Submitted URL: http://paysbig.com/
Effective URL: https://www.paysbig.com/
Submission: On October 10 via manual from US — Scanned from DE

Summary

This website contacted 44 IPs in 6 countries across 31 domains to perform 132 HTTP transactions. The main IP is 69.167.174.209, located in United States and belongs to LIQUIDWEB, US. The main domain is www.paysbig.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 24th 2022. Valid for: 3 months.
This is the only time www.paysbig.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 39 69.167.174.209 32244 (LIQUIDWEB)
1 2a00:1450:400... 15169 (GOOGLE)
1 7 2606:4700:303... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 7 185.89.210.153 29990 (ASN-APPNEX)
7 2a02:26f0:350... 20940 (AKAMAI-ASN1)
2 52.223.40.198 16509 (AMAZON-02)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a03:2880:f02... 32934 (FACEBOOK)
5 2a00:1450:400... 15169 (GOOGLE)
2 2620:116:800d... 16509 (AMAZON-02)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
3 8 172.217.18.6 15169 (GOOGLE)
1 2600:9000:205... 16509 (AMAZON-02)
1 2600:9000:214... 16509 (AMAZON-02)
2 2001:4860:480... 15169 (GOOGLE)
2 2a03:2880:f11... 32934 (FACEBOOK)
1 34.102.147.248 396982 (GOOGLE-CL...)
3 2a00:1450:400... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 34.98.67.3 396982 (GOOGLE-CL...)
2 2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 169.50.137.179 36351 (SOFTLAYER)
1 65.9.65.116 16509 (AMAZON-02)
2 151.101.65.182 54113 (FASTLY)
3 151.101.129.182 54113 (FASTLY)
3 151.101.129.62 54113 (FASTLY)
1 151.101.2.133 54113 (FASTLY)
1 2 142.250.185.66 15169 (GOOGLE)
1 35.186.195.233 15169 (GOOGLE)
8 18 52.51.145.228 16509 (AMAZON-02)
2 4 52.30.152.75 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 23.3.108.242 16625 (AKAMAI-AS)
1 2 52.30.140.233 16509 (AMAZON-02)
1 23.55.163.72 20940 (AKAMAI-ASN1)
1 3.120.204.36 16509 (AMAZON-02)
1 185.64.190.80 62713 (AS-PUBMATIC)
1 2 143.204.215.97 16509 (AMAZON-02)
1 2 34.254.143.3 16509 (AMAZON-02)
1 2 185.80.39.216 27381 (CASALE-MEDIA)
1 185.89.210.46 29990 (ASN-APPNEX)
132 44
Apex Domain
Subdomains
Transfer
39 paysbig.com
paysbig.com — Cisco Umbrella Rank: 947871
www.paysbig.com
1 MB
22 bidr.io
segment.prod.bidr.io — Cisco Umbrella Rank: 8487
match.prod.bidr.io — Cisco Umbrella Rank: 833
13 KB
17 triptease.io
onboard.triptease.io — Cisco Umbrella Rank: 47591
static.triptease.io — Cisco Umbrella Rank: 59538
static-meta.triptease.io — Cisco Umbrella Rank: 127661
b.triptease.io — Cisco Umbrella Rank: 38312
messages.guest-experience.triptease.io — Cisco Umbrella Rank: 70080
api.triptease.io — Cisco Umbrella Rank: 68662
181 KB
12 doubleclick.net
4461369.fls.doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 171
googleads.g.doubleclick.net — Cisco Umbrella Rank: 68
cm.g.doubleclick.net — Cisco Umbrella Rank: 304
5 KB
8 typekit.net
use.typekit.net — Cisco Umbrella Rank: 1023
p.typekit.net — Cisco Umbrella Rank: 1263
201 KB
8 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 707
ib.adnxs.com — Cisco Umbrella Rank: 334
8 KB
6 google.com
adservice.google.com — Cisco Umbrella Rank: 136
region1.analytics.google.com — Cisco Umbrella Rank: 3900
www.google.com — Cisco Umbrella Rank: 19
2 KB
5 google.de
www.google.de — Cisco Umbrella Rank: 3460
adservice.google.de — Cisco Umbrella Rank: 5221
2 KB
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 129
260 KB
3 adsrvr.org
insight.adsrvr.org — Cisco Umbrella Rank: 922
js.adsrvr.org — Cisco Umbrella Rank: 2307
3 KB
2 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 908
2 KB
2 exelator.com
loadus.exelator.com — Cisco Umbrella Rank: 1830
2 KB
2 company-target.com
segments.company-target.com — Cisco Umbrella Rank: 2556
1 KB
2 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 293
2 KB
2 simpli.fi
tag.simpli.fi — Cisco Umbrella Rank: 7321
2 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 115
222 B
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 94
20 KB
2 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 1449
pixel.quantserve.com — Cisco Umbrella Rank: 683
11 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 203
111 KB
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1229
70 KB
2 crazyegg.com
script.crazyegg.com — Cisco Umbrella Rank: 2855
3 KB
1 pubmatic.com
image2.pubmatic.com — Cisco Umbrella Rank: 1513
225 B
1 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 791
502 B
1 stickyadstv.com
ads.stickyadstv.com — Cisco Umbrella Rank: 1021
801 B
1 bluekai.com
tags.bluekai.com — Cisco Umbrella Rank: 786
525 B
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 154
15 KB
1 linksynergy.com
consent.linksynergy.com — Cisco Umbrella Rank: 23929
276 B
1 rmtag.com
intljs.rmtag.com — Cisco Umbrella Rank: 11942
11 KB
1 qccerttest.com
pxl.qccerttest.com — Cisco Umbrella Rank: 1356
549 B
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 1200
1 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 118
2 KB
132 31
Domain Requested by
38 www.paysbig.com 2 redirects www.paysbig.com
18 segment.prod.bidr.io 8 redirects b.triptease.io
8 4461369.fls.doubleclick.net 3 redirects www.paysbig.com
www.googletagmanager.com
adservice.google.com
7 use.typekit.net www.paysbig.com
use.typekit.net
7 secure.adnxs.com 1 redirects www.paysbig.com
4461369.fls.doubleclick.net
secure.adnxs.com
7 onboard.triptease.io 1 redirects www.paysbig.com
onboard.triptease.io
5 www.googletagmanager.com www.paysbig.com
www.googletagmanager.com
static-meta.triptease.io
4 match.prod.bidr.io 2 redirects b.triptease.io
match.prod.bidr.io
3 b.triptease.io onboard.triptease.io
b.triptease.io
3 static-meta.triptease.io onboard.triptease.io
static-meta.triptease.io
3 www.google.de www.paysbig.com
3 adservice.google.com 4461369.fls.doubleclick.net
2 dsum-sec.casalemedia.com 1 redirects match.prod.bidr.io
2 loadus.exelator.com 1 redirects match.prod.bidr.io
2 segments.company-target.com 1 redirects match.prod.bidr.io
2 dpm.demdex.net 1 redirects match.prod.bidr.io
2 static.triptease.io onboard.triptease.io
static.triptease.io
2 tag.simpli.fi 4461369.fls.doubleclick.net
2 www.google.com www.paysbig.com
2 adservice.google.de 2 redirects
2 stats.g.doubleclick.net www.googletagmanager.com
www.google-analytics.com
2 www.facebook.com www.paysbig.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 connect.facebook.net www.paysbig.com
connect.facebook.net
2 maxcdn.bootstrapcdn.com www.paysbig.com
maxcdn.bootstrapcdn.com
2 insight.adsrvr.org www.paysbig.com
js.adsrvr.org
2 script.crazyegg.com www.paysbig.com
script.crazyegg.com
1 ib.adnxs.com match.prod.bidr.io
1 image2.pubmatic.com match.prod.bidr.io
1 aa.agkn.com match.prod.bidr.io
1 ads.stickyadstv.com match.prod.bidr.io
1 tags.bluekai.com match.prod.bidr.io
1 cm.g.doubleclick.net 1 redirects
1 googleads.g.doubleclick.net www.googleadservices.com
1 api.triptease.io static.triptease.io
1 www.googleadservices.com www.googletagmanager.com
1 messages.guest-experience.triptease.io static.triptease.io
1 js.adsrvr.org 4461369.fls.doubleclick.net
1 consent.linksynergy.com www.paysbig.com
1 region1.analytics.google.com www.googletagmanager.com
1 intljs.rmtag.com www.paysbig.com
1 pixel.quantserve.com www.paysbig.com
1 pxl.qccerttest.com www.paysbig.com
1 rules.quantcount.com secure.quantserve.com
1 p.typekit.net use.typekit.net
1 secure.quantserve.com www.paysbig.com
1 fonts.googleapis.com www.paysbig.com
1 paysbig.com 1 redirects
132 48
Subject Issuer Validity Valid
paysbig.com
cPanel, Inc. Certification Authority
2022-07-24 -
2022-10-22
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-04-08 -
2023-04-08
a year crt.sh
use.typekit.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-09-14 -
2023-10-15
a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2022-03-31 -
2023-05-02
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2022-07-19 -
2022-10-17
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1
2022-08-09 -
2023-09-09
a year crt.sh
*.doubleclick.net
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
qccerttest.com
Amazon
2022-04-04 -
2023-05-03
a year crt.sh
*.rmtag.com
ZeroSSL RSA Domain Secure Site CA
2022-02-14 -
2023-02-14
a year crt.sh
*.google.com
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2022-02-11 -
2023-03-14
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
www.google.de
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
consent.linksynergy.com
GTS CA 1D4
2022-09-07 -
2022-12-06
3 months crt.sh
www.google.com
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
*.simpli.fi
DigiCert TLS RSA SHA256 2020 CA1
2021-10-27 -
2022-11-27
a year crt.sh
*.triptease.io
GlobalSign Atlas R3 DV TLS CA 2022 Q3
2022-09-27 -
2023-10-29
a year crt.sh
*.guest-experience.triptease.io
R3
2022-08-26 -
2022-11-24
3 months crt.sh
www.googleadservices.com
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
*.segment.prod.bidr.io
Amazon
2022-01-27 -
2023-02-25
a year crt.sh
*.match.prod.bidr.io
Amazon
2022-01-27 -
2023-02-25
a year crt.sh
*.google.de
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
odc-pixel-prod-01.oracle.com
DigiCert SHA2 Secure Server CA
2022-02-26 -
2023-03-01
a year crt.sh
*.ads.stickyadstv.com
DigiCert TLS RSA SHA256 2020 CA1
2022-06-14 -
2023-06-16
a year crt.sh
*.agkn.com
RapidSSL Global TLS RSA4096 SHA256 2022 CA1
2022-09-06 -
2023-09-21
a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1
2022-06-13 -
2023-07-14
a year crt.sh

This page contains 13 frames:

Primary Page: https://www.paysbig.com/
Frame ID: A186EE212E4F31621A8B8DE759C3AB36
Requests: 89 HTTP requests in this frame

Frame: https://4461369.fls.doubleclick.net/activityi;dc_pre=CLzYwtHa1foCFZZjFQgdgCAKUA;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048.334
Frame ID: D6BD6C0760AA5863FEA108B057E3CED4
Requests: 1 HTTP requests in this frame

Frame: https://4461369.fls.doubleclick.net/activityi;dc_pre=CIfbwtHa1foCFdJkFQgdX4EC2g;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839.232
Frame ID: 1BCB6FA2BD1BB2C3B0C342EA6E7A0208
Requests: 1 HTTP requests in this frame

Frame: https://onboard.triptease.io/kernel/v5794.62701/kernel-host.html?originHost=www.paysbig.com
Frame ID: C28AFA2FBE3A434929313367974610B8
Requests: 2 HTTP requests in this frame

Frame: https://4461369.fls.doubleclick.net/activityi;dc_pre=CKK9y9Ha1foCFd1lFQgdIBYCQg;src=4461369;type=retarget;cat=https003;ord=7913036030717;gtm=2wga50;auiddc=152238561.1665406489;~oref=https%3A%2F%2Fwww.paysbig.com%2F
Frame ID: DEBAC7BC585DE0EB443F62ED65705C0D
Requests: 3 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CLzYwtHa1foCFZZjFQgdgCAKUA;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048.334;~oref=https://www.paysbig.com/
Frame ID: 77309D07C05B20B18A519F94DB2CF90A
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CIfbwtHa1foCFdJkFQgdX4EC2g;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839.232;~oref=https://www.paysbig.com/
Frame ID: CB49B975AE98B9BB8A8B7F013E6443C3
Requests: 1 HTTP requests in this frame

Frame: https://4461369.fls.doubleclick.net/ddm/fls/r/dc_pre=CLzYwtHa1foCFZZjFQgdgCAKUA;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048.334;~oref=https://www.paysbig.com/
Frame ID: D5137DE5765064829F9CEA457009008C
Requests: 4 HTTP requests in this frame

Frame: https://4461369.fls.doubleclick.net/ddm/fls/r/dc_pre=CIfbwtHa1foCFdJkFQgdX4EC2g;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839.232;~oref=https://www.paysbig.com/
Frame ID: ABF3744814CF7ACE395EE7B792733572
Requests: 5 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=j0fttr3&ref=https%3A%2F%2Fadservice.google.com%2F&upid=23crggf&upv=1.1.0
Frame ID: 7CC801B1125668EB304F340F6AE9F3FB
Requests: 1 HTTP requests in this frame

Frame: https://static.triptease.io/message-porter/dist/storageIframe.html
Frame ID: 398C613B3422921A1E1835AC48C9B906
Requests: 1 HTTP requests in this frame

Frame: https://b.triptease.io/?apikey=6f9bd4c16aef4149bbb066a879fd3b2b&bucket=0&conversion=false&clicked=false&searched=false&tripteaseUserId=01GF0ZCQ8FNEPT30R5VJHFC3X3
Frame ID: 874DB51D1300802C214342B4A002D995
Requests: 12 HTTP requests in this frame

Frame: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
Frame ID: 8DE7306E0367E7DBCC5AC9EF1B80D9C3
Requests: 11 HTTP requests in this frame

Screenshot

Page Title

Potawatomi Hotel and Casino in Milwaukee Wisconsin

Page URL History Show full URLs

  1. http://paysbig.com/ HTTP 301
    https://www.paysbig.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /concrete/js/

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

132
Requests

88 %
HTTPS

44 %
IPv6

31
Domains

48
Subdomains

44
IPs

6
Countries

2032 kB
Transfer

3796 kB
Size

35
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://paysbig.com/ HTTP 301
    https://www.paysbig.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://onboard.triptease.io/bootstrap.js?integrationId=01FN3YK2FH59N4QMH1X95R3WNK HTTP 307
  • https://onboard.triptease.io/bootstrap/v5794.62701/bootstrap.js
Request Chain 8
  • https://secure.adnxs.com/seg?add=14720448&t=1 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D14720448%26t%3D1
Request Chain 39
  • https://4461369.fls.doubleclick.net/activityi;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048.334 HTTP 302
  • https://4461369.fls.doubleclick.net/activityi;dc_pre=CLzYwtHa1foCFZZjFQgdgCAKUA;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048.334
Request Chain 40
  • https://4461369.fls.doubleclick.net/activityi;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839.232 HTTP 302
  • https://4461369.fls.doubleclick.net/activityi;dc_pre=CIfbwtHa1foCFdJkFQgdX4EC2g;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839.232
Request Chain 48
  • https://4461369.fls.doubleclick.net/activityi;src=4461369;type=retarget;cat=https003;ord=7913036030717;gtm=2wga50;auiddc=152238561.1665406489;~oref=https%3A%2F%2Fwww.paysbig.com%2F HTTP 302
  • https://4461369.fls.doubleclick.net/activityi;dc_pre=CKK9y9Ha1foCFd1lFQgdIBYCQg;src=4461369;type=retarget;cat=https003;ord=7913036030717;gtm=2wga50;auiddc=152238561.1665406489;~oref=https%3A%2F%2Fwww.paysbig.com%2F
Request Chain 57
  • https://www.paysbig.com/download_file/9562/0 HTTP 307
  • https://www.paysbig.com/application/files/1915/6589/1201/back_bars-final.jpg
Request Chain 59
  • https://www.paysbig.com/download_file/10274/0 HTTP 307
  • https://www.paysbig.com/application/files/8215/9198/0478/potawatomi-what-to-expect_thumb.jpg
Request Chain 78
  • https://adservice.google.de/ddm/fls/i/dc_pre=CLzYwtHa1foCFZZjFQgdgCAKUA;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048.334;~oref=https://www.paysbig.com/ HTTP 302
  • https://4461369.fls.doubleclick.net/ddm/fls/r/dc_pre=CLzYwtHa1foCFZZjFQgdgCAKUA;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048.334;~oref=https://www.paysbig.com/
Request Chain 79
  • https://adservice.google.de/ddm/fls/i/dc_pre=CIfbwtHa1foCFdJkFQgdX4EC2g;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839.232;~oref=https://www.paysbig.com/ HTTP 302
  • https://4461369.fls.doubleclick.net/ddm/fls/r/dc_pre=CIfbwtHa1foCFdJkFQgdX4EC2g;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839.232;~oref=https://www.paysbig.com/
Request Chain 105
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-138&value= HTTP 303
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-138&value=&_bee_ppp=1
Request Chain 106
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-139&value= HTTP 303
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-139&value=&_bee_ppp=1
Request Chain 107
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-140&value= HTTP 303
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-140&value=&_bee_ppp=1
Request Chain 108
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-136&value= HTTP 303
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-136&value=&_bee_ppp=1
Request Chain 109
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-17614&value=1 HTTP 303
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-17614&value=1&_bee_ppp=1
Request Chain 110
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-17615&value= HTTP 303
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-17615&value=&_bee_ppp=1
Request Chain 115
  • https://match.prod.bidr.io/cookie-sync/triptease?buyer_user_id=01GF0ZCQ8FNEPT30R5VJHFC3X3|6f9bd4c16aef4149bbb066a879fd3b2b HTTP 303
  • https://match.prod.bidr.io/cookie-sync/triptease?buyer_user_id=01GF0ZCQ8FNEPT30R5VJHFC3X3%7C6f9bd4c16aef4149bbb066a879fd3b2b&_bee_ppp=1 HTTP 303
  • https://b.triptease.io/cookie-sync?partner=beeswax&beeswax_id=AAButk7GiCwAADAybzL4fQ&buyer_user_id=01GF0ZCQ8FNEPT30R5VJHFC3X3%7C6f9bd4c16aef4149bbb066a879fd3b2b
Request Chain 116
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-1&value=0.5&forward_to_cookie_sync=1 HTTP 303
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-1&value=0.5&forward_to_cookie_sync=1&_bee_ppp=1 HTTP 303
  • https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
Request Chain 120
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFRVDZVN0dpQ3dBQUNCOTBxcG45dw&bee_sync_partners=&bee_sync_current_partner=adx&bee_sync_hop_count=1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=&bee_sync_current_partner=adx&bee_sync_hop_count=1
Request Chain 122
  • https://dpm.demdex.net/ibs:dpid=275754&dpuuid=AAQT6U7GiCwAACB90qpn9w HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=275754&dpuuid=AAQT6U7GiCwAACB90qpn9w
Request Chain 126
  • https://segments.company-target.com/log?vendor=choca&user_id=AAQT6U7GiCwAACB90qpn9w HTTP 303
  • https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAQT6U7GiCwAACB90qpn9w&verifyHash=d56365144ed508fa5b5e96d8a44f9eec1f456aa1
Request Chain 127
  • https://loadus.exelator.com/load/?BUID=AAQT6U7GiCwAACB90qpn9w&p=204&g=117&j=0 HTTP 302
  • https://loadus.exelator.com/load/?BUID=AAQT6U7GiCwAACB90qpn9w&p=204&g=117&j=0&xl8blockcheck=1
Request Chain 128
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=130&external_user_id=AAQT6U7GiCwAACB90qpn9w&expiration=1666616092 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=130&external_user_id=AAQT6U7GiCwAACB90qpn9w&expiration=1666616092&C=1

132 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.paysbig.com/
Redirect Chain
  • http://paysbig.com/
  • https://www.paysbig.com/
75 KB
17 KB
Document
General
Full URL
https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache / PHP/7.4.32
Resource Hash
5f36ed1ea2ebcabddf9f4480903f9ebc23b9c87c2e218c198c6bd1bb9186fe0c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, private max-age=600
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
16777
Content-Type
text/html; charset=UTF-8
Date
Mon, 10 Oct 2022 12:54:47 GMT
Expires
Mon, 10 Oct 2022 13:04:47 GMT
Keep-Alive
timeout=2, max=500
Server
Apache
Vary
Accept-Encoding,User-Agent
X-Frame-Options
SAMEORIGIN
X-Powered-By
PHP/7.4.32

Redirect headers

Cache-Control
max-age=600
Connection
Keep-Alive
Content-Length
232
Content-Type
text/html; charset=iso-8859-1
Date
Mon, 10 Oct 2022 12:54:47 GMT
Expires
Mon, 10 Oct 2022 13:04:47 GMT
Keep-Alive
timeout=2, max=500
Location
https://www.paysbig.com/
Server
Apache
css
fonts.googleapis.com/
20 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,400,400i,600,700,800|Oswald:300,400,700
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
626ef51b503a5ce69ae57c60c81c4f3edea5b2307f7be1d4e3c7bb52e8312a44
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 10 Oct 2022 12:54:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 10 Oct 2022 12:54:48 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 10 Oct 2022 12:54:48 GMT
all.css
www.paysbig.com/concrete/css/fontawesome/
72 KB
13 KB
Stylesheet
General
Full URL
https://www.paysbig.com/concrete/css/fontawesome/all.css?ccm_nocache=fff1cebde4dd336ea1e472ec5c4b43efdc6a83e6
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
0cb8cc3fee4275e182236ab19c3aae55274f43aa0ffde9c0510d8d59fcf8e5dc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:48 GMT
Content-Encoding
gzip
Last-Modified
Thu, 15 Sep 2022 17:02:02 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=0, no-cache, no-store, must-revalidate
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=499
Content-Length
13366
Expires
Wed, 09 Nov 2022 12:54:48 GMT
jquery.js
www.paysbig.com/concrete/js/
87 KB
31 KB
Script
General
Full URL
https://www.paysbig.com/concrete/js/jquery.js?ccm_nocache=fff1cebde4dd336ea1e472ec5c4b43efdc6a83e6
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:48 GMT
Content-Encoding
gzip
Last-Modified
Thu, 15 Sep 2022 17:02:02 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=0, no-cache, no-store, must-revalidate
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=500
Content-Length
30902
Expires
Wed, 09 Nov 2022 12:54:48 GMT
cookies-disclaimer.css
www.paysbig.com/packages/active_cookie_consent/css/
4 KB
1 KB
Stylesheet
General
Full URL
https://www.paysbig.com/packages/active_cookie_consent/css/cookies-disclaimer.css?ccm_nocache=65d6156f676f75fed91da75e6f4c8702a266019a
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
4be9561447de037e9a50a285556b135754c1cfaf945316341093ca6521140c8b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:48 GMT
Content-Encoding
gzip
Last-Modified
Mon, 22 Nov 2021 19:27:02 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=0, no-cache, no-store, must-revalidate
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=500
Content-Length
1068
Expires
Wed, 09 Nov 2022 12:54:48 GMT
styles
www.paysbig.com/xw/acc/css/cookies-disclaimer/
713 B
714 B
Stylesheet
General
Full URL
https://www.paysbig.com/xw/acc/css/cookies-disclaimer/styles
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache / PHP/7.4.32
Resource Hash
ce897b4b497642b1103c8974fadf8ae18e200a45b2c6d6d8cf61ca1e60b8569e
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:48 GMT
Content-Encoding
gzip
Last-Modified
Thu, 06 Oct 2022 19:16:24 GMT
Server
Apache
X-Powered-By
PHP/7.4.32
ETag
"zol7S0l2QrEQPIl0+t+K4Y4gCkWyxtbYz2HKHmC4Vp4=-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding,User-Agent
Content-Type
text/css; charset=UTF-8
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=500
Content-Length
214
Expires
Wed, 09 Nov 2022 12:54:48 GMT
39590acf2fb6ed55d3a697116062388bbd7e49d5.css
www.paysbig.com/application/files/cache/css/
36 KB
7 KB
Stylesheet
General
Full URL
https://www.paysbig.com/application/files/cache/css/39590acf2fb6ed55d3a697116062388bbd7e49d5.css?ccm_nocache=fff1cebde4dd336ea1e472ec5c4b43efdc6a83e6
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
31b550a1051ada5396ae67dfe07a0f41d2ea549fc372bce9a2d1a355e195e5cb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:48 GMT
Content-Encoding
gzip
Last-Modified
Thu, 06 Oct 2022 19:16:23 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=0, no-cache, no-store, must-revalidate
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=500
Content-Length
7010
Expires
Wed, 09 Nov 2022 12:54:48 GMT
bootstrap.js
onboard.triptease.io/bootstrap/v5794.62701/
Redirect Chain
  • https://onboard.triptease.io/bootstrap.js?integrationId=01FN3YK2FH59N4QMH1X95R3WNK
  • https://onboard.triptease.io/bootstrap/v5794.62701/bootstrap.js
99 KB
31 KB
Script
General
Full URL
https://onboard.triptease.io/bootstrap/v5794.62701/bootstrap.js
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
H2
Server
2606:4700:3036::6815:28e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68ae4e9ce079719974c10718e80eacd6f8bcfec22118787db0624ac114fda8d9
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:49 GMT
strict-transport-security
max-age=15552000
content-encoding
br
cf-cache-status
MISS
x-goog-meta-git-hash
fca7b2f7a0a0805ffb29166ff57d9abae69cadcd
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid
ADPycdtLnsmCuDVm5zLkoBW3xF9tlszqiqnFK_-l5lCkjHl5bAy95k8V9afIYTCD9Ym0ovy6EIuCTXltn6jB1P2JzDXbvgENeQ7N
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
x-goog-meta-build-version
5794.62701
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 10 Oct 2022 09:45:50 GMT
server
cloudflare
etag
W/"b6b49de9c34d2d77766fe3f91b31485b"
vary
Accept-Encoding
x-goog-generation
1665395150637780
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-goog-hash
crc32c=lCIc2w==, md5=trSd6cNNLXd2b+P5GzFIWw==
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DCuUsGBCvuHT1MSo%2BOLI7QL48kfz7ArEOPPDvPkUxkLvKduX3B15yDwwunNUVqju%2FKQYLFCuXvnzJt1n6VK0qVuo%2FFAPtWQq%2BAyoGZI%2FJG3E%2FK%2B8D%2FyZge8sY3WS%2B%2BLPrB0fHIdg6L9d5NelFrW0BSF2xA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
101559
cf-ray
757f81bc7bd05c6e-FRA
expires
Tue, 10 Oct 2023 11:56:37 GMT

Redirect headers

date
Mon, 10 Oct 2022 12:54:49 GMT
strict-transport-security
max-age=15552000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z4eQrRHxIhwNeoDE9sHqL9eyadxaD2ycG61ucQfdvar6F%2Fg0QhHf%2BAQZqn6%2B4M8NIggHmZLNriWM5tR4YwBZ8OOyzrchLMtQwNAyivvMJy2Mfix0r%2Fs2vceYz%2BA1WLO4UJbGIU9yzzLDbzhxnmLckQRxXA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain;charset=UTF-8
location
https://onboard.triptease.io/bootstrap/v5794.62701/bootstrap.js
access-control-allow-origin
*
cache-control
public, max-age=600
cf-ray
757f81bbfb0a5c6e-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
63
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
3539.js
script.crazyegg.com/pages/scripts/0045/
6 KB
2 KB
Script
General
Full URL
https://script.crazyegg.com/pages/scripts/0045/3539.js
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a07e17a4bfe2a7704e4c4a0c0e5b6afd7e156388e5149d5172d0d69121d2af2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:49 GMT
content-encoding
gzip
cf-cache-status
EXPIRED
last-modified
Mon, 10 Oct 2022 12:54:49 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/javascript
ce-version
11.4.21
access-control-allow-origin
*
access-control-expose-headers
CE-Version
cache-control
public, max-age=300, s-maxage=1209600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
757f81bbeb0c925b-FRA
content-length
2043
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=14720448&t=1
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D14720448%26t%3D1
0
1020 B
Script
General
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D14720448%26t%3D1
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Server
185.89.210.153 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 10 Oct 2022 12:54:48 GMT
AN-X-Request-Uuid
bf6604fb-9ad7-446d-b2d6-668f921695f1
Server
nginx/1.21.3
Content-Type
application/javascript; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
185.213.155.176; 185.213.155.176; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 10 Oct 2022 12:54:48 GMT
AN-X-Request-Uuid
ea273f68-a5ae-4600-8353-443e7b887421
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D14720448%26t%3D1
Connection
keep-alive
X-Proxy-Origin
185.213.155.176; 185.213.155.176; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
jquery-ui.css
www.paysbig.com/application/themes/potawatomi/css/
35 KB
9 KB
Stylesheet
General
Full URL
https://www.paysbig.com/application/themes/potawatomi/css/jquery-ui.css
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
c8c2157918c9fed0bb9dcc56c96b52dc7af70b05ca0228e467eaf91777751ad7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:48 GMT
Content-Encoding
gzip
Last-Modified
Fri, 15 Jul 2022 13:27:00 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=498
Content-Length
8406
Expires
Wed, 09 Nov 2022 12:54:48 GMT
ifi1ijl.css
use.typekit.net/
9 KB
1 KB
Stylesheet
General
Full URL
https://use.typekit.net/ifi1ijl.css
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
e5ab28f12c7e11f82b5dcf438f60307ab1c3183964d922f5aeee5604b85e0e35
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Mon, 10 Oct 2022 12:54:48 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
1065
potawatomi-logo.svg
www.paysbig.com/application/themes/potawatomi/images/
11 KB
4 KB
Image
General
Full URL
https://www.paysbig.com/application/themes/potawatomi/images/potawatomi-logo.svg
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
7673e67cda72eee06ea2741963e48df31cf1a483eec3e9cc4e1bc099f04797d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Content-Encoding
gzip
Last-Modified
Mon, 04 Jun 2018 16:06:10 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
image/svg+xml
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=496
Content-Length
3410
Expires
Tue, 10 Oct 2023 12:54:49 GMT
btn_search_rd.png
www.paysbig.com/application/themes/potawatomi/images/
2 KB
2 KB
Image
General
Full URL
https://www.paysbig.com/application/themes/potawatomi/images/btn_search_rd.png
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
49c39fdb4fcd15215cb8f3dfee05e3238189874b7f3da69b8b67acf3973967ba

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Last-Modified
Wed, 14 Mar 2018 08:19:54 GMT
Server
Apache
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=496
Content-Length
1581
Expires
Wed, 09 Nov 2022 12:54:49 GMT
5x-points_slide.jpg
www.paysbig.com/application/files/6016/6318/4175/
390 KB
390 KB
Image
General
Full URL
https://www.paysbig.com/application/files/6016/6318/4175/5x-points_slide.jpg
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
887b67c5dad95a30b154a0472592801b614339be075d9a3112cd16d9764cfc58

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Last-Modified
Wed, 14 Sep 2022 19:36:15 GMT
Server
Apache
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=496
Content-Length
398903
Expires
Wed, 09 Nov 2022 12:54:49 GMT
give-or-take_slider.jpg
www.paysbig.com/application/files/1916/6419/4314/
51 KB
51 KB
Image
General
Full URL
https://www.paysbig.com/application/files/1916/6419/4314/give-or-take_slider.jpg
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
7035685b0486c01ca199604482d11da098e777030e5af6550b0a86a3ca8e70fa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Last-Modified
Mon, 26 Sep 2022 12:11:54 GMT
Server
Apache
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=498
Content-Length
52368
Expires
Wed, 09 Nov 2022 12:54:49 GMT
octoberfest_slider.jpg
www.paysbig.com/application/files/2816/6419/4792/
105 KB
106 KB
Image
General
Full URL
https://www.paysbig.com/application/files/2816/6419/4792/octoberfest_slider.jpg
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
e20ea22f0413d8aede5f0c60ce973cc3462b8ca98a7c0f522b8545e3a709f2ef

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Last-Modified
Mon, 26 Sep 2022 12:19:52 GMT
Server
Apache
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=495
Content-Length
107736
Expires
Wed, 09 Nov 2022 12:54:49 GMT
Friday-Frenzy_slider.jpg
www.paysbig.com/application/files/7716/6463/5671/
69 KB
69 KB
Image
General
Full URL
https://www.paysbig.com/application/files/7716/6463/5671/Friday-Frenzy_slider.jpg
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
32552ef3ff296e85c35d8bdd0815fa783394719b9972a7a09b6fd88db062f9d5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Last-Modified
Sat, 01 Oct 2022 14:47:51 GMT
Server
Apache
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=497
Content-Length
70675
Expires
Wed, 09 Nov 2022 12:54:49 GMT
/
insight.adsrvr.org/track/conv/
70 B
261 B
Image
General
Full URL
https://insight.adsrvr.org/track/conv/?adv=xnv423e&ct=0:qfkcb6a&fmt=3
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Mon, 10 Oct 2022 12:54:48 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
bootstrap.js
www.paysbig.com/concrete/js/
76 KB
23 KB
Script
General
Full URL
https://www.paysbig.com/concrete/js/bootstrap.js?ccm_nocache=7c5ad1cbfe533dffb68c33ee7aae428e27c3ef40
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:48 GMT
Content-Encoding
gzip
Last-Modified
Thu, 15 Sep 2022 17:02:02 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=0, no-cache, no-store, must-revalidate
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=499
Content-Length
23053
Expires
Wed, 09 Nov 2022 12:54:48 GMT
config
www.paysbig.com/xw/acc/en-us/js/
315 B
721 B
Script
General
Full URL
https://www.paysbig.com/xw/acc/en-us/js/config
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache / PHP/7.4.32
Resource Hash
7c37878a1c18e77764292e009ae4d793a5aa998127c89287efbd3ef2c0d3f819
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:48 GMT
Content-Encoding
gzip
Last-Modified
Thu, 06 Oct 2022 19:16:25 GMT
Server
Apache
X-Powered-By
PHP/7.4.32
ETag
"fDeHihwY53dkKS4AmuTXk6WqmYEnyJKH770+8sDT+Bk=-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=499
Content-Length
222
Expires
Wed, 09 Nov 2022 12:54:48 GMT
b86971b8b835ad8b1f27dc7efb26042680917559.js
www.paysbig.com/application/files/cache/js/
22 KB
5 KB
Script
General
Full URL
https://www.paysbig.com/application/files/cache/js/b86971b8b835ad8b1f27dc7efb26042680917559.js?ccm_nocache=fff1cebde4dd336ea1e472ec5c4b43efdc6a83e6
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
655e0486e28c9fcd9624b953d835b2e256ed19247df4cfb4d60376541a5231ea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:48 GMT
Content-Encoding
gzip
Last-Modified
Thu, 06 Oct 2022 19:16:23 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=0, no-cache, no-store, must-revalidate
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=499
Content-Length
5002
Expires
Wed, 09 Nov 2022 12:54:48 GMT
trackers-manager
www.paysbig.com/xw/acc/en-us/js/
1 KB
1 KB
Script
General
Full URL
https://www.paysbig.com/xw/acc/en-us/js/trackers-manager
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache / PHP/7.4.32
Resource Hash
d33f41904f603d278b415e66a7475249593e5a37ffdb12733083ffcf184d7c06
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:48 GMT
Content-Encoding
gzip
Last-Modified
Thu, 06 Oct 2022 19:16:25 GMT
Server
Apache
X-Powered-By
PHP/7.4.32
ETag
"0z9BkE9gPSeLQV5mp0dSSVk+Wjf/2xJzMIP/zxhNfAY=-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=497
Content-Length
560
Expires
Wed, 09 Nov 2022 12:54:48 GMT
a8bcafec3c35231e947659e3a8db541e6ee0adc3.js
www.paysbig.com/application/files/cache/js/
33 KB
12 KB
Script
General
Full URL
https://www.paysbig.com/application/files/cache/js/a8bcafec3c35231e947659e3a8db541e6ee0adc3.js?ccm_nocache=fff1cebde4dd336ea1e472ec5c4b43efdc6a83e6
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
2c13fcf8fc9a69c95c7d6d1452f006d58f427fb20e07cddacf00127c78f8c5ed

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:48 GMT
Content-Encoding
gzip
Last-Modified
Thu, 06 Oct 2022 19:16:23 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=0, no-cache, no-store, must-revalidate
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=499
Content-Length
11371
Expires
Wed, 09 Nov 2022 12:54:48 GMT
bootstrap.min.js
www.paysbig.com/application/themes/potawatomi/js/
36 KB
10 KB
Script
General
Full URL
https://www.paysbig.com/application/themes/potawatomi/js/bootstrap.min.js
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
10541edb824fa8844e5e55b6ebcf6cc62a370dcbd8add4cd66d76bbbc77bdecf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:48 GMT
Content-Encoding
gzip
Last-Modified
Wed, 14 Mar 2018 08:19:54 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=500
Content-Length
9924
Expires
Wed, 09 Nov 2022 12:54:48 GMT
jquery.matchHeight-min.js
www.paysbig.com/application/themes/potawatomi/js/
3 KB
2 KB
Script
General
Full URL
https://www.paysbig.com/application/themes/potawatomi/js/jquery.matchHeight-min.js
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
5e18b84ffe29fc9ee67de5f1eb5e8fa026ea25b4924749556347cc5c6bbc8c86

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Content-Encoding
gzip
Last-Modified
Wed, 14 Mar 2018 08:19:54 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=498
Content-Length
1377
Expires
Wed, 09 Nov 2022 12:54:49 GMT
stuck.js
www.paysbig.com/application/themes/potawatomi/js/
8 KB
2 KB
Script
General
Full URL
https://www.paysbig.com/application/themes/potawatomi/js/stuck.js
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
dcf277f678fa4d632accfb1a31b46848144b490f03c895969c207aafc32311e7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Content-Encoding
gzip
Last-Modified
Wed, 14 Mar 2018 08:19:54 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=498
Content-Length
1739
Expires
Wed, 09 Nov 2022 12:54:49 GMT
flaunt.js
www.paysbig.com/application/themes/potawatomi/js/
7 KB
2 KB
Script
General
Full URL
https://www.paysbig.com/application/themes/potawatomi/js/flaunt.js
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
09ec90d188426189f57d4461a091d03773f7bcabd4b1d78216b05028ef0fc356

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Content-Encoding
gzip
Last-Modified
Wed, 19 Jun 2019 20:29:45 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=498
Content-Length
1968
Expires
Wed, 09 Nov 2022 12:54:49 GMT
bootstrap.css
www.paysbig.com/application/themes/potawatomi/css/
143 KB
21 KB
Stylesheet
General
Full URL
https://www.paysbig.com/application/themes/potawatomi/css/bootstrap.css
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
64efed52c098bb0c627e30bfaf6122c77ef28f7ea783a373a88f50be034bc46b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Content-Encoding
gzip
Last-Modified
Sat, 04 Jun 2022 15:22:17 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=499
Content-Length
21448
Expires
Wed, 09 Nov 2022 12:54:49 GMT
bootstrap-theme.css
www.paysbig.com/application/themes/potawatomi/css/
25 KB
3 KB
Stylesheet
General
Full URL
https://www.paysbig.com/application/themes/potawatomi/css/bootstrap-theme.css
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
41c2c9052a1c2a2a2f71d3c5d3cef88fc067208a225951721327a0e9233ffcb6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Content-Encoding
gzip
Last-Modified
Wed, 14 Mar 2018 08:19:54 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=497
Content-Length
2922
Expires
Wed, 09 Nov 2022 12:54:49 GMT
flaunt.css
www.paysbig.com/application/themes/potawatomi/css/
8 KB
2 KB
Stylesheet
General
Full URL
https://www.paysbig.com/application/themes/potawatomi/css/flaunt.css
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
936c192239e817fcbe5df42f80e69fb57b0b054e4f073b1ff01401b9017a9b0d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Content-Encoding
gzip
Last-Modified
Tue, 07 May 2019 20:47:57 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=497
Content-Length
1960
Expires
Wed, 09 Nov 2022 12:54:49 GMT
potawatomi.css
www.paysbig.com/application/themes/potawatomi/css/
68 KB
13 KB
Stylesheet
General
Full URL
https://www.paysbig.com/application/themes/potawatomi/css/potawatomi.css
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
cc5f99d27f0bb26d1cb1acc915bfb116f83f84d591d1140ac1504e972881b45b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Content-Encoding
gzip
Last-Modified
Tue, 20 Sep 2022 18:40:15 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=497
Content-Length
13016
Expires
Wed, 09 Nov 2022 12:54:49 GMT
potawatomi_overrides.css
www.paysbig.com/application/themes/potawatomi/css/
7 KB
2 KB
Stylesheet
General
Full URL
https://www.paysbig.com/application/themes/potawatomi/css/potawatomi_overrides.css
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
cbb257fe6ea6517a44b7277772137be59dde49a0acb76b40fce67d8d786536a0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Content-Encoding
gzip
Last-Modified
Mon, 03 Oct 2022 17:51:47 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=496
Content-Length
2129
Expires
Wed, 09 Nov 2022 12:54:49 GMT
social.css
www.paysbig.com/application/themes/potawatomi/css/
7 KB
2 KB
Stylesheet
General
Full URL
https://www.paysbig.com/application/themes/potawatomi/css/social.css
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
05e9f561fd0808b5fb5669f5cc1b598727e86d26feb1692f491aeed12a209025

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Content-Encoding
gzip
Last-Modified
Wed, 14 Mar 2018 08:19:54 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=498
Content-Length
1548
Expires
Wed, 09 Nov 2022 12:54:49 GMT
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/
26 KB
6 KB
Stylesheet
General
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:48 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
617, 617
age
22309184
cdn-cachedat
2021-04-13 02:48:33
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:54 GMT
server
cloudflare
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
3e4766ad0ddfa4bdecb1b0dc22b73ef7
timing-allow-origin
*
cdn-requestcountrycode
US
cf-ray
757f81bbe9959bce-FRA
cdn-requestpullsuccess
True
fbevents.js
connect.facebook.net/en_US/
101 KB
27 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
00a92494627ed8f758972b7dc47b3af186497c0637ea867a33fdb604c1548674
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 10 Oct 2022 12:54:49 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26840
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
3ruolC4RvmxUz4aESeIQHgOYwy02Vb5pSNGF8LcnTq43asx3+KkOuwWq6qyNqeSRjTjyR2XORA9KkqLMKoe3Eg==
x-fb-trip-id
917726464
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
gtm.js
www.googletagmanager.com/
93 KB
37 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5TKMJMN
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e6fb7ab72a4ca61464eaa25f2afc5cbd2086009b85ba14172b3d3a2121f5f7de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:49 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37292
x-xss-protection
0
last-modified
Mon, 10 Oct 2022 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 10 Oct 2022 12:54:49 GMT
quant.js
secure.quantserve.com/
26 KB
10 KB
Script
General
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
b719a446401c59e2784e7979101371a8a12f04139b37c8632682ea60a5720b21

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:49 GMT
content-encoding
gzip
etag
"+b0B6ncQDCugPb96DWf2QA=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Mon, 17 Oct 2022 12:54:49 GMT
gtm.js
www.googletagmanager.com/
158 KB
56 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-4DJ9
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5c3999e115ca8e3150d44cf5325ad05b1ddcdb2cdcf6e08d40691376346bd735
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:49 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
57493
x-xss-protection
0
last-modified
Mon, 10 Oct 2022 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 10 Oct 2022 12:54:49 GMT
p.css
p.typekit.net/
5 B
195 B
Stylesheet
General
Full URL
https://p.typekit.net/p.css?s=1&k=ifi1ijl&ht=tk&f=139.140.175.176.143.144.147.148.156.157.161.162&a=18758374&app=typekit&e=css
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/ifi1ijl.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://use.typekit.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

unused62
8096267
date
Mon, 10 Oct 2022 12:54:48 GMT
last-modified
Sat, 16 Oct 2021 08:18:43 GMT
server
nginx
etag
"616a8ae3-5"
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
5
activityi;dc_pre=CLzYwtHa1foCFZZjFQgdgCAKUA;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048.334
4461369.fls.doubleclick.net/ Frame D6BD
Redirect Chain
  • https://4461369.fls.doubleclick.net/activityi;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048.334?
  • https://4461369.fls.doubleclick.net/activityi;dc_pre=CLzYwtHa1foCFZZjFQgdgCAKUA;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048....
500 B
412 B
Document
General
Full URL
https://4461369.fls.doubleclick.net/activityi;dc_pre=CLzYwtHa1foCFZZjFQgdgCAKUA;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048.334?
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.6 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s28-in-f6.1e100.net
Software
cafe /
Resource Hash
46d590028f5e0c5e2d719abd0b64e97f7adde30df478dfb9b7ba8ae920f2a6a9
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.paysbig.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
387
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 10 Oct 2022 12:54:49 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 10 Oct 2022 12:54:49 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://4461369.fls.doubleclick.net/activityi;dc_pre=CLzYwtHa1foCFZZjFQgdgCAKUA;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048.334?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
activityi;dc_pre=CIfbwtHa1foCFdJkFQgdX4EC2g;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839.232
4461369.fls.doubleclick.net/ Frame 1BCB
Redirect Chain
  • https://4461369.fls.doubleclick.net/activityi;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839.232?
  • https://4461369.fls.doubleclick.net/activityi;dc_pre=CIfbwtHa1foCFdJkFQgdX4EC2g;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839....
500 B
408 B
Document
General
Full URL
https://4461369.fls.doubleclick.net/activityi;dc_pre=CIfbwtHa1foCFdJkFQgdX4EC2g;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839.232?
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.6 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s28-in-f6.1e100.net
Software
cafe /
Resource Hash
6053a7c33e8bf1f6cd17d57b712f543a9c67dd98037487bdd9fdcb76b6d227fd
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.paysbig.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
383
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 10 Oct 2022 12:54:49 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 10 Oct 2022 12:54:49 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://4461369.fls.doubleclick.net/activityi;dc_pre=CIfbwtHa1foCFdJkFQgdX4EC2g;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839.232?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
380879936097761
connect.facebook.net/signals/config/
293 KB
84 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/380879936097761?v=2.9.84&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
fcc19e29fe1ac591dc6996409acca8af75fd84280f129d716771ce5882f05482
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 10 Oct 2022 12:54:49 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
iO1tgW0XwZ+DY8Nl8FRd9lpWxUYu/xoJF5B7NrDiQ0E1Tz8RRVpCBw/TzgBxhVHIJzP0CF32VpxXhdysPKNOnQ==
x-fb-trip-id
917726464
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
rules-p-A-yad6s8faB6N.js
rules.quantcount.com/
2 KB
1 KB
Script
General
Full URL
https://rules.quantcount.com/rules-p-A-yad6s8faB6N.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:9600:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
eba495a61e47519865d84c06e1adba5e856108454efd74bf342303cc6b0b508c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:49 GMT
content-encoding
gzip
via
1.1 c05282a87474a55ae2a8dd2aa77d1232.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
391
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Sat, 20 Aug 2022 10:04:17 GMT
server
AmazonS3
etag
W/"c675c466ba23c7f98ebd5cccb2c61c37"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
x-amz-cf-id
Zg5DrzCEuAJbC6tq55Q0q74ApI7CTZqzTOQyWd6uHAu1smRnrR0ZWQ==
kernel-host.html
onboard.triptease.io/kernel/v5794.62701/ Frame C28A
56 KB
19 KB
Document
General
Full URL
https://onboard.triptease.io/kernel/v5794.62701/kernel-host.html?originHost=www.paysbig.com
Requested by
Host: onboard.triptease.io
URL: https://onboard.triptease.io/bootstrap.js?integrationId=01FN3YK2FH59N4QMH1X95R3WNK
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:28e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c376aad686d4901e7d152495b7a1dc91f3f558e2bc028c1f1224edec99c6edc
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://www.paysbig.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
access-control-expose-headers
Content-Type
age
5684
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
public, max-age=31536000
cf-cache-status
HIT
cf-ray
757f81bd3a0e90ef-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Mon, 10 Oct 2022 12:54:49 GMT
expires
Tue, 10 Oct 2023 11:20:05 GMT
last-modified
Mon, 10 Oct 2022 09:45:55 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XQWHf8R%2BCBhiS3YTQLnCXJuUVzjTJknQXx7uzD9eAZqO%2FQ2r1ZKULohLfY99ZqOc5i9BOFfLI83OwMLwiGjWF8IxrAcXlMvzOrNyVYP8zc8DE0TYd88wT5bjGehiTWND7LZj3dAyOUPTOxq5fIZJjseWdA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=15552000
vary
Accept-Encoding
x-goog-generation
1665395155535783
x-goog-hash
crc32c=MxwP4w== md5=7TOFLfvaYsevoGpBhWjsbg==
x-goog-meta-build-version
5794.62701
x-goog-meta-git-hash
fca7b2f7a0a0805ffb29166ff57d9abae69cadcd
x-goog-metageneration
2
x-goog-storage-class
MULTI_REGIONAL
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
57568
x-guploader-uploadid
ADPycds4bhUmf6yj_s5wK1ETY2SjGxOSgYs8oc7xXPIu68cnuF_vgVXfX5S0Bs-d76lnKqxN3dNA_2Ub_z8F65TrHTsF6xnvx3mu
pixel
pxl.qccerttest.com/
35 B
549 B
Image
General
Full URL
https://pxl.qccerttest.com/pixel?r=1220739672;fpan=1;fpa=P0-224953680-1665406489136;pbc=;ns=0;ce=1;qjs=1;qv=39016d63-20220929161725;ref=;cm=;gdpr=0;d=paysbig.com;dst=0;et=1665406489136;tzo=0;url=https%3A%2F%2Fwww.paysbig.com%2F;ogl=title.Home%2Ctype.website%2Curl.https%3A%2F%2Fwww%252Epaysbig%252Ecom%2F%2Cimage.https%3A%2F%2Fwww%252Epaysbig%252Ecom%2Fapplication%2Ffiles%2F2915%2F6804%2F5898%2Fpotawatomi-exteriot-nig%2Cdescription.If%20you%20are%20looking%20for%20casinos%20in%20Wisconsin%252C%20Potawatomi%20Hotel%20and%20Casino%20is%20what
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ce00:11:615:7240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 02:01:57 GMT
via
1.1 25ffb5a941b5a46b102cd385a9cdbb50.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
FRA53-C1
age
39173
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
35
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 04 Aug 2022 16:01:04 GMT
server
AmazonS3
etag
"55d25e9dc950d5db4d53a3b195c046c6"
vary
Accept-Encoding, Origin
x-frame-options
SAMEORIGIN
content-type
image/gif
accept-ranges
bytes
x-amz-cf-id
0871_L60NaiQ-KobLsp5EIMjOJ0XD9AuKPHkzinkC-fHWRroDIapag==
pixel;r=1590250550;event=refresh;labels=_fp.event.Homepage%2C_fp.event.Homepage;rf=0;a=p-A-yad6s8faB6N;url=https%3A%2F%2Fwww.paysbig.com%2F;uht=2;fpan=0;fpa=P0-224953680-1665406489136;pbc=;ns=0;ce=...
pixel.quantserve.com/
35 B
371 B
Image
General
Full URL
https://pixel.quantserve.com/pixel;r=1590250550;event=refresh;labels=_fp.event.Homepage%2C_fp.event.Homepage;rf=0;a=p-A-yad6s8faB6N;url=https%3A%2F%2Fwww.paysbig.com%2F;uht=2;fpan=0;fpa=P0-224953680-1665406489136;pbc=;ns=0;ce=1;qjs=1;qv=39016d63-20220929161725;cm=;gdpr=0;ref=;d=paysbig.com;dst=0;et=1665406489139;tzo=0;ogl=title.Home%2Ctype.website%2Curl.https%3A%2F%2Fwww%252Epaysbig%252Ecom%2F%2Cimage.https%3A%2F%2Fwww%252Epaysbig%252Ecom%2Fapplication%2Ffiles%2F2915%2F6804%2F5898%2Fpotawatomi-exteriot-nig%2Cdescription.If%20you%20are%20looking%20for%20casinos%20in%20Wisconsin%252C%20Potawatomi%20Hotel%20and%20Casino%20is%20what;ses=87bef7dc-2760-410b-ab03-3d38fe3a431d
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 10 Oct 2022 12:54:49 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type
image/gif
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
js
www.googletagmanager.com/gtag/
218 KB
76 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-HDFF75V5ZF&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5TKMJMN
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e1ed1aae8153c453793b11eedd5456cde6f15b5391bf45c024e8c1abf29001ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:49 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
77319
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Mon, 10 Oct 2022 12:54:49 GMT
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-4DJ9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 10 Oct 2022 11:01:59 GMT
last-modified
Tue, 27 Sep 2022 22:01:05 GMT
server
Golfe2
age
6770
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20039
expires
Mon, 10 Oct 2022 13:01:59 GMT
activityi;dc_pre=CKK9y9Ha1foCFd1lFQgdIBYCQg;src=4461369;type=retarget;cat=https003;ord=7913036030717;gtm=2wga50;auiddc=152238561.1665406489;~oref=https%3A%2F%2Fwww.paysbig.com%2F
4461369.fls.doubleclick.net/ Frame DEBA
Redirect Chain
  • https://4461369.fls.doubleclick.net/activityi;src=4461369;type=retarget;cat=https003;ord=7913036030717;gtm=2wga50;auiddc=152238561.1665406489;~oref=https%3A%2F%2Fwww.paysbig.com%2F?
  • https://4461369.fls.doubleclick.net/activityi;dc_pre=CKK9y9Ha1foCFd1lFQgdIBYCQg;src=4461369;type=retarget;cat=https003;ord=7913036030717;gtm=2wga50;auiddc=152238561.1665406489;~oref=https%3A%2F%2Fw...
487 B
406 B
Document
General
Full URL
https://4461369.fls.doubleclick.net/activityi;dc_pre=CKK9y9Ha1foCFd1lFQgdIBYCQg;src=4461369;type=retarget;cat=https003;ord=7913036030717;gtm=2wga50;auiddc=152238561.1665406489;~oref=https%3A%2F%2Fwww.paysbig.com%2F?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-4DJ9
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.6 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s28-in-f6.1e100.net
Software
cafe /
Resource Hash
c1b1e4e026be16d23a5a472bb3331e9d14ea3b62828a2e57fc2414fc0371dfa7
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.paysbig.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=0
content-encoding
gzip
content-length
381
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 10 Oct 2022 12:54:49 GMT
expires
Mon, 10 Oct 2022 12:54:49 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 10 Oct 2022 12:54:49 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://4461369.fls.doubleclick.net/activityi;dc_pre=CKK9y9Ha1foCFd1lFQgdIBYCQg;src=4461369;type=retarget;cat=https003;ord=7913036030717;gtm=2wga50;auiddc=152238561.1665406489;~oref=https%3A%2F%2Fwww.paysbig.com%2F?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
www.facebook.com/tr/
0
204 B
Image
General
Full URL
https://www.facebook.com/tr/?id=380879936097761&ev=PageView&dl=https%3A%2F%2Fwww.paysbig.com%2F&rl=&if=false&ts=1665406489251&sw=1600&sh=1200&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1665406489250.204230066&it=1665406489033&coo=false&rqm=GET
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 10 Oct 2022 12:54:49 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
115909.ct.js
intljs.rmtag.com/
32 KB
11 KB
Script
General
Full URL
https://intljs.rmtag.com/115909.ct.js
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.147.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
248.147.102.34.bc.googleusercontent.com
Software
/
Resource Hash
d3808b548444fb0deda5a1f0acc5c45f7acc4a243bf01a1d9e3822c9f06a642e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:49 GMT
content-encoding
gzip
via
1.1 google
last-modified
Mon, 10 Oct 2022 12:54:49 GMT
x-cache
hit
x-samesite
secure
content-type
text/javascript
cache-control
max-age=86400
x-dyn
0
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
kernel.js
onboard.triptease.io/kernel/v5794.62701/ Frame C28A
62 KB
20 KB
Other
General
Full URL
https://onboard.triptease.io/kernel/v5794.62701/kernel.js?
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:28e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82bce146a942a5354e40a92a6166bcc18166e73262644f69488973028b4ecae1
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://onboard.triptease.io/kernel/v5794.62701/kernel-host.html?originHost=www.paysbig.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:49 GMT
strict-transport-security
max-age=15552000
content-encoding
br
cf-cache-status
HIT
x-goog-meta-git-hash
fca7b2f7a0a0805ffb29166ff57d9abae69cadcd
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
10943
x-guploader-uploadid
ADPycdsCVN4p6T-t_eamB1AXGPDMK80GUQdaxTPPu_kONu8G8hdhLPwMSzVwQStX6KWO7EiZ4TsWn6DxL1fKHrG3GZdm7QHQoeU9
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
x-goog-meta-build-version
5794.62701
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 10 Oct 2022 09:45:55 GMT
server
cloudflare
etag
W/"5ff33fe42f778d6a501337f55c0d7d30"
vary
Accept-Encoding
x-goog-generation
1665395155546501
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-goog-hash
crc32c=nIt4nA==, md5=X/M/5C93jWpQEzf1XA19MA==
access-control-expose-headers
Content-Type
cache-control
public, max-age=31536000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FalHASHER4KWo7Zma5ti%2B6XkOhAaScNuGrSVJJfo%2FyMXX6w0af2htzahVRLs%2BXAXNJomQsf1vMKY8J7OT%2F8iL%2F7W4lFIC%2BbhCR0BrEDLWqoC%2FGnBiGVHpWKuGPhZzZpwT0On125jO6xgngiXd3sag5gRUA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
63311
cf-ray
757f81bdfbbd90ef-FRA
expires
Tue, 10 Oct 2023 09:52:26 GMT
/
adservice.google.com/ddm/fls/i/dc_pre=CLzYwtHa1foCFZZjFQgdgCAKUA;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048.334;~oref=https... Frame 7730
499 B
856 B
Document
General
Full URL
https://adservice.google.com/ddm/fls/i/dc_pre=CLzYwtHa1foCFZZjFQgdgCAKUA;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048.334;~oref=https://www.paysbig.com/
Requested by
Host: 4461369.fls.doubleclick.net
URL: https://4461369.fls.doubleclick.net/activityi;dc_pre=CLzYwtHa1foCFZZjFQgdgCAKUA;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048.334?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
97e7ac984c177c6fc3ccf29cdb8ade4b7f0e4734d60561692d81621097ce5e60
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4461369.fls.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
387
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 10 Oct 2022 12:54:49 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
adservice.google.com/ddm/fls/i/dc_pre=CIfbwtHa1foCFdJkFQgdX4EC2g;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839.232;~oref=https... Frame CB49
499 B
453 B
Document
General
Full URL
https://adservice.google.com/ddm/fls/i/dc_pre=CIfbwtHa1foCFdJkFQgdX4EC2g;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839.232;~oref=https://www.paysbig.com/
Requested by
Host: 4461369.fls.doubleclick.net
URL: https://4461369.fls.doubleclick.net/activityi;dc_pre=CIfbwtHa1foCFdJkFQgdX4EC2g;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839.232?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
71668ce7e8b1bcdabae73f18503e1d121f4cb2a1c07e2c65412901ce09725405
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4461369.fls.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
383
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 10 Oct 2022 12:54:49 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
www.paysbig.com.json
script.crazyegg.com/pages/data-scripts/0045/3539/site/
232 B
476 B
XHR
General
Full URL
https://script.crazyegg.com/pages/data-scripts/0045/3539/site/www.paysbig.com.json?t=1
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0045/3539.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6849e7325a0c1589c6d40bb50ea5060072df83ac306d43974b0060ef179b1d83

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:49 GMT
content-encoding
gzip
cf-cache-status
HIT
age
391
ce-version
11.4.21
content-length
207
last-modified
Mon, 10 Oct 2022 12:48:18 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
CE-Version
cache-control
public, max-age=300, s-maxage=1209600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
757f81be7de29bf2-FRA
collect
www.google-analytics.com/j/
2 B
22 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j98&a=312583675&t=pageview&_s=1&dl=https%3A%2F%2Fwww.paysbig.com%2F&ul=en-us&de=UTF-8&dt=Potawatomi%20Hotel%20and%20Casino%20in%20Milwaukee%20Wisconsin&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBACEABBAAAACAAI~&jid=852762409&gjid=1605464575&cid=1395130416.1665406489&tid=UA-11866965-1&_gid=1022162241.1665406489&_r=1&gtm=2wga504DJ9&z=2023889862
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paysbig.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 10 Oct 2022 12:54:49 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.paysbig.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
get_message
www.paysbig.com/index.php/xw/acc/en-us/
3 KB
1 KB
XHR
General
Full URL
https://www.paysbig.com/index.php/xw/acc/en-us/get_message
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/concrete/js/jquery.js?ccm_nocache=fff1cebde4dd336ea1e472ec5c4b43efdc6a83e6
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache / PHP/7.4.32
Resource Hash
31f52cd076147ff9fd29589d04692340ce79d4719af4d521826203aee9f0a7b3

Request headers

Accept
text/html, */*; q=0.01
Referer
https://www.paysbig.com/
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Content-Encoding
gzip
Server
Apache
X-Powered-By
PHP/7.4.32
Vary
Accept-Encoding,User-Agent
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=600
Connection
Keep-Alive
Keep-Alive
timeout=2, max=495
Content-Length
890
Expires
Mon, 10 Oct 2022 13:04:49 GMT
back_bars-final.jpg
www.paysbig.com/application/files/1915/6589/1201/
Redirect Chain
  • https://www.paysbig.com/download_file/9562/0
  • https://www.paysbig.com/application/files/1915/6589/1201/back_bars-final.jpg
737 B
1 KB
Image
General
Full URL
https://www.paysbig.com/application/files/1915/6589/1201/back_bars-final.jpg
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/application/themes/potawatomi/css/potawatomi.css
Protocol
HTTP/1.1
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
b9e50b6734bad93ecd00651261b13ab439b9541a01d4f754db7ea74157291a54

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/application/themes/potawatomi/css/potawatomi.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Last-Modified
Tue, 20 Sep 2022 18:31:30 GMT
Server
Apache
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=494
Content-Length
737
Expires
Wed, 09 Nov 2022 12:54:49 GMT

Redirect headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Content-Encoding
gzip
Server
Apache
X-Powered-By
PHP/7.4.32
Vary
Accept-Encoding,User-Agent
Content-Type
text/html; charset=UTF-8
Location
https://www.paysbig.com/application/files/1915/6589/1201/back_bars-final.jpg
Cache-Control
no-cache, private, max-age=600
Connection
Keep-Alive
Keep-Alive
timeout=2, max=495
Content-Length
256
Expires
Mon, 10 Oct 2022 13:04:49 GMT
player-account-login-potawatomi.jpg
www.paysbig.com/application/files/2815/9135/9533/
32 KB
32 KB
Image
General
Full URL
https://www.paysbig.com/application/files/2815/9135/9533/player-account-login-potawatomi.jpg
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
80aaf2734499cfabb37486111edc8e51c02f0db4411dd318fae437f360e78898

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Last-Modified
Fri, 05 Jun 2020 12:18:53 GMT
Server
Apache
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=497
Content-Length
32284
Expires
Wed, 09 Nov 2022 12:54:49 GMT
potawatomi-what-to-expect_thumb.jpg
www.paysbig.com/application/files/8215/9198/0478/
Redirect Chain
  • https://www.paysbig.com/download_file/10274/0
  • https://www.paysbig.com/application/files/8215/9198/0478/potawatomi-what-to-expect_thumb.jpg
20 KB
21 KB
Image
General
Full URL
https://www.paysbig.com/application/files/8215/9198/0478/potawatomi-what-to-expect_thumb.jpg
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
adc993b680b12ac61d27262e74d66f1419109fd47ba619f96b83375084a5628d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Last-Modified
Fri, 12 Jun 2020 16:47:58 GMT
Server
Apache
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=493
Content-Length
20734
Expires
Wed, 09 Nov 2022 12:54:49 GMT

Redirect headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Content-Encoding
gzip
Server
Apache
X-Powered-By
PHP/7.4.32
Vary
Accept-Encoding,User-Agent
Content-Type
text/html; charset=UTF-8
Location
https://www.paysbig.com/application/files/8215/9198/0478/potawatomi-what-to-expect_thumb.jpg
Cache-Control
no-cache, private, max-age=600
Connection
Keep-Alive
Keep-Alive
timeout=2, max=494
Content-Length
264
Expires
Mon, 10 Oct 2022 13:04:49 GMT
take-out-menu_thumb.jpg
www.paysbig.com/application/files/1015/9138/6428/
21 KB
21 KB
Image
General
Full URL
https://www.paysbig.com/application/files/1015/9138/6428/take-out-menu_thumb.jpg
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
297cf657772bd9e11c77551584e4419b97eac6c6a90485ac7cb8e541764b47d7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Last-Modified
Fri, 05 Jun 2020 19:47:08 GMT
Server
Apache
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=496
Content-Length
21513
Expires
Wed, 09 Nov 2022 12:54:49 GMT
fkc-appreciation-daylanding.jpg
www.paysbig.com/application/files/thumbnails/small/1316/4150/6878/
232 KB
232 KB
Image
General
Full URL
https://www.paysbig.com/application/files/thumbnails/small/1316/4150/6878/fkc-appreciation-daylanding.jpg
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
391580a7448dc6eb4fb5d9c8236af1feb0c61c9e2a437f8d7ac933dca6148fcf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Last-Modified
Thu, 06 Jan 2022 22:07:58 GMT
Server
Apache
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=496
Content-Length
237321
Expires
Wed, 09 Nov 2022 12:54:49 GMT
btn_topofpage_arrow.png
www.paysbig.com/application/themes/potawatomi/images/
2 KB
2 KB
Image
General
Full URL
https://www.paysbig.com/application/themes/potawatomi/images/btn_topofpage_arrow.png
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/application/themes/potawatomi/css/potawatomi.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
be44a4a77a3b8a9225ef7311944caae0c15db81130bd60603f8309324a050882

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/application/themes/potawatomi/css/potawatomi.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Last-Modified
Wed, 14 Mar 2018 08:19:54 GMT
Server
Apache
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=495
Content-Length
1839
Expires
Wed, 09 Nov 2022 12:54:49 GMT
l
use.typekit.net/af/949f99/00000000000000003b9b3068/27/
34 KB
34 KB
Font
General
Full URL
https://use.typekit.net/af/949f99/00000000000000003b9b3068/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/ifi1ijl.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
60fe579c50202903eec3a1898b8eafc6df528307b7e40052c0f800e718a7129f

Request headers

Referer
https://use.typekit.net/ifi1ijl.css
Origin
https://www.paysbig.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:49 GMT
server
nginx
etag
"b5fef031a96fc670f9c3b1b64dd52243a29d7531"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
34336
l
use.typekit.net/af/705e94/00000000000000003b9b3062/27/
33 KB
33 KB
Font
General
Full URL
https://use.typekit.net/af/705e94/00000000000000003b9b3062/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/ifi1ijl.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
31685af3bbf1ff809935f70512ea48729eac2add3a47f604db26c43f2a253541

Request headers

Referer
https://use.typekit.net/ifi1ijl.css
Origin
https://www.paysbig.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:49 GMT
server
nginx
etag
"79fea02668402fc378c129193093131a2db2577c"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
33576
l
use.typekit.net/af/5c70f2/00000000000000003b9b3063/27/
34 KB
35 KB
Font
General
Full URL
https://use.typekit.net/af/5c70f2/00000000000000003b9b3063/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/ifi1ijl.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
4e8d47f2d51e5c15ed54e8237f827005d675eec474216e7931e534c78ff30158

Request headers

Referer
https://use.typekit.net/ifi1ijl.css
Origin
https://www.paysbig.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:49 GMT
server
nginx
etag
"d9c559430b0162ff50e16cf6dad5514fa963f9ff"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
35100
l
use.typekit.net/af/0ff5e1/00000000000000003b9b3078/27/
33 KB
34 KB
Font
General
Full URL
https://use.typekit.net/af/0ff5e1/00000000000000003b9b3078/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/ifi1ijl.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
88694e0418748c08ec3082cad6ac8e7e98bd980ca7f322b668d4b7772ee1acd6

Request headers

Referer
https://use.typekit.net/ifi1ijl.css
Origin
https://www.paysbig.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:49 GMT
server
nginx
etag
"5604717ace233ade2de274e8019e41d7eecd75db"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
34112
l
use.typekit.net/af/0dfb3d/00000000000000003b9b3082/27/
32 KB
32 KB
Font
General
Full URL
https://use.typekit.net/af/0dfb3d/00000000000000003b9b3082/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/ifi1ijl.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
21a3b5524a73f149cc3d4efbf7fcb914e8649d49bf02ca77ced920302a5205f6

Request headers

Referer
https://use.typekit.net/ifi1ijl.css
Origin
https://www.paysbig.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:49 GMT
server
nginx
etag
"536f7ad4277ad4b0221a0404523cd4fadbf95d3e"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
32656
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.4.0/fonts/
63 KB
64 KB
Font
General
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/fonts/fontawesome-webfont.woff2?v=4.4.0
Requested by
Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css
Origin
https://www.paysbig.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:49 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
756
age
155206
cdn-cachedat
06/09/2022 10:24:04
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
64464
last-modified
Mon, 25 Jan 2021 22:04:54 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
server
cloudflare
etag
"4b5a84aaf1c9485e060c503a0ff8cadb"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
ea00e69970b2d69f196fc16230faabf3
accept-ranges
bytes
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
757f81beaa1a8fe9-FRA
cdn-requestpullsuccess
True
l
use.typekit.net/af/8e2bbd/00000000000000003b9b3072/27/
33 KB
33 KB
Font
General
Full URL
https://use.typekit.net/af/8e2bbd/00000000000000003b9b3072/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/ifi1ijl.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
507a553130db61df15e47f554bd35c5b9521584e4847173a25fcedc1f6aba776

Request headers

Referer
https://use.typekit.net/ifi1ijl.css
Origin
https://www.paysbig.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:49 GMT
server
nginx
etag
"dd3ed5a051a56eebcd930c279014a0f1613402d5"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
33344
btn_search_rd.png
www.paysbig.com/application/themes/potawatomi/images/
2 KB
2 KB
Image
General
Full URL
https://www.paysbig.com/application/themes/potawatomi/images/btn_search_rd.png
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.167.174.209 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
phc001.trivera.com
Software
Apache /
Resource Hash
49c39fdb4fcd15215cb8f3dfee05e3238189874b7f3da69b8b67acf3973967ba

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:49 GMT
Last-Modified
Wed, 14 Mar 2018 08:19:54 GMT
Server
Apache
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=495
Content-Length
1581
Expires
Wed, 09 Nov 2022 12:54:49 GMT
seg
secure.adnxs.com/ Frame DEBA
0
1020 B
Script
General
Full URL
https://secure.adnxs.com/seg?add=20511901&t=1
Requested by
Host: 4461369.fls.doubleclick.net
URL: https://4461369.fls.doubleclick.net/activityi;dc_pre=CKK9y9Ha1foCFd1lFQgdIBYCQg;src=4461369;type=retarget;cat=https003;ord=7913036030717;gtm=2wga50;auiddc=152238561.1665406489;~oref=https%3A%2F%2Fwww.paysbig.com%2F?
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.153 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4461369.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 10 Oct 2022 12:54:49 GMT
AN-X-Request-Uuid
61910ccb-fa3e-4f6b-9d59-625848ca2f2b
Server
nginx/1.21.3
Content-Type
application/javascript; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
185.213.155.176; 185.213.155.176; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
dc_pre=CKK9y9Ha1foCFd1lFQgdIBYCQg;src=4461369;type=retarget;cat=https003;ord=7913036030717;gtm=2wga50;auiddc=*;~oref=https%3A%2F%2Fwww.paysbig.com%2F
adservice.google.com/ddm/fls/z/ Frame DEBA
42 B
118 B
Image
General
Full URL
https://adservice.google.com/ddm/fls/z/dc_pre=CKK9y9Ha1foCFd1lFQgdIBYCQg;src=4461369;type=retarget;cat=https003;ord=7913036030717;gtm=2wga50;auiddc=*;~oref=https%3A%2F%2Fwww.paysbig.com%2F
Requested by
Host: 4461369.fls.doubleclick.net
URL: https://4461369.fls.doubleclick.net/activityi;dc_pre=CKK9y9Ha1foCFd1lFQgdIBYCQg;src=4461369;type=retarget;cat=https003;ord=7913036030717;gtm=2wga50;auiddc=152238561.1665406489;~oref=https%3A%2F%2Fwww.paysbig.com%2F?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4461369.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 10 Oct 2022 12:54:49 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.analytics.google.com/g/
0
338 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-HDFF75V5ZF&gtm=2oea50&_p=312583675&_gaz=1&cid=1395130416.1665406489&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=Q&_s=1&sid=1665406489&sct=1&seg=0&dl=https%3A%2F%2Fwww.paysbig.com%2F&dt=Potawatomi%20Hotel%20and%20Casino%20in%20Milwaukee%20Wisconsin&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HDFF75V5ZF&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 10 Oct 2022 12:54:49 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.paysbig.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
47 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HDFF75V5ZF&cid=1395130416.1665406489&gtm=2oea50&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HDFF75V5ZF&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 10 Oct 2022 12:54:49 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.paysbig.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
107 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HDFF75V5ZF&cid=1395130416.1665406489&gtm=2oea50&aip=1&z=1374927204
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 10 Oct 2022 12:54:49 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/
4 B
442 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-11866965-1&cid=1395130416.1665406489&jid=852762409&gjid=1605464575&_gid=1022162241.1665406489&_u=YGBACEAABAAAACAAI~&z=1201051477
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paysbig.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Mon, 10 Oct 2022 12:54:49 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.paysbig.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
p
consent.linksynergy.com/consent/v3/
37 B
276 B
Image
General
Full URL
https://consent.linksynergy.com/consent/v3/p?rmch=cs&domain=www.paysbig.com&sought=false&tp=gdpr&purposes=&vendors=&ext_id=c1973765-aa5c-48a6-9d9e-9717ebb42695
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-type
image/gif
date
Mon, 10 Oct 2022 12:54:49 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
x-samesite
secure
/
4461369.fls.doubleclick.net/ddm/fls/r/dc_pre=CLzYwtHa1foCFZZjFQgdgCAKUA;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048.334;~ore... Frame D513
Redirect Chain
  • https://adservice.google.de/ddm/fls/i/dc_pre=CLzYwtHa1foCFZZjFQgdgCAKUA;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048.334;~ore...
  • https://4461369.fls.doubleclick.net/ddm/fls/r/dc_pre=CLzYwtHa1foCFZZjFQgdgCAKUA;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048....
379 B
320 B
Document
General
Full URL
https://4461369.fls.doubleclick.net/ddm/fls/r/dc_pre=CLzYwtHa1foCFZZjFQgdgCAKUA;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048.334;~oref=https://www.paysbig.com/
Requested by
Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CLzYwtHa1foCFZZjFQgdgCAKUA;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048.334;~oref=https://www.paysbig.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.6 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s28-in-f6.1e100.net
Software
cafe /
Resource Hash
d44450f8fa917495859da3731ee7f22d5d3f03ad1fbf22b90c3c2f134bd44502
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://adservice.google.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=0
content-encoding
gzip
content-length
297
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 10 Oct 2022 12:54:49 GMT
expires
Mon, 10 Oct 2022 12:54:49 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 10 Oct 2022 12:54:49 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
location
https://4461369.fls.doubleclick.net/ddm/fls/r/dc_pre=CLzYwtHa1foCFZZjFQgdgCAKUA;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048.334;~oref=https://www.paysbig.com/
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
4461369.fls.doubleclick.net/ddm/fls/r/dc_pre=CIfbwtHa1foCFdJkFQgdX4EC2g;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839.232;~ore... Frame ABF3
Redirect Chain
  • https://adservice.google.de/ddm/fls/i/dc_pre=CIfbwtHa1foCFdJkFQgdX4EC2g;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839.232;~ore...
  • https://4461369.fls.doubleclick.net/ddm/fls/r/dc_pre=CIfbwtHa1foCFdJkFQgdX4EC2g;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839....
731 B
481 B
Document
General
Full URL
https://4461369.fls.doubleclick.net/ddm/fls/r/dc_pre=CIfbwtHa1foCFdJkFQgdX4EC2g;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839.232;~oref=https://www.paysbig.com/
Requested by
Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CIfbwtHa1foCFdJkFQgdX4EC2g;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839.232;~oref=https://www.paysbig.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.6 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s28-in-f6.1e100.net
Software
cafe /
Resource Hash
b64b0827217f6356d2a400456bd389c0a53951c4f1153f381d9c0418e71bae14
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://adservice.google.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=0
content-encoding
gzip
content-length
458
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 10 Oct 2022 12:54:49 GMT
expires
Mon, 10 Oct 2022 12:54:49 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 10 Oct 2022 12:54:49 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
location
https://4461369.fls.doubleclick.net/ddm/fls/r/dc_pre=CIfbwtHa1foCFdJkFQgdX4EC2g;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839.232;~oref=https://www.paysbig.com/
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ga-audiences
www.google.com/ads/
42 B
501 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-11866965-1&cid=1395130416.1665406489&jid=852762409&_u=YGBACEAABAAAACAAI~&z=681272929
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 10 Oct 2022 12:54:49 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
501 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-11866965-1&cid=1395130416.1665406489&jid=852762409&_u=YGBACEAABAAAACAAI~&z=681272929
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 10 Oct 2022 12:54:49 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
98feda30-9da9-0136-d68b-06a9ed4ca31b
tag.simpli.fi/sifitag/ Frame D513
0
783 B
Script
General
Full URL
https://tag.simpli.fi/sifitag/98feda30-9da9-0136-d68b-06a9ed4ca31b
Requested by
Host: 4461369.fls.doubleclick.net
URL: https://4461369.fls.doubleclick.net/ddm/fls/r/dc_pre=CLzYwtHa1foCFZZjFQgdgCAKUA;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048.334;~oref=https://www.paysbig.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
169.50.137.179 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
b3.89.32a9.ip4.static.sl-reverse.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4461369.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache, no-cache
date
Mon, 10 Oct 2022 12:54:49 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
0
x-request-id
Fxy2YPezwZ8_X3G8a3Jh
expires
Thu, 01 Jan 1970 00:00:00 GMT, Thu, 01 Jan 1970 00:00:00 GMT
px
secure.adnxs.com/ Frame D513
213 B
1 KB
Script
General
Full URL
https://secure.adnxs.com/px?id=1035055&t=1
Requested by
Host: 4461369.fls.doubleclick.net
URL: https://4461369.fls.doubleclick.net/ddm/fls/r/dc_pre=CLzYwtHa1foCFZZjFQgdgCAKUA;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048.334;~oref=https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.153 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
828ce195d97be14986c26d8631987d599543a343f33797d7bc883e19818b1f6d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4461369.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 10 Oct 2022 12:54:49 GMT
AN-X-Request-Uuid
79b3a2d1-e54a-4966-9dcc-e1d1dd6969a1
Server
nginx/1.21.3
Content-Type
application/javascript; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
185.213.155.176; 185.213.155.176; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
213
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
up_loader.1.1.0.js
js.adsrvr.org/ Frame ABF3
4 KB
2 KB
Script
General
Full URL
https://js.adsrvr.org/up_loader.1.1.0.js
Requested by
Host: 4461369.fls.doubleclick.net
URL: https://4461369.fls.doubleclick.net/ddm/fls/r/dc_pre=CIfbwtHa1foCFdJkFQgdX4EC2g;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839.232;~oref=https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
65.9.65.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-65-116.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4461369.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 02:56:58 GMT
Content-Encoding
gzip
Via
1.1 f2fa38e6635ded6d22a69d089217bc90.cloudfront.net (CloudFront)
Last-Modified
Thu, 24 Sep 2020 15:15:34 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA56-C1
Age
35872
ETag
W/"98d98b3499058b76d58073cf8ede2f10"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/x-javascript
X-Cache
Hit from cloudfront
Connection
keep-alive
X-Amz-Cf-Id
NPmQBp_1J7lzYXpGyCFF9admfa_KVjFj03BOhty28i-XiVPZBFPz_A==
98feda30-9da9-0136-d68b-06a9ed4ca31b
tag.simpli.fi/sifitag/ Frame ABF3
0
779 B
Script
General
Full URL
https://tag.simpli.fi/sifitag/98feda30-9da9-0136-d68b-06a9ed4ca31b
Requested by
Host: 4461369.fls.doubleclick.net
URL: https://4461369.fls.doubleclick.net/ddm/fls/r/dc_pre=CIfbwtHa1foCFdJkFQgdX4EC2g;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839.232;~oref=https://www.paysbig.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
169.50.137.179 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
b3.89.32a9.ip4.static.sl-reverse.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4461369.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache, no-cache
date
Mon, 10 Oct 2022 12:54:49 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
0
x-request-id
Fxy2YPe550U7Fay8a3KB
expires
Thu, 01 Jan 1970 00:00:00 GMT, Thu, 01 Jan 1970 00:00:00 GMT
px
secure.adnxs.com/ Frame ABF3
213 B
1 KB
Script
General
Full URL
https://secure.adnxs.com/px?id=1035055&t=1
Requested by
Host: 4461369.fls.doubleclick.net
URL: https://4461369.fls.doubleclick.net/ddm/fls/r/dc_pre=CIfbwtHa1foCFdJkFQgdX4EC2g;src=4461369;type=siteeven;cat=sitee0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7717562580839.232;~oref=https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.153 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
828ce195d97be14986c26d8631987d599543a343f33797d7bc883e19818b1f6d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4461369.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 10 Oct 2022 12:54:49 GMT
AN-X-Request-Uuid
9bd359bf-bfbb-4ce7-94c0-01df9ca46bdd
Server
nginx/1.21.3
Content-Type
application/javascript; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
185.213.155.176; 185.213.155.176; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
213
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
/
www.facebook.com/tr/
0
18 B
Image
General
Full URL
https://www.facebook.com/tr/?id=380879936097761&ev=Microdata&dl=https%3A%2F%2Fwww.paysbig.com%2F&rl=&if=false&ts=1665406489765&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Potawatomi%20Hotel%20and%20Casino%20in%20Milwaukee%20Wisconsin%22%2C%22meta%3Adescription%22%3A%22If%20you%20are%20looking%20for%20casinos%20in%20Wisconsin%2C%20Potawatomi%20Hotel%20and%20Casino%20is%20what%20you%20are%20looking%20for.%20Located%20in%20Milwaukee%2C%20WI%20with%20free%20parking%2C%20slot%20machines%2C%20poker%20tables%2C%20bingo%2C%20numerous%20dining%20options%20and%20on%20site%20hotel.%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22Home%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.paysbig.com%2F%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.paysbig.com%2Fapplication%2Ffiles%2F2915%2F6804%2F5898%2Fpotawatomi-exteriot-night-shot.jpg%22%2C%22og%3Adescription%22%3A%22If%20you%20are%20looking%20for%20casinos%20in%20Wisconsin%2C%20Potawatomi%20Hotel%20and%20Casino%20is%20what%20you%20are%20looking%20for.%20Located%20in%20Milwaukee%2C%20WI%20with%20free%20parking%2C%20slot%20machines%2C%20poker%20tables%2C%20bingo%2C%20numerous%20dining%20options%20and%20on%20site%20hotel.%22%7D&cd[Schema.org]=%5B%7B%22dimensions%22%3A%7B%22h%22%3A77%2C%22w%22%3A291%7D%2C%22properties%22%3A%7B%22url%22%3A%22%2F%22%2C%22logo%22%3A%22%2Fapplication%2Fthemes%2Fpotawatomi%2Fimages%2Fpotawatomi-logo.svg%22%7D%2C%22subscopes%22%3A%5B%5D%2C%22type%22%3A%22http%3A%2F%2Fschema.org%2FOrganization%22%7D%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.84&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1665406489250.204230066&it=1665406489033&coo=false&es=automatic&tm=3&rqm=GET
Requested by
Host: www.paysbig.com
URL: https://www.paysbig.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 10 Oct 2022 12:54:49 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
priority
u=3,i
seg
secure.adnxs.com/ Frame D513
43 B
1 KB
Image
General
Full URL
https://secure.adnxs.com/seg?add=14720480&t=2
Requested by
Host: 4461369.fls.doubleclick.net
URL: https://4461369.fls.doubleclick.net/ddm/fls/r/dc_pre=CLzYwtHa1foCFZZjFQgdgCAKUA;src=4461369;type=clicktoc;cat=mobil0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2898111838048.334;~oref=https://www.paysbig.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.153 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4461369.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 10 Oct 2022 12:54:49 GMT
AN-X-Request-Uuid
b0011df1-3573-4c46-b70b-fb49602c459f
Server
nginx/1.21.3
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
185.213.155.176; 185.213.155.176; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
seg
secure.adnxs.com/ Frame ABF3
43 B
1 KB
Image
General
Full URL
https://secure.adnxs.com/seg?add=14720480&t=2
Requested by
Host: secure.adnxs.com
URL: https://secure.adnxs.com/px?id=1035055&t=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.153 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4461369.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 10 Oct 2022 12:54:49 GMT
AN-X-Request-Uuid
bc69ac8d-7f2e-4ebf-a36f-efb4b005bc81
Server
nginx/1.21.3
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
185.213.155.176; 185.213.155.176; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
up
insight.adsrvr.org/track/ Frame 7CC8
0
181 B
Document
General
Full URL
https://insight.adsrvr.org/track/up?adv=j0fttr3&ref=https%3A%2F%2Fadservice.google.com%2F&upid=23crggf&upv=1.1.0
Requested by
Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://4461369.fls.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private,no-cache, must-revalidate
content-type
text/html
date
Mon, 10 Oct 2022 12:54:49 GMT
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma
no-cache
x-aspnet-version
4.0.30319
default.js
onboard.triptease.io/integrations/v5794.62701/
148 KB
47 KB
Script
General
Full URL
https://onboard.triptease.io/integrations/v5794.62701/default.js
Requested by
Host: onboard.triptease.io
URL: https://onboard.triptease.io/bootstrap.js?integrationId=01FN3YK2FH59N4QMH1X95R3WNK
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:28e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3520de92bea2938a10a1fcf05953d65ea3c683f8efad94be7e17943790e03725
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://www.paysbig.com/
Origin
https://www.paysbig.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:51 GMT
strict-transport-security
max-age=15552000
content-encoding
br
cf-cache-status
MISS
x-goog-meta-git-hash
fca7b2f7a0a0805ffb29166ff57d9abae69cadcd
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid
ADPycdv_jdeTukCn_PwAaMxdAD9BlQ36mp152izUgF7sEv9i2ATWQG5wTe3w1VhBE-YdW65Hr912brlHHVSpMAMAJ7FPissML8pq
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
x-goog-meta-build-version
5794.62701
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 10 Oct 2022 09:50:38 GMT
server
cloudflare
etag
W/"f1ad3c37a3dd543b418df6477f25a2c7"
vary
Accept-Encoding
x-goog-generation
1665395438738398
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-goog-hash
crc32c=iynD1A==, md5=8a08N6PdVDtBjfZHfyWixw==
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7JbZPENRSkxffwdP%2FwTtr1y%2BWChu9ePxelul%2BmT9bHtHrcCo65UfybW2pr0a9s9RQR3ycTQ9pGbR9SsZfO3xOTj9zLtR3afhKnh%2BWD08ykgCztq7lGGwYAHyBQREPvjYaitg3j4V%2FWsMGQ%2BJbrV778oayQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
151982
cf-ray
757f81c94f96bbb9-FRA
expires
Tue, 10 Oct 2023 12:53:39 GMT
identity
onboard.triptease.io/
161 B
853 B
Fetch
General
Full URL
https://onboard.triptease.io/identity
Requested by
Host: onboard.triptease.io
URL: https://onboard.triptease.io/bootstrap.js?integrationId=01FN3YK2FH59N4QMH1X95R3WNK
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:28e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d6669c1ec3fb77c95f16cbd7393b8308951f2159ac7a67569bfb86989009425
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:51 GMT
strict-transport-security
max-age=15552000
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NgoRpwVqreNlD3uhyF2%2BIX5jhp5JRyZJU%2FdMX777FSyqXeza%2F1hpQ1LNNjJwV1PJ6lfk63P%2F5xOCoNtS8ah%2F5bV3qTSIJXruyTUAVwn2UK%2FOnlxeBWIISB5I5DW%2FHGqZUnjK1idqmc8Zt0t0ZjgFjkq0WA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.paysbig.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
cf-ray
757f81ce4aed90ef-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
bootstrap-message-engine.js
static.triptease.io/message-porter/dist/
83 KB
29 KB
Script
General
Full URL
https://static.triptease.io/message-porter/dist/bootstrap-message-engine.js
Requested by
Host: onboard.triptease.io
URL: https://onboard.triptease.io/bootstrap.js?integrationId=01FN3YK2FH59N4QMH1X95R3WNK
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.182 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
ac480d0f5fa55eff79e1f866bc6d3072631e19c725d6411415ce0a4b6d67a70f
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

Referer
https://www.paysbig.com/
Origin
https://www.paysbig.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-encoding
gzip
age
92
x-guploader-uploadid
ADPycdtXYGc_h6Bekam5W4wObqt_ChHANi_OAFeGSALJkTF1tgybAtUYO5UT1yjVjEYCvRR9krTuRm-L4vc6J0bysXS6IQ
x-goog-stored-content-encoding
identity
backend-url
/message-porter/dist/bootstrap-message-engine.js
x-served-by
cache-hhn4058-HHN
x-timer
S1665406492.230273,VS0,VE0
etag
"b946709376422b4168151d54e8ef100c"
vary
Accept-Encoding
x-goog-generation
1664815173149990
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
no-cache, max-age=600
pseudo-session-id
ee29fd04c85b320417bec183c1d9bb437dfe3bc14b4811248e771a7962c3f374
x-cache-hits
5
expires
Mon, 03 Oct 2022 16:49:40 GMT
date
Mon, 10 Oct 2022 12:54:52 GMT
via
1.1 varnish
surrogate-key-debug
message-porter message-porter-bootstrap-message-engine message-porter-js
strict-transport-security
max-age=31557600
x-goog-meta-goog-reserved-file-mtime
1664815167
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
2
content-length
28264
last-modified
Mon, 03 Oct 2022 16:39:33 GMT
server
UploadServer
x-goog-hash
crc32c=wVSm7g==, md5=uUZwk3ZCK0FoFR1U6O8QDA==
pseudo-device-id
6c7ea80ca28e0a2ecb33d932be469dbc5cd60c2c2a5c475fd865bbc93cee1755
x-goog-stored-content-length
84874
accept-ranges
bytes
timing-allow-origin
*
main.js
static-meta.triptease.io/client/
54 KB
17 KB
Script
General
Full URL
https://static-meta.triptease.io/client/main.js
Requested by
Host: onboard.triptease.io
URL: https://onboard.triptease.io/bootstrap.js?integrationId=01FN3YK2FH59N4QMH1X95R3WNK
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.182 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
istio-envoy /
Resource Hash
2139162aa1b3b5ae1b4e4b151fff32bdb216a46374b7dd1ef5e6165cb61afa51

Request headers

Referer
https://www.paysbig.com/
Origin
https://www.paysbig.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:52 GMT
via
1.1 google, 1.1 varnish
content-encoding
gzip
age
391
x-envoy-upstream-healthchecked-cluster
client-api.management
x-cache
HIT
x-envoy-upstream-service-time
2
content-length
17417
x-served-by
cache-hhn4064-HHN
server
istio-envoy
x-timer
S1665406492.225221,VS0,VE6
vary
Origin, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=3600,stale-while-revalidate=1800
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
1
application.js
b.triptease.io/
3 KB
3 KB
Script
General
Full URL
https://b.triptease.io/application.js
Requested by
Host: onboard.triptease.io
URL: https://onboard.triptease.io/bootstrap.js?integrationId=01FN3YK2FH59N4QMH1X95R3WNK
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.62 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
54d464dcbb274e2f142eb6e78e14dd6885edc21e72d0989717a1318c170777df
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.paysbig.com/
Origin
https://www.paysbig.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

X-Served-By
cache-hhn4039-HHN
Date
Mon, 10 Oct 2022 12:54:52 GMT
Via
1.1 google, 1.1 varnish
Strict-Transport-Security
max-age=300
Age
2913
access-control-allow-methods
GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
X-Cache
HIT
cache-control
max-age=60
Connection
keep-alive
Accept-Ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, session-token
Content-Length
2870
X-Cache-Hits
15
6f9bd4c16aef4149bbb066a879fd3b2b
static-meta.triptease.io/client/bundle-data/
453 B
406 B
Fetch
General
Full URL
https://static-meta.triptease.io/client/bundle-data/6f9bd4c16aef4149bbb066a879fd3b2b
Requested by
Host: static-meta.triptease.io
URL: https://static-meta.triptease.io/client/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.182 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
istio-envoy /
Resource Hash
47cd1f09c8b4600710853be4a00b2c8bf59c010cb02c49de66b79666fe21f184

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:52 GMT
via
1.1 google, 1.1 varnish
content-encoding
gzip
age
390
x-cache
HIT
x-envoy-upstream-service-time
124
content-length
312
x-served-by
cache-hhn4064-HHN
server
istio-envoy
x-timer
S1665406492.249898,VS0,VE1
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=3600,stale-while-revalidate=1800
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
1
js
www.googletagmanager.com/gtag/
116 KB
46 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-10812284528
Requested by
Host: static-meta.triptease.io
URL: https://static-meta.triptease.io/client/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
35cc4532ae170e8469c26947202085cc0b6586e4c85f10a8d29a075bed597af0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:52 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46920
x-xss-protection
0
last-modified
Mon, 10 Oct 2022 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 10 Oct 2022 12:54:52 GMT
js
www.googletagmanager.com/gtag/
116 KB
46 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-10812284528&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5TKMJMN
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c8661d696f294f47d32178106045ddb4e72ac849207465d8ee3d147355c4502e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:52 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46907
x-xss-protection
0
last-modified
Mon, 10 Oct 2022 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 10 Oct 2022 12:54:52 GMT
6f9bd4c16aef4149bbb066a879fd3b2b
static-meta.triptease.io/client/bundle-data/
453 B
378 B
Fetch
General
Full URL
https://static-meta.triptease.io/client/bundle-data/6f9bd4c16aef4149bbb066a879fd3b2b
Requested by
Host: static-meta.triptease.io
URL: https://static-meta.triptease.io/client/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.182 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
istio-envoy /
Resource Hash
47cd1f09c8b4600710853be4a00b2c8bf59c010cb02c49de66b79666fe21f184

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:52 GMT
via
1.1 google, 1.1 varnish
content-encoding
gzip
age
390
x-cache
HIT
x-envoy-upstream-service-time
124
content-length
312
x-served-by
cache-hhn4064-HHN
server
istio-envoy
x-timer
S1665406492.266964,VS0,VE0
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=3600,stale-while-revalidate=1800
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
2
storageIframe.html
static.triptease.io/message-porter/dist/ Frame 398C
7 KB
3 KB
Document
General
Full URL
https://static.triptease.io/message-porter/dist/storageIframe.html
Requested by
Host: static.triptease.io
URL: https://static.triptease.io/message-porter/dist/bootstrap-message-engine.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.182 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
b33b420b1309810d0e5418be3ee3e5dab1f8728741ad082dbea4d74d74134101
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

Referer
https://www.paysbig.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
access-control-expose-headers
Content-Type
age
294
backend-url
/message-porter/dist/storageIframe.html
cache-control
no-cache, max-age=600
content-encoding
gzip
content-length
2496
content-type
text/html
date
Mon, 10 Oct 2022 12:54:52 GMT
etag
"ae93c11ba134c75502eea3178dc09e0e"
expires
Mon, 03 Oct 2022 16:49:40 GMT
last-modified
Wed, 17 Aug 2022 14:47:57 GMT
pseudo-device-id
31c3caad466206eb801eb310f7e1da93bf1fb44812aab1bd773a69464463528f
pseudo-session-id
25d9e65f16db226497926813ef1aaa777fb9726f561acf1056220ee3fe67fa87
server
UploadServer
strict-transport-security
max-age=31557600
surrogate-key-debug
message-porter message-porter-storageIframe message-porter-html
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
12
x-goog-generation
1660747677412211
x-goog-hash
crc32c=aDvKsw== md5=rpPBG6E0x1UC7qMXjcCeDg==
x-goog-meta-goog-reserved-file-mtime
1660747672
x-goog-metageneration
10
x-goog-storage-class
STANDARD
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
6953
x-guploader-uploadid
ADPycdtxfwxje1JvtIURGWNIFObzKWO0oL1h3Zgn7nr7YJaw5RgIJl80bif1bqWotQKhJIyqZpg68zlQsIOJkT7-G9QTAA
x-served-by
cache-hhn4061-HHN
x-timer
S1665406492.285218,VS0,VE0
/
b.triptease.io/ Frame 874D
3 KB
3 KB
Document
General
Full URL
https://b.triptease.io/?apikey=6f9bd4c16aef4149bbb066a879fd3b2b&bucket=0&conversion=false&clicked=false&searched=false&tripteaseUserId=01GF0ZCQ8FNEPT30R5VJHFC3X3
Requested by
Host: b.triptease.io
URL: https://b.triptease.io/application.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.62 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7ddc838cdde87d034533f28905b928311621e67ffc0de9eabf1e4aaf44a9c2a3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.paysbig.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Date
Mon, 10 Oct 2022 12:54:52 GMT
Strict-Transport-Security
max-age=300
Via
1.1 google, 1.1 varnish
X-Cache
MISS
X-Cache-Hits
0
X-Served-By
cache-hhn4052-HHN
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, session-token
access-control-allow-methods
GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
access-control-allow-origin
*
cache-control
private, no-store
transfer-encoding
chunked
messages
messages.guest-experience.triptease.io/6f9bd4c16aef4149bbb066a879fd3b2b/
5 KB
5 KB
Fetch
General
Full URL
https://messages.guest-experience.triptease.io/6f9bd4c16aef4149bbb066a879fd3b2b/messages?language=en
Requested by
Host: static.triptease.io
URL: https://static.triptease.io/message-porter/dist/bootstrap-message-engine.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
48d156af6d38f5b5ae6c387222a7213f6f13ad9a15d5c1c00ecd9d714b6287ae

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:52 GMT
via
1.1 varnish
age
390
x-cache
HIT
x-city
lohne
content-length
4687
x-served-by
cache-hhn4024-HHN
server
Google Frontend
vary
Origin
tt_keys
campaigns-6f9bd4c16aef4149bbb066a879fd3b2b campaigns-client-POTAWATOMI
access-control-allow-origin
https://www.paysbig.com
x-region-code
NW
x-cloud-trace-context
12221f452967db760bd4c005a8595ab6
cache-control
max-age=600
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
tt_host
messages.guest-experience.triptease.io
access-control-expose-headers
X-Country-Code, X-Region-Code, X-City
accept-ranges
bytes
x-country-code
DE
x-cache-hits
1
conversion_async.js
www.googleadservices.com/pagead/
41 KB
15 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10812284528
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
f42283e0ca17a52688c5250e714ecd1b6a53af8b0f6e54ac64546499b0ec1b19
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:52 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15192
x-xss-protection
0
server
cafe
etag
699633608045481581
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 10 Oct 2022 12:54:52 GMT
event
api.triptease.io/zappy/
0
206 B
Ping
General
Full URL
https://api.triptease.io/zappy/event?eventName=propensityToConvert&eventAppName=messageEngine
Requested by
Host: static.triptease.io
URL: https://static.triptease.io/message-porter/dist/bootstrap-message-engine.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.195.233 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
233.195.186.35.bc.googleusercontent.com
Software
nginx/1.11.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.paysbig.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 10 Oct 2022 12:54:52 GMT
via
1.1 google
server
nginx/1.11.3
access-control-max-age
86400
access-control-allow-methods
GET,PUT,POST,DELETE
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://www.paysbig.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
associate-segment
segment.prod.bidr.io/ Frame 874D
Redirect Chain
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-138&value=
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-138&value=&_bee_ppp=1
43 B
796 B
Image
General
Full URL
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-138&value=&_bee_ppp=1
Requested by
Host: b.triptease.io
URL: https://b.triptease.io/?apikey=6f9bd4c16aef4149bbb066a879fd3b2b&bucket=0&conversion=false&clicked=false&searched=false&tripteaseUserId=01GF0ZCQ8FNEPT30R5VJHFC3X3
Protocol
HTTP/1.1
Server
52.51.145.228 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-51-145-228.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://b.triptease.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
Date
Mon, 10 Oct 2022 12:54:52 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
content-type
image/gif
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-138&value=&_bee_ppp=1
Date
Mon, 10 Oct 2022 12:54:52 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
associate-segment
segment.prod.bidr.io/ Frame 874D
Redirect Chain
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-139&value=
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-139&value=&_bee_ppp=1
43 B
796 B
Image
General
Full URL
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-139&value=&_bee_ppp=1
Requested by
Host: b.triptease.io
URL: https://b.triptease.io/?apikey=6f9bd4c16aef4149bbb066a879fd3b2b&bucket=0&conversion=false&clicked=false&searched=false&tripteaseUserId=01GF0ZCQ8FNEPT30R5VJHFC3X3
Protocol
HTTP/1.1
Server
52.51.145.228 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-51-145-228.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://b.triptease.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
Date
Mon, 10 Oct 2022 12:54:52 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
content-type
image/gif
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-139&value=&_bee_ppp=1
Date
Mon, 10 Oct 2022 12:54:52 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
associate-segment
segment.prod.bidr.io/ Frame 874D
Redirect Chain
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-140&value=
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-140&value=&_bee_ppp=1
43 B
796 B
Image
General
Full URL
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-140&value=&_bee_ppp=1
Requested by
Host: b.triptease.io
URL: https://b.triptease.io/?apikey=6f9bd4c16aef4149bbb066a879fd3b2b&bucket=0&conversion=false&clicked=false&searched=false&tripteaseUserId=01GF0ZCQ8FNEPT30R5VJHFC3X3
Protocol
HTTP/1.1
Server
52.51.145.228 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-51-145-228.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://b.triptease.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
Date
Mon, 10 Oct 2022 12:54:52 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
content-type
image/gif
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-140&value=&_bee_ppp=1
Date
Mon, 10 Oct 2022 12:54:52 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
associate-segment
segment.prod.bidr.io/ Frame 874D
Redirect Chain
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-136&value=
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-136&value=&_bee_ppp=1
43 B
796 B
Image
General
Full URL
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-136&value=&_bee_ppp=1
Requested by
Host: b.triptease.io
URL: https://b.triptease.io/?apikey=6f9bd4c16aef4149bbb066a879fd3b2b&bucket=0&conversion=false&clicked=false&searched=false&tripteaseUserId=01GF0ZCQ8FNEPT30R5VJHFC3X3
Protocol
HTTP/1.1
Server
52.51.145.228 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-51-145-228.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://b.triptease.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
Date
Mon, 10 Oct 2022 12:54:52 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
content-type
image/gif
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-136&value=&_bee_ppp=1
Date
Mon, 10 Oct 2022 12:54:52 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
associate-segment
segment.prod.bidr.io/ Frame 874D
Redirect Chain
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-17614&value=1
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-17614&value=1&_bee_ppp=1
43 B
796 B
Image
General
Full URL
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-17614&value=1&_bee_ppp=1
Requested by
Host: b.triptease.io
URL: https://b.triptease.io/?apikey=6f9bd4c16aef4149bbb066a879fd3b2b&bucket=0&conversion=false&clicked=false&searched=false&tripteaseUserId=01GF0ZCQ8FNEPT30R5VJHFC3X3
Protocol
HTTP/1.1
Server
52.51.145.228 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-51-145-228.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://b.triptease.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
Date
Mon, 10 Oct 2022 12:54:52 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
content-type
image/gif
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-17614&value=1&_bee_ppp=1
Date
Mon, 10 Oct 2022 12:54:52 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
associate-segment
segment.prod.bidr.io/ Frame 874D
Redirect Chain
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-17615&value=
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-17615&value=&_bee_ppp=1
43 B
796 B
Image
General
Full URL
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-17615&value=&_bee_ppp=1
Requested by
Host: b.triptease.io
URL: https://b.triptease.io/?apikey=6f9bd4c16aef4149bbb066a879fd3b2b&bucket=0&conversion=false&clicked=false&searched=false&tripteaseUserId=01GF0ZCQ8FNEPT30R5VJHFC3X3
Protocol
HTTP/1.1
Server
52.51.145.228 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-51-145-228.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://b.triptease.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
Date
Mon, 10 Oct 2022 12:54:52 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
content-type
image/gif
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-17615&value=&_bee_ppp=1
Date
Mon, 10 Oct 2022 12:54:52 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
associate-segment
segment.prod.bidr.io/ Frame 874D
43 B
433 B
Image
General
Full URL
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-17616&value=1
Requested by
Host: b.triptease.io
URL: https://b.triptease.io/?apikey=6f9bd4c16aef4149bbb066a879fd3b2b&bucket=0&conversion=false&clicked=false&searched=false&tripteaseUserId=01GF0ZCQ8FNEPT30R5VJHFC3X3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.51.145.228 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-51-145-228.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://b.triptease.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
Date
Mon, 10 Oct 2022 12:54:52 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
content-type
image/gif
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT
associate-segment
segment.prod.bidr.io/ Frame 874D
43 B
433 B
Image
General
Full URL
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-17617&value=1
Requested by
Host: b.triptease.io
URL: https://b.triptease.io/?apikey=6f9bd4c16aef4149bbb066a879fd3b2b&bucket=0&conversion=false&clicked=false&searched=false&tripteaseUserId=01GF0ZCQ8FNEPT30R5VJHFC3X3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.51.145.228 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-51-145-228.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://b.triptease.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
Date
Mon, 10 Oct 2022 12:54:52 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
content-type
image/gif
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT
associate-segment
segment.prod.bidr.io/ Frame 874D
43 B
433 B
Image
General
Full URL
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-17618&value=1
Requested by
Host: b.triptease.io
URL: https://b.triptease.io/?apikey=6f9bd4c16aef4149bbb066a879fd3b2b&bucket=0&conversion=false&clicked=false&searched=false&tripteaseUserId=01GF0ZCQ8FNEPT30R5VJHFC3X3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.51.145.228 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-51-145-228.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://b.triptease.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
Date
Mon, 10 Oct 2022 12:54:52 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
content-type
image/gif
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT
associate-segment
segment.prod.bidr.io/ Frame 874D
43 B
433 B
Image
General
Full URL
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-17619&value=1
Requested by
Host: b.triptease.io
URL: https://b.triptease.io/?apikey=6f9bd4c16aef4149bbb066a879fd3b2b&bucket=0&conversion=false&clicked=false&searched=false&tripteaseUserId=01GF0ZCQ8FNEPT30R5VJHFC3X3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.51.145.228 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-51-145-228.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://b.triptease.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
Date
Mon, 10 Oct 2022 12:54:52 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
content-type
image/gif
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT
cookie-sync
b.triptease.io/ Frame 874D
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/triptease?buyer_user_id=01GF0ZCQ8FNEPT30R5VJHFC3X3|6f9bd4c16aef4149bbb066a879fd3b2b
  • https://match.prod.bidr.io/cookie-sync/triptease?buyer_user_id=01GF0ZCQ8FNEPT30R5VJHFC3X3%7C6f9bd4c16aef4149bbb066a879fd3b2b&_bee_ppp=1
  • https://b.triptease.io/cookie-sync?partner=beeswax&beeswax_id=AAButk7GiCwAADAybzL4fQ&buyer_user_id=01GF0ZCQ8FNEPT30R5VJHFC3X3%7C6f9bd4c16aef4149bbb066a879fd3b2b
129 B
129 B
Image
General
Full URL
https://b.triptease.io/cookie-sync?partner=beeswax&beeswax_id=AAButk7GiCwAADAybzL4fQ&buyer_user_id=01GF0ZCQ8FNEPT30R5VJHFC3X3%7C6f9bd4c16aef4149bbb066a879fd3b2b
Requested by
Host: b.triptease.io
URL: https://b.triptease.io/?apikey=6f9bd4c16aef4149bbb066a879fd3b2b&bucket=0&conversion=false&clicked=false&searched=false&tripteaseUserId=01GF0ZCQ8FNEPT30R5VJHFC3X3
Protocol
HTTP/1.1
Server
151.101.129.62 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://b.triptease.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

X-Served-By
cache-hhn4052-HHN
Date
Mon, 10 Oct 2022 12:54:52 GMT
Via
1.1 google, 1.1 varnish
Strict-Transport-Security
max-age=300
transfer-encoding
chunked
access-control-allow-methods
GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
X-Cache
MISS
access-control-allow-origin
*
cache-control
private, no-store
Connection
keep-alive
Accept-Ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, session-token
X-Cache-Hits
0

Redirect headers

location
https://b.triptease.io/cookie-sync?partner=beeswax&beeswax_id=AAButk7GiCwAADAybzL4fQ&buyer_user_id=01GF0ZCQ8FNEPT30R5VJHFC3X3%7C6f9bd4c16aef4149bbb066a879fd3b2b
Date
Mon, 10 Oct 2022 12:54:52 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
cookie-msync
match.prod.bidr.io/ Frame 8DE7
Redirect Chain
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-1&value=0.5&forward_to_cookie_sync=1
  • https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-1&value=0.5&forward_to_cookie_sync=1&_bee_ppp=1
  • https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
1 KB
2 KB
Document
General
Full URL
https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
Requested by
Host: b.triptease.io
URL: https://b.triptease.io/?apikey=6f9bd4c16aef4149bbb066a879fd3b2b&bucket=0&conversion=false&clicked=false&searched=false&tripteaseUserId=01GF0ZCQ8FNEPT30R5VJHFC3X3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.152.75 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-152-75.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
c7280f0fb3b8972840ed4d5fb1cd3975e15b11fb467ac2508c8b3e264a168ff9
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Referer
https://b.triptease.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Length
1444
Date
Mon, 10 Oct 2022 12:54:52 GMT
Server
gunicorn
cache-control
no-cache, must-revalidate
content-type
text/html; charset=utf-8
strict-transport-security
max-age=2592000; includeSubDomains

Redirect headers

Connection
keep-alive
Content-Length
0
Date
Mon, 10 Oct 2022 12:54:52 GMT
Server
gunicorn
location
https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
strict-transport-security
max-age=2592000; includeSubDomains
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/10812284528/
2 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10812284528/?random=1665406492479&cv=9&fst=1665406492479&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaa50&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.paysbig.com%2F&tiba=Potawatomi%20Hotel%20and%20Casino%20in%20Milwaukee%20Wisconsin&auid=152238561.1665406489&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0c5089e71b45e8a6f7bc58c5c6132671f9779e7f166f9c1686ffc8ee8e83536a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 10 Oct 2022 12:54:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1058
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/10812284528/
42 B
64 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/10812284528/?random=1665406492479&cv=9&fst=1665403200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaa50&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.paysbig.com%2F&tiba=Potawatomi%20Hotel%20and%20Casino%20in%20Milwaukee%20Wisconsin&async=1&fmt=3&is_vtc=1&random=1017879661&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 10 Oct 2022 12:54:52 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/10812284528/
42 B
64 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/10812284528/?random=1665406492479&cv=9&fst=1665403200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaa50&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.paysbig.com%2F&tiba=Potawatomi%20Hotel%20and%20Casino%20in%20Milwaukee%20Wisconsin&async=1&fmt=3&is_vtc=1&random=1017879661&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paysbig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 10 Oct 2022 12:54:52 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adx
match.prod.bidr.io/cookie-sync/ Frame 8DE7
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFRVDZVN0dpQ3dBQUNCOTBxcG45dw&bee_sync_partners=&bee_sync_current_partner=adx&bee_sync_hop_count=1
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=&bee_sync_current_partner=adx&bee_sync_hop_count=1
43 B
433 B
Image
General
Full URL
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=&bee_sync_current_partner=adx&bee_sync_hop_count=1
Requested by
Host: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
Protocol
HTTP/1.1
Server
52.30.152.75 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-152-75.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://match.prod.bidr.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
Date
Mon, 10 Oct 2022 12:54:52 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
content-type
image/gif
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 10 Oct 2022 12:54:52 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=&bee_sync_current_partner=adx&bee_sync_hop_count=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
316
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
35244
tags.bluekai.com/site/ Frame 8DE7
62 B
525 B
Image
General
Full URL
https://tags.bluekai.com/site/35244?id=AAQT6U7GiCwAACB90qpn9w
Requested by
Host: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.3.108.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-3-108-242.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://match.prod.bidr.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date
Mon, 10 Oct 2022 12:54:52 GMT
content-length
62
bk-server
b003
content-type
image/gif
demconf.jpg
dpm.demdex.net/ Frame 8DE7
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=275754&dpuuid=AAQT6U7GiCwAACB90qpn9w
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=275754&dpuuid=AAQT6U7GiCwAACB90qpn9w
42 B
942 B
Image
General
Full URL
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=275754&dpuuid=AAQT6U7GiCwAACB90qpn9w
Requested by
Host: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
Protocol
HTTP/1.1
Server
52.30.140.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-140-233.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://match.prod.bidr.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v044-0749497f6.edge-irl1.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
fJube03FRK8=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS
dcs-prod-irl1-2-v044-0f7f1a203.edge-irl1.demdex.com 0 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
32T+wWQGSEA=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=275754&dpuuid=AAQT6U7GiCwAACB90qpn9w
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
user-registering
ads.stickyadstv.com/ Frame 8DE7
43 B
801 B
Image
General
Full URL
https://ads.stickyadstv.com/user-registering?dataProviderId=817&userId=AAQT6U7GiCwAACB90qpn9w
Requested by
Host: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.55.163.72 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-55-163-72.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://match.prod.bidr.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 10 Oct 2022 12:54:52 GMT
Server
nginx
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
43
x-sticky-vk
1665406492710059-585
Expires
Mon, 10 Oct 2022 12:54:52 GMT
g.pixel
aa.agkn.com/adscores/ Frame 8DE7
43 B
502 B
Image
General
Full URL
https://aa.agkn.com/adscores/g.pixel?sid=9212314538&puid=AAQT6U7GiCwAACB90qpn9w
Requested by
Host: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.120.204.36 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-120-204-36.eu-central-1.compute.amazonaws.com
Software
AAWebServer /
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://match.prod.bidr.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 10 Oct 2022 12:54:52 GMT
server
AAWebServer
access-control-allow-methods
GET, POST, OPTIONS
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length
43
expires
0
Pug
image2.pubmatic.com/AdServer/ Frame 8DE7
0
225 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAQT6U7GiCwAACB90qpn9w
Requested by
Host: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://match.prod.bidr.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-type
text/html; charset=utf-8
date
Mon, 10 Oct 2022 12:54:52 GMT
cache-control
no-store, no-cache, private
content-encoding
gzip
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
validateCookie
segments.company-target.com/ Frame 8DE7
Redirect Chain
  • https://segments.company-target.com/log?vendor=choca&user_id=AAQT6U7GiCwAACB90qpn9w
  • https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAQT6U7GiCwAACB90qpn9w&verifyHash=d56365144ed508fa5b5e96d8a44f9eec1f456aa1
26 B
409 B
Image
General
Full URL
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAQT6U7GiCwAACB90qpn9w&verifyHash=d56365144ed508fa5b5e96d8a44f9eec1f456aa1
Requested by
Host: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
Protocol
HTTP/1.1
Server
143.204.215.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-97.fra53.r.cloudfront.net
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://match.prod.bidr.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date
Mon, 10 Oct 2022 12:54:52 GMT
Via
1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA53-C1
Transfer-Encoding
chunked
X-Cache
Miss from cloudfront
Content-Type
image/gif
Vary
Origin
Connection
keep-alive
trace-id
6613bc63d8b97dd8
X-Amz-Cf-Id
qf_pSjjXA7XpsJInXnLKU5q6McX3HL43fIY_5zO2pLbXzPw6lVIrCw==

Redirect headers

Date
Mon, 10 Oct 2022 12:54:52 GMT
Via
1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA53-C1
Vary
Origin
X-Cache
Miss from cloudfront
Location
/validateCookie?vendor=choca&user_id=AAQT6U7GiCwAACB90qpn9w&verifyHash=d56365144ed508fa5b5e96d8a44f9eec1f456aa1
Connection
keep-alive
trace-id
469bb5e2b219c546
Content-Length
0
X-Amz-Cf-Id
vg7hMmmgSJZ_Wc1isiqkwkW9TBsWpUdz8nCXkm0iWKzcjVABleFn4A==
/
loadus.exelator.com/load/ Frame 8DE7
Redirect Chain
  • https://loadus.exelator.com/load/?BUID=AAQT6U7GiCwAACB90qpn9w&p=204&g=117&j=0
  • https://loadus.exelator.com/load/?BUID=AAQT6U7GiCwAACB90qpn9w&p=204&g=117&j=0&xl8blockcheck=1
0
767 B
Image
General
Full URL
https://loadus.exelator.com/load/?BUID=AAQT6U7GiCwAACB90qpn9w&p=204&g=117&j=0&xl8blockcheck=1
Requested by
Host: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
Protocol
H2
Server
34.254.143.3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-143-3.eu-west-1.compute.amazonaws.com
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://match.prod.bidr.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 12:54:52 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

Redirect headers

date
Mon, 10 Oct 2022 12:54:52 GMT
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location
https://loadus.exelator.com/load/?BUID=AAQT6U7GiCwAACB90qpn9w&p=204&g=117&j=0&xl8blockcheck=1
content-type
image/gif
cache-control
no-cache
access-control-allow-credentials
true
content-length
0
rum
dsum-sec.casalemedia.com/ Frame 8DE7
Redirect Chain
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=130&external_user_id=AAQT6U7GiCwAACB90qpn9w&expiration=1666616092
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=130&external_user_id=AAQT6U7GiCwAACB90qpn9w&expiration=1666616092&C=1
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=130&external_user_id=AAQT6U7GiCwAACB90qpn9w&expiration=1666616092&C=1
Requested by
Host: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://match.prod.bidr.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 10 Oct 2022 12:54:52 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
43
Expires
0

Redirect headers

Pragma
no-cache
Date
Mon, 10 Oct 2022 12:54:52 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
/rum?cm_dsp_id=130&external_user_id=AAQT6U7GiCwAACB90qpn9w&expiration=1666616092&C=1
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
0
Expires
0
setuid
ib.adnxs.com/ Frame 8DE7
43 B
1 KB
Image
General
Full URL
https://ib.adnxs.com/setuid?entity=331&seg=6290637&code=AAQT6U7GiCwAACB90qpn9w
Requested by
Host: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://match.prod.bidr.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 10 Oct 2022 12:54:52 GMT
AN-X-Request-Uuid
6b2daadc-0c30-4c95-85ef-245f03bcf990
Server
nginx/1.21.3
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
185.213.155.176; 185.213.155.176; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
batch
onboard.triptease.io/message/
0
494 B
Ping
General
Full URL
https://onboard.triptease.io/message/batch
Requested by
Host: onboard.triptease.io
URL: https://onboard.triptease.io/bootstrap.js?integrationId=01FN3YK2FH59N4QMH1X95R3WNK
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:28e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://www.paysbig.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 10 Oct 2022 12:54:53 GMT
strict-transport-security
max-age=15552000
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zG7caB9LiJqbYb1r%2B7ZOeuoNWJYWBWm3%2BEwIY%2FYtqAErQ8AzDw1xPvVOR9OoeMCgASQSnuMzY0RR0fjxp2hmKCmGmHGveZIoMgNtIwogCtqQrpiT9X6BNobhTJhzQLY83QM5zs4bdIs2gcI6KAfe8F5Dxg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
access-control-allow-origin
*
x-cloud-trace-context
0183861168a666e3baf0d085c72eff4c
cf-ray
757f81d60a4490ef-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

97 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation string| CCM_DISPATCHER_FILENAME number| CCM_CID boolean| CCM_EDIT_MODE boolean| CCM_ARRANGE_MODE string| CCM_IMAGE_PATH string| CCM_APPLICATION_URL string| CCM_REL string| CCM_ACTIVE_LOCALE boolean| CCM_USER_REGISTERED function| $ function| jQuery function| fbq function| _fbq object| dataLayer function| readMore object| _qevents undefined| msViewportStyle string| axel number| a number| uidEvent object| bootstrap function| quantserve function| __qc object| ezt object| _qoptions function| qtrack function| __extends function| __assign function| __rest function| __decorate function| __param function| __metadata function| __awaiter function| __generator function| __exportStar function| __createBinding function| __values function| __read function| __spread function| __spreadArrays function| __await function| __asyncGenerator function| __asyncDelegator function| __asyncValues function| __makeTemplateObject function| __importStar function| __importDefault function| __classPrivateFieldGet function| __classPrivateFieldSet object| triptease object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| ACC_CONF object| webpackChunk object| ACC object| SiteAlerts function| Cookies function| scaleFont function| scrollToAnchor object| DataLayer boolean| CE_USER_SCRIPT object| CE2 string| CE_USER_SITE_DATA_URL string| CE_USER_DATA_URL object| gaplugins object| gaGlobal object| gaData undefined| CE_USER_COMMON_SCRIPT_URL undefined| CE_USER_THIRDPARTY_SCRIPT_URL function| onYouTubeIframeAPIReady object| ___RMCMPW object| cti115909 object| regeneratorRuntime function| parcelRequire8d74 function| ttRetargeting function| gtag boolean| acquisitionsPageLoaded function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO

35 Cookies

Domain/Path Name / Value
.adnxs.com/ Name: uuid2
Value: 583917811178065265
www.paysbig.com/ Name: qcSxc
Value: 1665406489140
.quantserve.com/ Name: mc
Value: 63441619-251fc-6e447-1eac0
.paysbig.com/ Name: __qca
Value: P0-224953680-1665406489136
.paysbig.com/ Name: _gcl_au
Value: 1.1.152238561.1665406489
.paysbig.com/ Name: _fbp
Value: fb.1.1665406489250.204230066
.paysbig.com/ Name: _gid
Value: GA1.2.1022162241.1665406489
.paysbig.com/ Name: _gat_UA-11866965-1
Value: 1
.doubleclick.net/ Name: IDE
Value: AHWqTUntW9pJf_EkLeG0Vpd_zHCpLRpkYta9Sf4fnHFgNDeMrbLx49Mur8One3qhiWo
.paysbig.com/ Name: _ga_HDFF75V5ZF
Value: GS1.1.1665406489.1.0.1665406489.60.0.0
.paysbig.com/ Name: _ga
Value: GA1.1.1395130416.1665406489
.linksynergy.com/ Name: rmuid
Value: 62c01d21-3d20-4aa1-8f26-93da4263b12e
.simpli.fi/ Name: suid
Value: 3713B15F212F4C77AFB7496B3F2A7D1F
.triptease.io/ Name: triptease-user-id
Value: 01GF0ZCQ8FNEPT30R5VJHFC3X3
.triptease.io/ Name: triptease-session-id
Value: 01GF0ZCQ8FZ2D6CYXDEF3DZ6T8
.bidr.io/ Name: bitoIsSecure
Value: ok
.bidr.io/ Name: bito
Value: AASl1E7GiCwAAB5skM92Vw
.adnxs.com/ Name: anj
Value: dTM7k!M4/rEVNsVF']wIg2GVHej$i+!m5LRe#!BrZ=4RT@H'l<glE1!e'=Is7p%xxiJ%]mia-kjhf%jehG/)KkLd><*f=kWO]g/wMO'TFe/bN`-`wS0#xqes%6lNrrn2d=
.agkn.com/ Name: ab
Value: 0001%3A4uTPIIjpZq%2FAJDUYt4C%2FIuvIf6caWcaE
.triptease.io/ Name: tt-bee-beeswax-id
Value: AAButk7GiCwAADAybzL4fQ
.demdex.net/ Name: demdex
Value: 67788910084026042001344149595332317651
.ads.stickyadstv.com/ Name: UID
Value: 8bb4b647456858591bcaa76cd686493
.ads.stickyadstv.com/ Name: uid-bp-26913
Value: AAQT6U7GiCwAACB90qpn9w
.ads.stickyadstv.com/ Name: sessionId
Value: f4c7e1f4cee2427fd4151b84ce995c
.company-target.com/ Name: tuuid
Value: 97f0ff17-4110-4000-9eb5-e71a0ee9a8cf
.company-target.com/ Name: tuuid_lu
Value: 1665406492
.dpm.demdex.net/ Name: dpm
Value: 67788910084026042001344149595332317651
.exelator.com/ Name: EE
Value: "3a9127bb4e9e006f5d98f94180b7fe36"
.casalemedia.com/ Name: CMID
Value: Y0QWHMRIL89XoA6FuZ0U5wAA
.casalemedia.com/ Name: CMPS
Value: 3271
.casalemedia.com/ Name: CMPRO
Value: 3271
.bluekai.com/ Name: bkdc
Value: phx
.bluekai.com/ Name: bkpa
Value: KJpEnXTLu5DlBMD01qcwEnaN59y11xLN5X26n7565cS0BYQL0n1LOyemP9LC
.bluekai.com/ Name: bku
Value: g/A99OyVHsBsWg12
.exelator.com/ Name: ud
Value: "eJxrXxzq6XKLQcE40dLQyDwpySTVMtXAwCzNNMXSIs3SxNDCIMk8LdXYbHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDAbEl%252BUWb6IhfXxUUpaQyLSopPBR988BsAmB0rEQ%253D%253D"

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4461369.fls.doubleclick.net
aa.agkn.com
ads.stickyadstv.com
adservice.google.com
adservice.google.de
api.triptease.io
b.triptease.io
cm.g.doubleclick.net
connect.facebook.net
consent.linksynergy.com
dpm.demdex.net
dsum-sec.casalemedia.com
fonts.googleapis.com
googleads.g.doubleclick.net
ib.adnxs.com
image2.pubmatic.com
insight.adsrvr.org
intljs.rmtag.com
js.adsrvr.org
loadus.exelator.com
match.prod.bidr.io
maxcdn.bootstrapcdn.com
messages.guest-experience.triptease.io
onboard.triptease.io
p.typekit.net
paysbig.com
pixel.quantserve.com
pxl.qccerttest.com
region1.analytics.google.com
rules.quantcount.com
script.crazyegg.com
secure.adnxs.com
secure.quantserve.com
segment.prod.bidr.io
segments.company-target.com
static-meta.triptease.io
static.triptease.io
stats.g.doubleclick.net
tag.simpli.fi
tags.bluekai.com
use.typekit.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.paysbig.com
142.250.185.66
143.204.215.97
151.101.129.182
151.101.129.62
151.101.2.133
151.101.65.182
169.50.137.179
172.217.18.6
185.64.190.80
185.80.39.216
185.89.210.153
185.89.210.46
2001:4860:4802:32::36
2001:4860:4802:38::178
23.3.108.242
23.55.163.72
2600:9000:2057:9600:6:44e3:f8c0:93a1
2600:9000:214f:ce00:11:615:7240:93a1
2606:4700:3036::6815:28e7
2606:4700::6812:acf
2606:4700::6813:9308
2620:116:800d:21:c5a4:625:6563:a5bb
2a00:1450:4001:802::2002
2a00:1450:4001:808::2003
2a00:1450:4001:80e::200a
2a00:1450:4001:827::2002
2a00:1450:4001:82a::2008
2a00:1450:4001:830::2004
2a00:1450:4001:831::2002
2a00:1450:400c:c00::9a
2a02:26f0:3500:16::215:1495
2a02:26f0:3500:16::215:14a0
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
3.120.204.36
34.102.147.248
34.254.143.3
34.98.67.3
35.186.195.233
52.223.40.198
52.30.140.233
52.30.152.75
52.51.145.228
65.9.65.116
69.167.174.209
00a92494627ed8f758972b7dc47b3af186497c0637ea867a33fdb604c1548674
05e9f561fd0808b5fb5669f5cc1b598727e86d26feb1692f491aeed12a209025
09ec90d188426189f57d4461a091d03773f7bcabd4b1d78216b05028ef0fc356
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0c5089e71b45e8a6f7bc58c5c6132671f9779e7f166f9c1686ffc8ee8e83536a
0cb8cc3fee4275e182236ab19c3aae55274f43aa0ffde9c0510d8d59fcf8e5dc
10541edb824fa8844e5e55b6ebcf6cc62a370dcbd8add4cd66d76bbbc77bdecf
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1c376aad686d4901e7d152495b7a1dc91f3f558e2bc028c1f1224edec99c6edc
2139162aa1b3b5ae1b4e4b151fff32bdb216a46374b7dd1ef5e6165cb61afa51
21a3b5524a73f149cc3d4efbf7fcb914e8649d49bf02ca77ced920302a5205f6
297cf657772bd9e11c77551584e4419b97eac6c6a90485ac7cb8e541764b47d7
2a07e17a4bfe2a7704e4c4a0c0e5b6afd7e156388e5149d5172d0d69121d2af2
2c13fcf8fc9a69c95c7d6d1452f006d58f427fb20e07cddacf00127c78f8c5ed
31685af3bbf1ff809935f70512ea48729eac2add3a47f604db26c43f2a253541
31b550a1051ada5396ae67dfe07a0f41d2ea549fc372bce9a2d1a355e195e5cb
31f52cd076147ff9fd29589d04692340ce79d4719af4d521826203aee9f0a7b3
32552ef3ff296e85c35d8bdd0815fa783394719b9972a7a09b6fd88db062f9d5
3520de92bea2938a10a1fcf05953d65ea3c683f8efad94be7e17943790e03725
35cc4532ae170e8469c26947202085cc0b6586e4c85f10a8d29a075bed597af0
391580a7448dc6eb4fb5d9c8236af1feb0c61c9e2a437f8d7ac933dca6148fcf
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019
41c2c9052a1c2a2a2f71d3c5d3cef88fc067208a225951721327a0e9233ffcb6
46d590028f5e0c5e2d719abd0b64e97f7adde30df478dfb9b7ba8ae920f2a6a9
47cd1f09c8b4600710853be4a00b2c8bf59c010cb02c49de66b79666fe21f184
48d156af6d38f5b5ae6c387222a7213f6f13ad9a15d5c1c00ecd9d714b6287ae
49c39fdb4fcd15215cb8f3dfee05e3238189874b7f3da69b8b67acf3973967ba
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4be9561447de037e9a50a285556b135754c1cfaf945316341093ca6521140c8b
4e8d47f2d51e5c15ed54e8237f827005d675eec474216e7931e534c78ff30158
507a553130db61df15e47f554bd35c5b9521584e4847173a25fcedc1f6aba776
54d464dcbb274e2f142eb6e78e14dd6885edc21e72d0989717a1318c170777df
5c3999e115ca8e3150d44cf5325ad05b1ddcdb2cdcf6e08d40691376346bd735
5e18b84ffe29fc9ee67de5f1eb5e8fa026ea25b4924749556347cc5c6bbc8c86
5f36ed1ea2ebcabddf9f4480903f9ebc23b9c87c2e218c198c6bd1bb9186fe0c
6053a7c33e8bf1f6cd17d57b712f543a9c67dd98037487bdd9fdcb76b6d227fd
60fe579c50202903eec3a1898b8eafc6df528307b7e40052c0f800e718a7129f
626ef51b503a5ce69ae57c60c81c4f3edea5b2307f7be1d4e3c7bb52e8312a44
64efed52c098bb0c627e30bfaf6122c77ef28f7ea783a373a88f50be034bc46b
655e0486e28c9fcd9624b953d835b2e256ed19247df4cfb4d60376541a5231ea
6849e7325a0c1589c6d40bb50ea5060072df83ac306d43974b0060ef179b1d83
68ae4e9ce079719974c10718e80eacd6f8bcfec22118787db0624ac114fda8d9
6d6669c1ec3fb77c95f16cbd7393b8308951f2159ac7a67569bfb86989009425
7035685b0486c01ca199604482d11da098e777030e5af6550b0a86a3ca8e70fa
71668ce7e8b1bcdabae73f18503e1d121f4cb2a1c07e2c65412901ce09725405
7673e67cda72eee06ea2741963e48df31cf1a483eec3e9cc4e1bc099f04797d3
7c37878a1c18e77764292e009ae4d793a5aa998127c89287efbd3ef2c0d3f819
7ddc838cdde87d034533f28905b928311621e67ffc0de9eabf1e4aaf44a9c2a3
80aaf2734499cfabb37486111edc8e51c02f0db4411dd318fae437f360e78898
828ce195d97be14986c26d8631987d599543a343f33797d7bc883e19818b1f6d
82bce146a942a5354e40a92a6166bcc18166e73262644f69488973028b4ecae1
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
88694e0418748c08ec3082cad6ac8e7e98bd980ca7f322b668d4b7772ee1acd6
887b67c5dad95a30b154a0472592801b614339be075d9a3112cd16d9764cfc58
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
936c192239e817fcbe5df42f80e69fb57b0b054e4f073b1ff01401b9017a9b0d
936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829
97e7ac984c177c6fc3ccf29cdb8ade4b7f0e4734d60561692d81621097ce5e60
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
ac480d0f5fa55eff79e1f866bc6d3072631e19c725d6411415ce0a4b6d67a70f
adc993b680b12ac61d27262e74d66f1419109fd47ba619f96b83375084a5628d
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b33b420b1309810d0e5418be3ee3e5dab1f8728741ad082dbea4d74d74134101
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b64b0827217f6356d2a400456bd389c0a53951c4f1153f381d9c0418e71bae14
b719a446401c59e2784e7979101371a8a12f04139b37c8632682ea60a5720b21
b9e50b6734bad93ecd00651261b13ab439b9541a01d4f754db7ea74157291a54
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
be44a4a77a3b8a9225ef7311944caae0c15db81130bd60603f8309324a050882
c1b1e4e026be16d23a5a472bb3331e9d14ea3b62828a2e57fc2414fc0371dfa7
c7280f0fb3b8972840ed4d5fb1cd3975e15b11fb467ac2508c8b3e264a168ff9
c8661d696f294f47d32178106045ddb4e72ac849207465d8ee3d147355c4502e
c8c2157918c9fed0bb9dcc56c96b52dc7af70b05ca0228e467eaf91777751ad7
cbb257fe6ea6517a44b7277772137be59dde49a0acb76b40fce67d8d786536a0
cc5f99d27f0bb26d1cb1acc915bfb116f83f84d591d1140ac1504e972881b45b
ce897b4b497642b1103c8974fadf8ae18e200a45b2c6d6d8cf61ca1e60b8569e
d33f41904f603d278b415e66a7475249593e5a37ffdb12733083ffcf184d7c06
d3808b548444fb0deda5a1f0acc5c45f7acc4a243bf01a1d9e3822c9f06a642e
d44450f8fa917495859da3731ee7f22d5d3f03ad1fbf22b90c3c2f134bd44502
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dcf277f678fa4d632accfb1a31b46848144b490f03c895969c207aafc32311e7
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e1ed1aae8153c453793b11eedd5456cde6f15b5391bf45c024e8c1abf29001ac
e20ea22f0413d8aede5f0c60ce973cc3462b8ca98a7c0f522b8545e3a709f2ef
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5ab28f12c7e11f82b5dcf438f60307ab1c3183964d922f5aeee5604b85e0e35
e6fb7ab72a4ca61464eaa25f2afc5cbd2086009b85ba14172b3d3a2121f5f7de
eba495a61e47519865d84c06e1adba5e856108454efd74bf342303cc6b0b508c
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f42283e0ca17a52688c5250e714ecd1b6a53af8b0f6e54ac64546499b0ec1b19
f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3
fcc19e29fe1ac591dc6996409acca8af75fd84280f129d716771ce5882f05482
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e