com/csync/RX-eb7a8ef7-acbb-4040-9713-571af667fc4c-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-eb7a8ef7-acbb-4040-9713-571af667fc4c-003
https://rtb.gumgum.com/usersync?b=rhy&i=RX-eb7a8ef7-acbb-4040-9713-571af667fc4c-003

35 B
237 B

74ms
74ms

Image
image/gif

52.50.187.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=rhy&i=RX-eb7a8ef7-acbb-4040-9713-571af667fc4c-003
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.187.150 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-187-150.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:29 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=rhy&i=RX-eb7a8ef7-acbb-4040-9713-571af667fc4c-003
date: Sat, 26 Jun 2021 05:54:29 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXeb7a8ef7acbb40409713571af667fc4c003
content-type: text/html

GET
H2

200

usersync
rtb.gumgum.com/ Frame 8578
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
https://rtb.gumgum.com/usersync?b=pln&i=spRSXiZVJvqO&ev=1&pid=558355

35 B
237 B

74ms
74ms

Image
image/gif

52.50.187.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=pln&i=spRSXiZVJvqO&ev=1&pid=558355
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.187.150 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-187-150.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:28 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://rtb.gumgum.com/usersync?b=pln&i=spRSXiZVJvqO&ev=1&pid=558355
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-stage-0
expires: -1

GET
H2

200

usersync
rtb.gumgum.com/ Frame 8578
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=15
https://rtb.gumgum.com/usersync?b=sad&i=5370632105907331666&gdpr=1&gdpr_consent=

35 B
237 B

70ms
70ms

Image
image/gif

52.50.187.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=sad&i=5370632105907331666&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.187.150 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-187-150.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:32 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=sad&i=5370632105907331666&gdpr=1&gdpr_consent=
date: Sat, 26 Jun 2021 05:54:31 GMT
content-length: 0

GET
H/1.1 200
OK merge
ce.lijit.com/ Frame 8578 43 B
3 KB 52ms
51ms Image
image/gif 72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=36&3pid=e_d43cff91-4eb0-4fa4-93cc-0eff6968e5ee
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Jun 2021 05:54:28 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap3ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 7301
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=1&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
https://rtb.gumgum.com/usersync?b=mmh&i=876560d6-c113-4200-8aa1-81894cb771d4&gdpr=1&gdpr_consent=

35 B
237 B

74ms
74ms

Document
image/gif

52.50.187.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=mmh&i=876560d6-c113-4200-8aa1-81894cb771d4&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.187.150 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-187-150.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=mmh&i=876560d6-c113-4200-8aa1-81894cb771d4&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_d43cff91-4eb0-4fa4-93cc-0eff6968e5ee
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Sat, 26 Jun 2021 05:54:28 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Sat, 26 Jun 2021 05:54:24 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=360
Server: MT3 3799 851f7e8 master zrh-pixel-x4
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://rtb.gumgum.com/usersync?b=mmh&i=876560d6-c113-4200-8aa1-81894cb771d4&gdpr=1&gdpr_consent=
Expires: Sat, 26 Jun 2021 05:54:23 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 760A
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=&_test=YNbBFQACLrxVDQA4
https://rtb.gumgum.com/usersync?b=atm&i=YNbBFQACLrxVDQA4&gdpr=1&gdpr_consent=&_test=YNbBFQACLrxVDQA4

35 B
237 B

74ms
74ms

Document
image/gif

52.50.187.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=atm&i=YNbBFQACLrxVDQA4&gdpr=1&gdpr_consent=&_test=YNbBFQACLrxVDQA4
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.187.150 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-187-150.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=atm&i=YNbBFQACLrxVDQA4&gdpr=1&gdpr_consent=&_test=YNbBFQACLrxVDQA4
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_d43cff91-4eb0-4fa4-93cc-0eff6968e5ee
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Sat, 26 Jun 2021 05:54:30 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

server: Varnish
retry-after: 0
location: https://rtb.gumgum.com/usersync?b=atm&i=YNbBFQACLrxVDQA4&gdpr=1&gdpr_consent=&_test=YNbBFQACLrxVDQA4
accept-ranges: bytes
date: Sat, 26 Jun 2021 05:54:30 GMT
via: 1.1 varnish
x-served-by: cache-hhn4049-HHN
x-cache: HIT
x-cache-hits: 0
x-timer: S1624686870.074475,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 0

GET
H3-29 200 pixel Show response
cm.g.doubleclick.net/ Frame 0A21 170 B
188 B 69ms
68ms Document
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9kNDNjZmY5MS00ZWIwLTRmYTQtOTNjYy0wZWZmNjk2OGU1ZWU=&gdpr=1&gdpr_consent=

Requested by

Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

:method: GET
:authority: cm.g.doubleclick.net
:scheme: https
:path: /pixel?google_nid=gumgum_dbm&google_hm=ZV9kNDNjZmY5MS00ZWIwLTRmYTQtOTNjYy0wZWZmNjk2OGU1ZWU=&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnqHtSyW7yr4pfJ2D2abbsgBDHHc1T_DoZ3Akmz_27KevlxpL61E5aLP7AcJNU; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

content-type: image/png
date: Sat, 26 Jun 2021 05:54:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame F021 14 KB
5 KB 60ms
60ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KADUSERCOOKIE=FE69C282-0667-496E-9322-C2DB18BFB5CB; KCCH=YES
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=157309
expires: Mon, 28 Jun 2021 01:36:17 GMT
date: Sat, 26 Jun 2021 05:54:28 GMT
vary: Accept-Encoding

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame C738 0
0 1425ms
137ms Document
text/plain 208.100.17.177
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.177 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip177.208-100-17.static.steadfastdns.net
Software: 33XP004 /
Resource Hash

Request headers

:method: GET
:authority: ssc-cms.33across.com
:scheme: https
:path: /ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

x-33x-status: 2000208
server: 33XP004
date: Sat, 26 Jun 2021 05:54:29 GMT

GET
H2 200 generic Show response
match.adsrvr.org/track/cmf/ Frame AEC6 70 B
264 B 70ms
67ms Document
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

:method: GET
:authority: match.adsrvr.org
:scheme: https
:path: /track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: TDID=b674bed5-6e05-40fa-9306-61c602f5e0fa; TDCPM=CAEYBSABKAIyCwiA7-_rspzcORAFOAE.
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Sat, 26 Jun 2021 05:54:28 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 um
cs.emxdgt.com/ Frame E0FD 0
0 1301ms
52ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: cs.emxdgt.com
:scheme: https
:path: /um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

content-type: text/html
date: Sat, 26 Jun 2021 05:54:29 GMT
content-length: 0

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 430B
Redirect Chain

https://tg.socdm.com/aux/idsync?proto=gumgum
https://rtb.gumgum.com/usersync?b=sus&i=YNbBFsCo8YwAADHzWqsAAAAA

35 B
237 B

74ms
74ms

Document
image/gif

52.50.187.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=sus&i=YNbBFsCo8YwAADHzWqsAAAAA
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.187.150 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-187-150.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=sus&i=YNbBFsCo8YwAADHzWqsAAAAA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_d43cff91-4eb0-4fa4-93cc-0eff6968e5ee
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Sat, 26 Jun 2021 05:54:30 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Server: nginx
Date: Sat, 26 Jun 2021 05:54:30 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private
Location: https://rtb.gumgum.com/usersync?b=sus&i=YNbBFsCo8YwAADHzWqsAAAAA
P3P: CP="See also http://www.scaleout.jp/privacy/"
X-SO-Ads-Time: 4
X-SO-HostName: a-ad40262.dc2p.scaleout.jp
X-SO-LB-Hostname: m-tgng40.dc4p.scaleout.jp
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":54,"gdpr":true,"ipv4":"0.0.0.0","key":"YNbBFsCo8YwAADHzWqsAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"a-ad40262"}
X-SO-Key: YNbBFsCo8YwAADHzWqsAAAAA
X-SO-IP: 45.12.220.52
X-SO-Cluster-ID: 54
X-SO-Upstream-ID: a-ad40262

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame CE0F
Redirect Chain

https://p.rfihub.com/cm?pub=42796&in=1
https://rtb.gumgum.com/usersync?b=zet&i=1871316021121709418

35 B
237 B

75ms
74ms

Document
image/gif

52.50.187.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=zet&i=1871316021121709418
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.187.150 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-187-150.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=zet&i=1871316021121709418
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_d43cff91-4eb0-4fa4-93cc-0eff6968e5ee
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Sat, 26 Jun 2021 05:54:28 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Sat, 26 Jun 2021 05:54:28 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: eud=H4sIAAAAAAAAADvEyGtoZmRiZgGE5maWlqvEEHwLCwNzAJj1F6IgAAAA; Path=/; Domain=.rfihub.com; Expires=Thu, 21 Jul 2022 05:54:28 GMT; Secure; SameSite=None rud=H4sIAAAAAAAAAOMSNrQwNzQ2NDMwMjQ0MjQ3sDQxtBDiM9T1Tw_1rSo0MPBITdOV4jU0MzIxswBCczNLSwD0Jh1ANAAAAA; Path=/; Domain=.rfihub.com; Expires=Thu, 21 Jul 2022 05:54:28 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAAAOMSNrQwNzQ2NDMwMjQ0MjQ3sDQxtBDiM9T1Tw_1rSo0MPBITdMFAGMLMbElAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Location: https://rtb.gumgum.com/usersync?b=zet&i=1871316021121709418
Content-Length: 0
Server: Jetty(9.3.29.v20201019)

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame EF96
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://rtb.gumgum.com/usersync?b=rth&i=3v9MOiKH0LyT9jp19FFa&pi=gumgum

35 B
237 B

81ms
73ms

Document
image/gif

52.50.187.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=rth&i=3v9MOiKH0LyT9jp19FFa&pi=gumgum
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.187.150 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-187-150.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=rth&i=3v9MOiKH0LyT9jp19FFa&pi=gumgum
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_d43cff91-4eb0-4fa4-93cc-0eff6968e5ee
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Sat, 26 Jun 2021 05:54:28 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

date: Sat, 26 Jun 2021 05:54:28 GMT Sat, 26 Jun 2021 05:54:28 GMT
location: https://rtb.gumgum.com/usersync?b=rth&i=3v9MOiKH0LyT9jp19FFa&pi=gumgum
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 0

POST
H2 200 v2rndwmfovWW9xSLauYgPKBfRy6XoADJq6oqwDbAb5tmyTr92kNESIQZ4TXITEt6f5uM4nzs Show response
richstring.com/ 216 B
614 B 141ms
56ms Fetch
application/json 35.190.74.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://richstring.com/v2rndwmfovWW9xSLauYgPKBfRy6XoADJq6oqwDbAb5tmyTr92kNESIQZ4TXITEt6f5uM4nzs

Requested by

Host: richstring.com
URL: https://richstring.com/249fa1afb610589da05d00c0896a527e7f57951f93f9c34b74f70cfbcd77141aab669461f9d66998bccc5e08775954d565fc7102835c600098515927fb1d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.74.157 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

157.74.190.35.bc.googleusercontent.com

Software

Resource Hash

93c8edb73ae25ea45a6aed405b2aeddf89fc0411b930a4224e7fa7d98c477a65

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
date: Sat, 26 Jun 2021 05:54:31 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-hostname: 3391a05c
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 216
expires: Sat, 26 Jun 2021 05:54:30 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 96E9 0
0 181ms
65ms Fetch
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv26WrlEO6CgplRWGP6LMywvhnTtqF8NyVN-QM-i10AjuN8N9-gayT8OcH6Y5k1BLYDClwvXD-h_Mezn5Tv2rnKU_Rpml9qppK8nsEJ8a0nIQbmv9BfwdHqZ0nYmjnm-N5ylfitXdilkOp5nNeICw0NKg4KW7ftP37waj0ERHUykWoahVF0LARkWpLMCiVcwt7tGWElWOB30drnzv4fp7YKZL3LoToODy7SwTgt9gKG2oWvPPlngP-pRXYA-w6vBa4AY_GrSsd4TwKNtZHfqZ4IPj2oHRmJyFP3jn3iqmZE2ZjySA05EGbdNSC-itk&sai=AMfl-YQVT5CezZxTFbEKhPrcYmzX9Rm2_v00dvIBwSTQIvpjknWmc-b-piVJtIDAGU1crYwdRnUOmJN8HhafkbvR5hlnyDhn9YX9kvpI0593bowwXT-vzEK9ElKpjd_ntHU&sig=Cg0ArKJSzE7Tnc4padUGEAE&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Jun 2021 05:54:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 26 Jun 2021 05:54:33 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 18ms
18ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021062403&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

17739c6a9c7f4ffc0a5e3a4c211496e5afc8171669da919ad3640a799801e4da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Jun 2021 05:54:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8463
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021062403.js?31061705

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Jun 2021 05:54:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Sat, 26 Jun 2021 05:54:33 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 3529 12 KB
5 KB 6ms
5ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.sfweekly.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.sfweekly.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Sat, 26 Jun 2021 03:43:06 GMT
expires: Sun, 26 Jun 2022 03:43:06 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 7887
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 276F 783 B
780 B 14ms
14ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8154ad96e321a7e51d292d78a8a8ba818d8573239d1aa2903d0de4d9b6a89ae5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-8s24qgVH8AsIh73aSOSzzg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.sfweekly.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.sfweekly.com/

Response headers

expires: Sat, 26 Jun 2021 05:54:33 GMT
date: Sat, 26 Jun 2021 05:54:33 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-8s24qgVH8AsIh73aSOSzzg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 XJNuD862gf4f0nvPPAbjPwJNpey2j9-BZmGDGqAPjUA.js Show response
pagead2.googlesyndication.com/bg/ Frame 3529 14 KB
6 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/XJNuD862gf4f0nvPPAbjPwJNpey2j9-BZmGDGqAPjUA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c936e0fceb681fe1fd27bcf3c06e33f024da5ecb68fdf816661831aa00f8d40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 07:16:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81511
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5736
x-xss-protection: 0
last-modified: Tue, 22 Jun 2021 16:28:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 25 Jun 2022 07:16:02 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 40ms
39ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021062403&jk=1363992120516965&bg=!_f6l_rrNAAYo4NJEKOA7ACkAdvg8Wi5RMWaOKWWDKei2UGAr_5WkTidV91333GIk1R0YF0nBWpJLTgIAAABpUgAAAAxoAQcKAA3DLY0kSWXtDWJXltNMmQJ3lj33Nr_OeJqsTsFyN1Bgj2AfhndunnJQ2e7N6xxDM6mF2ukE8BDDoUVNhTe3dxLl4IPRadA31xiPtT5UkeTI47ZY7pLvferP6wOnBNcOpli9VuMHzzJhJC_Q5ojyh8yuKp1YRiv8H9Dyzo4GCu-9MROK0s3IAmraVATfoxsZryJxaNzXIvkymLAADWnomrI0a6vnbNzE1FzOTKFFUQPW7F6uaeDukgMnqbTLcgg98RwrHLjQxE4VLehQAPn5lwms0BbWfuZUDFqRtGK4lDNDLm0Nj2eTXUA9Z5o4ZmqhLl7FoRKnfVDoE1_2kO2ZcgKIb9NQuENiUZG9oS2NFaWul85VmbMTi3rCVnSmq9sgQDFnTgbylunoFbn2tWciCEFi69rsLrekoTfgh9F9RNR2s13tQU0HYcvQgl0Q7Z09jPFQf-TM6uKs1wrcze6CyMJFo57tFBaWznggYpcfpOtwvE2vpqrUdOSlOTGzH0SX0YfzimFwc3iwsPvOCNfuFN5el9xoh7AQRfN_7Z43tLotpsh1QxOxtmZaDdeThG99ZgUQy1fYaft2Rd-qZzH0sGftJsmCivE9Wc7g2N3L5nKtTE2zAoE61c23VOyaPWfJ9MV34rTNXC6QkPTG9x840hZvDK0RmWMfsIZLhuM99c92XwkEEqwNgstWfJXuv71pontRW2UGK1Vf5saSzDT6cvRGqmdCVdkRfOumcmUS2yldOPZpLygLyj2Cd0jh5MZkzbqximHtfLQq-UYt-ERzTZAiOSDftAkJu1ZhoHuIknsv99mshwvCzwk1dZyfKyQZW2UE2ew_5vdqu7Gp3MksfAnk15ExGiFw8A

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 96E9 42 B
64 B 52ms
38ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuV9fOpTgr6Ws2ijmCBP9cgBpUwUWRRQeeX_wkuJKP3qRfRrw8vjfHtjD-gqtqYn2YPOM0M64ZKMhrGaNrT12RG9DXMNOTY0A92asF0gKlYMlM6tHwm&sig=Cg0ArKJSzD-EZ8E4VEwDEAE&id=lidar2&mcvt=1000&p=305,1076,555,1376&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210623&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=19&adk=1185675676&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1624686866830&dlt=27&rpt=1&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 admin-ajax.php Show response
www.sfweekly.com/wp-admin/ 0
379 B 275ms
275ms XHR
text/html 34.71.19.215
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sfweekly.com/wp-admin/admin-ajax.php

Requested by

Host: 1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com
URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.71.19.215 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

215.19.71.34.bc.googleusercontent.com

Software

nginx / WP Engine

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-fetch-mode: cors
origin: https://www.sfweekly.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
x-requested-with: XMLHttpRequest
cookie: _awl=2.1624686871.0.4-fe79d827-65cfb15a96dd84beb64959f039d29821-6763652d6575726f70652d7765737431-60d6c117-0
content-length: 286
:path: /wp-admin/admin-ajax.php
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/x-www-form-urlencoded; charset=UTF-8
accept: */*
cache-control: no-cache
:authority: www.sfweekly.com
referer: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: */*
Referer: https://www.sfweekly.com/sponsored/phenq-reviews-does-ingredients-in-this-weight-loss-pills-work/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sat, 26 Jun 2021 05:54:34 GMT
referrer-policy: strict-origin-when-cross-origin
server: nginx
x-powered-by: WP Engine
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
content-security-policy: upgrade-insecure-requests
x-robots-tag: noindex
vary: X-NR-SAMPLE-PERCENT
content-length: 0
x-content-type-options: nosniff
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2C1A 0
20 B 40ms
40ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=html5-mon&a0=layout&f0=layout&s0=0&d0=145.0000&a1=https&f1=layout_html&s1=0&d1=12.0000&a2=https%3A%2F%2Ftpc.googlesyndication.com%2Fsadbundle%2F%24csp%253Der3%24%2F5493320164060083006%2F300x600%2Findex_300x600.html%23t%3D7837604953864232266%26p%3Dhttps%253A%252F%252Fa07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com&a3=https%3A%2F%2Ftpc.googlesyndication.com%2Fpagead%2Fgadgets%2Fhtml5%2Fapi%2Fexitapi-impl.js&s3=44.6000&d3=6.5000&a4=https%3A%2F%2Ftpc.googlesyndication.com%2Fpagead%2Fgadgets%2Fhtml5%2Faddata.js&s4=44.7000&d4=7.0000&a5=https%3A%2F%2Ftpc.googlesyndication.com%2Fsadbundle%2F%24csp%253Der3%24%2F5493320164060083006%2F300x600%2Fimage-1.png&s5=44.8000&d5=41.0000&a6=https%3A%2F%2Ftpc.googlesyndication.com%2Fsadbundle%2F%24csp%253Der3%24%2F5493320164060083006%2F300x600%2Fimage-2.png&s6=44.9000&d6=41.4000&a7=https%3A%2F%2Ftpc.googlesyndication.com%2Fsadbundle%2F%24csp%253Der3%24%2F5493320164060083006%2F300x600%2Fimage-3.png&s7=44.9000&d7=43.9000&a8=https%3A%2F%2Ffonts.googleapis.com%2Fcss%3Ffamily%3DRoboto%3A400%26subset%3Dlatin&s8=80.6000&d8=23.0000&a9=https%3A%2F%2Ffonts.gstatic.com%2Fs%2Froboto%2Fv27%2FKFOmCnqEu92Fr1Mu4mxK.woff2&s9=128.2000&d9=7.3000&a10=https%3A%2F%2Ftpc.googlesyndication.com%2Fsadbundle%2F%24csp%253Der3%24%2F5493320164060083006%2F300x600%2Findex_300x600.html&f10=Custom_layout&s10=-1&d10=-1&i=528861068073&t=419&c=p&lp=%2Fsadbundle%2F%24csp%253Der3%24%2F5493320164060083006%2F300x600%2Findex_300x600.html&qqi=CKPkpJzOtPECFZG73god7nkMaA

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 16ms
16ms XHR
text/plain 2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j91&tid=UA-58316615-2&cid=551872362.1624686866&jid=313065522&gjid=226044613&_gid=1569635977.1624686866&_u=aGDAgUI7AAAAAG~&z=1603746432

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 26 Jun 2021 05:54:40 GMT
content-type: text/plain
access-control-allow-origin: https://www.sfweekly.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 6ms
5ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j91&a=184133359&t=event&_s=2&dl=https%3A%2F%2Fwww.sfweekly.com%2Fsponsored%2Fphenq-reviews-does-ingredients-in-this-weight-loss-pills-work%2F&ul=en-us&de=UTF-8&dt=PhenQ%20Reviews%3A%20Does%20Ingredients%20In%20This%20Weight%20Loss%20Pills%20Work%3F%20-%20SF%20Weekly&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Profitable%20Engagement&ea=time%20on%20page%20more%20than%2015%20seconds&_u=aGDAgUI7AAAAAG~&jid=313065522&gjid=226044613&cid=551872362.1624686866&tid=UA-58316615-2&_gid=1569635977.1624686866&z=1879153984

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 02:18:16 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 12984
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 16ms
16ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-58316615-2&cid=551872362.1624686866&jid=313065522&_u=aGDAgUI7AAAAAG~&z=72006061

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 17ms
16ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-58316615-2&cid=551872362.1624686866&jid=313065522&_u=aGDAgUI7AAAAAG~&z=72006061

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sfweekly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Jun 2021 05:54:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ums.acuityplatform.com
URL: https://ums.acuityplatform.com/tum?umid=27&uid=7cb113ce84b11fcaeac55eeb&gdpr=1&gdpr_consent=

Verdicts & Comments Add Verdict or Comment

200 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.pubmatic.com/	1970-01-19 20:01:18	Name: SPugT Value: 1624686870
.pubmatic.com/	1970-01-19 21:27:42	Name: chkChromeAb67Sec Value: 3
.pubmatic.com/	1970-01-19 20:01:18	Name: PugT Value: 1624686870
.pubmatic.com/	1970-01-19 21:27:42	Name: KRTBCOOKIE_80 Value: 22987-CAESEG3xgiHGSoLmMKh2yDQeTZ0&KRTB&16514-CAESEG3xgiHGSoLmMKh2yDQeTZ0&KRTB&23025-CAESEG3xgiHGSoLmMKh2yDQeTZ0
.pubmatic.com/	1970-01-19 21:27:42	Name: PUBMDCID Value: 3
.pubmatic.com/	1970-01-19 21:27:42	Name: SyncRTB3 Value: 1625875200%3A21_220
.pubmatic.com/	1970-01-19 21:27:42	Name: KADUSERCOOKIE Value: FE69C282-0667-496E-9322-C2DB18BFB5CB
.doubleclick.net/	1970-01-20 04:39:42	Name: IDE Value: AHWqTUmoeqs7eHOQmce_iLFm4gX_VVLejwJEg44EifpnD_btAQqdQkare67T45eiojo
.sfweekly.com/	1970-01-20 21:34:54	Name: _awl Value: 2.1624686871.0.4-fe79d827-65cfb15a96dd84beb64959f039d29821-6763652d6575726f70652d7765737431-60d6c117-0

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1
console-api	warning	URL: https://ads.pubmatic.com/AdServer/js/pwt/157577/2378//pwt.js(Line 1) Message: fun-hooks: referenced 'checkAdUnitSetup' but it was never created
console-api	warning	URL: https://hb.brainlyads.com/prebid.js(Line 3) Message: fun-hooks: referenced 'registerAdserver' but it was never created

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1ryzas42x65e2oosia40bgli-wpengine.netdna-ssl.com
51uav-eqocf.ads.tremorhub.com
51uav-sg2ba.ads.tremorhub.com
a.ad.gt
a07edf07ed2c471c1c9cc3500b5d2ad6.safeframe.googlesyndication.com
aax-eu.amazon-adsystem.com
ad.360yield.com
ads.freeskreen.com
ads.pubmatic.com
adservice.google.com
adservice.google.se
ajax.googleapis.com
aorta.clickagy.com
ap.lijit.com
api.rlcdn.com
aufp.io
b1sync.zemanta.com
bcp.crwdcntrl.net
bh.contextweb.com
c1.adform.net
ce.lijit.com
cm.g.doubleclick.net
connect.facebook.net
contextual.media.net
creativecdn.com
cs.admanmedia.com
cs.emxdgt.com
d.turn.com
d2s8wlbatk24s7.cloudfront.net
data.adsrvr.org
eu-u.openx.net
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
gslbeacon.lijit.com
gum.criteo.com
hb.brainlyads.com
id.crwdcntrl.net
ids.ad.gt
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
image8.pubmatic.com
includemodal.com
includemodal.global.ssl.fastly.net
jadserve.postrelease.com
loadeu.exelator.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
mug.criteo.com
p.ad.gt
p.rfihub.com
pagead2.googlesyndication.com
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pixel.quantserve.com
pixels.ad.gt
powerad.ai
pr-bh.ybp.yahoo.com
ps.eyeota.net
px.owneriq.net
pxdrop.lijit.com
reporting.powerad.ai
richstring.com
rtb.gumgum.com
rtb.mfadsrvr.com
sb.freeskreen.com
scm.publishers.tremorhub.com
script.hotjar.com
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
ssc-cms.33across.com
static.adsafeprotected.com
static.freeskreen.com
static.hotjar.com
stats.g.doubleclick.net
surgeprice.com
sync-tm.everesttech.net
sync.1rx.io
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.smartadserver.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
sync.technoratimedia.com
tg.socdm.com
token.rubiconproject.com
tpc.googlesyndication.com
trc.taboola.com
um.simpli.fi
ums.acuityplatform.com
us-u.openx.net
vap2ams1.lijit.com
vars.hotjar.com
ww1772.smartadserver.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.sfweekly.com
x.bidswitch.net
ums.acuityplatform.com
104.109.78.125
104.111.233.227
104.111.242.53
124.146.215.46
13.225.87.84
13.248.242.197
142.250.185.226
150.136.26.45
151.101.1.194
151.101.114.49
159.253.128.188
161.117.111.214
169.197.150.8
178.250.0.157
18.159.8.206
18.195.155.181
18.211.226.152
18.220.40.30
185.184.8.65
185.29.133.52
185.33.220.244
185.64.189.110
185.64.189.114
185.64.189.115
185.64.190.79
185.86.137.17
185.86.139.104
193.0.160.128
198.148.27.139
2.18.233.180
2.18.235.93
2.19.35.65
2001:678:cb4:bbbb::13
208.100.17.177
213.19.147.45
216.52.2.30
216.58.212.162
23.20.158.212
2600:1f18:612b:4200:8331:bab2:3072:ce38
2600:1f18:612b:4200:f618:eaed:4120:e6cb
2600:1f18:612b:4264:d706:ca06:12eb:ef2b
2600:9000:2104:1c00:d:77c3:2dc0:21
2600:9000:2104:f000:8:48e:53c0:93a1
2606:4700::6812:be
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2a00:1288:110:c305::8000
2a00:1450:4001:800::2001
2a00:1450:4001:800::2003
2a00:1450:4001:801::2001
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2002
2a00:1450:4001:813::2002
2a00:1450:4001:813::2004
2a00:1450:4001:828::2008
2a00:1450:4001:829::200a
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:831::200a
2a00:1450:400c:c08::9a
2a02:2638::1c
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:62::300
3.124.210.90
34.120.133.55
34.246.39.97
34.253.109.165
34.71.19.215
35.190.74.157
35.244.159.8
37.157.2.237
44.230.206.19
44.239.227.182
52.21.173.249
52.21.23.66
52.35.253.100
52.45.23.26
52.50.187.150
52.57.251.82
52.58.102.227
52.88.39.224
52.95.124.165
54.175.198.118
54.226.209.67
54.234.151.247
54.78.254.47
65.9.77.116
65.9.77.33
65.9.77.45
65.9.77.89
66.155.71.25
69.173.144.138
69.173.144.165
70.42.32.127
72.251.249.13
72.251.249.9
8.43.72.97
88.214.206.142
94.31.29.99
013bec3910ad3d4838f46d1a0095d9e6f0ea3e676e786daf0147dce032b651b6
03adc8964fa8c0fc5b6e30c447135d1bb870730c0d540411b306011e2447c99f
0516f00e005786be0536c610daded0edd4ec9d1fc5bfd83ae6589ef8ea5f026f
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0c103ae844c36c58f5947f4ffac0ef3edf1d447d0650fe33437071d3e13645ca
0ca494a07eaddaddc0cdafd9b489ba8ca5351646045ea13f2412562422b09656
0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
115966688781aebe7e9e584c14c29fc4e2be21fdbe5928a232caaa738af29ef3
14f1428061eb9b33ac8861b25d1fc65a2f080d3f80c13cedf7a4c44d4f27aa54
156187e022caad5e50fc56c6fd80ab78c62897281a9db23a4edc3ebc0a92824a
17739c6a9c7f4ffc0a5e3a4c211496e5afc8171669da919ad3640a799801e4da
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
19ac7f7f03270e923c602d544845da674a088cbb610a4c76a6445f0d075b7d0f
1c4b80e979ddd3af804e857d21b4878e53441489f0fcda826439059b34974df8
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
2002e6633787271759d472c2ede1e90dee4e78932b5acf6b4adf1873022ddddd
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba
23946e3fdaa22a10906f4ab1c106f4a2d80eda71a4b49e4b028fefdf38ee76da
2d3949c069a81e329e846104bb8fa4c37a238b2c22a8d40b3ed6b937af9dacba
2fb83e186612a002aa173367aa98d43e3f1e5d51ecf6963eac8a71742aedb724
31ace63fa339896dc045f21da77b1ffdc57160e2db5690b132766b0086d6f58e
36feff763065469b02e773c09b189e8d20d42e3effbef135d17ab331118c56bf
3878718aefca30fdf38d22a62cc0f42ea8c19221bbc6dde971548be490e6a787
38a1e8685db844db2f4fdf44030186e2054286aad8a8e7d00a7d35b1a4d62bf3
3a20349c43a611abcb68446d9aff52bb8e4c6ff3e1581eef2ff564794cb26333
3c789aeddb7bb57e2abe36b502a590c63230222bb5ea8a68f986d7d68dffbe81
3d5ae546163be6946a8ae9f9040891688b6ef62d1852a0d5d72f8e04ddbe7af5
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
4272575cf8e122c28736c3c5ff0edd5b7f0e563863a29e601d8bc254926c2094
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
42d979d54a12b76d10c5f34709c774b14aedcbf25f268f332a7e9163011b658b
45f3fd951239eea8f05ce06b66b7a93cdc7c6962531bc599e652d36b04aedf7a
47300f73d115d5d1586ff7b01cc7319166b160bdad6e54a54ad02ac9312f6426
47c3a2686255802406b8e765d65380930ada5fa4bbcd35ca5c32c6459b1288c0
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
495013e580810e5b206fe3f538c928f680a0009426f6d0188747283c0eebde73
49e90e0b934d3a353cf9c68e5971594386388d23a99d19726af18f4f60cd29a0
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
4fc81f46ab48df9279cdf0b17cb6e8e1e2990b76ece6d17f8cb3e3cb47da98e4
5138d39633dc69fcd0ed7f33a5e38dc339123f682fa7f5242066879c2bbc8c9b
522cc4ddf3c2daf42d71bd1ce57b9bd0c118068c0b4e363ebcb438f48dab7c0a
5257f9ca13e924a41ca83bdec64768c6b1eaaa16fbb0e9a0fe22873f0c6efa7c
53d3b513684b230591b0203df937048eb52f4e03e470ecf1ac2bf2477476da70
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57b07a8f1e2dc3af5e71f893b4239659f4944f97d0b2a827856d87d89e00a631
5b912a789556a9204298fda6cad09ad6cbf255e6efe8cb75f96d4dba640b025b
5c91d0d443201121d27bab38d853a67ca055aa4de1b8969ddb9674b3463db008
5c936e0fceb681fe1fd27bcf3c06e33f024da5ecb68fdf816661831aa00f8d40
5e39d64ff1029ff4dfbe107f5c91f0b5ea00ef904508e62489011248250a0851
5f4e00ecd9e1a6d454db55802d379f4d3ce99bbfa046fbf9b98aac9d443fb8ff
61b1b1db3765956309e63eda160ea122f3e1fa5df3c09584ef66bca68084b3a1
636642334ed9134c00cc6f04984bbc88f45f24987867c1b4cc6a26a855324cbc
6a8cda63d038aabdcd5f007123ba4cc5de3d742f7a3c02b2b2bf617ce0da7d8b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6b9cb1b58d6f562f49ba28320c7ac12e78802b2f85e966e3857933a97bfed254
6d1e78bac9315a0788579db4571773cbaeeb12fae54d6c3c3618088fdb56ca7e
6f780911a8781269b89ee6225f5b047c14df0581f73bada33612462529a1d16a
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
755a97e09ce74a9929d596808336cea2b7003deef1f3cc8490b1041be05623d5
75a315598423af7b8dbc25b957c07b5c90c1c9705ff81957e2fa7e6b08f285b4
785feac29ca49a8578ef880c201e269990a0a95a9d4de72503191cba3694a0e3
7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9
7b7b30290f6e86520bea73cb3f606aa56beb34f596b2181a7f4a8acc94adf6d6
8154ad96e321a7e51d292d78a8a8ba818d8573239d1aa2903d0de4d9b6a89ae5
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86dd93fcfdc7834687acff38fc672420945476c9811e036ef68e591d7c111e66
89c9493e36f64f98549aeaddbf51e3a38f3ac9ecaafbf810f242f73516445b18
8acb04628394993656dad11f23029fc6ad13cf90cfaa1f5df89150b2727684a9
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
8ff9b3854bfb7358d2cc3f22cea74750c623571bf4e7d57763339817cfbcb4da
9120fc5e7b83f3083c39b6ee71d2cd0322451890f95440289b32dca28294e68f
9225661f51d937f6ccc983e3756cc0c75ef5895137a64d289565424a35a2a85f
92345807373a0f7ceba59b4de7ed47caa9a94ddaa7973b6445404ff234d7dd07
92857904df325afe1f29a64b2382eb7df89626a03d79bd16be4dac1296c3aef1
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
93c8edb73ae25ea45a6aed405b2aeddf89fc0411b930a4224e7fa7d98c477a65
96ed609b415be6ee67eadb8d2de7ce64d13de9c928bce8e1373bec97e233e74c
99155f31d46dc469aa872ce824309fae9210fb9357f463b889d617b85b35eb61
9cb356c55f44ea347dcb9b488b91ec21740eb2558deef12a2b86eb4a8e3199e1
9f116dbbaf4f0d636fa01fba1c0a0fbed796632077c936724150f2346e74f649
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d93254e392f7361b334641f8781721fd31c7b18283c88fe67df7d3123e1c24
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a73bfcb6deda1ba543391d350f64dc4c56dd75b3d280872741c194ea5ed42033
aa4607112a6b3245394fee13973cf8cf8a22b727f919f60636436a945886005b
aadc94f9bdb8f6bc3fe4f435297191b718e5820ea17d4d842b9d183a57349f9d
ada1ee100c80b9ba79e51a13677a0a80d548cb4be23149544fad104d6882ed4f
adda0268f0668026f688955be82a205e6e876baf7b0481ff2514edcbff3c02dd
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b35a4ef06e319281153f0f4b026996a350853075e70204a388d524eab724433f
b3aade6189cb058b28b28e97335a8e17a68e3a61160f8e83cc60989c9d5c9955
b55616e4eada60d4e94a044efa03f45c3550056a0e93a55a993b0b85a7e7689b
b5c9e4876832936836619c0b253bd8fd6c739560a6d5f287f51ac71b2edf7ae9
b981a573fb68a0a62121fb1a43eefd91004bb4f030fe46ad642bc958ef421908
bc91edebf695ab675bb36ce72cd9437ab7edcb66091224cf03066d98b575fb9d
bd3fdc50768b3f75b1260a1b865bded5686ef24220a3a186fae1ab7f90faaf80
bf7c9484fdc988e2ee44d62563d76afcd64cd75e1c9aae4c2fd195d9ba4fe649
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c298433cc9eb86f4c0be0a447b0faf398dee9186d2bcf26683297de2758cddc7
c5c542ee2cda1cfd07cfce2a5b0ee840279808560c3d75004b4932c66358770c
c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c
c969efceff108562296b3425ced4ae3921ebf7baf40958c4b500c7d075ae350a
c9d24b2f47ee47117f633d30128b659006b7592953ba764d6d1985e8f403d9ef
cc17e9fffa7d9103924b1196491673dc298e7e9ebb4c697ba22b291458f16bdd
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cc46822c1efd215f4382b351af79ca830874c08b9177a5131b6cc6a971a3832c
cfb2d34e70cbfda5fa65d3b23ac4928b91acd34b40b6c16dd2901a6a2d9f05f9
d124233dd510f9b5bfe1a1d5c7114be3f549d55ab17e4126377d6abf341b722d
d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa
d32a36d8dc793802de2280a21161e890801c411e4e0cab83d78d64f7fd5248ff
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d77f13f4c659781e45220de008c0cae324b5564047c84c0ef545891ac7a869e9
dbf45a4ab6a93d6ed8919dbbb2a99ea1bb7b56dbcae714530f5f6f627a59f977
dc324db104115db560b64f97e80a6548cd4cb82621d1dd88e4d2a202740f24bc
dcab34f7c20677d9ab03841ae1b09b6f0304a8492dd8ad343cf3840ed38cc6a8
dd1258d919cf8339da7ac93feb40c0c49682256e0ca9cca1bd2c19530d43ff1e
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dfbb01aa242e6b25c3bf941dfb0c26a928e49337ba789f95c73f1ee2d7ca8bd2
dfd6d929422d1f69a727fb6b525f610562eab183a333576516bec0b0503cb049
e0ce6ddc2a39953a15778ba7a490605f1c25d2dd12bc8a54d1263a85f7166d62
e14c33132460a35699ccc43e651f29cb4a61633be86f7d9236e924b6a895eced
e19e5fec549d0d871301c8196f4a954abe8d6913464a1ac511f81ef71529f89b
e2792ac0f368fde46c7199d5ebae00a63fbc289240909e89dff8bf5ef4fde369
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb8b1b4a5fe4e1a1e7ee49bcd6cb07b6e56241a8d2718c1dc9928b3e5b727359
ec171f334c972c7aa964936b473bbe6f2afe187a318af9e46e634865b9f51569
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f14ec0ba60d6c5906a72b22aee564a03f1aa4dc61c0ffef317bddf20bf1d1053
f35fd99c15de392199c3c5b116fab65bb8aaaaa74bcf1c1729e9e01bb26780e7
f451845a33b6518fb307714fabf90f791252b0fc23395857f52593b36c9310a0
f6d6e49e8971c9b702e31bb9ad580eb9d374a13af6e713e3673282c9e52ac7bc
f8d8093f1e6c2d1c21196b0eb31c86a4e72871ea749a1bd94e156f27f6fa4482
f8f38aa8f67c0e9e168ba7f4d5e0e0467c82ccb002a337841dd178fd5560608e
f9bc3196867522f7f288ec310a147c9fd1890566851f6c7218d043998d938a93
fe4108d909a63ac862501d5ecd0c70239453c08c982d7ccc64d5d4e3ea142177
ff7d833fe34dca3b008fbd2eeb92c58d70e2ea600e88eae7c1d978efbbc18104

www.sfweekly.com Open in urlscan Pro 34.71.19.215 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

280 Requests

99 %HTTPS

28 %IPv6

74 Domains

109 Subdomains

78 IPs

10 Countries

3495 kBTransfer

7553 kBSize

9 Cookies

13 Outgoing links

Redirected requests

280 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.sfweekly.com Open in urlscan Pro
34.71.19.215 Public Scan

Screenshot
Live screenshot

Full Image

280
Requests

99 %
HTTPS

28 %
IPv6

74
Domains

109
Subdomains

78
IPs

10
Countries

3495 kB
Transfer

7553 kB
Size

9
Cookies

280 HTTP transactions
6 data transactions