wheregoes.com Open in urlscan Pro
2606:4700:3035::ac43:b70e Public Scan

Go To Rescan
Add Verdict Report

URL:
https://wheregoes.com/
Submission: On October 09 via manual (October 9th 2023, 1:54:05 am UTC) from ID — Scanned from DE

Summary HTTP 261 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 75 IPs in 8 countries across 69 domains to perform 261 HTTP transactions. The main IP is 2606:4700:3035::ac43:b70e, located in United States and belongs to CLOUDFLARENET, US. The main domain is wheregoes.com.
TLS certificate: Issued by GTS CA 1P5 on August 17th 2023. Valid for: 3 months.

This is the only time wheregoes.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
12	2606:4700:303... 2606:4700:3035::ac43:b70e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:e2:... 2606:4700:e2::ac40:8920	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
9	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	178.62.198.146 178.62.198.146	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2a02:2638:d::a 2a02:2638:d::a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	216.52.2.86 216.52.2.86	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
3	2602:803:c003... 2602:803:c003:200::51	26667 (RUBICONPR...) (RUBICONPROJECT)
3 11	185.89.210.122 185.89.210.122	29990 (ASN-APPNEX) (ASN-APPNEX)
3	52.210.78.166 52.210.78.166	16509 (AMAZON-02) (AMAZON-02)
3	51.89.9.254 51.89.9.254	16276 (OVH) (OVH)
1	34.120.63.153 34.120.63.153	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	52.214.251.135 52.214.251.135	16509 (AMAZON-02) (AMAZON-02)
19	2a02:2638:d::2 2a02:2638:d::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	65.9.66.97 65.9.66.97	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:225... 2600:9000:2250:ec00:a:e047:753:6381	16509 (AMAZON-02) (AMAZON-02)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700:10:... 2606:4700:10::6816:3556	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	162.19.138.118 162.19.138.118	16276 (OVH) (OVH)
1	54.217.255.105 54.217.255.105	16509 (AMAZON-02) (AMAZON-02)
1 2	34.120.107.143 34.120.107.143	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
8 10	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.1.11 178.250.1.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
7	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
1	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
1	2620:1ec:46::45 2620:1ec:46::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 5	2a02:26f0:480... 2a02:26f0:480:22::1726:62f9	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	23.32.184.180 23.32.184.180	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a02:2638:d::4 2a02:2638:d::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
7	184.30.22.30 184.30.22.30	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2602:803:c003... 2602:803:c003:200::67	26667 (RUBICONPR...) (RUBICONPROJECT)
5	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2	178.250.7.9 178.250.7.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2600:9000:223... 2600:9000:223c:9c00:1e:a43d:b640:93a1	16509 (AMAZON-02) (AMAZON-02)
2	178.250.7.11 178.250.7.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
20	2a02:2638:d::13 2a02:2638:d::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	2a02:2638:d::11 2a02:2638:d::11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
4	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	3.125.57.54 3.125.57.54	16509 (AMAZON-02) (AMAZON-02)
3	184.30.20.22 184.30.20.22	16625 (AKAMAI-AS) (AKAMAI-AS)
3	3.69.215.73 3.69.215.73	16509 (AMAZON-02) (AMAZON-02)
2	185.86.139.101 185.86.139.101	201081 (SMARTADSE...) (SMARTADSERVER)
2	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
2	104.102.35.84 104.102.35.84	16625 (AKAMAI-AS) (AKAMAI-AS)
2	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
6	3.71.149.231 3.71.149.231	16509 (AMAZON-02) (AMAZON-02)
2	37.157.6.232 37.157.6.232	198622 (ADFORM) (ADFORM)
2 5	104.18.26.193 104.18.26.193	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 4	34.250.238.79 34.250.238.79	16509 (AMAZON-02) (AMAZON-02)
2	99.81.152.59 99.81.152.59	16509 (AMAZON-02) (AMAZON-02)
2	34.117.157.22 34.117.157.22	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	3.75.11.145 3.75.11.145	16509 (AMAZON-02) (AMAZON-02)
2	54.76.247.56 54.76.247.56	16509 (AMAZON-02) (AMAZON-02)
2	64.202.112.255 64.202.112.255	23352 (SERVERCEN...) (SERVERCENTRAL)
2	198.47.127.205 198.47.127.205	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
2	2600:1f18:612... 2600:1f18:612b:4264:496c:d23f:8720:f8bc	14618 (AMAZON-AES) (AMAZON-AES)
2	85.215.5.31 85.215.5.31	6786 (CRONON-BE...) (CRONON-BERLIN-AS)
2	184.30.17.243 184.30.17.243	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.255.244.27 34.255.244.27	16509 (AMAZON-02) (AMAZON-02)
1	18.194.51.36 18.194.51.36	16509 (AMAZON-02) (AMAZON-02)
2	54.229.132.93 54.229.132.93	16509 (AMAZON-02) (AMAZON-02)
2	18.221.230.31 18.221.230.31	16509 (AMAZON-02) (AMAZON-02)
1	18.66.147.73 18.66.147.73	() ()
1	23.212.88.20 23.212.88.20	() ()
1	3.248.143.162 3.248.143.162	() ()
1 1	23.201.255.110 23.201.255.110	() ()
1	184.30.16.195 184.30.16.195	() ()
1	2600:9000:205... 2600:9000:2057:b400:1f:4c18:bd40:93a1	() ()
1	77.245.57.72 77.245.57.72	() ()
1 1	2.18.160.23 2.18.160.23	() ()
261	75

12 2606:4700:3035::ac43:b70e (United States)

ASN13335 (CLOUDFLARENET, US)

wheregoes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:e2::ac40:8920 (United States)

ASN13335 (CLOUDFLARENET, US)

api.fouanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

cdn4.buysellads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.62.198.146 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: srv-eu-nl-14.buysellads.com

srv.buysellads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:d::a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.86 (United States)

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2602:803:c003:200::51 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 185.89.210.122 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ams3-ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.210.78.166 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-78-166.eu-west-1.compute.amazonaws.com

hb-api.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
visitor.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.89.9.254 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip254.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.63.153 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 153.63.120.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.214.251.135 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-214-251-135.eu-west-1.compute.amazonaws.com

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a02:2638:d::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.97 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-97.fra56.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:ec00:a:e047:753:6381 (United States)

ASN16509 (AMAZON-02, US)

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3556 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 162.19.138.118 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533569.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.217.255.105 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-217-255-105.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.107.143 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 143.107.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a02:2638:3::c (France) 8 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.1.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

6711e90510414ef3402793eed4ecc805.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:46::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

adsdk.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:480:22::1726:62f9 (Frankfurt am Main, Germany) 2 redirects

ASN20940 (AKAMAI-ASN1, NL)

www.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.32.184.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-184-180.deploy.static.akamaitechnologies.com

cdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:d::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 184.30.22.30 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-22-30.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2602:803:c003:200::67 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

beacon-ams3.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.7.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223c:9c00:1e:a43d:b640:93a1 (United States)

ASN16509 (AMAZON-02, US)

secure-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.7.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

widget.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a02:2638:d::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

imageproxy.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:d::11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.226 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.125.57.54 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-57-54.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 184.30.20.22 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-20-22.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.69.215.73 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-69-215-73.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.139.101 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

sync-t1.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.102.35.84 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-35-84.deploy.static.akamaitechnologies.com

criteo-sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.245.213 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.71.149.231 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.232 (Denmark)

ASN198622 (ADFORM, DK)

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.18.26.193 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

r.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.250.238.79 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-238-79.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.81.152.59 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-81-152-59.eu-west-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.117.157.22 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 22.157.117.34.bc.googleusercontent.com

matching.ivitrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.75.11.145 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-11-145.eu-central-1.compute.amazonaws.com

exchange.mediavine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.76.247.56 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-247-56.eu-west-1.compute.amazonaws.com

jadserve.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.255 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.205 (United States)

ASN3257 (GTT-BACKBONE GTT, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:612b:4264:496c:d23f:8720:f8bc (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

criteo-partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.215.5.31 (Berlin, Germany)

ASN6786 (CRONON-BERLIN-AS, DE)

a.twiago.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.30.17.243 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-17-243.deploy.static.akamaitechnologies.com

ad.yieldlab.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.255.244.27 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-244-27.eu-west-1.compute.amazonaws.com

sync-criteo.ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.194.51.36 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-51-36.eu-central-1.compute.amazonaws.com

e1.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.229.132.93 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-132-93.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.221.230.31 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-221-230-31.us-east-2.compute.amazonaws.com

s.thebrighttag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.73 (None, )

ASN- ()

public.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.212.88.20 (None, )

ASN- ()

c21lg-d.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.248.143.162 (None, )

ASN- ()

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.201.255.110 (None, ) 1 redirects

ASN- ()

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.16.195 (None, )

ASN- ()

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:b400:1f:4c18:bd40:93a1 (None, )

ASN- ()

cs-rtb.minutemedia-prebid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 77.245.57.72 (None, )

ASN- ()

sync.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.160.23 (None, ) 1 redirects

ASN- ()

hbx.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	criteo.net static.criteo.net — Cisco Umbrella Rank: 728 imageproxy.eu.criteo.net — Cisco Umbrella Rank: 9717 csm.eu.criteo.net — Cisco Umbrella Rank: 9249	285 KB
23	criteo.com 8 redirects bidder.criteo.com — Cisco Umbrella Rank: 895 gum.criteo.com — Cisco Umbrella Rank: 478 mug.criteo.com — Cisco Umbrella Rank: 2541 ads.eu.criteo.com — Cisco Umbrella Rank: 9209 cat.fr3.eu.criteo.com — Cisco Umbrella Rank: 10377 widget.fr3.eu.criteo.com — Cisco Umbrella Rank: 19586 dis.criteo.com — Cisco Umbrella Rank: 648	131 KB
18	rubiconproject.com 1 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 563 eus.rubiconproject.com — Cisco Umbrella Rank: 662 beacon-ams3.rubiconproject.com — Cisco Umbrella Rank: 9971 token.rubiconproject.com — Cisco Umbrella Rank: 504 pixel.rubiconproject.com — Cisco Umbrella Rank: 409 secure-assets.rubiconproject.com	43 KB
13	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 261 cdn.adnxs.com — Cisco Umbrella Rank: 2045 ams3-ib.adnxs.com — Cisco Umbrella Rank: 6890 acdn.adnxs.com secure.adnxs.com Failed	65 KB
12	wheregoes.com wheregoes.com	160 KB
11	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 108 6711e90510414ef3402793eed4ecc805.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 157	42 KB
11	doubleclick.net 2 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 214 cm.g.doubleclick.net — Cisco Umbrella Rank: 255	178 KB
6	yahoo.com ups.analytics.yahoo.com — Cisco Umbrella Rank: 363 pr-bh.ybp.yahoo.com Failed	246 B
6	media.net 1 redirects prebid.media.net — Cisco Umbrella Rank: 1420 contextual.media.net — Cisco Umbrella Rank: 780 c21lg-d.media.net hbx.media.net	13 KB
5	casalemedia.com 2 redirects r.casalemedia.com — Cisco Umbrella Rank: 1837 ssum-sec.casalemedia.com dsum-sec.casalemedia.com Failed	3 KB
5	bing.com 2 redirects www.bing.com — Cisco Umbrella Rank: 75	8 KB
4	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 242	3 KB
4	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1156 id5-sync.com — Cisco Umbrella Rank: 470	32 KB
4	servenobid.com ads.servenobid.com — Cisco Umbrella Rank: 2878 public.servenobid.com	5 KB
4	buysellads.net cdn4.buysellads.net — Cisco Umbrella Rank: 23960	167 KB
3	pubmatic.com simage2.pubmatic.com — Cisco Umbrella Rank: 959 ads.pubmatic.com image6.pubmatic.com Failed	6 KB
3	sharethrough.com match.sharethrough.com — Cisco Umbrella Rank: 621	103 B
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 223	177 KB
3	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 1906 google-bidout-d.openx.net — Cisco Umbrella Rank: 1919 us-u.openx.net Failed	661 B
3	onetag-sys.com onetag-sys.com — Cisco Umbrella Rank: 913	361 B
3	omnitagjs.com hb-api.omnitagjs.com — Cisco Umbrella Rank: 3692 visitor.omnitagjs.com — Cisco Umbrella Rank: 773	2 KB
3	fouanalytics.com api.fouanalytics.com — Cisco Umbrella Rank: 11499	7 KB
2	thebrighttag.com s.thebrighttag.com — Cisco Umbrella Rank: 2648	535 B
2	krxd.net beacon.krxd.net — Cisco Umbrella Rank: 903	675 B
2	yieldlab.net ad.yieldlab.net — Cisco Umbrella Rank: 4701	800 B
2	twiago.com a.twiago.com — Cisco Umbrella Rank: 33274	306 B
2	tremorhub.com criteo-partners.tremorhub.com — Cisco Umbrella Rank: 2985	798 B
2	outbrain.com sync.outbrain.com — Cisco Umbrella Rank: 900	290 B
2	postrelease.com jadserve.postrelease.com — Cisco Umbrella Rank: 1252	843 B
2	mediavine.com exchange.mediavine.com — Cisco Umbrella Rank: 1304	2 KB
2	ivitrack.com matching.ivitrack.com — Cisco Umbrella Rank: 10624	377 B
2	360yield.com ad.360yield.com — Cisco Umbrella Rank: 761	397 B
2	adform.net cm.adform.net — Cisco Umbrella Rank: 1279 c1.adform.net Failed	325 B
2	3lift.com eb2.3lift.com — Cisco Umbrella Rank: 434	279 B
2	teads.tv criteo-sync.teads.tv — Cisco Umbrella Rank: 2637	326 B
2	taboola.com sync-t1.taboola.com — Cisco Umbrella Rank: 1598	197 B
2	smartadserver.com rtb-csync.smartadserver.com — Cisco Umbrella Rank: 898 ssbsync.smartadserver.com Failed	227 B
2	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 387	291 B
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 250	10 KB
2	imrworldwide.com secure-gl.imrworldwide.com — Cisco Umbrella Rank: 2167	1 KB
2	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1164 bcp.crwdcntrl.net — Cisco Umbrella Rank: 1073	12 KB
2	lijit.com ap.lijit.com — Cisco Umbrella Rank: 754	677 B
1	adkernel.com sync.adkernel.com	160 B
1	minutemedia-prebid.com cs-rtb.minutemedia-prebid.com	525 B
1	gumgum.com g2.gumgum.com	1 KB
1	emxdgt.com e1.emxdgt.com — Cisco Umbrella Rank: 2433	44 B
1	yieldmo.com sync-criteo.ads.yieldmo.com — Cisco Umbrella Rank: 2848	38 B
1	google.com www.google.com — Cisco Umbrella Rank: 2	1 KB
1	microsoft.com adsdk.microsoft.com — Cisco Umbrella Rank: 4847	36 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 373	1 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 2118	8 KB
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 2931	3 KB
1	buysellads.com srv.buysellads.com — Cisco Umbrella Rank: 23867	719 B
0	creativecdn.com Failed creativecdn.com Failed
0	admanmedia.com Failed cs.admanmedia.com Failed
0	socdm.com Failed tg.socdm.com Failed
0	everesttech.net Failed sync-tm.everesttech.net Failed
0	contextweb.com Failed bh.contextweb.com Failed
0	deepintent.com Failed match.deepintent.com Failed
0	ipredictive.com Failed sync.ipredictive.com Failed
0	stackadapt.com Failed sync.srv.stackadapt.com Failed
0	brand-display.com Failed dmp.brand-display.com Failed
0	zemanta.com Failed b1sync.zemanta.com Failed
0	adsrvr.org Failed match.adsrvr.org Failed
0	amazon-adsystem.com Failed s.amazon-adsystem.com Failed
0	disqus.com Failed ssp.disqus.com Failed
0	sonobi.com Failed sync.go.sonobi.com Failed
0	1rx.io Failed sync.1rx.io Failed
0	yellowblue.io Failed cs-server-s2s.yellowblue.io Failed
261	69

	Domain	Requested by
20	imageproxy.eu.criteo.net	ads.eu.criteo.com
19	static.criteo.net	securepubads.g.doubleclick.net ads.eu.criteo.com cdn4.buysellads.net static.criteo.net
12	wheregoes.com	wheregoes.com
10	gum.criteo.com	8 redirects static.criteo.net
9	securepubads.g.doubleclick.net	cdn4.buysellads.net securepubads.g.doubleclick.net wheregoes.com www.googletagservices.com
7	eus.rubiconproject.com	wheregoes.com eus.rubiconproject.com cdn4.buysellads.net public.servenobid.com
7	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
7	ib.adnxs.com	3 redirects cdn4.buysellads.net widget.fr3.eu.criteo.com acdn.adnxs.com
6	ups.analytics.yahoo.com	ads.eu.criteo.com widget.fr3.eu.criteo.com public.servenobid.com
5	www.bing.com	2 redirects wheregoes.com
4	dpm.demdex.net	2 redirects
4	r.casalemedia.com	2 redirects ads.eu.criteo.com
4	dis.criteo.com	ads.eu.criteo.com
4	csm.eu.criteo.net	ads.eu.criteo.com
4	ams3-ib.adnxs.com	cdn4.buysellads.net wheregoes.com cdn.adnxs.com
4	cdn4.buysellads.net	wheregoes.com
3	match.sharethrough.com	ads.eu.criteo.com widget.fr3.eu.criteo.com public.servenobid.com
3	contextual.media.net	ads.eu.criteo.com widget.fr3.eu.criteo.com cdn4.buysellads.net
3	token.rubiconproject.com	eus.rubiconproject.com
3	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
3	www.googletagservices.com	securepubads.g.doubleclick.net
3	id5-sync.com	cdn.id5-sync.com ads.eu.criteo.com widget.fr3.eu.criteo.com
3	ads.servenobid.com	cdn4.buysellads.net public.servenobid.com ssum-sec.casalemedia.com g2.gumgum.com
3	onetag-sys.com	cdn4.buysellads.net public.servenobid.com
3	fastlane.rubiconproject.com	cdn4.buysellads.net
3	api.fouanalytics.com	wheregoes.com api.fouanalytics.com
2	s.thebrighttag.com
2	beacon.krxd.net
2	ad.yieldlab.net	ads.eu.criteo.com widget.fr3.eu.criteo.com
2	a.twiago.com	ads.eu.criteo.com widget.fr3.eu.criteo.com
2	criteo-partners.tremorhub.com	ads.eu.criteo.com widget.fr3.eu.criteo.com
2	simage2.pubmatic.com	ads.eu.criteo.com widget.fr3.eu.criteo.com
2	sync.outbrain.com	ads.eu.criteo.com widget.fr3.eu.criteo.com g2.gumgum.com
2	jadserve.postrelease.com	ads.eu.criteo.com widget.fr3.eu.criteo.com
2	exchange.mediavine.com	ads.eu.criteo.com widget.fr3.eu.criteo.com
2	matching.ivitrack.com	ads.eu.criteo.com widget.fr3.eu.criteo.com
2	ad.360yield.com	ads.eu.criteo.com widget.fr3.eu.criteo.com g2.gumgum.com
2	visitor.omnitagjs.com	ads.eu.criteo.com widget.fr3.eu.criteo.com
2	cm.adform.net	ads.eu.criteo.com widget.fr3.eu.criteo.com
2	eb2.3lift.com	ads.eu.criteo.com widget.fr3.eu.criteo.com
2	criteo-sync.teads.tv	ads.eu.criteo.com widget.fr3.eu.criteo.com
2	sync-t1.taboola.com	ads.eu.criteo.com widget.fr3.eu.criteo.com
2	rtb-csync.smartadserver.com	ads.eu.criteo.com widget.fr3.eu.criteo.com
2	pixel.rubiconproject.com	ads.eu.criteo.com widget.fr3.eu.criteo.com
2	x.bidswitch.net	ads.eu.criteo.com widget.fr3.eu.criteo.com g2.gumgum.com
2	cm.g.doubleclick.net	2 redirects ssum-sec.casalemedia.com g2.gumgum.com
2	cdnjs.cloudflare.com	ads.eu.criteo.com
2	widget.fr3.eu.criteo.com	ads.eu.criteo.com
2	secure-gl.imrworldwide.com	ads.eu.criteo.com
2	cat.fr3.eu.criteo.com	ads.eu.criteo.com
2	beacon-ams3.rubiconproject.com	wheregoes.com
2	ads.eu.criteo.com	wheregoes.com
2	mug.criteo.com
2	oajs.openx.net	1 redirects
2	ap.lijit.com	cdn4.buysellads.net public.servenobid.com
1	hbx.media.net	1 redirects
1	sync.adkernel.com	public.servenobid.com
1	cs-rtb.minutemedia-prebid.com	public.servenobid.com
1	ads.pubmatic.com	public.servenobid.com g2.gumgum.com
1	secure-assets.rubiconproject.com	1 redirects g2.gumgum.com
1	ssum-sec.casalemedia.com	public.servenobid.com ssum-sec.casalemedia.com
1	g2.gumgum.com	public.servenobid.com
1	c21lg-d.media.net	contextual.media.net
1	public.servenobid.com	cdn4.buysellads.net
1	acdn.adnxs.com	cdn4.buysellads.net
1	e1.emxdgt.com	ads.eu.criteo.com
1	sync-criteo.ads.yieldmo.com	ads.eu.criteo.com
1	www.google.com	tpc.googlesyndication.com
1	cdn.adnxs.com	cdn4.buysellads.net
1	adsdk.microsoft.com	cdn4.buysellads.net
1	google-bidout-d.openx.net	oa.openxcdn.net
1	6711e90510414ef3402793eed4ecc805.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	prebid.media.net	cdn4.buysellads.net
1	hb-api.omnitagjs.com	cdn4.buysellads.net
1	bidder.criteo.com	cdn4.buysellads.net
1	srv.buysellads.com	cdn4.buysellads.net
0	creativecdn.com Failed	g2.gumgum.com
0	cs.admanmedia.com Failed	g2.gumgum.com
0	tg.socdm.com Failed	g2.gumgum.com
0	sync-tm.everesttech.net Failed	g2.gumgum.com
0	c1.adform.net Failed	g2.gumgum.com
0	bh.contextweb.com Failed	g2.gumgum.com
0	match.deepintent.com Failed	g2.gumgum.com
0	sync.ipredictive.com Failed	g2.gumgum.com
0	pr-bh.ybp.yahoo.com Failed	g2.gumgum.com
0	sync.srv.stackadapt.com Failed	g2.gumgum.com
0	us-u.openx.net Failed	g2.gumgum.com
0	secure.adnxs.com Failed	g2.gumgum.com
0	image6.pubmatic.com Failed	ads.pubmatic.com
0	dmp.brand-display.com Failed	ssum-sec.casalemedia.com
0	dsum-sec.casalemedia.com Failed	ssum-sec.casalemedia.com
0	b1sync.zemanta.com Failed	ssum-sec.casalemedia.com g2.gumgum.com
0	match.adsrvr.org Failed	ssum-sec.casalemedia.com g2.gumgum.com
0	s.amazon-adsystem.com Failed	ssum-sec.casalemedia.com
0	ssp.disqus.com Failed	public.servenobid.com
0	sync.go.sonobi.com Failed	public.servenobid.com
0	sync.1rx.io Failed	public.servenobid.com
0	cs-server-s2s.yellowblue.io Failed	public.servenobid.com
0	ssbsync.smartadserver.com Failed	public.servenobid.com ssum-sec.casalemedia.com g2.gumgum.com
261	105

This site contains links to these domains. Also see Links.

Domain
twitter.com

Subject Issuer	Validity	Valid
wheregoes.com GTS CA 1P5	`2023-08-17` - `2023-11-15`	3 months	crt.sh
fouanalytics.com E1	`2023-09-09` - `2023-12-08`	3 months	crt.sh
cdn4.buysellads.net R3	`2023-09-19` - `2023-12-18`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.buysellads.com Sectigo RSA Domain Validation Secure Server CA	`2023-05-25` - `2024-06-24`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2023-05-06` - `2024-05-04`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
omnitagjs.com Sectigo RSA Domain Validation Secure Server CA	`2023-06-23` - `2024-07-22`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-28` - `2024-01-28`	a year	crt.sh
prebid.media.net GTS CA 1D4	`2023-08-31` - `2023-11-29`	3 months	crt.sh
ads.servenobid.com Amazon RSA 2048 M01	`2023-04-29` - `2024-05-27`	a year	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-05` - `2023-10-31`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2023-10-08` - `2024-11-05`	a year	crt.sh
cdn.prod.uidapi.com R3	`2023-08-10` - `2023-11-08`	3 months	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-09-25` - `2023-12-24`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-07` - `2024-05-06`	a year	crt.sh
*.id5-sync.com R3	`2023-09-01` - `2023-11-30`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
adsdk.microsoft.com Microsoft Azure TLS Issuing CA 05	`2023-04-07` - `2024-04-01`	a year	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2023-08-24` - `2024-08-24`	a year	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-29` - `2023-12-23`	3 months	crt.sh
r.bing.com Microsoft RSA TLS CA 01	`2022-11-15` - `2023-11-15`	a year	crt.sh
*.fr3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-07` - `2023-12-30`	3 months	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-03` - `2024-02-03`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-08` - `2023-11-08`	3 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
*.media.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-10` - `2024-02-18`	a year	crt.sh
*.sharethrough.com Amazon RSA 2048 M01	`2023-06-14` - `2024-07-12`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
*.taboola.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-08` - `2023-12-31`	a year	crt.sh
teads.tv R3	`2023-10-04` - `2024-01-02`	3 months	crt.sh
*.3lift.com Amazon RSA 2048 M02	`2023-04-13` - `2024-05-11`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-08-03` - `2024-01-24`	6 months	crt.sh
*.adform.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-25` - `2024-06-18`	a year	crt.sh
*.360yield.com Amazon RSA 2048 M01	`2023-05-29` - `2024-06-26`	a year	crt.sh
itm.ivitrack.com R3	`2023-08-16` - `2023-11-14`	3 months	crt.sh
exchange.mediavine.com Amazon RSA 2048 M02	`2023-06-06` - `2024-07-04`	a year	crt.sh
*.postrelease.com Amazon RSA 2048 M01	`2023-02-09` - `2024-02-16`	a year	crt.sh
*.outbrain.com Thawte RSA CA 2018	`2022-11-06` - `2023-11-28`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2023-04-20` - `2024-05-20`	a year	crt.sh
*.tremorhub.com Amazon RSA 2048 M01	`2023-02-22` - `2024-03-23`	a year	crt.sh
*.twiago.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-28` - `2023-12-29`	a year	crt.sh
*.yieldlab.net DigiCert TLS RSA SHA256 2020 CA1	`2023-09-17` - `2024-09-17`	a year	crt.sh
*.ads.yieldmo.com Amazon RSA 2048 M01	`2023-04-04` - `2024-05-02`	a year	crt.sh
*.emxdgt.com Amazon RSA 2048 M01	`2023-05-03` - `2024-05-31`	a year	crt.sh
*.servenobid.com Amazon RSA 2048 M02	`2023-02-21` - `2024-02-05`	a year	crt.sh
ie-ad-exch-prd-one-eks.prd.eks.ie.adexchange.gumgum.com Amazon RSA 2048 M01	`2023-07-17` - `2024-08-14`	a year	crt.sh
casalemedia.com Cloudflare Inc ECC CA-3	`2023-05-21` - `2024-05-20`	a year	crt.sh
*.minutemedia-prebid.com Amazon RSA 2048 M01	`2023-05-01` - `2024-05-29`	a year	crt.sh
*.adkernel.com AlphaSSL CA - SHA256 - G4	`2023-01-03` - `2024-02-04`	a year	crt.sh

This page contains 41 frames:

Primary Page: https://wheregoes.com/
Frame ID: 135952E118A10952DECFD7E0BCDCFC3E
Requests: 46 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=wheregoes.com
Frame ID: EDFBEBF6BC8A2F8ABA121794B87723E6
Requests: 2 HTTP requests in this frame

Frame: https://6711e90510414ef3402793eed4ecc805.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 39DAF0C6150AF4BB0D7089B9D518DDFC
Requests: 1 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 81554269E1C84D8F1DECADC8F11EA0E1
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvDm3Qc0ircW61bXIwbVh0vufghWbNttX8tJRZorLd3BuqMuoABPM9F6puwLBf5J4DTB3mWdXBBdLLVnrziEcNkIxrGOTqbs4h7PttDgCVo5WIElgIR-2A85Wbx6wLw8at-ZZnRdkrdsXQATekouGEuixD3YSUBHvfLhq6xF4lbDOxN89m4OxG2XwfspIZMci80lO5aP6vyRexp8XUguNknPe6UqGwhJwYSNdq64u2yUPoUXecF0_XYhDr3xbaXC2n0dCkwtIQ7p5QtDrMs2uALKdL9oRwXUsC9AOMdzG416o7l3x8VhcJvbLjZjdVq6r-Ctp7um8QSm0TpvpJR0fMoLOjKSMBOmdy3&sai=AMfl-YQT8qe07oAEVfc7jCzjKVoP3BQvIq7AuQ3JqjlD3iGKCXEzvwREHrMo-3X1QK3eALwM-TJmVZfr1iyYikyvmTpkU5quxfo9crOlw47uC6kWc0cW5JxxuXHewobcY6NqXHfdWhi53oEZLC6R--RD&sig=Cg0ArKJSzMEXe8fi9jhAEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 4A095E2298D5A9C88E5359D23CF12A7D
Requests: 15 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsth4Pn7nY2qbIh3ZRZudaxcsPxO4lPx2706hCBeZ6_f3pV4mrAYUSPvUQO_lOkB96u2VbBDTHBgPo916nh885e_lMyXIVvSMUKkgJYpgx3_PVA4M3yrwLExVevjSw9dKFBZgDwANLlkPyX4tsSjnjkXPOFBDPsm1QuIa3FymlEkDbL6Hzdt8OgvNHSQfcVwDiWEMqlDsXnWTOgp6xvDuTQxoFuehXs48A5mAbvQ7_PGKvqe0vBy5oAtVgyg45ABMwhot1JQrtwvYtrz2DY7XPdEv5XenG_Jh5u3GPe4GgbaSmnNl-7plZqPQwdTqKWsXDbjZdq8nIFHkeDVEAVkEvpUNCQNnUK5&sai=AMfl-YR0q2kJNCHpGP-dLZrXhjzokMqG4iJusD2ecy8YPxFMcBgc3UD4aMWHWsdmc-1pslqhQ82Q4cJE-Y4-DTpLr_N8hFZ7rFO9j-CmZu0ar82ljkeN-nq4E2nXUzyfushdzvB0vhPnjfZoWt4TeWFP&sig=Cg0ArKJSzLL4RlwQ0UBAEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 2E3A61A90CF8661A7FF9AA903F62E238
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstjZQd7gJeff3ZwkShlP_FQYr0YQwm16X16arvKb9FcSpLhdC1YLTI1BypNrU_N-tOi5_YFm5r8_DRSEKuD6tH4YSwxJ3N8_BG_O4omDTqz7r4Bv-LxWx55cJKM45SqfVuwSijLRIOKWrtmFcpFspLQNsTBGct3QA-HMjqwZihO91Jc4j-OMW7riwTUBCstns1QerNcHqrZ7o4N1YFiwIJaKYgIwM5KDuxWY8hZ28pCvbbmekwEwnrA-U9Nah55vX9WSSmAglnWn9QF7gzRGvSjjP4rG3MEt356LSF9TFu6UDvPio87_8zI9G081XbFTe8_YCbH0rU0HzaGC1ULmztkxXo99QtVzHZqPssg7w&sai=AMfl-YRzBA8fMBqXjE7cfHeNK1SiC-lN54pCRzy_FbPquESRynFKAfKrqlnc1DBTJmQ-p_h5-PA5-Bcm0LAgf2kBAFV4kYdOVAlvd4XDuNxUC7Mv_dn1GKH9hRWxIayCFxHH_7EhnpIXjj12PnDBBRiP&sig=Cg0ArKJSzILiwmxQUEYwEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 4DC85E3CF8A949B84A374141435D39D5
Requests: 7 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CNTiPCdDbLKBFyS5Xx6SsZujkjTkqNtK64cqU2u0fAvw%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LKk_mcvZ6vJsCmbh3GlMA9xW1E4e--yQkBq5MWt97LlyueX6xA35gLXHDelc9Hq0ZHC0gDsZYjW80FIccM34N3GTkMqyt_3N0H9JjlmMcJS_-6fq12Ug1xlqentigq1dl-_pKLdMpsoQM8YtDFx0J_MLa_WrIn1k8v9EsJPaepQpOSa4plkfvPYNcA1y7qocKp_7wUh-AOA8nPEYTTP-Y-Lbuxc06SgvV9h50wWdpwiwp9rG1uckshlNJ0DoluxAp0-4Ct1m68CIvZyYtUAWOu1tLP4a6MyeMZsH9Q_7jXrxfHEErbvmBwsrbgBe5LqH2SCIOhCt6ZdGFjInqHGb6mShVKAkt7E-PfVo8UgY2PNEtleHvghW6J4zFi1xdtlKD_15RtQbVHAmVgdfwVpmSTGAmXhLnGEaD6rLyQOA4ADREzf9vwtEO-sbFL8cVF12SA2UQR2UesPdZL-ApMlx1A6SJ95feBV81tCs1lq2EafJPWeEhPXrkbaBO0QO923iL3zB4gPKmNvExmiXSmGxSo9IZ4t3PN8nHDCqrqn08s0rls5r8EDvbO6ydfjJTvpimsraQLFsZsDScgI7vuJM58LoZS02HAHAw-9ZuZzuKoP9J9uNVTUDwmNtRLHd7qEP-izaZ32PNXCYg
Frame ID: 893765B13E25B358EEE2032A964DAF32
Requests: 23 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Frame ID: 6343524C7F1BC94266B93B67EB6945D1
Requests: 3 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw
Frame ID: F2C6F18AC57E78E45E80C6AA0A35D6B2
Requests: 25 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Frame ID: 9E97A4FF76B43E65ACAF2B1463E031BF
Requests: 3 HTTP requests in this frame

Frame: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d3889b732987812e6a016ed3f26&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false
Frame ID: 107CF67D0716E7AE037727EA4B79519A
Requests: 1 HTTP requests in this frame

Frame: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false
Frame ID: 2B5EC5FB16BD6DDBB1A28711BF22FE61
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: DB4B3BEEA2918EECBF83BD3796E633FF
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 2C28E3DD85CF5D16D0F11194E344556C
Requests: 2 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-F4WLOAQRjFerJNaOgB-lNy9-4YZKdasRzusl6A&google_gid=CAESED4FluJhixF19n7mToS2GXM&google_cver=1&google_ula=913071,0
Frame ID: 9720B1545EC232C183B73728614BD337
Requests: 30 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-F4WLOAQRjFerJNaOgB-lNy9-4YZKdasRzusl6A&google_gid=CAESED4FluJhixF19n7mToS2GXM&google_cver=1&google_ula=913071,0
Frame ID: FC8F409304D3D28122A8B3955F9F6574
Requests: 30 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=wheregoes.com
Frame ID: 495A0D45CF60433C330AE222F84CD1C1
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: D9FFC3E1E9C7CB0F5B7E8CDB6EAADF4D
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 13ECB5F3CE7DB8FB4938F401775A8063
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU18831I&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C359%2C437%2C97%2C55%2C99%2C2045%2C3012%2C3011%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C407%2C2011%2C2055%2C2099%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C459%2C339%2C70%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C345%2C225%2C468%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: 15962A5C6DAB45462F97C076EF0E03D9
Requests: 2 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1696816440748
Frame ID: 7D1F7BB39B1AD4AADD0EF7784C75C131
Requests: 1 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: A0F3D0D82B1130158ED5EFB090204522
Requests: 13 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: 17F2FD01E4BAB85B33B71894AF207ED4
Requests: 14 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: 463076892D28EF29CB0EC9055B9724E4
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: 457BCCE3D6D4818FC2D1CF73685E5BAF
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Frame ID: 94FF961AC6D3B19D8C33B5ED980452D3
Requests: 10 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east
Frame ID: 1F46211133EB5F3CB2CFAA9B1EF97B44
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Frame ID: C440B33C8641FB557C57E9FF48FF3897
Requests: 2 HTTP requests in this frame

Frame: https://cs-rtb.minutemedia-prebid.com/sync-iframe?gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D348%26uid%3D%7BpartnerId%7D
Frame ID: D13452C39A97A8BAC7D6AC9C19CAED34
Requests: 1 HTTP requests in this frame

Frame: https://sync.adkernel.com/user-sync?zone=181225&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D152%26uid%3D%7BUID%7D&gdpr=0&gdpr_consent=&us_privacy=1YN-&
Frame ID: EC27FD6BE8FA72FE14B5AFA422C5033A
Requests: 1 HTTP requests in this frame

Frame: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D352%26uid%3D%7BpartnerId%7D
Frame ID: 68A3776CE5423DCB5B83AE0B2AA874BF
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=
Frame ID: 1FAEAF25ADAC0B0C1A0295C55461F562
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
Frame ID: FEBDEED995955810C0597029C47C8BC5
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9hOGQyNjY1OC1mNDg0LTRkYjAtOTkzMS03ZTc2MjA0ZGNlMGI=&gdpr=0&gdpr_consent=&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Frame ID: 5A20B8FB948ED29044884F6F5FA9B384
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: F74E0EEC4710E30F6DABE9D8AF18AFD8
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
Frame ID: 0D4C6D1D26714A329C263921C431830D
Requests: 1 HTTP requests in this frame

Frame: https://tg.socdm.com/aux/idsync?proto=gumgum
Frame ID: 94746B3E44B92B8F87604057DF2079A5
Requests: 1 HTTP requests in this frame

Frame: https://cs.admanmedia.com/sync/gumgum?puid=e_a8d26658-f484-4db0-9931-7e76204dce0b&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Daad%26i%3D%5BDSP_USER_ID%5D&gdpr=0&gdpr_consent=&ccpa=1---
Frame ID: B2356D0D9B73610950163D5CF1B8A7FC
Requests: 1 HTTP requests in this frame

Frame: https://creativecdn.com/cm-notify?pi=gumgum
Frame ID: 6FF5ED4DC5D8DC370A54119EF6B46208
Requests: 1 HTTP requests in this frame

Frame: https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
Frame ID: F91839886DE6B28D4E82F28EA081BE40
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Tiny URL Expander | Redirect Checker - WhereGoes

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

261
Requests

77 %
HTTPS

32 %
IPv6

69
Domains

105
Subdomains

75
IPs

8
Countries

1419 kB
Transfer

3779 kB
Size

32
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/WhereGoes_com
Title: Twitter

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 38

https://oajs.openx.net/esp?url=https%3A%2F%2Fwheregoes.com%2F&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fwheregoes.com%2F&rid=esp&cc=1

Request Chain 40

https://gum.criteo.com/sid/json?origin=publishertagids&domain=wheregoes.com&sn=ChromeSyncframe&so=0&topUrl=wheregoes.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=uOEg3nxNbG5UaVdmbDVuL045T2RkcDZZTHVSdjcrNjdFUGh6bUlqa1Mwc2txUFZQZ1hwZUtuNEFvMUMvb242MU1zM1MwYkw3SHUralByT3QvNkZhQ0gxT0VWTGhCeHpMRmxCQ2pJdWRRWXJTZ3A0MUJIVGpWYTB2Nk4rdmZFSCtDdE5YR21yRUVwUzNBMnFZcThQWmRzeExhSWMzK3Z6bktlbEE3VnpNYzFwbDZHYmhZajVvYmlsTG4xbnRqUVlWMDJ0NHl4THZreVp1dldaU3Z3YWpseU4reUFBYjZLZnFBcG9EWWJuRVJGTjEyNkxQZ2krRituWExEN3R6Y0h6b1hNV1F2U1RhL3kzNHZIS3EvOUxEbWFWWnkxUT09fA&cppv=2

Request Chain 56

https://www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=083d2dc1-6420-4d2a-974c-884717d472ee&bidId=15000&bidderId=4&cmExpId=LV1&oAdUnit=391466&publisherId=162645330&rId=7d2f73c8-0991-430b-8355-3a1f8eaa9041&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1-0%3F%26RG%3Db57b92444e0342ad93831b879a7c55c8%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=23918325&trafficGroup=knaqe_3c&trafficSubGroup=zzf%3Aknaqe_3c_gvrq-pbageby_1&aid=9018833719270763822 HTTP 303
https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=b57b92444e0342ad93831b879a7c55c8&SNR=1&GV=2&med=10

Request Chain 126

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-F4WLOAQRjFerJNaOgB-lNy9-4YZKdasRzusl6A&google_cm&google_hm=ay1GNFdMT0FRUmpGZXJKTmFPZ0ItbE55OS00WVpLZGFzUnp1c2w2QQ HTTP 302
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-F4WLOAQRjFerJNaOgB-lNy9-4YZKdasRzusl6A&google_gid=CAESED4FluJhixF19n7mToS2GXM&google_cver=1&google_ula=913071,0

Request Chain 128

https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 302
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=3548010518329746433

Request Chain 139

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-D5rscwQRjFerJNaOgB-lNy9-4Yb1HD7jtfzxbw HTTP 302
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-D5rscwQRjFerJNaOgB-lNy9-4Yb1HD7jtfzxbw&C=1

Request Chain 140

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40 HTTP 302
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=ileSv5m_Qmfu4wynbFi2KcLKV40-7sXw HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=ileSv5m_Qmfu4wynbFi2KcLKV40-7sXw

Request Chain 152

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-F4WLOAQRjFerJNaOgB-lNy9-4YZKdasRzusl6A&google_cm&google_hm=ay1GNFdMT0FRUmpGZXJKTmFPZ0ItbE55OS00WVpLZGFzUnp1c2w2QQ HTTP 302
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-F4WLOAQRjFerJNaOgB-lNy9-4YZKdasRzusl6A&google_gid=CAESED4FluJhixF19n7mToS2GXM&google_cver=1&google_ula=913071,0

Request Chain 154

https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 302
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=3548010518329746433

Request Chain 165

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-D5rscwQRjFerJNaOgB-lNy9-4Yb1HD7jtfzxbw HTTP 302
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-D5rscwQRjFerJNaOgB-lNy9-4Yb1HD7jtfzxbw&C=1

Request Chain 166

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40 HTTP 302
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=78dTYSJVdJ8ZGgH1iJ2aX9UznPwEKzje HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=78dTYSJVdJ8ZGgH1iJ2aX9UznPwEKzje

Request Chain 184

https://gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=CAffCiYqm1_PUO6RuQBLXzRTk42PsaPS

Request Chain 185

https://gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=2VOdhrpBThm98nOYLtGqtMTm1B53IZiz

Request Chain 187

https://gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40 HTTP 302
https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=dDlO8MjKBXtcqxn3LbpfsLQUQth4EyL2

Request Chain 188

https://gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40 HTTP 302
https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=n1hVjx8F7_enzVM0B5bGYdYI4jypkhoP

Request Chain 189

https://www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=083d2dc1-6420-4d2a-974c-884717d472ee&bidId=15000&bidderId=4&cmExpId=LV1&oAdUnit=391466&publisherId=162645330&rId=7d2f73c8-0991-430b-8355-3a1f8eaa9041&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3Ftype%3Dmv%26reqver%3D1.0%26rg%3Db57b92444e0342ad93831b879a7c55c8%26tids%3D15000%26med%3D10&rtype=mvFeedbackURL&tagId=23918325&trafficGroup=knaqe_3c&trafficSubGroup=zzf%3Aknaqe_3c_gvrq-pbageby_1&aid=9018833719270763822 HTTP 303
https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=b57b92444e0342ad93831b879a7c55c8&tids=15000&med=10

Request Chain 200

https://gum.criteo.com/sid/json?origin=publishertag&domain=wheregoes.com&sn=ChromeSyncframe&so=3&topUrl=wheregoes.com&bundle=X3y84l9PdUVuSkJJQWJHUVQxTVFHTkNpRTJkbFZzeERRaDVicFRuT0dBRm1GJTJCWWtRWEdxVnhzWlBDSEpSZkhpOGY3c3ZrRzk2RzJxQUJXVlZJV2s1VVlRWDl5QzNTSHJEa3ZJbmt5V0xpRVMwSU54MVl3Qzg4ejlpODFRWDZNS016SDZXbk9sdWRUQ3p1NzBkR2dGZnZGZFhJQSUzRCUzRA&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=fb2KKXxseEN6OGZDOGJXMFUxQkUvRW1nL1FBKzhic3NabzhDRm5CcS9mQi9EaEdOTkhMWEc5WEpkUGF5dGd6RTIyWEh3VTJGL1lrYUduWFNoRXlKeHhoQmx0N3JKaVR6blpReUZtWUlZN0dJV2hQdzNWVmQ1UHAzNWZTbUdoM1puQmp3WXAxTkQrNFBmTXVhNVZHVTh5Tjd2VFdvOFEveHpWdVNHaWJDcmtGVXBkRGVJa0F4S3dRSENNTDdCTWVZQ1ByM0ZKUEFtOEh1MThPaG54Ujg5Yk9uQmlOUGF6RlhsWUhvRlR0d0dFUHlRWlA5ZGliaHlFMTBiMklLSVRnUTM2anlocHVmUmxZS3d1cjlqNDJMLzY2UThEZ0RDZXkxVzZEVnFTS01oUElXYUFkUT18&cppv=2

Request Chain 214

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=duration_media&endpoint=us-east HTTP 301
https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east

Request Chain 219

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
https://ads.servenobid.com/sync?pid=312&uid=3548010518329746433

Request Chain 220

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D HTTP 302
https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1 HTTP 302
https://ads.servenobid.com/sync?pid=310&uid=HdGSrRZHO_s6Y_c_SzKN7eGB

Request Chain 222

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1696816444383

Request Chain 223

https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
https://ads.servenobid.com/sync?pid=324&uid=5140084927621237456

Request Chain 225

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
https://ads.servenobid.com/sync?pid=327&uid=&us_privacy=1YN-&gdpr=0

Request Chain 230

https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D353%26uid%3D%3Cvsid%3E HTTP 302
https://ads.servenobid.com/sync?pid=353&uid=0000EEA

Request Chain 231

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZSNdOrAIjtG6oFwvPqerjgAA

Request Chain 232

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZSNdOrAIjtG6oFwvPqerjgAADS4AAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEKkayUMeOHdWaTkZ1VrHJhE&google_cver=1

Request Chain 237

https://cms.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=KxHCGChAw0gwE8QTeB3dTypCxEgwF5ZJKxy7MLZd

Request Chain 242

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_a8d26658-f484-4db0-9931-7e76204dce0b&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_a8d26658-f484-4db0-9931-7e76204dce0b&gdpr=0&gdpr_consent=&us_privacy=1---

261 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
wheregoes.com/ 19 KB
7 KB 346ms
119ms Document
text/html 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce239b562034663bb5adff652f43ccd91832747f4df1978ab6d8a45ca5b2b5dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8132fe3a4d924dba-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 09 Oct 2023 01:53:59 GMT
fastcgi-cache: HIT
link: <https://wheregoes.com/>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kUMfh4qbvRWH0xwudlFpqrjXiJsuicQMKOlAQfC3XiroaL2QxfzWlsghYeJogBcIJX6x63EdcCG9rKJu2pm7%2Ft7iFpN1eMp8aOunoBXtmqIWZnnO2PTSgRHSzkQXcCPcUnLAxaTDlMI5wdwq"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 autoptimize_36ce7b13a75e9e69c252317ad35b53f6.css
wheregoes.com/c/cache/autoptimize/css/ 244 KB
86 KB 22ms
18ms Stylesheet
text/css 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/c/cache/autoptimize/css/autoptimize_36ce7b13a75e9e69c252317ad35b53f6.css

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bbf2413b9511bb70a14ab3712ba3e2c2d8974e3253f209a613c15f4257fbdac4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:53:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4076567
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Aug 2023 20:44:00 GMT
server: cloudflare
etag: W/"64e51e10-3d11a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3gGpjEfFUiKE%2FbQl%2BXMR5gh9Y8CXICCaXVuxIZT0seOF9plhKdq8NCl3xJyKQbG8%2F6U4iay9B%2B3GWOqII6YiZXRizHlQGjhKZI3zCSYXtqU5paCqQgC%2FU%2B2Vpke5ORmPgylYcHEwgE%2FOOX2h"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 8132fe3b1e5c4dba-FRA
expires: Wed, 21 Aug 2024 20:44:07 GMT

GET
H2 200 jquery.min.js Show response
wheregoes.com/wp-includes/js/jquery/ 85 KB
31 KB 29ms
26ms Script
application/javascript 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/wp-includes/js/jquery/jquery.min.js?ver=202310090146

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:53:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1902
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Aug 2023 20:43:51 GMT
server: cloudflare
etag: W/"64e51e07-155ba"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BGiYZAL2B0w%2BsMlSvGcR%2FZdoA4cP810g%2BKHDY9ejQA9KDhJanub%2BLARGl%2BBIC1Ln8h86Or%2Fp7SSUL9O26%2B1JoN0YpUPJ9BD9gXD1nVwN9XoKcjxNe7sr4R5b94G3qc21W%2FKAWsmMDlqXVXtA"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 8132fe3b1e5d4dba-FRA
expires: Tue, 08 Oct 2024 01:00:00 GMT

GET
H2 200 jquery-migrate.min.js Show response
wheregoes.com/wp-includes/js/jquery/ 13 KB
5 KB 19ms
17ms Script
application/javascript 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=202310090146

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:53:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1902
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Aug 2023 20:43:51 GMT
server: cloudflare
etag: W/"64e51e07-3509"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UqnlOVsaol%2Bn4SXntxF18w894%2Fm2sp%2BbIZmpYtuo%2BgM7SpPbMrcaOGoxEEe2%2FCAsflNU4Z7dWZt7fL1Ipd64MLrPTFt7K%2BlkzP5D%2B%2BTZvIa4Z5Mo8BWkaRlzUyxjN8SsWHMk4gihL%2F1TeJIM"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 8132fe3b1e5f4dba-FRA
expires: Tue, 08 Oct 2024 01:00:00 GMT

GET
H2 200 script.js Show response
wheregoes.com/js/ 1 KB
1 KB 14ms
14ms Script
application/javascript 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/js/script.js

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:53:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid: 885
age: 1902
x-cache: EXPIRED
cdn-cachedat: 10/09/2023 00:28:28
cdn-pullzone: 682664
cross-origin-resource-policy: cross-origin
application: 10.0.0.3
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 09 Oct 2023 01:09:20 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sF3Jh7hXpBqjxElgSG3pwILUYssNZBYGS4984r%2F30BbRxp0lzXMAaNL9Bi5kq%2BflpoZBz0ge6m3GOr81%2BUdULFbu9Af4sLDxNA0t8y5112NHwZnACXTie1B4blnA0UtQqphmCqjcbulYJSp1"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cache-control: public, max-age=14400
permissions-policy: interest-cohort=()
cdn-requestid: 560af48ab65a4fb4d5b94ac14c4c9d5d
cf-ray: 8132fe3b4e8b4dba-FRA
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 init-1144pc80p2fur20uadwq.js Show response
api.fouanalytics.com/api/ 318 B
725 B 234ms
187ms Script
text/javascript 2606:4700:e2::ac40:8920
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.fouanalytics.com/api/init-1144pc80p2fur20uadwq.js
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8920 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 30af571851609f95e6c48541fec975b906e4debb8a79e331e84f47efab592697

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:53:59 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HFUtexyryIEInKPwoEsLqPKVQnITlRlx497RM8MdInducWr5xXFu7ZBKVlXn4YcvtaDDl5Fj8ZHN4WKl4dHcKMcIqoWv%2B2cznQdBp8baWhNOH2zv0DPx6%2FUwPv%2FCFcU%2BXYZWvUkRxnR1aGH1kMLODzVMzA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
cf-ray: 8132fe3b9e6c1a6b-FRA
alt-svc: h3=":443"; ma=86400
expires: 0

GET
H2 200 index.js Show response
wheregoes.com/c/p/contact-form-7/includes/swv/js/ 11 KB
3 KB 16ms
14ms Script
application/javascript 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/c/p/contact-form-7/includes/swv/js/index.js?ver=202310090146

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fe46d2da01452067736578431f6c6e8116a24e616f58c72d9d81fdb2c7c9569

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:53:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1902
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 28 Sep 2023 14:21:32 GMT
server: cloudflare
etag: W/"65158bec-2a12"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rublNVKovjlk1%2Fo4KPLpCbyEXw9D0Kt4VCecER1gjylrJkhhnwxh02WMkXwZ1%2BXAebkTqxS7wjfcfb1TAiAZrH9JJj4Z28hF8SR7wY4SYMYf3LTpuEAV2G4lBKcW6k0sEeLQ9oJZZU1siS55"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 8132fe3b1e604dba-FRA
expires: Tue, 08 Oct 2024 01:00:01 GMT

GET
H2 200 index.js Show response
wheregoes.com/c/p/contact-form-7/includes/js/ 13 KB
4 KB 17ms
15ms Script
application/javascript 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/c/p/contact-form-7/includes/js/index.js?ver=202310090146

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1060091178cbd6c843b802f516f230f1a3a1e85f1afbd6ef84d80e5430ba457e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:53:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1902
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 28 Sep 2023 14:21:32 GMT
server: cloudflare
etag: W/"65158bec-328f"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hC34e6YmAupzXCofgikcQKN9N0m0X475FUNllGboGkhO3f3npRRcoUJ5PWaWgxzZMakL%2BpstS7QjSI82xH%2FlwpV%2BtOKgSOr7oKoLiCJ6gaZjDt9zXpZZilye4PoBu3q%2F2Cfz2O%2B6taxPxSpy"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 8132fe3b1e614dba-FRA
expires: Tue, 08 Oct 2024 01:00:00 GMT

GET
H2 200 main.js Show response
wheregoes.com/c/themes/custom-theme/dist/js/ 5 KB
2 KB 17ms
16ms Script
application/javascript 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/c/themes/custom-theme/dist/js/main.js?ver=202310090146

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19f4129c1cfc1a9fcb2e94b35853f3d2085c0807564e37971d1ccb6ef2a7e852

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:53:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1902
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 09 Feb 2023 20:32:40 GMT
server: cloudflare
etag: W/"63e55868-1464"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ix1fvPMIWwkpmsX6d1%2BpyefqhS1oX%2Bczwagir6%2FGGhC5FR9NPFzQ%2FSp2gmnhJ0kyLjvziboppQWTABGb%2FsP3HHctpnpMC71d3Azouudj9PwDLUerdSq1exwfOQnho7nJB6oqwaaocsGaDLZ7"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 8132fe3b1e624dba-FRA
expires: Tue, 08 Oct 2024 01:00:00 GMT

GET
H2 200 wheregoes.js Show response
cdn4.buysellads.net/pub/ 487 KB
141 KB 276ms
232ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.buysellads.net/pub/wheregoes.js?1696816200000
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 826f05aca2e8d5916f38b3d3d1496bb996e9397772a53a814e0631ab7fa6259e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:53:59 GMT
content-encoding: gzip
last-modified: Mon, 09 Oct 2023 01:31:55 GMT
server: AmazonS3
x-amz-request-id: 0DEZH6ZC23PTVWB0
etag: "85b368ae648cffbf7df684c7eb69d555"
x-amz-server-side-encryption: AES256
x-hw: 1696816439.cds240.am5.hn,1696816439.cds235.am5.sc,1696816439.cds235.am5.p
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
x-amz-id-2: fNt7GLg1zovE0sCtfRaa0TxqJRjckoywi6PTCekxdWBxsVcJg6t6L2g28BIcUo5M0bmlNXbtWTs=

GET
H3 200 wheregoes.woff2
wheregoes.com/c/themes/custom-theme/fonts/ 8 KB
8 KB 23ms
22ms Font
font/woff2 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wheregoes.com/c/themes/custom-theme/fonts/wheregoes.woff2?90359859
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/c/cache/autoptimize/css/autoptimize_36ce7b13a75e9e69c252317ad35b53f6.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0152ec54bafb1f951d4dc7585aebae598d2235c78d9e81ade8399006f8eb3b9b

Request headers

Referer: https://wheregoes.com/c/cache/autoptimize/css/autoptimize_36ce7b13a75e9e69c252317ad35b53f6.css
Origin: https://wheregoes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:53:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 594873
alt-svc: h3=":443"; ma=86400
content-length: 8024
last-modified: Fri, 18 Jun 2021 18:52:37 GMT
server: cloudflare
etag: "60cceb75-1f58"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CWg6w1AoHdZE%2BiQ%2BPx%2Fr7BaZFYafTqxBvWhmb200DMcFxKoiUYdPwLmhPzUj5IG3fxMm86QEYshKHPtzZWRjErI7NMsl5%2F%2FOF1soTDWzcPG9chzMnpQOtaLyXCDIsbDGTMWtP8aMYzjta%2Bfj"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 8132fe3b9f466910-FRA
expires: Fri, 09 Feb 2024 21:14:10 GMT

GET
BLOB 200
OK a752c2c6-1c9b-46a7-b5c7-61ab34c6f46c
https://wheregoes.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://wheregoes.com/a752c2c6-1c9b-46a7-b5c7-61ab34c6f46c
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Length: 1245
Content-Type: text/javascript

POST
H3 202 event Show response
wheregoes.com/api/ 2 B
770 B 228ms
228ms XHR
text/plain 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/api/event

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/js/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 09 Oct 2023 01:53:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid: 885
cdn-cachedat: 10/09/2023 01:53:59
cdn-pullzone: 682664
application: 10.0.1.2
alt-svc: h3=":443"; ma=86400
content-length: 2
x-request-id: F4xNj9RdpHb9EH8dUgCF
cdn-proxyver: 1.04
cdn-requestpullcode: 202
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=251sFOzmRXX%2FQo%2ByumEeQlzDrzSjyrBL3BztWYgww%2BaXRa%2FCWb%2FqCQQphRfT79%2BRkLYGnRtey1XwRz3foAG8XGvd1Z7qFuYJhKsqGaGa%2BjSqbOxyUxn7wlKA12CSwsG0LnGySHsISLBEV5OQ"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cache-control: must-revalidate, max-age=0, private
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
cdn-requestid: d26b3a90eec3091bf47a0b3f48dfc7f9
cf-ray: 8132fe3baf516910-FRA
cdn-requestcountrycode: US
cdn-requestpullsuccess: True

GET
H3 200 logo-h-blue.svg
wheregoes.com/c/themes/custom-theme/img/ 15 KB
6 KB 21ms
20ms Image
image/svg+xml 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wheregoes.com/c/themes/custom-theme/img/logo-h-blue.svg

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/c/cache/autoptimize/css/autoptimize_36ce7b13a75e9e69c252317ad35b53f6.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d48f7d7bc477f61c161f38835c0daaead5a64ca51be3656755d0b08c866dfcf2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/c/cache/autoptimize/css/autoptimize_36ce7b13a75e9e69c252317ad35b53f6.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:53:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 618301
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sun, 11 Apr 2021 19:20:03 GMT
server: cloudflare
etag: W/"60734be3-3afa"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YpFaOej7UFCh5xtQO6Ej1LyJ90YM6KD%2BwmOxsXLAaXQ0iVYyxj54xhOuYMQkPJHMDa1x3OR58ndYbKX2j52bOBSIcnfczp3MkQEeZZtacT7YBcgJ%2BjpHnODSLorB3buL1EHTrB7Y7C6kdq1o"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 8132fe3baf526910-FRA
expires: Fri, 09 Feb 2024 21:14:10 GMT

GET
H3 200 wp-emoji-release.min.js Show response
wheregoes.com/wp-includes/js/ 18 KB
5 KB 121ms
121ms Script
application/javascript 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/wp-includes/js/wp-emoji-release.min.js?ver=202310090146

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:53:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Wed, 05 Apr 2023 20:53:50 GMT
server: cloudflare
etag: W/"642ddfde-4904"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a9vt6CpCn3UMJ6FwUo3s9atb%2FUyQuCWeImP6fd8MS6BqRgL7R55PCzST%2BNLGeWm2Sgr2DnESVnb%2BR4jM015LClO1cEHImaaFqJMEOwgVfelQBJ5DtU1UkqEMnCejt1rEcSJ7GM%2Bs3d84phj9"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 8132fe3bef746910-FRA
expires: Tue, 08 Oct 2024 01:00:01 GMT

GET
H2 200 pp.js Show response
api.fouanalytics.com/s/ 15 KB
6 KB 22ms
22ms Script
text/javascript 2606:4700:e2::ac40:8920
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.fouanalytics.com/s/pp.js
Requested by: Host: api.fouanalytics.com
URL: https://api.fouanalytics.com/api/init-1144pc80p2fur20uadwq.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8920 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b206c4dae798a4c2463de84f9112ed6db30d5ae85de7dec6f03d9cd3cf999e33

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:53:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 60710
etag: W/"65204365-3bef"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9JnqgUQPW1v5%2BdO7f%2BxxIMbiHFQYXfmY8TLc2OlbgjKjcIcvG2aAwjQtvs51nEVE7ld0aaO6kO81i82%2BBi9ZxTBANXC43G7w4A4jBMT%2BmxpwgAISJPoV9az3ikYDKP%2Bq9aiuMV11EUO%2FZotzWdhsyDYJxg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=86400
cf-ray: 8132fe3cdf371a6b-FRA
alt-svc: h3=":443"; ma=86400

GET
DATA 200
OK truncated
/ 15 KB
15 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c72f57881ea9665da29cc614802f61a04084e06b14de9f1d79ce26273e66a991

Request headers

Referer
Origin: https://wheregoes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

POST
H3 200 x
api.fouanalytics.com/api/ 0
446 B 213ms
213ms Ping
text/plain 2606:4700:e2::ac40:8920
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.fouanalytics.com/api/x
Requested by: Host: api.fouanalytics.com
URL: https://api.fouanalytics.com/s/pp.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e2::ac40:8920 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 09 Oct 2023 01:54:00 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
access-control-allow-methods: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BYLv2hBgG1Wy6gAJ6IDXYUpYdOKEe5PdrUIkj9B9FYTdUwnuUsdV1bydWMUAUpSzwU4a59clYQJKW6r9Se43m7nxa9oBtCkcB%2BpgIvLkDZ83oCUYBa8Un3udFCLfwYG1xtUbEnNr85rlUjuIEH0lXcbduA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 8132fe3e8e209153-FRA
alt-svc: h3=":443"; ma=86400
priority: u=4,i

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 99 KB
30 KB 161ms
61ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1696816200000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f848fd0e0f026035049eee96edc984fa9de5a07aebdaeb12604e1c8d3ee2d7f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29806
x-xss-protection: 0
server: cafe
etag: 554 / 19639 / 31078561 / config-hash: 4974023841911941900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 09 Oct 2023 01:54:00 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310030101/ 419 KB
132 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310030101/pubads_impl.js?cb=31078561

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ab1e5ef8baed1d906b9e8ea4126ad958556881a46150cd6712ad5ebc40f4e46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 21:39:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15286
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 134829
x-xss-protection: 0
server: cafe
etag: 3697166202567710199
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Mon, 07 Oct 2024 21:39:14 GMT

GET
H2 200 CEAIT5QE.json Show response
srv.buysellads.com/ads/ 1 KB
719 B 188ms
19ms Fetch
application/json 178.62.198.146
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://srv.buysellads.com/ads/CEAIT5QE.json?forcebanner=513617&ignoretargeting=yes
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1696816200000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.62.198.146 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: srv-eu-nl-14.buysellads.com
Software: //srv.buysellads.com /
Resource Hash: fa55d3ac729d921e81aed86c32825194a3a233f27937e18b60fab049a874774e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:00 GMT
content-encoding: gzip
server: //srv.buysellads.com
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: *
content-length: 582

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
192 B 82ms
35ms XHR
text/plain 2a02:2638:d::a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=36&wv=7.54.0&cb=61701119219&lsavail=1

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1696816200000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://wheregoes.com
date: Mon, 09 Oct 2023 01:54:00 GMT
strict-transport-security: max-age=31536000; preload;
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Kestrel
vary: Origin

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 24 B
400 B 73ms
28ms XHR
application/json 216.52.2.86
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.54.0
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1696816200000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.86 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: 6fa6c69e1277bb593a4e788d538d19e7807a52ad32e0c53234d4c1bc3d0bd583

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 09 Oct 2023 01:54:00 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://wheregoes.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 24

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 413 B
748 B 114ms
79ms XHR
application/json 2602:803:c003:200::51
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=405332&zone_id=2271886&size_id=2&alt_size_ids=55&rp_schain=1.0,1!buysellads.com,15074,1,,,&rf=https%3A%2F%2Fwheregoes.com%2F&tg_i.domain=wheregoes.com&tg_i.page=https%3A%2F%2Fwheregoes.com%2F&tg_i.pbadslot=%2F8691100%2FWheregoes_S2S_Leaderboard_ATF_ROS%23bsa-zone_1641228026595-4_123456&tk_flint=pbjs_lite_v7.54.0&x_source.tid=43e26395-ea7f-4611-a1cd-ab602c15b8a6&l_pb_bid_id=14fe77da3d55fa9&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=43e26395-ea7f-4611-a1cd-ab602c15b8a6&rp_maxbids=1&p_gpid=%2F8691100%2FWheregoes_S2S_Leaderboard_ATF_ROS%23bsa-zone_1641228026595-4_123456&slots=1&rand=0.6984849889607476
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1696816200000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::51 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: c85d578521a9aa69f45bddec80565fd47deb3368c354387ef1fef7108611393e

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:00 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://wheregoes.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 413
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 4 KB
3 KB 107ms
72ms XHR
application/json 2602:803:c003:200::51
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=405332&zone_id=2271886&size_id=15&rp_schain=1.0,1!buysellads.com,15074,1,,,&rf=https%3A%2F%2Fwheregoes.com%2F&tg_i.domain=wheregoes.com&tg_i.page=https%3A%2F%2Fwheregoes.com%2F&tg_i.pbadslot=%2F8691100%2FWheregoes_S2S_Sidebar_ROS_Pos1%23bsa-zone_1641228120494-5_123456&tk_flint=pbjs_lite_v7.54.0&x_source.tid=3e47a2ab-9e0f-4dfa-89ed-aa8654c42e3a&l_pb_bid_id=154d08a807fe2f9&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=3e47a2ab-9e0f-4dfa-89ed-aa8654c42e3a&rp_maxbids=1&p_gpid=%2F8691100%2FWheregoes_S2S_Sidebar_ROS_Pos1%23bsa-zone_1641228120494-5_123456&slots=1&rand=0.5645721896307996
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1696816200000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::51 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: fc7c40a691ec06cc17cda8babcd07e7ac7b8fbf58d63c13e15e0ff6233322b94

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:00 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://wheregoes.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 5 KB
3 KB 296ms
262ms XHR
application/json 2602:803:c003:200::51
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=405332&zone_id=2271886&size_id=15&alt_size_ids=9%2C8%2C10&rp_schain=1.0,1!buysellads.com,15074,1,,,&rf=https%3A%2F%2Fwheregoes.com%2F&tg_i.domain=wheregoes.com&tg_i.page=https%3A%2F%2Fwheregoes.com%2F&tg_i.pbadslot=%2F8691100%2FWheregoes_S2S_Sticky_Sidebar_ROS_Pos2%23bsa-zone_1641318529900-6_123456&tk_flint=pbjs_lite_v7.54.0&x_source.tid=f828de1d-5c2b-4bf5-97e0-b3962a286301&l_pb_bid_id=167583f18df9b43&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=f828de1d-5c2b-4bf5-97e0-b3962a286301&rp_maxbids=1&p_gpid=%2F8691100%2FWheregoes_S2S_Sticky_Sidebar_ROS_Pos2%23bsa-zone_1641318529900-6_123456&slots=1&rand=0.14419377158963487
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1696816200000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::51 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 0060f3fa259a2ae02df7db839b32df5c8e08390e14cbbfd3a565fde9c66739a3

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:00 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://wheregoes.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ 35 KB
14 KB 208ms
173ms XHR
application/json 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1696816200000

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

a4239ee2f47a585d93faf9d397ee95ffcdd74d4b1ed65ec9a2645512e6ba9d6e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:00 GMT
content-encoding: gzip
an-x-request-uuid: 2e92ed52-43ac-4a9b-8162-48bc494fc3d6
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
vary: Accept-Encoding
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://wheregoes.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 185.213.155.146; 185.213.155.146; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 v1 Show response
hb-api.omnitagjs.com/hb-api/prebid/ 1 KB
844 B 215ms
72ms XHR
application/json 52.210.78.166
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fwheregoes.com%2F&PageUrl=https%3A%2F%2Fwheregoes.com%2F&PageReferrer=https%3A%2F%2Fwheregoes.com%2F&CanonicalUrl=https%3A%2F%2Fwheregoes.com%2F

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1696816200000

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.210.78.166 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-210-78-166.eu-west-1.compute.amazonaws.com

Software

Resource Hash

d12f2f9af322921638fbc8b4e8db5152069ae6eb32f793b67d27818f14302635

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 09 Oct 2023 01:54:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: kong/2.8.4
x-kong-proxy-latency: 0
x-kong-upstream-latency: 42
pragma: no-cache
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://wheregoes.com
access-control-max-age: 3600
access-control-allow-credentials: true
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Accept-Encoding, Content-Type
expires: 0

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
361 B 29ms
7ms XHR
application/json 51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1696816200000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://wheregoes.com
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
2 KB 129ms
92ms XHR
application/json 34.120.63.153
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CU18831I
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1696816200000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 153.63.120.34.bc.googleusercontent.com
Software: envoy /
Resource Hash: c93511d8919a02bcbed203fee66c4c949de2dffeea9fee68f72c96ec1ecfa8bd

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:00 GMT
via: 1.1 google
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
server: envoy
content-type: application/json;charset=utf-8
access-control-allow-origin: https://wheregoes.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 73
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 09 Oct 2023 01:54:00 GMT

POST
H2 200 adreq Show response
ads.servenobid.com/ 1 KB
809 B 121ms
29ms XHR
application/json 52.214.251.135
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=7304
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1696816200000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.214.251.135 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-214-251-135.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 961fdbb67cdf65238a19d9332533c52cca1f3561583adf6b4101fe14778e9e33

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 09 Oct 2023 01:54:00 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://wheregoes.com
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 43 KB
14 KB 62ms
29ms Script
text/javascript 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310030101/pubads_impl.js?cb=31078561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

c746ca687b3e79023240e45eb684f036fd9a1312b454758a6018b3ece635dafb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:00 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 07 Sep 2023 09:22:37 GMT
server: nginx
etag: W/"64f9965d-ab99"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 10 Oct 2023 01:54:00 GMT

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 39 KB
12 KB 48ms
8ms Script
text/javascript 65.9.66.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310030101/pubads_impl.js?cb=31078561
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-97.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 03:19:12 GMT
content-encoding: gzip
via: 1.1 4874e0c922f34c928345f4c183ea11b4.cloudfront.net (CloudFront)
last-modified: Wed, 06 Sep 2023 15:56:57 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 81289
x-amz-server-side-encryption: AES256
etag: W/"e073e71ed7a44e6f9cdd72904fda5940"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: FCl_EPoxYYa4I4jKktRf6OugRuGWJPO4MNWplX_f38RRIQN-BJGWCQ==

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 3 KB
3 KB 40ms
7ms Script
text/javascript 2600:9000:2250:ec00:a:e047:753:6381
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310030101/pubads_impl.js?cb=31078561
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ec00:a:e047:753:6381 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-amz-version-id: tte_Zq9MCmRAYf9XeFwo9sUIgrBbXCUY
Date: Sun, 08 Oct 2023 05:16:05 GMT
Via: 1.1 16aa5c15345b1c0756b83a5ae8ee765e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P2
Age: 74276
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 2776
Last-Modified: Wed, 06 Sep 2023 03:40:59 GMT
Server: AmazonS3
ETag: "a3a9a9ee8e72db69d54e805f0586c651"
Content-Type: text/javascript
Accept-Ranges: bytes
X-Amz-Cf-Id: n-6p_RY9-rwIYiwLpa9uCxpdIKUsCfzirh9hriK483ZeCV4mYprWgw==

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 52ms
14ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310030101/pubads_impl.js?cb=31078561
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 25 Sep 2023 01:57:09 GMT
content-encoding: gzip
age: 1209411
x-guploader-uploadid: ADPycdurxwpJycqLOART17u1JdU1ahkm3FMgMrrzTgq6mIPxJwBHg6irQfIyUQP6zJualLOToZjCAmTZWGMfEzt6fq5O2w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Tue, 24 Sep 2024 01:57:09 GMT

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 137 KB
30 KB 35ms
15ms Script
text/javascript 2606:4700:10::6816:3556
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310030101/pubads_impl.js?cb=31078561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16f97878909c2763c2d7c1219472c3d3130a8007a6ea852049e388ea752fb697

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:00 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 05 Oct 2023 10:57:30 GMT
server: cloudflare
x-amz-request-id: B7B1GH8RBNS4QA18
age: 2227
etag: W/"cc596ad33b7bfdd4553b44192a81e29f"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 8132fe42ac829bbc-FRA
x-amz-id-2: xdfa4ZbwXSLY/fpgkknNoyARhPo6NlLZRfGqoxMXdzMBflLpUPKc27eCOAI5KduTuMszYcSJUVFycU4QSL6DWg==

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
1 KB 51ms
13ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310030101/pubads_impl.js?cb=31078561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 27415
x-jsd-version: master
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230042-FRA, cache-jnb7027-JNB
x-jsd-version-type: branch
server: cloudflare
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M9bVQ%2BP6GctoisQwDZTrlJRxlIswuM9XOwZzUTxznFVl%2Fc0aVyhtVum16Ktq7Bs3tYqEtAk63H2aEg2UbEVSChr7IJa%2B5lq6u2nJQxHJ7MF6%2FFJZMoQLkq%2FpZQpve79Ts%2BNZs3rmTz9Wi8OP%2B8Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 8132fe42ca2618d4-FRA

GET
H2 204 increment Show response
id5-sync.com/api/esp/ 0
229 B 31ms
9ms XHR
text/plain 162.19.138.118
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.118 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533569.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://wheregoes.com
date: Mon, 09 Oct 2023 01:54:00 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
333 B 110ms
31ms XHR
application/json 54.217.255.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.217.255.105 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-217-255-105.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: ac7e7782a3c25629405bbb7dc9015c6158a49bcbb200879c33190ee077639ee2

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:00 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://wheregoes.com
cache-control: no-cache
x-server: 10.45.14.153
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fwheregoes.com%2F&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fwheregoes.com%2F&rid=esp&cc=1

85 B
203 B

119ms
117ms

Fetch
application/json

34.120.107.143
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fwheregoes.com%2F&rid=esp&cc=1
Protocol: H2
Server: 34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 143.107.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: 53f35734d4e6db5d7d1ce8e480b4a93b7fe3ae72af91cb24baa2bf8fb18169af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-/UJ9TCNkLOg9DeTqSqcjGul6c8U"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://wheregoes.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Mon, 09 Oct 2023 01:54:00 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://wheregoes.com
location: /esp?url=https%3A%2F%2Fwheregoes.com%2F&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame EDFB 15 KB
6 KB 46ms
15ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=wheregoes.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 09 Oct 2023 01:54:00 GMT
server: Kestrel
server-processing-duration-in-ticks: 301537
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/ Frame EDFB
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=wheregoes.com&sn=ChromeSyncframe&so=0&topUrl=wheregoes.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=uOEg3nxNbG5UaVdmbDVuL045T2RkcDZZTHVSdjcrNjdFUGh6bUlqa1Mwc2txUFZQZ1hwZUtuNEFvMUMvb242MU1zM1MwYkw3SHUralByT3QvNkZhQ0gxT0VWTGhCeHpMRmxCQ2pJdWRRWXJTZ3A0MUJIVGpWYTB2Nk4rdm...

417 B
648 B

82ms
15ms

Fetch
application/json

178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=uOEg3nxNbG5UaVdmbDVuL045T2RkcDZZTHVSdjcrNjdFUGh6bUlqa1Mwc2txUFZQZ1hwZUtuNEFvMUMvb242MU1zM1MwYkw3SHUralByT3QvNkZhQ0gxT0VWTGhCeHpMRmxCQ2pJdWRRWXJTZ3A0MUJIVGpWYTB2Nk4rdmZFSCtDdE5YR21yRUVwUzNBMnFZcThQWmRzeExhSWMzK3Z6bktlbEE3VnpNYzFwbDZHYmhZajVvYmlsTG4xbnRqUVlWMDJ0NHl4THZreVp1dldaU3Z3YWpseU4reUFBYjZLZnFBcG9EWWJuRVJGTjEyNkxQZ2krRituWExEN3R6Y0h6b1hNV1F2U1RhL3kzNHZIS3EvOUxEbWFWWnkxUT09fA&cppv=2

Protocol

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

2e896a678d4974483df91ef41c17026ca35449a0166a08a1dd00ba9426714a38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:00 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1013158
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:00 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=uOEg3nxNbG5UaVdmbDVuL045T2RkcDZZTHVSdjcrNjdFUGh6bUlqa1Mwc2txUFZQZ1hwZUtuNEFvMUMvb242MU1zM1MwYkw3SHUralByT3QvNkZhQ0gxT0VWTGhCeHpMRmxCQ2pJdWRRWXJTZ3A0MUJIVGpWYTB2Nk4rdmZFSCtDdE5YR21yRUVwUzNBMnFZcThQWmRzeExhSWMzK3Z6bktlbEE3VnpNYzFwbDZHYmhZajVvYmlsTG4xbnRqUVlWMDJ0NHl4THZreVp1dldaU3Z3YWpseU4reUFBYjZLZnFBcG9EWWJuRVJGTjEyNkxQZ2krRituWExEN3R6Y0h6b1hNV1F2U1RhL3kzNHZIS3EvOUxEbWFWWnkxUT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 236743
content-length: 0
expires: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 96 KB
16 KB 99ms
99ms Fetch
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2499355507595962&correlator=2735542225909348&eid=31078561%2C44780990%2C44804940&output=ldjh&gdfp_req=1&vrg=202310030101&ptt=17&impl=fifs&iu_parts=8691100%2CWheregoes_S2S_Leaderboard_ATF_ROS%2CWheregoes_S2S_Sidebar_ROS_Pos1%2CWheregoes_S2S_Sticky_Sidebar_ROS_Pos2&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=728x90%7C970x90%2C300x250%2C300x250%7C120x600%7C160x600%7C300x600&ifi=1&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1696816441027&lmt=1696809241&adxs=436%2C1091%2C1091&adys=374%2C600%2C884&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0&ucis=1%7C2%7C3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwheregoes.com%2F&vis=1&psz=960x267%7C300x1623%7C300x1623&msz=960x90%7C300x250%7C300x600&fws=516%2C0%2C512&ohw=960%2C0%2C0&ga_vid=694840143.1696816441&ga_sid=1696816441&ga_hid=583629328&ga_fc=false&dlt=1696816439527&idt=1134&prev_scp=optimize_ad_unit_id%3Dbsa-zone_1641228026595-4_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26hb_size%3D728x90%26hb_pb%3D0.01%26hb_creative%3D381846714%26hb_adid%3D47255655ddb5bfc%26hb_bidder%3Dappnexus%26_bd%3Dbid%26_pl%3D0.01%26hb_size_appnexus%3D728x90%26hb_pb_appnexus%3D0.01%26hb_adid_appnexus%3D47255655ddb5bfc%26hb_bidder_appnexus%3Dappnexus%7Coptimize_ad_unit_id%3Dbsa-zone_1641228120494-5_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26hb_size%3D300x250%26hb_pb%3D0.01%26hb_creative%3D2149%253A11371619%26hb_adid%3D46d9fb987aa116b%26hb_bidder%3Drubicon%26_bd%3Dbid%26_pl%3D0.01%26hb_size_rubicon%3D300x250%26hb_pb_rubicon%3D0.01%26hb_adid_rubicon%3D46d9fb987aa116b%26hb_bidder_rubicon%3Drubicon%7Coptimize_ad_unit_id%3Dbsa-zone_1641318529900-6_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26hb_size%3D300x600%26hb_pb%3D0.04%26hb_creative%3D2149%253A11371619%26hb_adid%3D516e828b3c7f301%26hb_bidder%3Drubicon%26_bd%3Dbid%26_pl%3D0.04%26hb_size_appnexus%3D160x600%26hb_pb_appnexus%3D0.01%26hb_adid_appnexus%3D48123a53dd2fc04%26hb_bidder_appnexus%3Dappnexus%26hb_size_rubicon%3D300x600%26hb_pb_rubicon%3D0.04%26hb_adid_rubicon%3D516e828b3c7f301%26hb_bidder_rubicon%3Drubicon&cust_params=optimize_refreshed%3Dfalse%26optimize_acceptable%3Dfalse%26optimize_adl_debug%3Dfalse%26optimize_ctv_debug%3Dfalse%26optimize_debug%3Dfalse%26optimize%3Dtrue%26optimize_adl_id%3D%26optimize_amp%3Dfalse%26optimize_audience%3Dtech%26optimize_env%3Dprod%26optimize_pub%3Dwheregoes%26optimize_xp%3Da&adks=1696759606%2C2861055222%2C3809685794&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310030101/pubads_impl.js?cb=31078561

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21f67631530bfe0e3a995897eb9414ab92ad1ad2901fe1f04919752fdce8271e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16301
x-xss-protection: 0
google-lineitem-id: 5936457971,5936457971,5936457980
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138383341087,138383341090,138382844369
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://wheregoes.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 134ms
50ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202310030101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310030101/pubads_impl.js?cb=31078561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0129e5b48ea2aa4cf8760050d5d59bb220c1c83d882674b3069c1b61d28164b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12119
x-xss-protection: 0

GET
H2 200 container.html Show response
6711e90510414ef3402793eed4ecc805.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 39DA 6 KB
3 KB 159ms
46ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6711e90510414ef3402793eed4ecc805.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310030101/pubads_impl.js?cb=31078561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 09 Oct 2023 01:54:01 GMT
expires: Tue, 08 Oct 2024 01:54:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame 8155 0
167 B 64ms
20ms Document
text/html 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Mon, 09 Oct 2023 01:54:01 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4A09 0
0 81ms
81ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvDm3Qc0ircW61bXIwbVh0vufghWbNttX8tJRZorLd3BuqMuoABPM9F6puwLBf5J4DTB3mWdXBBdLLVnrziEcNkIxrGOTqbs4h7PttDgCVo5WIElgIR-2A85Wbx6wLw8at-ZZnRdkrdsXQATekouGEuixD3YSUBHvfLhq6xF4lbDOxN89m4OxG2XwfspIZMci80lO5aP6vyRexp8XUguNknPe6UqGwhJwYSNdq64u2yUPoUXecF0_XYhDr3xbaXC2n0dCkwtIQ7p5QtDrMs2uALKdL9oRwXUsC9AOMdzG416o7l3x8VhcJvbLjZjdVq6r-Ctp7um8QSm0TpvpJR0fMoLOjKSMBOmdy3&sai=AMfl-YQT8qe07oAEVfc7jCzjKVoP3BQvIq7AuQ3JqjlD3iGKCXEzvwREHrMo-3X1QK3eALwM-TJmVZfr1iyYikyvmTpkU5quxfo9crOlw47uC6kWc0cW5JxxuXHewobcY6NqXHfdWhi53oEZLC6R--RD&sig=Cg0ArKJSzMEXe8fi9jhAEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 09 Oct 2023 01:54:01 GMT

GET
H2 200 prebid-universal-creative.js Show response
cdn4.buysellads.net/pub/ Frame 4A09 26 KB
9 KB 17ms
16ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.buysellads.net/pub/prebid-universal-creative.js?1.13.0
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 3077c047c7210f4e52a637ba10a8d5346ed72d4e29956c96aaa8f8aac58d440c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 18:48:55 GMT
server: AmazonS3
x-amz-request-id: FZJY714F3KB9JZGC
etag: "6247b34aaaa023705aa5146179ffd119"
x-amz-server-side-encryption: AES256
x-hw: 1696816441.cds240.am5.hn,1696816441.cds232.am5.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
content-length: 8892
x-amz-id-2: 0HecjxiN4pBSkN3XjKZCldD645s2dKTrQAt+AOxn8EW+BpC82kG7lwyv8C3PA5+dbiqIcXkcE50=

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4A09 187 KB
59 KB 133ms
44ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310030101/pubads_impl.js?cb=31078561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 09 Oct 2023 01:54:01 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2E3A 0
0 77ms
77ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsth4Pn7nY2qbIh3ZRZudaxcsPxO4lPx2706hCBeZ6_f3pV4mrAYUSPvUQO_lOkB96u2VbBDTHBgPo916nh885e_lMyXIVvSMUKkgJYpgx3_PVA4M3yrwLExVevjSw9dKFBZgDwANLlkPyX4tsSjnjkXPOFBDPsm1QuIa3FymlEkDbL6Hzdt8OgvNHSQfcVwDiWEMqlDsXnWTOgp6xvDuTQxoFuehXs48A5mAbvQ7_PGKvqe0vBy5oAtVgyg45ABMwhot1JQrtwvYtrz2DY7XPdEv5XenG_Jh5u3GPe4GgbaSmnNl-7plZqPQwdTqKWsXDbjZdq8nIFHkeDVEAVkEvpUNCQNnUK5&sai=AMfl-YR0q2kJNCHpGP-dLZrXhjzokMqG4iJusD2ecy8YPxFMcBgc3UD4aMWHWsdmc-1pslqhQ82Q4cJE-Y4-DTpLr_N8hFZ7rFO9j-CmZu0ar82ljkeN-nq4E2nXUzyfushdzvB0vhPnjfZoWt4TeWFP&sig=Cg0ArKJSzLL4RlwQ0UBAEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 09 Oct 2023 01:54:01 GMT

GET
H2 200 prebid-universal-creative.js Show response
cdn4.buysellads.net/pub/ Frame 2E3A 26 KB
9 KB 16ms
16ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.buysellads.net/pub/prebid-universal-creative.js?1.13.0
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 3077c047c7210f4e52a637ba10a8d5346ed72d4e29956c96aaa8f8aac58d440c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 18:48:55 GMT
server: AmazonS3
x-amz-request-id: FZJY714F3KB9JZGC
etag: "6247b34aaaa023705aa5146179ffd119"
x-amz-server-side-encryption: AES256
x-hw: 1696816441.cds240.am5.hn,1696816441.cds232.am5.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
content-length: 8892
x-amz-id-2: 0HecjxiN4pBSkN3XjKZCldD645s2dKTrQAt+AOxn8EW+BpC82kG7lwyv8C3PA5+dbiqIcXkcE50=

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2E3A 187 KB
59 KB 182ms
106ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310030101/pubads_impl.js?cb=31078561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 09 Oct 2023 01:54:01 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4DC8 0
0 78ms
78ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstjZQd7gJeff3ZwkShlP_FQYr0YQwm16X16arvKb9FcSpLhdC1YLTI1BypNrU_N-tOi5_YFm5r8_DRSEKuD6tH4YSwxJ3N8_BG_O4omDTqz7r4Bv-LxWx55cJKM45SqfVuwSijLRIOKWrtmFcpFspLQNsTBGct3QA-HMjqwZihO91Jc4j-OMW7riwTUBCstns1QerNcHqrZ7o4N1YFiwIJaKYgIwM5KDuxWY8hZ28pCvbbmekwEwnrA-U9Nah55vX9WSSmAglnWn9QF7gzRGvSjjP4rG3MEt356LSF9TFu6UDvPio87_8zI9G081XbFTe8_YCbH0rU0HzaGC1ULmztkxXo99QtVzHZqPssg7w&sai=AMfl-YRzBA8fMBqXjE7cfHeNK1SiC-lN54pCRzy_FbPquESRynFKAfKrqlnc1DBTJmQ-p_h5-PA5-Bcm0LAgf2kBAFV4kYdOVAlvd4XDuNxUC7Mv_dn1GKH9hRWxIayCFxHH_7EhnpIXjj12PnDBBRiP&sig=Cg0ArKJSzILiwmxQUEYwEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 09 Oct 2023 01:54:01 GMT

GET
H2 200 prebid-universal-creative.js Show response
cdn4.buysellads.net/pub/ Frame 4DC8 26 KB
9 KB 16ms
16ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.buysellads.net/pub/prebid-universal-creative.js?1.13.0
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 3077c047c7210f4e52a637ba10a8d5346ed72d4e29956c96aaa8f8aac58d440c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 18:48:55 GMT
server: AmazonS3
x-amz-request-id: FZJY714F3KB9JZGC
etag: "6247b34aaaa023705aa5146179ffd119"
x-amz-server-side-encryption: AES256
x-hw: 1696816441.cds240.am5.hn,1696816441.cds232.am5.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
content-length: 8892
x-amz-id-2: 0HecjxiN4pBSkN3XjKZCldD645s2dKTrQAt+AOxn8EW+BpC82kG7lwyv8C3PA5+dbiqIcXkcE50=

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4DC8 187 KB
59 KB 201ms
139ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310030101/pubads_impl.js?cb=31078561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 09 Oct 2023 01:54:01 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 184ms
46ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310030101/pubads_impl.js?cb=31078561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 09 Oct 2023 01:54:01 GMT

GET
H2 200 sdk.js Show response
adsdk.microsoft.com/native-to-display/ Frame 4A09 89 KB
36 KB 104ms
14ms Script
application/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://adsdk.microsoft.com/native-to-display/sdk.js
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1696816200000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 4672e11a0ddc1063a6a119cac90b54f9820fc93de2ddae2baba935805c522a13

Request headers

Referer: https://wheregoes.com/
Origin: https://wheregoes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: br
last-modified: Thu, 05 Oct 2023 15:35:10 GMT
vary: Accept-Encoding
x-azure-ref: 20231009T015401Z-yk8kqcavhx1e19fczttgumv25w000000011g000000015h7b
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: a128d770-d01e-00a2-62a1-f7fadc000000
cache-control: private, max-age=3600
x-cache: TCP_HIT
x-ms-version: 2009-09-19

GET
H2

200

c.gif
www.bing.com/aes/ Frame 4A09
Redirect Chain

https://www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=083d2dc1-6420-4d2a-974c-884717d472ee&bidId=15000&bidderId=4&cmExpId=LV1&oAdUnit=391466&publisherId=162645330&rId=7d2f73c8-0991-430b...
https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=b57b92444e0342ad93831b879a7c55c8&SNR=1&GV=2&med=10

0
547 B

53ms
53ms

Image
text/plain

2a02:26f0:480:22::1726:62f9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=b57b92444e0342ad93831b879a7c55c8&SNR=1&GV=2&med=10
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/
Protocol: H2
Server: 2a02:26f0:480:22::1726:62f9 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:01 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9D4E06C959D04AE296DF9486F017BA0E Ref B: DUS30EDGE0312 Ref C: 2023-10-09T01:54:01Z
x-cdn-traceid: 0.39d53e17.1696816441.1579fc56
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
cache-control: private,no-store
alt-svc: h3=":443"; ma=93600
content-length: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=15724800; includeSubDomains
date: Mon, 09 Oct 2023 01:54:01 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 74FA2B1C373D41CD93798041F2DF3640 Ref B: MIL30EDGE1408 Ref C: 2023-10-09T01:54:01Z
x-cdn-traceid: 0.39d53e17.1696816441.1579fc18
vary: Origin
content-type: text/html; charset=utf-8
location: https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=b57b92444e0342ad93831b879a7c55c8&SNR=1&GV=2&med=10
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=93600
content-length: 154
expires: 0

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/239/ Frame 4A09 80 KB
27 KB 62ms
18ms Script
application/x-javascript 23.32.184.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/239/trk.js
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1696816200000
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.32.184.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-184-180.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a9c49f9f526c232731b2ff9aa3e31b686b8b339bdd246bbf74f804c802f9755d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Mon, 09 Oct 2023 01:54:01 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 Jul 2023 11:56:12 GMT
Server: AkamaiNetStorage
ETag: "615fd4ad24a409f4de5416b603f042c1:1689076572.555276"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27646
Expires: Tue, 08 Oct 2024 01:54:01 GMT

GET
H2 200 it
ams3-ib.adnxs.com/ Frame 4A09 0
649 B 27ms
19ms Image
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ams3-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fwheregoes.com%252F&e=wqT_3QLAB-jAAwAAAwDWAAUBCLi6jakGEK7ay-u9r9WUfRgAKjYJJmLYzHsLkD8Re7o0BTh8jj8ZAAAAAClc5z8hew0SACkRJNAxAAAAQOF6pD8w9e2zCzjKQUC1XkjjA1C6iYq2AViY1VJgAGiR92t4yvMFgAEBigEDVVNEkgUG8FiYAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKf8D_qAhZodHRwczovL3doZXJlZ29lcy5jb20vgAMAiAMBkAMAmAMXoAMBqgOxAwrHAhUsHHd3LmJpbmcuASvweWFwaS92MS9tZWRpYXRpb24vdHJhY2tpbmc_YWRVbml0PTM5MTQ2NiZhdUlkPTdkMmY3M2M4LTA5OTEtNDMwYi04MzU1LTNhMWY4ZWFhOTA0MSZiaWRJZD0xNTAwMCZiaWRkZXJJZD00JmNtRXhwSWQ9TFYxJm9BZFVuGVwYcHVibGlzaAUpLDE2MjY0NTMzMCZySZpxALhydHlwZT1udXJsJnRhZ0lkPTIzOTE4MzI1JnRyYWZmaWNHcm91cD1rbmFxZV8zYxEWCFN1YgkZFHp6ZiUzQREf8ElfZ3ZycS1wYmFnZWJ5XzEmYWlkPSR7QVVDVElPTl9JRH0SBTEyMDg1GhM5MDE4ODMzNzE5MjcwNzYzODIyIgkzODE4NDY3MTQqBCFk8Lw6OFUyVmhjbU5vUVdRak56RXdOVFl4TXpneU9EYzRPRE1qTWpNeU1qZzFOVGMxTWpnd01qWTFOQT09wAPYBMgDANgDxdTyAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA8xODUuMjEzLjE1NS4xNDaoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAEuomKtgGIBQGYBQCgBcmk3rGO5tLYBcAFAMkFAABB3hTwP9IFCQkBCgEBaNgFAeAFAfAFAPoFBAgAEACQBgCYBgC4BgDBBgEfNAAA8D_QBsKNBNoGFgoQCRIZAXAQABgA4AYB8gYCCACABwGIBwCgBwHIB8rzBdIHDRVjASYI2gcGAV7AGADgBwDqBwIIAPAH7PsDiggCEACVCAAAgD-YCAHACADSCA4IgYKEiJCgwIABEAAYAA..&s=505e0b8b7a1437090a81ded20d852d97dc67d717

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1696816200000

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:01 GMT
an-x-request-uuid: 24959cb4-d46f-4399-b4a0-81193d51117e
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 185.213.155.146; 185.213.155.146; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 8937 159 KB
53 KB 165ms
91ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CNTiPCdDbLKBFyS5Xx6SsZujkjTkqNtK64cqU2u0fAvw%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LKk_mcvZ6vJsCmbh3GlMA9xW1E4e--yQkBq5MWt97LlyueX6xA35gLXHDelc9Hq0ZHC0gDsZYjW80FIccM34N3GTkMqyt_3N0H9JjlmMcJS_-6fq12Ug1xlqentigq1dl-_pKLdMpsoQM8YtDFx0J_MLa_WrIn1k8v9EsJPaepQpOSa4plkfvPYNcA1y7qocKp_7wUh-AOA8nPEYTTP-Y-Lbuxc06SgvV9h50wWdpwiwp9rG1uckshlNJ0DoluxAp0-4Ct1m68CIvZyYtUAWOu1tLP4a6MyeMZsH9Q_7jXrxfHEErbvmBwsrbgBe5LqH2SCIOhCt6ZdGFjInqHGb6mShVKAkt7E-PfVo8UgY2PNEtleHvghW6J4zFi1xdtlKD_15RtQbVHAmVgdfwVpmSTGAmXhLnGEaD6rLyQOA4ADREzf9vwtEO-sbFL8cVF12SA2UQR2UesPdZL-ApMlx1A6SJ95feBV81tCs1lq2EafJPWeEhPXrkbaBO0QO923iL3zB4gPKmNvExmiXSmGxSo9IZ4t3PN8nHDCqrqn08s0rls5r8EDvbO6ydfjJTvpimsraQLFsZsDScgI7vuJM58LoZS02HAHAw-9ZuZzuKoP9J9uNVTUDwmNtRLHd7qEP-izaZ32PNXCYg

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

dd3ea3c868cc78a72f5b591514b7f60b4cd4416daa379ff79eeccfd37c97ed7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 09 Oct 2023 01:54:00 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=aqX4LmtLNFkPzGo2NqrOF6adRj48sC2V3FzZ1LYXNvXwvlYcwTme9mmvhW0xY7c2MzgWqJIinHxALVAJ8AJqb-geSNhXj_rTSJX0hSy3KIvyFAi5eXAam8-qvYWNlYFn4c2GRbzsQSu9G5GXunJC6Z2DmsAzVzAXecCxSQE5wtRLxwWUvrGzJNpUxeYm__N6E2AdDoFVnoOZRBXeVvXGo88a-hhu8nmqVIGjjw_JfSWxMGAhj7r4axQN-r4K1zpZUAV-kQ"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 49708594
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 6343 281 B
554 B 43ms
8ms Document
text/html 184.30.22.30
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.22.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-22-30.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 09 Oct 2023 01:54:01 GMT
ETag: "40011-119-6051b805b8000"
Last-Modified: Mon, 11 Sep 2023 20:52:16 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 9b8775cd-2249-478f-92b1-69f2ebb59385
beacon-ams3.rubiconproject.com/beacon/d/ Frame 2E3A 43 B
227 B 114ms
20ms Image
image/avif 2602:803:c003:200::67
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beacon-ams3.rubiconproject.com/beacon/d/9b8775cd-2249-478f-92b1-69f2ebb59385?oo=0&accountId=18812&siteId=405332&zoneId=2271886&sizeId=15&e=6A1E40E384DA563BCF8018DFE2F20E1EA518365E52AEE7798671E16F2B36CCB5ACCE91C3596F6DACC6EEE39D2C90C49D683D50851BF2EEDFF21AAE81A675A7229799EC7636009A1BE12BB6BA04C926BC3090C0F91BA1AA1ACBC294E8FE7A636BBBC79D964F42E63A40953E131B0BF4F59E596E189FB1767B389C7F55B391DC0516DF6F5CA9D0C124960B3B7C036C10820CCB410662EDD2A36FADD492043CBEBF118022461E4681CD4A913946C37E1A0DC3823F8F2B8F668B03DBBBAE37900273279F584D4EE03DFB5212FCC5AAAD0BF61C56A6BFB6B267ED15FB1942C23415D4248099A78A10BCA97736C10DFFC3645168EEAC61B7CABCFBE0D740C86CF25D7A6FCD9EF77D88073FFC7567124756096ACC3FB35316B2E1817B8A4A751079BF943CE4502CD22243A4BEBD3EF21703DCA143AECF47E8C2B7DBB0BD5D8034ADA192ECEE85B16C3594C23B62D6FA3989A5AE1C0277C9230A9F2750EF472AB6F1AF509702519DDEA67151E4F505650D06D0C53FD63093164A4A5AB733D0E6E381238AE9524E829D2161DB5264F4AC6EA4EA95F6AF22B075360080FEFD260210B4C69321FB167F81FBB69279624A64B0B7BC051205E6805BEDB5C368AF1386AB96883D39288C96D0298C9879DED08C4865B6D7544C84563430E142A6E3D53D304EEF90665B3A9F87374FFE922FE896EA493F95503E1F4C93944FF7D9EB5416FAA9F6A5DC6BC4C12AB869ADCB47A37491F4B92122C7442F904C1FA5774E5F75236A7DB406AC0F3FCA8E1FE29F020826DCDE58596EAB84DD05A3EA5E2EEAE2969E1F98FB8E6C0EBDF4DEAE12C5D3F238C5627225434BA6102AB3E0874D7DBE810C1E1C47126F71C47C67FE250C0DABA1D281D2BBB8544CAA8193145396EF89816F36C06655694FDF067406A8D9242D4CA0F5589140E4AA53EAC2AC43E2948FA4778D1441D125C5836749B3E2D5CDCF6DB431A2B5C3C63074948A545352139BBE418E9EDA1593D591C246FE60C201931736A3370D49A904A967613F8FE456B9AA09C4CC9DDE24FB98EFCD2A6835389DC720F505941C5D94E737E41D74350B78CC4288D63D5FF4CF3EAE502FD1BAA0ACD4D6CC98DD92340B83F10A6B3DF4CD95CFB3BFCCF20907534C5006443269A8906358651F33E26A65E62765AE05BA0DB177AE7AE978F643D01B15799A7C03D3636BD7049594C643B94C94A0F9D60A7A26FE7E0FCC66

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2602:803:c003:200::67 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:00 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/avif
cache-control: private, max-age=0, no-cache
content-length: 43
x-xss-protection: 1; mode=block
expires: 01 Jan 1970 10:00:00 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame F2C6 163 KB
55 KB 117ms
62ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

a58a5d8ecccfbee49488f2c52f48cd7098545ccbbcfe02b7f64664bb550f1609

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 09 Oct 2023 01:54:00 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=_3lhcWtLNFkPzGo2HAz6eTCS6YQFezyHUiYiKoVYrhB-TQ-QXI-LzXFEjD98WeYcM8nXzrIVhshqzRZ-bK33y68NfcFzszW-iPhbENNHiAVwg_fJ7f_4Uzp94Vk1ERd8qYv1x1la7NY_rVnMYxhIjv2BZ1iKoyEtPgyNCPg6ERuUB7LHyLMlT1IDW-oou7OMmG8inkfnIb1yXFIyt5fGOpqf0Y83BxDqT3X_36ITmItytnTuu4snd5hh4eZpGZJgSeD-kA"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 44994964
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 9E97 281 B
554 B 30ms
7ms Document
text/html 184.30.22.30
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.22.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-22-30.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 09 Oct 2023 01:54:01 GMT
ETag: "40011-119-6051b805b8000"
Last-Modified: Mon, 11 Sep 2023 20:52:16 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 64531a66-7c02-49bd-99ad-201c76575184
beacon-ams3.rubiconproject.com/beacon/d/ Frame 4DC8 43 B
75 B 97ms
21ms Image
image/avif 2602:803:c003:200::67
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beacon-ams3.rubiconproject.com/beacon/d/64531a66-7c02-49bd-99ad-201c76575184?oo=0&accountId=18812&siteId=405332&zoneId=2271886&sizeId=10&e=6A1E40E384DA563BC5D17A70D64201417604C3ED70F5930ADF3C04C5B05B950470F47D2745D56DD0322F7CFEF9EC9680683D50851BF2EEDFA6F1889D205262B562B95EEBC75E668AAABCB2150BFAE00D92A71DCC85EEDB3914699BEDC5B01CBA0AF9818DAD5B55FF5CF9EAB2BABBF2CC79E6A21FF607BEC16ADEE277FF6C873E25A6C0E18649BBF04BEE06D9B2EAF867F91B97590BF79B374297698A90BB6EF72854AE6417648CE92BC3B3BAE1842AF214D99824AD786E526508BD2EDDF04833D865CC376D33FDCE1BFBB54A29F6BDE901D1E10EF57BD41D550E2B0CFADD19B689C4C95851EA609FA12BC0029FD587517C91DAD4F2319D7F92830045D2A41DDAA0E4988BF4006281C4E2BBFD906CA0E660BA2F448CB7ECC4CCA9697A95D914A771A73A97A5B841AE57A1876DB4D970A421174321827F41AD2BB7770897F3DDC37031776A69DB03C105CE8DE3AB8C52722B142FF2895773C460633805838D4C1CC5937F725B6795CE10F4D4AF3363AE18B809F0AA93C6E7F68E1136C22BE0714A05CB06CAB58D62AE69F3184862AF4CB3EC320B30BB32FD71DA7AB4393CE810BC6A52ECF6F1514752E94762156E06EB5C1440D17445297C0BA91146A05589284A71DB126EC144B5ADCB3E0F6D5A74CC3F0AE4FC72B9835ADFA2CB528668274B22AE4822875E893DDEB53BD6BE7842DF88186F2BE1764D88E62B2F8AC83039BDA0913543FB60FC65D68605EFAB6985C9F0B66AF22B75BC45FACD7D1BF7F3F65F6A8542901DD6256C46A7347BD085EE108E9804B3035587927DAA6C103EED1FCA2B1CABDBA7A27593742371C3BF247C53D2526ABCBF86E9AE7B5B20029902A313AF1DAF7B937191AD770E0D3028942FA2B2F7CEDD179BA0402196B1B42B156227F0D69B3627CD687395379742485AC6B8CBD5D8B7B108D738CFC701146D78A3F8D158BA35428EDF7DE9597A0515DE72EF4168E8552507DD47F0C907EFFAF0516D50A5FF38BF407443EC1BFD24DDE9DF807878009F989E9F8A03F48ECFBC8148DEF90D493DBF01D0B5260504AF1277F83A3236A69B397AED85C86B3FF9E7F4D2AA5F4E22B752A37AE0D7F958201C8F22B6EC7BFEDC1DD8BFC391936C327134F3EF85027BAE0B885510ED2605645952F60178392C9DEE4024741F5D7F34D9DF4CB11CA3534C4F372C610E6EB3F3F64C0929EA7BE8EF8E32895E348FE668D5CAA32C3C

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2602:803:c003:200::67 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:00 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/avif
cache-control: private, max-age=0, no-cache
content-length: 43
x-xss-protection: 1; mode=block
expires: 01 Jan 1970 10:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 6343 36 KB
11 KB 9ms
7ms Script
text/html 184.30.22.30
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.22.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-22-30.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: bcde8a2e818836cff71753e0c09b9348ccdc18647d05f04376ae8b39a101c4e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Mon, 09 Oct 2023 01:54:01 GMT
Content-Encoding: gzip
Last-Modified: Sun, 08 Oct 2023 14:49:55 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=46584
Connection: keep-alive
Content-Length: 10540
Expires: Mon, 09 Oct 2023 14:50:25 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 9E97 36 KB
11 KB 7ms
7ms Script
text/html 184.30.22.30
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.22.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-22-30.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: bcde8a2e818836cff71753e0c09b9348ccdc18647d05f04376ae8b39a101c4e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Mon, 09 Oct 2023 01:54:01 GMT
Content-Encoding: gzip
Last-Modified: Sun, 08 Oct 2023 14:49:55 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=46584
Connection: keep-alive
Content-Length: 10540
Expires: Mon, 09 Oct 2023 14:50:25 GMT

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame 6343 7 B
380 B 110ms
8ms XHR
application/json 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
Expires: 0

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame 9E97 7 B
380 B 98ms
8ms XHR
application/json 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Expires: 0

GET
H2 200 th
www.bing.com/ Frame 4A09 6 KB
7 KB 11ms
9ms Image
image/jpeg 2a02:26f0:480:22::1726:62f9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bing.com/th?id=OADD2.7421763241444_140ACC0CL4TYXP374R&pid=21.2&c=3&w=200&h=105&qlt=90
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:22::1726:62f9 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: daa281744cfede042bf6ee84f5411afcee5d716d4b1a61e2561b0dfccf8564d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
x-cdn-traceid: 0.39d53e17.1696816441.1579fc53
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-type: image/jpeg
cache-control: public, max-age=2592000
timing-allow-origin: *
access-control-allow-headers: *
content-length: 6435
alt-svc: h3=":443"; ma=93600

GET
H2 200 rd_log Show response
ams3-ib.adnxs.com/ Frame 4A09 0
649 B 15ms
14ms Script
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fwheregoes.com%2F&e=wqT_3QKHBOgHAgAAAwDWAAUBCLi6jakGEK7ay-u9r9WUfRgAKjYJJmLYzHsLkD8Re7o0BTh8jj8ZAAAAAClc5z8hew0SACkRJNAxAAAAQOF6pD8w9e2zCzjKQUC1XkjjA1C6iYq2AViY1VJgAGiR92t4yvMFgAEBigEDVVNEkgUG8LyYAawCoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABANgCAOACn_A_6gIWaHR0cHM6Ly93aGVyZWdvZXMuY29tL4ADAIgDAZADAJgDF6ADAaoDAMAD2ATIAwDYA8XU8gHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQPMTg1LjIxMy4xNTUuMTQ2qAQAsgQPCAAQARjYBSBaKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBLoB3lSIBQGYBQCgBcmk3rGO5tLYBcAFAMkFISscAADwP9IFCQkJDHAAANgFAeAFAfAFAPoFBAgAEACQBgCYBgC4BgDBBgkjLPA_0AbCjQTaBhYKEAkSGQFwEAAYAOAGAfIGAggAgAcBiAcAoAcByAfK8wXSBw0VYwEmCNoHBgFeoBgA4AcA6gcCCADwB-z7A4oIAhAAlQgAAIA_mAgBwAgA0ggGCAAQABgA&s=aca7e33edfc8107f8a311b770dec997229cc3692&bdref=https%3A%2F%2Fwheregoes.com%2F&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fwheregoes.com%2F,https%3A%2F%2Fwheregoes.com%2F&

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:01 GMT
an-x-request-uuid: 7ee599b9-bf05-4197-ac5b-0e4638507757
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 185.213.155.146; 185.213.155.146; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame F2C6 2 KB
1 KB 16ms
15ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 03 Oct 2024 01:54:01 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame F2C6 2 KB
1 KB 17ms
16ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 03 Oct 2024 01:54:01 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame F2C6 308 B
636 B 18ms
16ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 03 Oct 2024 01:54:01 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame F2C6 293 B
621 B 16ms
15ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 03 Oct 2024 01:54:01 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame F2C6 43 B
347 B 98ms
18ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=6CbAT795iohney92WmgLHSMfYxBBj7A1zcyNJjktGWw2IZ_hattR3EsuRVbnWNjY4udwMh3ndlBHlnoimNBNSIYM0SqBKCvCl6lxvOO6sOaP5--DdLt9ZfCHL1GBWbEa3F4xzjXwL_o3V8Xy4e8x7JQLftmVmkRSFjNccAGZEtaDF0hl6YHB6Ppe5M6u2UaypT5KWWOBXTAXbm_DLnxH3Dscmo_7BYZ5GiyG6KknRmj2bm9y28tV565ChvDBk-lyLqB2QwCVlZAFgkqXdnuPnRGfyHGdOpHQXtoznH49a7-LIFcSHXJlfFPbt8xeMWr1RZ14Y6vNOZC4pcwKEwNNV5ZY5WaMCbi2kCtkRPZZLG0SHi17kh2DXadPYt2XhkEzA4yZPacUtSPSLtQBPxr5OKOofhHrOXEY4SCx6rLWpSSW1pqG-WD9OCsxEFD07Flp9l8KjQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2708853
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame F2C6 44 B
580 B 77ms
32ms Image
image/gif 2600:9000:223c:9c00:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1696816440
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:9c00:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
via: 1.1 6faa38f38a1fee24a829fec7c748876c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-cache: Miss from cloudfront
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
cross-origin-resource-policy: cross-origin
content-length: 44
pragma: no-cache
server: nginx
accept-ch: Sec-Ch-Ua-Model, Sec-Ch-Ua-Platform, Sec-Ch-Ua-Platform-Version
access-control-allow-methods: POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
x-amz-cf-id: P3baE_89voUn35tJsO5-42moJOrPID18uiMxUmQSrK9yexlKPI46gw==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 8937 2 KB
1 KB 16ms
15ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CNTiPCdDbLKBFyS5Xx6SsZujkjTkqNtK64cqU2u0fAvw%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LKk_mcvZ6vJsCmbh3GlMA9xW1E4e--yQkBq5MWt97LlyueX6xA35gLXHDelc9Hq0ZHC0gDsZYjW80FIccM34N3GTkMqyt_3N0H9JjlmMcJS_-6fq12Ug1xlqentigq1dl-_pKLdMpsoQM8YtDFx0J_MLa_WrIn1k8v9EsJPaepQpOSa4plkfvPYNcA1y7qocKp_7wUh-AOA8nPEYTTP-Y-Lbuxc06SgvV9h50wWdpwiwp9rG1uckshlNJ0DoluxAp0-4Ct1m68CIvZyYtUAWOu1tLP4a6MyeMZsH9Q_7jXrxfHEErbvmBwsrbgBe5LqH2SCIOhCt6ZdGFjInqHGb6mShVKAkt7E-PfVo8UgY2PNEtleHvghW6J4zFi1xdtlKD_15RtQbVHAmVgdfwVpmSTGAmXhLnGEaD6rLyQOA4ADREzf9vwtEO-sbFL8cVF12SA2UQR2UesPdZL-ApMlx1A6SJ95feBV81tCs1lq2EafJPWeEhPXrkbaBO0QO923iL3zB4gPKmNvExmiXSmGxSo9IZ4t3PN8nHDCqrqn08s0rls5r8EDvbO6ydfjJTvpimsraQLFsZsDScgI7vuJM58LoZS02HAHAw-9ZuZzuKoP9J9uNVTUDwmNtRLHd7qEP-izaZ32PNXCYg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 03 Oct 2024 01:54:01 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 8937 2 KB
1 KB 17ms
16ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 03 Oct 2024 01:54:01 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 8937 308 B
636 B 17ms
16ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 03 Oct 2024 01:54:01 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 8937 293 B
621 B 18ms
17ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 03 Oct 2024 01:54:01 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame 8937 43 B
348 B 86ms
17ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=HC-BaNscq-iY08yeKgzkAhgSDJJawI5WPzDiNMzREoLKkKGhR1Bn0Y0pe9KH1mnSmFvaMEixjpVVD0KlkrSjdsNLsG9mJNZ0ZKb-C7IRWvb7abOBPpGJy3x30qMQ2891_hoSj96pOKawMJs96hW0o808Ck11lRaBEwEnUh1gqQcH-aWHMRC6MvgPL2KglujImSxQWjh93FWg8vhdj4SPjzAQhrFLFeJszD9uQxfoY2nwGjhVG3A_JqLufavQg1VfaOXm3CZxrpgCbOAl6l45LMho2TdpLFz3ktXN1uL7M49y2_YE1VTsxCKqlx7k2RDOE8YsmsfyqBBwyRlYOZRfLthgP_8XhkKsGKluaKOHWjn61gA71ShE-NhenPy7j8a4S95-Zmx4XqoPegnaI3hqRNJsGxfM3svAyyj2sntKIuVvEXTjyVzYhU6FH4IZuaAdN01rgA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:00 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2294244
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame 8937 44 B
580 B 67ms
34ms Image
image/gif 2600:9000:223c:9c00:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1696816440
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CNTiPCdDbLKBFyS5Xx6SsZujkjTkqNtK64cqU2u0fAvw%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LKk_mcvZ6vJsCmbh3GlMA9xW1E4e--yQkBq5MWt97LlyueX6xA35gLXHDelc9Hq0ZHC0gDsZYjW80FIccM34N3GTkMqyt_3N0H9JjlmMcJS_-6fq12Ug1xlqentigq1dl-_pKLdMpsoQM8YtDFx0J_MLa_WrIn1k8v9EsJPaepQpOSa4plkfvPYNcA1y7qocKp_7wUh-AOA8nPEYTTP-Y-Lbuxc06SgvV9h50wWdpwiwp9rG1uckshlNJ0DoluxAp0-4Ct1m68CIvZyYtUAWOu1tLP4a6MyeMZsH9Q_7jXrxfHEErbvmBwsrbgBe5LqH2SCIOhCt6ZdGFjInqHGb6mShVKAkt7E-PfVo8UgY2PNEtleHvghW6J4zFi1xdtlKD_15RtQbVHAmVgdfwVpmSTGAmXhLnGEaD6rLyQOA4ADREzf9vwtEO-sbFL8cVF12SA2UQR2UesPdZL-ApMlx1A6SJ95feBV81tCs1lq2EafJPWeEhPXrkbaBO0QO923iL3zB4gPKmNvExmiXSmGxSo9IZ4t3PN8nHDCqrqn08s0rls5r8EDvbO6ydfjJTvpimsraQLFsZsDScgI7vuJM58LoZS02HAHAw-9ZuZzuKoP9J9uNVTUDwmNtRLHd7qEP-izaZ32PNXCYg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:9c00:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
via: 1.1 6faa38f38a1fee24a829fec7c748876c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-cache: Miss from cloudfront
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
cross-origin-resource-policy: cross-origin
content-length: 44
pragma: no-cache
server: nginx
accept-ch: Sec-Ch-Ua-Model, Sec-Ch-Ua-Platform, Sec-Ch-Ua-Platform-Version
access-control-allow-methods: POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
x-amz-cf-id: QkhhcXm6XlMVq6A4Q6waIx0ju7x671aAzmw3z5RCNi-1w2OmqwgPIA==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 dis.aspx Show response
widget.fr3.eu.criteo.com/dis/ Frame 107C 6 KB
3 KB 86ms
17ms Document
text/html 178.250.7.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d3889b732987812e6a016ed3f26&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

b3279a8f64a3eaf5ef9eec9f393e50b49598df74ed2817d18e0afdc316c9529e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-encoding: gzip
content-type: text/html
date: Mon, 09 Oct 2023 01:54:01 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 1950371
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
vary: Accept-Encoding

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2E3A 0
0 155ms
76ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst6OLqx5mFtkzv6zbOeKWy9LyT8Cet5YtuJG6lXunk9Orp1rkK-hV93YW1MP1xFH2aW4fntuBpnnujFYNy7QIW_4oyjXyVcUBRmWyGuLIwranaIGssWUCUB_hK8txX_gzs1BtHCUcWVWq-VNQJu5ImZrUGDjqrl00Y5kLrFR5enADc58niuUcy_mDX-FCQoQoj31efqjkj-AgEaFivJp85CZ1Uonn30rc4RjYH9dtCj4kv38sF08P6UETMzDsS3kCwj9vn1rhwiGVpwA1Wt8pomP98NtJ8GKY9SsJ7sPKv074K5TqT_amp7S0xc715HJlxdiw0omaN0pSwCJ0XG3YXj0GBIhFUCkXk&sai=AMfl-YSVwbmwi8a-o8bvuyfhdbzPhReFRVI8ZGaVngrXkQrtxuGZ0H7OnaxXDo4R_asSVpHNbIck2HLTt3Pk0E8ghIoZa9kYbryazWy2703TGvafBNjeAVDnGAlWbS6xLrFPFDjtn_CjnlceZ2RFSvBK&sig=Cg0ArKJSzATlQaRDh56xEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 09 Oct 2023 01:54:01 GMT

GET
DATA 200
OK truncated
/ Frame 2E3A 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: adb0c1ab3e8e50952cae5ec25ee05f1f6ba693cdfe9c2c4b204467b0ce1f376f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame F2C6 12 KB
5 KB 29ms
12ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 873745
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rbWYADc1olxNgyrZypkv%2BSE0snrXoGcB2lb5ukwDdLMqGedkRXpOQhA2VuA7AiMJJuHD%2FnI6rE1y%2B6Zij7YW%2F7TTn8W%2BzWI6vEt3KOMti%2FV3RiRKSmmpJ1xherV5kEGDhI7S4brvLffLYYrKL3nuVOEN"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8132fe477db29b69-FRA
expires: Sat, 28 Sep 2024 01:54:01 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame F2C6 12 KB
6 KB 17ms
17ms Script
text/javascript 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 03 Oct 2024 01:54:01 GMT

GET
DATA 200
OK truncated
/ Frame 4A09 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 455dfec854895ed2c7f9204662d0c9861a84a7aca05b1d23f2373f267add032f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dis.aspx Show response
widget.fr3.eu.criteo.com/dis/ Frame 2B5E 6 KB
3 KB 18ms
18ms Document
text/html 178.250.7.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4bd1f80773ff9ecf45fcd099dcd4b104512cc03460d35f1a8890411917aedd5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-encoding: gzip
content-type: text/html
date: Mon, 09 Oct 2023 01:54:00 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 1779315
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
vary: Accept-Encoding

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 8937 12 KB
5 KB 15ms
14ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 873745
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kM3Hd4lnmN6%2FzkGQWAfBklnQtfHjFm%2Br7MMBiVZwcsMVmtpAYC2c%2FpbCv4YZrr106o4vv2Lhinu%2FCtYGo47cmjy9f2h8%2BF74mfZ5aUrwCLW6Yiz4CDTAmuzobfv6maqn2P4dUJ9jvhbqgYTAXlosh6Go"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8132fe47adc39b69-FRA
expires: Sat, 28 Sep 2024 01:54:01 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 8937 12 KB
6 KB 17ms
17ms Script
text/javascript 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 03 Oct 2024 01:54:01 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame DB4B 13 KB
5 KB 43ms
38ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 148776
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 07 Oct 2023 08:34:25 GMT
expires: Sun, 06 Oct 2024 08:34:25 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 2C28 829 B
1 KB 130ms
44ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a63dfd713cc51d399b4ba5a01736efd903cfee3d1acd075a9792bf5b553fe784

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-LpTVlHspAn3FI-TsLafdJA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-LpTVlHspAn3FI-TsLafdJA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 09 Oct 2023 01:54:01 GMT
expires: Mon, 09 Oct 2023 01:54:01 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4DC8 0
0 77ms
77ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstgWnXdM_3NtDQ5Ge3wu6IyGFS9Xg0CNJmya4FcBRrEi4cUrlI42FrqY2DNdr_aic9eSBGfBZWFC1c0zy1FBRYyoJl0HMbCruAP_HBBXlvWqpRZnC1ORLjck8ppAmYSY3D2TAlKgsaHVzxXHscAuumWa-OLHeBrG7KZ3S5D6qbHiSbfz8qn_tm9Vvve6ugvgMxKnEYP8OqY-Ev0aqm7kRVdrj6zExtfKgGCMAvGalQdjrFbCI7infrk6YoJCk9znuFidPVeaQai79rK38rCvWjw1T7Jo6Q1JnpwkqBA5jK5LHB5qLjdXjJjtuTSgftQqF9fV62KCeoSGzw9bAkWvf1_r2R6OyRtVVOLmvXrG8d5&sai=AMfl-YR9dJ5fFYRI27cTCwrfiWR21es977QcGbi6XlEvEpZkC71XsRHS65PDka0Fmx8W-7KWa-yxHqMPlZOAgZ6zcrznhLxiTFQr4uFeQOWmfJZbfC_eyGoWlxSuZH49xOvdpqaD9k2fQD9JK50C7Fpd&sig=Cg0ArKJSzHaB2oRYX7NQEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 09 Oct 2023 01:54:01 GMT

GET
DATA 200
OK truncated
/ Frame 4DC8 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fa4a3a01096bcf7ac1ba125e914238a69ed59fef56ba5915ca73f5e58b1d82bb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 f9d5f193fe704d30bc6e97384f41c8fe_relative-bold-pro.woff
static.criteo.net/design/dt/ Frame 8937 57 KB
57 KB 62ms
31ms Font
application/octet-stream 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/f9d5f193fe704d30bc6e97384f41c8fe_relative-bold-pro.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

0c94f7120af1dd1e52881cfb218fb4fda3f26d6971c0ebd317ba23b459dcaa1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 20 Apr 2023 14:26:14 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"64414b86-e41c"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 03 Oct 2024 01:54:01 GMT

GET
H2 200 f9d5f193fe704d30bc6e97384f41c8fe_relative-bold-pro.woff
static.criteo.net/design/dt/ Frame F2C6 57 KB
57 KB 71ms
52ms Font
application/octet-stream 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/f9d5f193fe704d30bc6e97384f41c8fe_relative-bold-pro.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

0c94f7120af1dd1e52881cfb218fb4fda3f26d6971c0ebd317ba23b459dcaa1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 20 Apr 2023 14:26:14 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"64414b86-e41c"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 03 Oct 2024 01:54:01 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame F2C6 14 KB
14 KB 100ms
31ms Image
image/png 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=104&m=0&partner=2861&q=80&r=0&u=https%3A%2F%2Fstatic.fr3.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F230524%2Fab5244b2b96f4d3db06cb0ff9e6efb06_logo_n_horizontal_9.png&v=3&w=596&rid=6&s=Pu6BiB_MZ2G9sf8KxyfoC0mR

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

940237e5b80c927a656ad2ac73211077ac8fa628d5d07583ed42e911c2c140a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 14467
expires: Mon, 02 Sep 2024 06:49:31 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame F2C6 3 KB
4 KB 84ms
16ms Image
image/png 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FB%2FlogoRheinmetall-Group-1262DE-2101221907.gif%3Feb%3D1&v=3&w=400&rid=6&s=YdEIB15QpSjl65vrKw2Er1cC&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

75c8de3ba4043fd9dab660900b35ca6c6af748d523ae20e6976505c8a9cd5980

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=85504
timing-allow-origin: *
content-length: 3411
expires: Mon, 09 Oct 2023 11:44:05 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame F2C6 2 KB
3 KB 101ms
33ms Image
image/png 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F5%2FlogoUSU-Gruppe-5540DE-2002051616.gif%3Feb%3D1&v=3&w=400&rid=6&s=aDxtNmRpCTlBHyQa-Kkvl91f&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

05f125dcff74cdb98cf0e79d19d615ba6d721bb455e45513bb4a55fcce678b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=85439
timing-allow-origin: *
content-length: 2544
expires: Mon, 09 Oct 2023 10:42:31 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame F2C6 2 KB
2 KB 84ms
16ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F6%2FlogoBosch-Gruppe-2804DE-1909091413.gif%3Feb%3D1&v=3&w=400&rid=6&s=OSdOZRntYbchQdnvU9-RxGZ0&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

590902941df60bb8d5a4733cf248267f869a2bd2dec49a3e373a992573745f2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=86399
timing-allow-origin: *
content-length: 1582
expires: Mon, 09 Oct 2023 18:02:42 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame F2C6 2 KB
3 KB 85ms
17ms Image
image/png 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F6%2FlogoMTL-Montagetechnik-Larem-GmbH-266243DE-2106031502.gif%3Feb%3D1&v=3&w=400&rid=6&s=tzZZt9bVXYeS3FhnHE2gQFQS&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

0ac2396efafe75e0da9c789ea30edc630485c937fcb0700f00fb265aa5b3bf6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=86400
timing-allow-origin: *
content-length: 2519
expires: Mon, 09 Oct 2023 16:36:55 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame F2C6 2 KB
2 KB 100ms
32ms Image
image/png 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FB%2FlogoSpeira-GmbH-142311DE-2201281329.gif%3Feb%3D1&v=3&w=400&rid=6&s=sY8iuBmy74jnOsYNpil3cS_y&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

41a65bfc1157d14a7bddd775fede275437dc49f1468bd25429b28e5ec373bcda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 1600
expires: Thu, 19 Oct 2023 18:01:14 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame F2C6 2 KB
3 KB 32ms
31ms Image
image/png 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FN%2FlogoNTT-DATA-Deutschland-GmbH-107448DE.gif%3Feb%3D1&v=3&w=400&rid=6&s=jgf-VnaNHvbU6OFCz9W7TT72&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ba20d5806e9847556edd74c9ef0bc3962e3b247741dac5c069d3131e7c17c65f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:00 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=86400
timing-allow-origin: *
content-length: 2367
expires: Mon, 09 Oct 2023 10:24:41 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame F2C6 1 KB
1 KB 33ms
33ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F6%2FlogoCampbell-Hormann-Rechtsanwaelte-Steuerberater-Partnerschaftsgesellschaft-mbB-146603DE-2308281049.gif%3Feb%3D1&v=3&w=400&rid=6&s=L_4oLwzAuOW5RvS9lot8k3b2&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

2fce74af21aa125f328a75a9b99be632bca88f5a001b9806cc013a347bd796e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=86365
timing-allow-origin: *
content-length: 1078
expires: Mon, 09 Oct 2023 15:22:37 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame F2C6 2 KB
3 KB 34ms
34ms Image
image/png 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F1%2FlogoPacura-doc-GmbH-244572DE-2108101252.gif%3Feb%3D1&v=3&w=400&rid=6&s=x2DYII6nJxK7wz2QOUz65kig&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

1be08882dfeb8650bd7e5095225c4486fca31df5c071bb103f053f2c45b715ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=2591998
timing-allow-origin: *
content-length: 2486
expires: Tue, 10 Oct 2023 09:20:58 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame F2C6 4 KB
5 KB 37ms
37ms Image
image/png 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FC%2FlogoBWI-GmbH-82433DE-2208161325.gif%3Feb%3D1&v=3&w=400&rid=6&s=EtBeg5nQSnr_a19B0xzUOSo-&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

cc3b04e00cede182123138355e4659b44ea24ad4a89243615203533591cedc61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=85500
timing-allow-origin: *
content-length: 4456
expires: Mon, 09 Oct 2023 10:44:16 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame F2C6 2 KB
3 KB 35ms
35ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FE%2FlogoSchaeffler-Technologies-AG-Co-KG-79856DE-2101271253.gif%3Feb%3D1&v=3&w=400&rid=6&s=pRhRVemE5pfG7oqKfDvlQPGz&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ee394e6bad8b58e9e05342581e377e527b90b5b49a2f658119d3fa055c75d6c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=85628
timing-allow-origin: *
content-length: 2384
expires: Tue, 10 Oct 2023 01:30:37 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame F2C6 0
128 B 67ms
15ms Ping
text/plain 2a02:2638:d::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=_3lhcWtLNFkPzGo2HAz6eTCS6YQFezyHUiYiKoVYrhB-TQ-QXI-LzXFEjD98WeYcM8nXzrIVhshqzRZ-bK33y68NfcFzszW-iPhbENNHiAVwg_fJ7f_4Uzp94Vk1ERd8qYv1x1la7NY_rVnMYxhIjv2BZ1iKoyEtPgyNCPg6ERuUB7LHyLMlT1IDW-oou7OMmG8inkfnIb1yXFIyt5fGOpqf0Y83BxDqT3X_36ITmItytnTuu4snd5hh4eZpGZJgSeD-kA&sds=2&rev=88731&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame F2C6 2 KB
1 KB 16ms
16ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 03 Oct 2024 01:54:01 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame F2C6 2 KB
1 KB 15ms
15ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 03 Oct 2024 01:54:01 GMT

POST
H2 200 vevent
ams3-ib.adnxs.com/ Frame 4A09 0
662 B 14ms
14ms Ping
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fwheregoes.com%2F&e=wqT_3QLAB-jAAwAAAwDWAAUBCLi6jakGEK7ay-u9r9WUfRgAKjYJJmLYzHsLkD8Re7o0BTh8jj8ZAAAAAClc5z8hew0SACkRJNAxAAAAQOF6pD8w9e2zCzjKQUC1XkjjA1C6iYq2AViY1VJgAGiR92t4yvMFgAEBigEDVVNEkgUG8FiYAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKf8D_qAhZodHRwczovL3doZXJlZ29lcy5jb20vgAMAiAMBkAMAmAMXoAMBqgOxAwrHAhUsHHd3LmJpbmcuASvweWFwaS92MS9tZWRpYXRpb24vdHJhY2tpbmc_YWRVbml0PTM5MTQ2NiZhdUlkPTdkMmY3M2M4LTA5OTEtNDMwYi04MzU1LTNhMWY4ZWFhOTA0MSZiaWRJZD0xNTAwMCZiaWRkZXJJZD00JmNtRXhwSWQ9TFYxJm9BZFVuGVwYcHVibGlzaAUpLDE2MjY0NTMzMCZySZpxALhydHlwZT1udXJsJnRhZ0lkPTIzOTE4MzI1JnRyYWZmaWNHcm91cD1rbmFxZV8zYxEWCFN1YgkZFHp6ZiUzQREf8ElfZ3ZycS1wYmFnZWJ5XzEmYWlkPSR7QVVDVElPTl9JRH0SBTEyMDg1GhM5MDE4ODMzNzE5MjcwNzYzODIyIgkzODE4NDY3MTQqBCFk8Lw6OFUyVmhjbU5vUVdRak56RXdOVFl4TXpneU9EYzRPRE1qTWpNeU1qZzFOVGMxTWpnd01qWTFOQT09wAPYBMgDANgDxdTyAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA8xODUuMjEzLjE1NS4xNDaoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAEuomKtgGIBQGYBQCgBcmk3rGO5tLYBcAFAMkFAABB3hTwP9IFCQkBCgEBaNgFAeAFAfAFAPoFBAgAEACQBgCYBgC4BgDBBgEfNAAA8D_QBsKNBNoGFgoQCRIZAXAQABgA4AYB8gYCCACABwGIBwCgBwHIB8rzBdIHDRVjASYI2gcGAV7AGADgBwDqBwIIAPAH7PsDiggCEACVCAAAgD-YCAHACADSCA4IgYKEiJCgwIABEAAYAA..&s=505e0b8b7a1437090a81ded20d852d97dc67d717&type=nv&nvt=5&jm=1003&px=436&py=374&bw=182&bh=90&sid=2550057421901410257&vd=ct~0|rr~0&sv=239&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=23918325&sw=1600&sh=1200&pw=1600&ph=2832&ww=1600&wh=1200&ft=2

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/239/trk.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:01 GMT
an-x-request-uuid: e262e24f-1c02-4ba7-96f2-c40853c0e9fe
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: https://wheregoes.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 185.213.155.146; 185.213.155.146; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 8937 2 KB
3 KB 19ms
17ms Image
image/png 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

05f125dcff74cdb98cf0e79d19d615ba6d721bb455e45513bb4a55fcce678b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=85439
timing-allow-origin: *
content-length: 2544
expires: Mon, 09 Oct 2023 10:42:31 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 8937 3 KB
4 KB 18ms
17ms Image
image/png 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

75c8de3ba4043fd9dab660900b35ca6c6af748d523ae20e6976505c8a9cd5980

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:00 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=85504
timing-allow-origin: *
content-length: 3411
expires: Mon, 09 Oct 2023 11:44:05 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 8937 2 KB
3 KB 19ms
17ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ee394e6bad8b58e9e05342581e377e527b90b5b49a2f658119d3fa055c75d6c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=85628
timing-allow-origin: *
content-length: 2384
expires: Tue, 10 Oct 2023 01:30:37 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 8937 2 KB
3 KB 21ms
20ms Image
image/png 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

0ac2396efafe75e0da9c789ea30edc630485c937fcb0700f00fb265aa5b3bf6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:00 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=86400
timing-allow-origin: *
content-length: 2519
expires: Mon, 09 Oct 2023 16:36:55 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 8937 2 KB
3 KB 22ms
21ms Image
image/png 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ba20d5806e9847556edd74c9ef0bc3962e3b247741dac5c069d3131e7c17c65f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:00 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=86400
timing-allow-origin: *
content-length: 2367
expires: Mon, 09 Oct 2023 10:24:41 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 8937 4 KB
5 KB 19ms
19ms Image
image/png 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

cc3b04e00cede182123138355e4659b44ea24ad4a89243615203533591cedc61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=85500
timing-allow-origin: *
content-length: 4456
expires: Mon, 09 Oct 2023 10:44:16 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 8937 2 KB
2 KB 21ms
21ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

590902941df60bb8d5a4733cf248267f869a2bd2dec49a3e373a992573745f2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:00 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=86399
timing-allow-origin: *
content-length: 1582
expires: Mon, 09 Oct 2023 18:02:42 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 8937 9 KB
10 KB 21ms
20ms Image
image/png 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=76&m=0&partner=2861&q=80&r=0&u=https%3A%2F%2Fstatic.fr3.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F230524%2Fab5244b2b96f4d3db06cb0ff9e6efb06_logo_n_horizontal_9.png&v=3&w=596&rid=6&s=MdzZYlYFpRSSNFiri8lO_1nK

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

8d8311f04699875ceb49422f49ae378d923533a0b40fbcedf3f356999239cded

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 9654
expires: Mon, 02 Sep 2024 06:49:31 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 8937 964 B
1 KB 21ms
21ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FF%2FlogoMercedes-Benz-Ludwigsfelde-GmbH-212709DE-2106010953.gif%3Feb%3D1&v=3&w=400&rid=6&s=7g8bmWzsoetU2IldTbPU07pc&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ad1c8d7fbe184dc60b52f4fd8ab4fdf2a98d813097e67d918e5ed916b1c37d1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:00 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2590259
timing-allow-origin: *
content-length: 964
expires: Tue, 10 Oct 2023 09:29:48 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 8937 0
127 B 15ms
15ms Ping
text/plain 2a02:2638:d::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=aqX4LmtLNFkPzGo2NqrOF6adRj48sC2V3FzZ1LYXNvXwvlYcwTme9mmvhW0xY7c2MzgWqJIinHxALVAJ8AJqb-geSNhXj_rTSJX0hSy3KIvyFAi5eXAam8-qvYWNlYFn4c2GRbzsQSu9G5GXunJC6Z2DmsAzVzAXecCxSQE5wtRLxwWUvrGzJNpUxeYm__N6E2AdDoFVnoOZRBXeVvXGo88a-hhu8nmqVIGjjw_JfSWxMGAhj7r4axQN-r4K1zpZUAV-kQ&sds=2&rev=88731&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 09 Oct 2023 01:54:00 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 8937 2 KB
1 KB 15ms
15ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 03 Oct 2024 01:54:01 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 8937 2 KB
1 KB 15ms
15ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 03 Oct 2024 01:54:01 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4A09 0
0 76ms
76ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssHblcBWsK8fTQcW5wG-n1evxnCIQCrqNr4xXADuy0Vn8BeyRzj4Gurz72WoTY0kfGC0Tmofx9NX3jeknKY3zm4L09U2ankJTBUEYnZSayQ-X-8yX8LnjsqvmovCoFdKIXZueJC1paw7loGEkxKe8_bHBfzSBaN1SwPPQtZH36iG87CIoXJb17JGZlEUL6mmYjpqEoSNuBVHYxLjmyvQPwex4eE3lQlJDgBAVE_QCJ2sNbO9VkKCQfn7eQaP00I1esPAEyTa2xoGMIfpdJB7OccndNBCu2LPhb6TzFcZVMH4vUWeP6deodddlBxc87rNRu6tnfIdPI7RXxe7uQr6-N0Sk0jxUKBzCBRAIk&sai=AMfl-YR_KOUs3HbGbyQD3P57hqy4Fa6pDwR88ETJZaXhnABicozL1p1rHJHTiqCZIDT82wORQQ11_8cgB09nqpQhv28uu4K0Lqsa3Ve_f4CQb51_mUi7Vj-9pFStCzRy_L6tnTuZziktAL4M_T-gZy7a&sig=Cg0ArKJSzG9XRBjq4QqIEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 09 Oct 2023 01:54:01 GMT

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame 9720
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-F4WLOAQRjFerJNaOgB-lNy9-4YZKdasRzusl6A&google_cm&google_hm=ay1GNFdMT0FRUmpGZXJKTmFPZ0ItbE55OS00WVpLZGFzU...
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-F4WLOAQRjFerJNaOgB-lNy9-4YZKdasRzusl6A&google_gid=CAESED4FluJhixF19n7mToS2GXM&google_cver=1&google_ula=913071,0

43 B
370 B

52ms
15ms

Image
image/gif

178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-F4WLOAQRjFerJNaOgB-lNy9-4YZKdasRzusl6A&google_gid=CAESED4FluJhixF19n7mToS2GXM&google_cver=1&google_ula=913071,0

Requested by

Protocol

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 588765
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-F4WLOAQRjFerJNaOgB-lNy9-4YZKdasRzusl6A&google_gid=CAESED4FluJhixF19n7mToS2GXM&google_cver=1&google_ula=913071,0
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 398
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sync
x.bidswitch.net/ Frame 9720 43 B
146 B 63ms
8ms Image
image/gif 3.125.57.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=46&user_id=k-QDHwFwQRjFerJNaOgB-lNy9-4YaTzokPFIY-mw&expires=30
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.125.57.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-125-57-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame 9720
Redirect Chain

https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=3548010518329746433

43 B
370 B

79ms
16ms

Image
image/gif

178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=3548010518329746433

Requested by

Protocol

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1709155
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:01 GMT
an-x-request-uuid: 3667e27d-a78f-43ac-86b7-f509e5f3cdf7
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=3548010518329746433
x-proxy-origin: 185.213.155.146; 185.213.155.146; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 cksync.php
contextual.media.net/ Frame 9720 53 B
785 B 85ms
35ms Image
image/gif 184.30.20.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-26QJ-QQRjFerJNaOgB-lNy9-4YZdigEWRgqL2A

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.20.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-20-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Mon, 09 Oct 2023 01:54:01 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 53
x-mnet-hl2: E
expires: Mon, 09 Oct 2023 01:54:01 GMT

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 9720 0
239 B 60ms
9ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-Wdtx8wQRjFerJNaOgB-lNy9-4YYUZDiB-mjoVA&expires=30
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 204 v1
match.sharethrough.com/sync/ Frame 9720 0
34 B 73ms
7ms Image
text/plain 3.69.215.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-tr3fEAQRjFerJNaOgB-lNy9-4YZPyulKhmhBQQ
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.69.215.73 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-69-215-73.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT

GET
H2 200 /
rtb-csync.smartadserver.com/redir/ Frame 9720 43 B
113 B 130ms
17ms Image
image/gif 185.86.139.101
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-8tpRiwQRjFerJNaOgB-lNy9-4YZwNYzAuE9kMA
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.101 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-type: image/gif

GET
H2 200 /
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame 9720 0
99 B 309ms
14ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-VPRjCQQRjFerJNaOgB-lNy9-4YbKppbaDl1HDg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:02 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 13423

GET
H2 200 um
criteo-sync.teads.tv/ Frame 9720 23 B
163 B 82ms
33ms Image
image/gif 104.102.35.84
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-sync.teads.tv/um?eid=80&uid=k-c3PTCwQRjFerJNaOgB-lNy9-4YYL_Z3R5xXw8w
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.35.84 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-35-84.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

expires: Mon, 09 Oct 2023 01:54:01 GMT
pragma: no-cache
date: Mon, 09 Oct 2023 01:54:01 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H2 200 xuid
eb2.3lift.com/ Frame 9720 37 B
140 B 41ms
10ms Image
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2711&xuid=k-I4lMEAQRjFerJNaOgB-lNy9-4Ya643zKkBazGQ&dongle=013b
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58301/ Frame 9720 0
125 B 60ms
11ms Image
text/plain 3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-VOf_hAQRjFerJNaOgB-lNy9-4Ybm0XRMX5K9Nw

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.75 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.75
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 pixel
cm.adform.net/ Frame 9720 43 B
163 B 118ms
26ms Image
image/gif 37.157.6.232
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=15&adform_pc=k--gapogQRjFerJNaOgB-lNy9-4YZqjMSNWOAGNw
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.232 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:02 GMT
last-modified: Thu, 27 Jul 2023 11:18:06 GMT
server: nginx
accept-ranges: bytes
etag: "64c2526e-2b"
content-length: 43
content-type: image/gif

GET
H2 200 sync
visitor.omnitagjs.com/visitor/ Frame 9720 49 B
384 B 70ms
34ms Image
image/gif 52.210.78.166
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-KX68XwQRjFerJNaOgB-lNy9-4YbsnR2pNbiHfg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.210.78.166 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-210-78-166.eu-west-1.compute.amazonaws.com

Software

Resource Hash

d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:02 GMT
via: kong/2.8.4
x-content-type-options: nosniff
x-kong-proxy-latency: 0
vary: Accept-Encoding
p3p: CP="CAO PSA OUR"
content-type: image/gif
x-kong-upstream-latency: 4
cache-control: no-cache, no-store, must-revalidate
content-length: 49
expires: 0

GET
H2

200

rum
r.casalemedia.com/ Frame 9720
Redirect Chain

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-D5rscwQRjFerJNaOgB-lNy9-4Yb1HD7jtfzxbw
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-D5rscwQRjFerJNaOgB-lNy9-4Yb1HD7jtfzxbw&C=1

43 B
325 B

37ms
25ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-D5rscwQRjFerJNaOgB-lNy9-4Yb1HD7jtfzxbw&C=1
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw
Protocol: H2
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:02 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LJSqTbRci1INQoRTcIvK%2BiJFUdYd0BlA%2BvvBLKUJ5zj35YgSMA1in663Waec0n9UpXcs2zJ45AbhjtaIpbblAoJ8jgZgaoTjk%2FJ3Ru%2BTJ95tmvx5%2F8UHnuJCDREiaiue5HTG"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8132fe4b0d195c98-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:02 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1FLIxvVyjr641Zdvr4qRaTKt7eXsYt%2B01Hih0a0Ze14VEdtsSTtlwpk6s7cR6T0SPzsF%2BWQYXbVDB%2BKE0dmnowzfLEaLlTCkik59BrDWQz5m8RlWc2E%2Fay8FOw6xJArlmwDU"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=20&external_user_id=k-D5rscwQRjFerJNaOgB-lNy9-4Yb1HD7jtfzxbw&C=1
cache-control: no-cache
cf-ray: 8132fe4a9ce55c98-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame 9720
Redirect Chain

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=ileSv5m_Qmfu4wynbFi2KcLKV40-7sXw
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=ileSv5m_Qmfu4wynbFi2KcLKV40-7sXw

42 B
942 B

31ms
31ms

Image
image/gif

34.250.238.79
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=ileSv5m_Qmfu4wynbFi2KcLKV40-7sXw

Protocol

HTTP/1.1

Server

34.250.238.79 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-250-238-79.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v051-00a360db7.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: K7YNOT2UQP8=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v051-0492505ae.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 9jS/uo8fSUc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=ileSv5m_Qmfu4wynbFi2KcLKV40-7sXw
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 9.gif
id5-sync.com/s/966/ Frame 9720 43 B
920 B 86ms
28ms Image
image/gif 162.19.138.118
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/s/966/9.gif?puid=k-TzO4fwQRjFerJNaOgB-lNy9-4YamzVaRgeuFvg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.118 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533569.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"

GET
H2 200 match
ad.360yield.com/ Frame 9720 43 B
199 B 178ms
28ms Image
image/gif 99.81.152.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-_GFAowQRjFerJNaOgB-lNy9-4YYvJKIyte2xtA
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.81.152.59 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-81-152-59.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 09 Oct 2023 01:54:02 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 sync
matching.ivitrack.com/ Frame 9720 42 B
103 B 70ms
21ms Image
image/gif 34.117.157.22
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://matching.ivitrack.com/sync?realm=criteo&uid=k-Ls_avAQRjFerJNaOgB-lNy9-4YbdM5b22sTEOA
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.157.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 22.157.117.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
x-envoy-decorator-operation: tag-manager.programmatic.svc.cluster.local:3000/*
via: 1.1 google
server: istio-envoy
content-type: image/gif
cache-control: public, max-age=86400
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H2 200 push
exchange.mediavine.com/usersync/ Frame 9720 0
886 B 43ms
9ms Image
text/html 3.75.11.145
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://exchange.mediavine.com/usersync/push?partner=criteo&partnerId=k-Zy1eKwQRjFerJNaOgB-lNy9-4YZnIRsXJaZYHg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.75.11.145 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-75-11-145.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:02 GMT
cache-control: private, no-cache
access-control-allow-credentials: true
content-encoding: gzip
vary: Origin, Accept-Encoding
content-type: text/html; charset=utf-8

GET
H2 200 1017
jadserve.postrelease.com/suid/ Frame 9720 43 B
422 B 129ms
29ms Image
image/gif 54.76.247.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/suid/1017?vk=k-pO0tZQQRjFerJNaOgB-lNy9-4YZZKz1YldwQXA
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.76.247.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-247-56.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:02 GMT
server: nginx
content-type: image/gif
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H/1.1 200
OK cookie-sync
sync.outbrain.com/ Frame 9720 0
145 B 359ms
86ms Image
text/plain 64.202.112.255
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-UPQEWwQRjFerJNaOgB-lNy9-4YaHw5HU66fzKg&initiator=partner
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.255 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Mon, 09 Oct 2023 01:54:02 GMT
Cache-Control: no-cache
X-TraceId: 6a9dd32effa14f7d0ebf9bb71d433e4d
Content-Length: 0

GET
H2 200 Pug
simage2.pubmatic.com/AdServer/ Frame 9720 42 B
97 B 72ms
15ms Image
image/gif 198.47.127.205
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-n3bhrAQRjFerJNaOgB-lNy9-4YZ8TeHStXv4qQ
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Mon, 09 Oct 2023 01:54:00 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 sync
criteo-partners.tremorhub.com/ Frame 9720 43 B
400 B 344ms
98ms Image
image/gif 2600:1f18:612b:4264:496c:d23f:8720:f8bc
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-partners.tremorhub.com/sync?UICR=k-y6XeEwQRjFerJNaOgB-lNy9-4Ya5HdCGWiEFTQ
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4264:496c:d23f:8720:f8bc Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Mon, 09 Oct 2023 01:54:02 GMT
server: nginx
content-type: image/gif

GET
H2 200 getusermatch.php
a.twiago.com/rtb/ Frame 9720 43 B
153 B 125ms
48ms Image
image/gif 85.215.5.31
CRONON-BERLIN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.twiago.com/rtb/getusermatch.php?dataid=6&external_user_id=k-y_eS1wQRjFerJNaOgB-lNy9-4Ybt5bt_6z566A
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.215.5.31 Berlin, Germany, ASN6786 (CRONON-BERLIN-AS, DE),
Reverse DNS
Software: Apache / PHP/7.3.29
Resource Hash: 5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 09 Oct 2023 01:54:02 GMT
server: Apache
x-powered-by: PHP/7.3.29
content-length: 43
content-type: image/gif

GET
H/1.1 204
No Content m
ad.yieldlab.net/ Frame 9720 0
400 B 61ms
17ms Image
text/plain 184.30.17.243
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.yieldlab.net/m?dt_id=8664&ext_id=k-LnY8VgQRjFerJNaOgB-lNy9-4YbZccRWmyXQIg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.17.243 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-17-243.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Oct 2023 01:54:02 GMT
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection: keep-alive
Expires: Sun, 08 Oct 2023 01:54:02 GMT

GET
H2 200 sync
sync-criteo.ads.yieldmo.com/ Frame 9720 0
38 B 183ms
30ms Image
text/plain 34.255.244.27
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-criteo.ads.yieldmo.com/sync?id=k-AlXmkwQRjFerJNaOgB-lNy9-4YYR73vBxh-doA&pn_id=criteo&ext=1
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=EC8787428329A2D3&u=%7CNTiPCdDbLKAuybmBG5yqeWNjmFZSS7dH%2Bu1b2EoKtb4%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LILX4mdtXZTEb-FD8UUmJ9YfmQst9pYSfeojPvwrX-TzL7lUAIXK09-KdulINxAUVuF9P6zyTdSpLIABvN93TlCKcBgrkwAc_GeqJzkpXqzK9koINYuN2squjfsyPLYwMkBxlJfZ3qfx-VCYHOPI_sAu5OhJqTxPUXFGK33Wtodj1WyP14gavG7g_d52fllBkfXYX-su4OjCUVdJAWrBIrl4hDXsAqRIRFGgVnGhU4WVSP4H8nutkHLuNHD8F8Z5zkVWI3-2h3Grim6XNLJYp_7UXyPhjFMQ2oq3VgTcZHzLnBx4rD9i6rjNfXGxw5OipUP44tnZLXPhYrjdoPNDADYfNnL8t0n5-8OACcwwnXrqcqRo7w7s6SoI6hpvN6G_SF5QRkccc0GqV3IBl13GMTkUON8ETeh0ijXkbk9yunKcXFsc94-T1bTcNI-IJdl3AzBy4RV93kRzEFhgcjr8TIIAQTkKFHnKkAw1phl-TCAZlgFuwzOVs5vU4OzKbWp1pIhbvGpqJN7wIXMshUTsM99NAKDAkGyvV3PKLGSR_GBgeSN9iIGQuG7JauaJyvfZQhKdA86woPvqhV8DtlbWiBPOvLxreCOU-DjUIcP_KzZoGbQgoKz00URe1-pmgWan91y6EFBy2awqw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.255.244.27 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-255-244-27.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:02 GMT
content-length: 0

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame FC8F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-F4WLOAQRjFerJNaOgB-lNy9-4YZKdasRzusl6A&google_cm&google_hm=ay1GNFdMT0FRUmpGZXJKTmFPZ0ItbE55OS00WVpLZGFzU...
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-F4WLOAQRjFerJNaOgB-lNy9-4YZKdasRzusl6A&google_gid=CAESED4FluJhixF19n7mToS2GXM&google_cver=1&google_ula=913071,0

43 B
369 B

42ms
15ms

Image
image/gif

178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-F4WLOAQRjFerJNaOgB-lNy9-4YZKdasRzusl6A&google_gid=CAESED4FluJhixF19n7mToS2GXM&google_cver=1&google_ula=913071,0

Protocol

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 777692
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-F4WLOAQRjFerJNaOgB-lNy9-4YZKdasRzusl6A&google_gid=CAESED4FluJhixF19n7mToS2GXM&google_cver=1&google_ula=913071,0
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 398
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sync
x.bidswitch.net/ Frame FC8F 43 B
145 B 21ms
9ms Image
image/gif 3.125.57.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=46&user_id=k-QDHwFwQRjFerJNaOgB-lNy9-4YaTzokPFIY-mw&expires=30
Requested by: Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.125.57.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-125-57-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame FC8F
Redirect Chain

https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=3548010518329746433

43 B
369 B

65ms
16ms

Image
image/gif

178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=3548010518329746433

Requested by

Protocol

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 898477
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:01 GMT
an-x-request-uuid: 36fc97d7-1844-4e6c-b1ee-b057af8fc304
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=3548010518329746433
x-proxy-origin: 185.213.155.146; 185.213.155.146; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 cksync.php
contextual.media.net/ Frame FC8F 53 B
785 B 42ms
34ms Image
image/gif 184.30.20.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-26QJ-QQRjFerJNaOgB-lNy9-4YZdigEWRgqL2A

Requested by

Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.20.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-20-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Mon, 09 Oct 2023 01:54:01 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 53
x-mnet-hl2: E
expires: Mon, 09 Oct 2023 01:54:01 GMT

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame FC8F 0
239 B 28ms
7ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-Wdtx8wQRjFerJNaOgB-lNy9-4YYUZDiB-mjoVA&expires=30
Requested by: Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 204 v1
match.sharethrough.com/sync/ Frame FC8F 0
35 B 30ms
6ms Image
text/plain 3.69.215.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-tr3fEAQRjFerJNaOgB-lNy9-4YZPyulKhmhBQQ
Requested by: Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.69.215.73 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-69-215-73.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT

GET
H2 200 /
rtb-csync.smartadserver.com/redir/ Frame FC8F 43 B
114 B 86ms
16ms Image
image/gif 185.86.139.101
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-8tpRiwQRjFerJNaOgB-lNy9-4YZwNYzAuE9kMA
Requested by: Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.101 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
content-type: image/gif

GET
H2 200 /
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame FC8F 0
98 B 266ms
15ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-VPRjCQQRjFerJNaOgB-lNy9-4YbKppbaDl1HDg
Requested by: Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:02 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 13423

GET
H2 200 um
criteo-sync.teads.tv/ Frame FC8F 23 B
163 B 40ms
33ms Image
image/gif 104.102.35.84
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-sync.teads.tv/um?eid=80&uid=k-c3PTCwQRjFerJNaOgB-lNy9-4YYL_Z3R5xXw8w
Requested by: Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.35.84 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-35-84.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

expires: Mon, 09 Oct 2023 01:54:01 GMT
pragma: no-cache
date: Mon, 09 Oct 2023 01:54:01 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H2 200 xuid
eb2.3lift.com/ Frame FC8F 37 B
139 B 14ms
8ms Image
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2711&xuid=k-I4lMEAQRjFerJNaOgB-lNy9-4Ya643zKkBazGQ&dongle=013b
Requested by: Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58301/ Frame FC8F 0
15 B 17ms
11ms Image
text/plain 3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-VOf_hAQRjFerJNaOgB-lNy9-4Ybm0XRMX5K9Nw

Requested by

Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.75 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.75
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 pixel
cm.adform.net/ Frame FC8F 43 B
162 B 117ms
27ms Image
image/gif 37.157.6.232
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=15&adform_pc=k--gapogQRjFerJNaOgB-lNy9-4YZqjMSNWOAGNw
Requested by: Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.232 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:02 GMT
last-modified: Thu, 27 Jul 2023 11:18:06 GMT
server: nginx
accept-ranges: bytes
etag: "64c2526e-2b"
content-length: 43
content-type: image/gif

GET
H2 200 sync
visitor.omnitagjs.com/visitor/ Frame FC8F 49 B
383 B 69ms
34ms Image
image/gif 52.210.78.166
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-KX68XwQRjFerJNaOgB-lNy9-4YbsnR2pNbiHfg

Requested by

Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.210.78.166 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-210-78-166.eu-west-1.compute.amazonaws.com

Software

Resource Hash

d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:02 GMT
via: kong/2.8.4
x-content-type-options: nosniff
x-kong-proxy-latency: 0
vary: Accept-Encoding
p3p: CP="CAO PSA OUR"
content-type: image/gif
x-kong-upstream-latency: 5
cache-control: no-cache, no-store, must-revalidate
content-length: 49
expires: 0

GET
H2

200

rum
r.casalemedia.com/ Frame FC8F
Redirect Chain

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-D5rscwQRjFerJNaOgB-lNy9-4Yb1HD7jtfzxbw
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-D5rscwQRjFerJNaOgB-lNy9-4Yb1HD7jtfzxbw&C=1

43 B
316 B

40ms
28ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-D5rscwQRjFerJNaOgB-lNy9-4Yb1HD7jtfzxbw&C=1
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CNTiPCdDbLKBFyS5Xx6SsZujkjTkqNtK64cqU2u0fAvw%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LKk_mcvZ6vJsCmbh3GlMA9xW1E4e--yQkBq5MWt97LlyueX6xA35gLXHDelc9Hq0ZHC0gDsZYjW80FIccM34N3GTkMqyt_3N0H9JjlmMcJS_-6fq12Ug1xlqentigq1dl-_pKLdMpsoQM8YtDFx0J_MLa_WrIn1k8v9EsJPaepQpOSa4plkfvPYNcA1y7qocKp_7wUh-AOA8nPEYTTP-Y-Lbuxc06SgvV9h50wWdpwiwp9rG1uckshlNJ0DoluxAp0-4Ct1m68CIvZyYtUAWOu1tLP4a6MyeMZsH9Q_7jXrxfHEErbvmBwsrbgBe5LqH2SCIOhCt6ZdGFjInqHGb6mShVKAkt7E-PfVo8UgY2PNEtleHvghW6J4zFi1xdtlKD_15RtQbVHAmVgdfwVpmSTGAmXhLnGEaD6rLyQOA4ADREzf9vwtEO-sbFL8cVF12SA2UQR2UesPdZL-ApMlx1A6SJ95feBV81tCs1lq2EafJPWeEhPXrkbaBO0QO923iL3zB4gPKmNvExmiXSmGxSo9IZ4t3PN8nHDCqrqn08s0rls5r8EDvbO6ydfjJTvpimsraQLFsZsDScgI7vuJM58LoZS02HAHAw-9ZuZzuKoP9J9uNVTUDwmNtRLHd7qEP-izaZ32PNXCYg
Protocol: H2
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:02 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5SU1vkUsSiBywWetqD1z5jxT%2F7ttZm5Xh0T31Qf1cuZeWVaa5X3PtvYJTSs9si2bXo%2FkIzkpZkxHwGmVtDSwDELAmAyKov%2BCMY%2FGa34q2I4jnqmcp64DGTkDgnQOMH%2BkGa0V"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8132fe4b0d1a5c98-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:02 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OPM0eQlGlT0137HzOJ3XjuYlbI7nM0e%2BIOrudW%2By0Uwt1JACgD%2B9BI%2BsX7NBwxvzwsTrx6hQAB1HqnEsyhyLaD9lCb9BA0RF%2FhMaXI2EQN8uIRTRWzbsNDXVwd75IgzgX3Hh"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=20&external_user_id=k-D5rscwQRjFerJNaOgB-lNy9-4Yb1HD7jtfzxbw&C=1
cache-control: no-cache
cf-ray: 8132fe4a9ce75c98-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame FC8F
Redirect Chain

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=78dTYSJVdJ8ZGgH1iJ2aX9UznPwEKzje
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=78dTYSJVdJ8ZGgH1iJ2aX9UznPwEKzje

42 B
942 B

32ms
32ms

Image
image/gif

34.250.238.79
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=78dTYSJVdJ8ZGgH1iJ2aX9UznPwEKzje

Protocol

HTTP/1.1

Server

34.250.238.79 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-250-238-79.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v051-092d17517.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: ZI0z6dn/QLc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v051-07ecb3b63.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: w3HRI5s6TPQ=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=78dTYSJVdJ8ZGgH1iJ2aX9UznPwEKzje
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 9.gif
id5-sync.com/s/966/ Frame FC8F 43 B
921 B 42ms
27ms Image
image/gif 162.19.138.118
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/s/966/9.gif?puid=k-TzO4fwQRjFerJNaOgB-lNy9-4YamzVaRgeuFvg

Requested by

Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.118 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533569.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Mon, 09 Oct 2023 01:54:01 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"

GET
H2 200 match
ad.360yield.com/ Frame FC8F 43 B
198 B 171ms
29ms Image
image/gif 99.81.152.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-_GFAowQRjFerJNaOgB-lNy9-4YYvJKIyte2xtA
Requested by: Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.81.152.59 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-81-152-59.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 09 Oct 2023 01:54:02 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 sync
matching.ivitrack.com/ Frame FC8F 42 B
274 B 70ms
20ms Image
image/gif 34.117.157.22
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://matching.ivitrack.com/sync?realm=criteo&uid=k-Ls_avAQRjFerJNaOgB-lNy9-4YbdM5b22sTEOA
Requested by: Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.157.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 22.157.117.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:01 GMT
x-envoy-decorator-operation: tag-manager.programmatic.svc.cluster.local:3000/*
via: 1.1 google
server: istio-envoy
content-type: image/gif
cache-control: public, max-age=86400
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H2 200 push
exchange.mediavine.com/usersync/ Frame FC8F 0
885 B 42ms
10ms Image
text/html 3.75.11.145
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://exchange.mediavine.com/usersync/push?partner=criteo&partnerId=k-Zy1eKwQRjFerJNaOgB-lNy9-4YZnIRsXJaZYHg
Requested by: Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.75.11.145 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-75-11-145.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:02 GMT
cache-control: private, no-cache
access-control-allow-credentials: true
content-encoding: gzip
vary: Origin, Accept-Encoding
content-type: text/html; charset=utf-8

GET
H2 200 1017
jadserve.postrelease.com/suid/ Frame FC8F 43 B
421 B 131ms
30ms Image
image/gif 54.76.247.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/suid/1017?vk=k-pO0tZQQRjFerJNaOgB-lNy9-4YZZKz1YldwQXA
Requested by: Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.76.247.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-247-56.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:02 GMT
server: nginx
content-type: image/gif
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H/1.1 200
OK cookie-sync
sync.outbrain.com/ Frame FC8F 0
145 B 392ms
93ms Image
text/plain 64.202.112.255
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-UPQEWwQRjFerJNaOgB-lNy9-4YaHw5HU66fzKg&initiator=partner
Requested by: Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.255 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Mon, 09 Oct 2023 01:54:02 GMT
Cache-Control: no-cache
X-TraceId: bf93f9fdf89172e43bd6ad49349a88f7
Content-Length: 0

GET
H2 200 Pug
simage2.pubmatic.com/AdServer/ Frame FC8F 42 B
581 B 72ms
14ms Image
image/gif 198.47.127.205
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-n3bhrAQRjFerJNaOgB-lNy9-4YZ8TeHStXv4qQ
Requested by: Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Mon, 09 Oct 2023 01:54:00 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 sync
criteo-partners.tremorhub.com/ Frame FC8F 43 B
398 B 345ms
98ms Image
image/gif 2600:1f18:612b:4264:496c:d23f:8720:f8bc
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-partners.tremorhub.com/sync?UICR=k-y6XeEwQRjFerJNaOgB-lNy9-4Ya5HdCGWiEFTQ
Requested by: Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4264:496c:d23f:8720:f8bc Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Mon, 09 Oct 2023 01:54:02 GMT
server: nginx
content-type: image/gif

GET
H2 200 getusermatch.php
a.twiago.com/rtb/ Frame FC8F 43 B
153 B 124ms
47ms Image
image/gif 85.215.5.31
CRONON-BERLIN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.twiago.com/rtb/getusermatch.php?dataid=6&external_user_id=k-y_eS1wQRjFerJNaOgB-lNy9-4Ybt5bt_6z566A
Requested by: Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.215.5.31 Berlin, Germany, ASN6786 (CRONON-BERLIN-AS, DE),
Reverse DNS
Software: Apache / PHP/7.3.29
Resource Hash: 5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 09 Oct 2023 01:54:02 GMT
server: Apache
x-powered-by: PHP/7.3.29
content-length: 43
content-type: image/gif

GET
H/1.1 204
No Content m
ad.yieldlab.net/ Frame FC8F 0
400 B 73ms
28ms Image
text/plain 184.30.17.243
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.yieldlab.net/m?dt_id=8664&ext_id=k-LnY8VgQRjFerJNaOgB-lNy9-4YbZccRWmyXQIg
Requested by: Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.17.243 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-17-243.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Oct 2023 01:54:02 GMT
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection: keep-alive
Expires: Sun, 08 Oct 2023 01:54:02 GMT

GET
H2 204 put
e1.emxdgt.com/ Frame FC8F 0
44 B 51ms
7ms Image
text/plain 18.194.51.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e1.emxdgt.com/put?d=d53&uid=k--j7FHAQRjFerJNaOgB-lNy9-4YbC8H8filaLYw
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CNTiPCdDbLKBFyS5Xx6SsZujkjTkqNtK64cqU2u0fAvw%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LKk_mcvZ6vJsCmbh3GlMA9xW1E4e--yQkBq5MWt97LlyueX6xA35gLXHDelc9Hq0ZHC0gDsZYjW80FIccM34N3GTkMqyt_3N0H9JjlmMcJS_-6fq12Ug1xlqentigq1dl-_pKLdMpsoQM8YtDFx0J_MLa_WrIn1k8v9EsJPaepQpOSa4plkfvPYNcA1y7qocKp_7wUh-AOA8nPEYTTP-Y-Lbuxc06SgvV9h50wWdpwiwp9rG1uckshlNJ0DoluxAp0-4Ct1m68CIvZyYtUAWOu1tLP4a6MyeMZsH9Q_7jXrxfHEErbvmBwsrbgBe5LqH2SCIOhCt6ZdGFjInqHGb6mShVKAkt7E-PfVo8UgY2PNEtleHvghW6J4zFi1xdtlKD_15RtQbVHAmVgdfwVpmSTGAmXhLnGEaD6rLyQOA4ADREzf9vwtEO-sbFL8cVF12SA2UQR2UesPdZL-ApMlx1A6SJ95feBV81tCs1lq2EafJPWeEhPXrkbaBO0QO923iL3zB4gPKmNvExmiXSmGxSo9IZ4t3PN8nHDCqrqn08s0rls5r8EDvbO6ydfjJTvpimsraQLFsZsDScgI7vuJM58LoZS02HAHAw-9ZuZzuKoP9J9uNVTUDwmNtRLHd7qEP-izaZ32PNXCYg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.51.36 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-51-36.eu-central-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:02 GMT
server: awselb/2.0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2C28 0
0 154ms
74ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202310030101&jk=2499355507595962&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58301/ Frame 9720 0
15 B 23ms
11ms Image
text/plain 3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=0&redir=true&uid=k-VOf_hAQRjFerJNaOgB-lNy9-4Ybm0XRMX5K9Nw

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.75 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:02 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.75
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58301/ Frame FC8F 0
38 B 22ms
10ms Image
text/plain 3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=0&redir=true&uid=k-VOf_hAQRjFerJNaOgB-lNy9-4Ybm0XRMX5K9Nw

Requested by

Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d39726de641d453da3d4f45be91&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.75 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:02 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.75
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 200 YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js Show response
pagead2.googlesyndication.com/bg/ Frame DB4B 37 KB
14 KB 96ms
38ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61e4cd17cd84adc5ed49ce361925ab89ed9210810bf03c51eb875b7f59d99127

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 18:58:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24961
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14663
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 07 Oct 2024 18:58:01 GMT

GET
H2 200 setuid
ib.adnxs.com/ Frame FC8F 43 B
858 B 20ms
20ms Image
image/gif 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=52&code=k-IoA1jgQRjFerJNaOgB-lNy9-4YbsrZ6k0FwfnA

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:02 GMT
an-x-request-uuid: 8e5d3d99-3e9a-4e83-9a41-89e4995af685
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 185.213.155.146; 185.213.155.146; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 setuid
ib.adnxs.com/ Frame 9720 43 B
858 B 19ms
18ms Image
image/gif 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=52&code=k-IoA1jgQRjFerJNaOgB-lNy9-4YbsrZ6k0FwfnA

Requested by

Host: widget.fr3.eu.criteo.com
URL: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=65235d3889b732987812e6a016ed3f26&r=https%3a%2f%2fwheregoes.com%2f&crossorigin=false

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:02 GMT
an-x-request-uuid: 084762a4-8451-45a0-b59a-3480749d89de
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 185.213.155.146; 185.213.155.146; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 9720
Redirect Chain

https://gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40
https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=CAffCiYqm1_PUO6RuQBLXzRTk42PsaPS

0
338 B

114ms
27ms

Image
text/plain

54.229.132.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=CAffCiYqm1_PUO6RuQBLXzRTk42PsaPS
Protocol: H2
Server: 54.229.132.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-132-93.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-served-by: beacon-n023-dub-prod.krxd.net
date: Mon, 09 Oct 2023 01:54:02 GMT
cache-control: private, no-cache, no-store
x-request-time: D=32 t=1696816442
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=CAffCiYqm1_PUO6RuQBLXzRTk42PsaPS
date: Mon, 09 Oct 2023 01:54:01 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 686359
content-length: 0

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame FC8F
Redirect Chain

https://gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40
https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=2VOdhrpBThm98nOYLtGqtMTm1B53IZiz

0
337 B

114ms
28ms

Image
text/plain

54.229.132.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=2VOdhrpBThm98nOYLtGqtMTm1B53IZiz
Protocol: H2
Server: 54.229.132.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-132-93.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-served-by: beacon-n017-dub-prod.krxd.net
date: Mon, 09 Oct 2023 01:54:02 GMT
cache-control: private, no-cache, no-store
x-request-time: D=58 t=1696816442
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=2VOdhrpBThm98nOYLtGqtMTm1B53IZiz
date: Mon, 09 Oct 2023 01:54:01 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 809450
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame DB4B 0
10 B 38ms
37ms Image
text/plain 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?qvKTqQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:02 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

cs
s.thebrighttag.com/ Frame 9720
Redirect Chain

https://gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40
https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=dDlO8MjKBXtcqxn3LbpfsLQUQth4EyL2

35 B
267 B

379ms
109ms

Image
image/gif

18.221.230.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=dDlO8MjKBXtcqxn3LbpfsLQUQth4EyL2
Protocol: H2
Server: 18.221.230.31 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-221-230-31.us-east-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:02 GMT
x-bt-requestid: b8ae5241-6646-11ee-afd1-0000ac170070
server: nginx
content-type: image/gif
access-control-allow-origin
p3p: CP=NOI DSP COR NID
cache-control: private, must-revalidate
content-length: 35
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=dDlO8MjKBXtcqxn3LbpfsLQUQth4EyL2
date: Mon, 09 Oct 2023 01:54:01 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 668251
content-length: 0

GET
H2

200

cs
s.thebrighttag.com/ Frame FC8F
Redirect Chain

https://gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40
https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=n1hVjx8F7_enzVM0B5bGYdYI4jypkhoP

35 B
268 B

376ms
108ms

Image
image/gif

18.221.230.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=n1hVjx8F7_enzVM0B5bGYdYI4jypkhoP
Protocol: H2
Server: 18.221.230.31 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-221-230-31.us-east-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:02 GMT
x-bt-requestid: b8ae5240-6646-11ee-afd1-0000ac170070
server: nginx
content-type: image/gif
access-control-allow-origin
p3p: CP=NOI DSP COR NID
cache-control: private, must-revalidate
content-length: 35
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=n1hVjx8F7_enzVM0B5bGYdYI4jypkhoP
date: Mon, 09 Oct 2023 01:54:01 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 678464
content-length: 0

GET
H3

200

c.gif
www.bing.com/aes/ Frame 4A09
Redirect Chain

https://www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=083d2dc1-6420-4d2a-974c-884717d472ee&bidId=15000&bidderId=4&cmExpId=LV1&oAdUnit=391466&publisherId=162645330&rId=7d2f73c8-0991-430b...
https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=b57b92444e0342ad93831b879a7c55c8&tids=15000&med=10

0
18 B

45ms
45ms

Image
text/plain

2a02:26f0:480:22::1726:62f9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=b57b92444e0342ad93831b879a7c55c8&tids=15000&med=10
Protocol: H3
Server: 2a02:26f0:480:22::1726:62f9 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:02 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0652D6F8F6C94E13B3BA201888753DF5 Ref B: FRA31EDGE0716 Ref C: 2023-10-09T01:54:02Z
x-cdn-traceid: 0.39d53e17.1696816442.1579fdfd
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
cache-control: private,no-store
alt-svc: h3=":443"; ma=93600
content-length: 0
quic-version: 0x00000001

Redirect headers

expires: 0
pragma: no-cache
strict-transport-security: max-age=15724800; includeSubDomains
date: Mon, 09 Oct 2023 01:54:02 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 377834552F3B4022A42136FE36257804 Ref B: MIL30EDGE1416 Ref C: 2023-10-09T01:54:02Z
x-cdn-traceid: 0.39d53e17.1696816442.1579fde5
vary: Origin
content-type: text/html; charset=utf-8
location: https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=b57b92444e0342ad93831b879a7c55c8&tids=15000&med=10
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=93600
content-length: 146
quic-version: 0x00000001

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2E3A 42 B
174 B 75ms
73ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu1DVWYbvoXnTPMAwC-PrrjEAU8PC67tYTKEgAzve_y2vYAVoUvMkyAa5PcydwV10tDueKHa_n_pSvonLiB0HzlKWKsFcQDQ5ZRz7D-XZAzSMeg0I58PU_jNcVck_Ja&sig=Cg0ArKJSzFZShyRgb2RSEAE&id=lidar2&mcvt=1000&p=600,1091,854,1391&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20231004&bin=7&avms=nio&bs=1600,1200&mc=0.98&vu=1&app=0&itpl=19&adk=2861055222&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696816441169&rpt=314&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4DC8 42 B
64 B 78ms
76ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu6xwR8dHWYgJBfaRZQrQezaaYzF_CD2hw1tbEediuDIci5S8SKrjJ6I1c6-AS-BdgdTFQzDZsdIepEj5ZBpYhJ2VVYQF9anMM2wYAMYQ8waSQ8DzN0s1qsXgJjQh_q&sig=Cg0ArKJSzKfNHvFXn1xqEAE&id=lidar2&mcvt=1000&p=884,1091,1488,1391&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&v=20231004&bin=7&avms=nio&bs=1600,1200&mc=0.52&vu=1&app=0&itpl=19&adk=3809685794&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696816441185&rpt=401&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4A09 42 B
64 B 77ms
76ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstkH2sgKvIKNfiz9e2v8QSlqEGGRJdBYhPbOqjaTDNrA0uHIksGVrIo4sQGpYVSTkXcod3CepI8P1OnDPGJf_3cYvJRrPUE_qj-G9T0G70IzGRhAxHf9_Ar9ktoKKhT&sig=Cg0ArKJSzOGKI1x0zag5EAE&id=lidar2&mcvt=1006&p=374,436,464,1164&mtos=1006,1006,1006,1006,1006&tos=1006,0,0,0,0&v=20231004&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=1696759606&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696816441157&rpt=648&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 vevent
ams3-ib.adnxs.com/ Frame 4A09 0
663 B 31ms
27ms Ping
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fwheregoes.com%2F&e=wqT_3QLAB-jAAwAAAwDWAAUBCLi6jakGEK7ay-u9r9WUfRgAKjYJJmLYzHsLkD8Re7o0BTh8jj8ZAAAAAClc5z8hew0SACkRJNAxAAAAQOF6pD8w9e2zCzjKQUC1XkjjA1C6iYq2AViY1VJgAGiR92t4yvMFgAEBigEDVVNEkgUG8FiYAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKf8D_qAhZodHRwczovL3doZXJlZ29lcy5jb20vgAMAiAMBkAMAmAMXoAMBqgOxAwrHAhUsHHd3LmJpbmcuASvweWFwaS92MS9tZWRpYXRpb24vdHJhY2tpbmc_YWRVbml0PTM5MTQ2NiZhdUlkPTdkMmY3M2M4LTA5OTEtNDMwYi04MzU1LTNhMWY4ZWFhOTA0MSZiaWRJZD0xNTAwMCZiaWRkZXJJZD00JmNtRXhwSWQ9TFYxJm9BZFVuGVwYcHVibGlzaAUpLDE2MjY0NTMzMCZySZpxALhydHlwZT1udXJsJnRhZ0lkPTIzOTE4MzI1JnRyYWZmaWNHcm91cD1rbmFxZV8zYxEWCFN1YgkZFHp6ZiUzQREf8ElfZ3ZycS1wYmFnZWJ5XzEmYWlkPSR7QVVDVElPTl9JRH0SBTEyMDg1GhM5MDE4ODMzNzE5MjcwNzYzODIyIgkzODE4NDY3MTQqBCFk8Lw6OFUyVmhjbU5vUVdRak56RXdOVFl4TXpneU9EYzRPRE1qTWpNeU1qZzFOVGMxTWpnd01qWTFOQT09wAPYBMgDANgDxdTyAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA8xODUuMjEzLjE1NS4xNDaoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAEuomKtgGIBQGYBQCgBcmk3rGO5tLYBcAFAMkFAABB3hTwP9IFCQkBCgEBaNgFAeAFAfAFAPoFBAgAEACQBgCYBgC4BgDBBgEfNAAA8D_QBsKNBNoGFgoQCRIZAXAQABgA4AYB8gYCCACABwGIBwCgBwHIB8rzBdIHDRVjASYI2gcGAV7AGADgBwDqBwIIAPAH7PsDiggCEACVCAAAgD-YCAHACADSCA4IgYKEiJCgwIABEAAYAA..&s=505e0b8b7a1437090a81ded20d852d97dc67d717&type=pv&jm=1003&px=436&py=374&bw=182&bh=90&sf=1&sid=2550057421901410257&vd=ct~0|rr~5&sv=239&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=23918325&ft=2

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/239/trk.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:02 GMT
an-x-request-uuid: 33dc2984-afec-4330-b9c0-d37ad5fa4044
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: https://wheregoes.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 185.213.155.146; 185.213.155.146; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame F2C6 0
127 B 31ms
29ms Ping
text/plain 2a02:2638:d::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 09 Oct 2023 01:54:02 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame 8937 0
127 B 22ms
15ms Ping
text/plain 2a02:2638:d::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 09 Oct 2023 01:54:02 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 85ms
84ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202310030101&jk=2499355507595962&bg=!WFulWxTNAAbjlzx0w5c7ADQBe5WfOMDlLc9lBze-z_j20_D7l_T3Zh6biRQEdxYAtTGXVFneAqsNhQR922emGA3xEGfrAgAAAGVSAAAAYmgBBwoAi1c-cB4yESxPCIlF3ga4WYLqn49t-OSdDl-P9xt6rNpuzJbgno-cm15c_Uh5UToDexJVMtXSGh39tUl7H37X-noYoJ3LkL9WTe20i3nC0UaNOTkRWHr1w2VbMbE8jtrpftLDXuERk80dNiY3VSjPcDiUcpBoQASICnmrNFM3O1oW6CNYc3h0yoi0wriZAr20OgixSq7ph6-xFaRFXOTWlFfP24M9OSRbOV6pqSxlXWnps9wGC4LBYGP36zADATdXbV2A0GCBO7WrtOfNEzJVMNdwZuAG3BCQ20uCyTj5hSGWc9nmvI_l3oKFJ_ncjJC_9J0g04sDPNKPGwGXZJo1AT6g5uWpxrxjgEKvwa6QXU2ihWmt3gggtA9Ny24XOMfpH0yea5N5QiRgwc-89dZtUZ_cdCxhHDlNm-qWKtJTf2zDeSOMKp7kWhan8hUYKolMner1WXuIGpGethx15hLtuR5sbGH8O0a_a8VQ5meFMi0MWr2TZednqAx21aBMFWlMdz01dDu9aWKMhQDLWjPrVH8b0kzKScsHkFvBjzXm6m4Un7_vU3NQXnCfmxdv75D6QfWaJ6QQU-BCk_AXgMcms2Y_-1Cn46vr7qX0ahIRAt0H_pl0VpKZ1oIFrYnHzXnuIaMvEsz1vhL4qCCdi8TtFTNsbi8ucPStV8HOfdllqbmy7L6OvYi7PNFytSsSGewxDhS-Uvkb_2cH7GW-gqgN4wt3pN83d4F0TPqTUjPi_AjffIkIw1x_vMGwK1owvrwf6t1fgTUJ5yxt510OdzUtu87myOUXOvj9CXHVPFge-_vEEFvMQCMOwNisorssu9ScZoIUKpy6QFg55h2o7i2U75xt3jKTQYIYl6jHmpfsX3aO_glNdl--nT-NI1WRsWJShG5HQv5MYP-EmOKANpeHqbQaQK6nRudQNQpN3vpjl_U5_EJQpPc9aru-qOd8aKJx22QDQ7tULm0f4awUzCdpth_asqAAdPboIj17dAE-UAxe-73yAhLyRB1MqeI36wWWPhWP8l9xfbXzLQ4kX_DVG7FiwyTb3Db-TdQRiC9CF-AHyQZGGEDWAk0Yz1fRbmHSH7TxnCvIZbK5anpCJy4ecPsFTWKyhx5MKFP8aQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

GET
H2 200 publishertag.prebid.136.js Show response
static.criteo.net/js/ld/ 93 KB
30 KB 22ms
22ms Script
text/javascript 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.136.js

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1696816200000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

0c1ce1aa8e07e9cd49cd881147c0495b5c636dab10ab1c30ceb935b74a8c0ecd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 19 May 2023 17:15:21 GMT
server: nginx
etag: W/"6467aea9-175c4"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 10 Oct 2023 01:54:03 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 495A 15 KB
6 KB 18ms
17ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=wheregoes.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.136.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 09 Oct 2023 01:54:02 GMT
server: Kestrel
server-processing-duration-in-ticks: 659396
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 publishertag.prebid.136.js Show response
static.criteo.net/js/ld/ 93 KB
30 KB 18ms
17ms XHR
text/javascript 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.136.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.136.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

0c1ce1aa8e07e9cd49cd881147c0495b5c636dab10ab1c30ceb935b74a8c0ecd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 19 May 2023 17:15:21 GMT
server: nginx
etag: W/"6467aea9-175c4"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 10 Oct 2023 01:54:03 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 495A
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=wheregoes.com&sn=ChromeSyncframe&so=3&topUrl=wheregoes.com&bundle=X3y84l9PdUVuSkJJQWJHUVQxTVFHTkNpRTJkbFZzeERRaDVicFRuT0dBRm1GJTJCWWtRWEdx...
https://mug.criteo.com/sid?cpp=fb2KKXxseEN6OGZDOGJXMFUxQkUvRW1nL1FBKzhic3NabzhDRm5CcS9mQi9EaEdOTkhMWEc5WEpkUGF5dGd6RTIyWEh3VTJGL1lrYUduWFNoRXlKeHhoQmx0N3JKaVR6blpReUZtWUlZN0dJV2hQdzNWVmQ1UHAzNWZTbU...

417 B
647 B

16ms
15ms

Fetch
application/json

178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=fb2KKXxseEN6OGZDOGJXMFUxQkUvRW1nL1FBKzhic3NabzhDRm5CcS9mQi9EaEdOTkhMWEc5WEpkUGF5dGd6RTIyWEh3VTJGL1lrYUduWFNoRXlKeHhoQmx0N3JKaVR6blpReUZtWUlZN0dJV2hQdzNWVmQ1UHAzNWZTbUdoM1puQmp3WXAxTkQrNFBmTXVhNVZHVTh5Tjd2VFdvOFEveHpWdVNHaWJDcmtGVXBkRGVJa0F4S3dRSENNTDdCTWVZQ1ByM0ZKUEFtOEh1MThPaG54Ujg5Yk9uQmlOUGF6RlhsWUhvRlR0d0dFUHlRWlA5ZGliaHlFMTBiMklLSVRnUTM2anlocHVmUmxZS3d1cjlqNDJMLzY2UThEZ0RDZXkxVzZEVnFTS01oUElXYUFkUT18&cppv=2

Protocol

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

6c6efc7ebfdc3b2cb78340640cc6f20ed8a50586b44617d95beac2241c7310d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:02 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 649746
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:02 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=fb2KKXxseEN6OGZDOGJXMFUxQkUvRW1nL1FBKzhic3NabzhDRm5CcS9mQi9EaEdOTkhMWEc5WEpkUGF5dGd6RTIyWEh3VTJGL1lrYUduWFNoRXlKeHhoQmx0N3JKaVR6blpReUZtWUlZN0dJV2hQdzNWVmQ1UHAzNWZTbUdoM1puQmp3WXAxTkQrNFBmTXVhNVZHVTh5Tjd2VFdvOFEveHpWdVNHaWJDcmtGVXBkRGVJa0F4S3dRSENNTDdCTWVZQ1ByM0ZKUEFtOEh1MThPaG54Ujg5Yk9uQmlOUGF6RlhsWUhvRlR0d0dFUHlRWlA5ZGliaHlFMTBiMklLSVRnUTM2anlocHVmUmxZS3d1cjlqNDJMLzY2UThEZ0RDZXkxVzZEVnFTS01oUElXYUFkUT18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 264496
content-length: 0
expires: 0

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame D9FF 52 KB
17 KB 98ms
10ms Document
text/html 23.32.184.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1696816200000
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.32.184.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-184-180.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Mon, 09 Oct 2023 01:54:04 GMT
ETag: "623de86a-cf34"
Expires: Tue, 10 Oct 2023 01:54:06 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 13EC 281 B
554 B 15ms
14ms Document
text/html 184.30.22.30
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1696816200000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.22.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-22-30.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 09 Oct 2023 01:54:04 GMT
ETag: "40011-119-6051b805b8000"
Last-Modified: Mon, 11 Sep 2023 20:52:16 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 1596 24 KB
8 KB 47ms
32ms Document
text/html 184.30.20.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU18831I&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C359%2C437%2C97%2C55%2C99%2C2045%2C3012%2C3011%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C407%2C2011%2C2055%2C2099%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C459%2C339%2C70%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C345%2C225%2C468%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1696816200000

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.20.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-20-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

2837983772f75c423589df6f2963b308312e314bc8507d69f32082c1a2c1fb5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 8516
content-type: text/html; charset=UTF-8
date: Mon, 09 Oct 2023 01:54:04 GMT
expires: Wed, 11 Oct 2023 01:54:04 GMT
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2 204 /
onetag-sys.com/usync/ Frame 7D1F 0
0 41ms
26ms Document
text/plain 51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1696816440748

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1696816200000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2 200 sync.html Show response
public.servenobid.com/ Frame A0F3 9 KB
4 KB 93ms
7ms Document
text/html 18.66.147.73

General

Check archive.org

Show headers Download Go to

Full URL: https://public.servenobid.com/sync.html
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1696816200000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.73 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1c20d54555b098aef8269b6fa89b316fa731aac67e6926c1203c27edf8cf9dbd

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 28389
cache-control: max-age=86400
content-encoding: br
content-type: text/html
date: Sun, 08 Oct 2023 18:00:56 GMT
etag: W/"ea81456e0a6e1fca0e7a864b1d3121aa"
last-modified: Mon, 02 Oct 2023 23:54:30 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 dd4531988f4862a3b186f9d3356a6a74.cloudfront.net (CloudFront)
x-amz-cf-id: gfhovTn06rY36_x_IPtaz4TMnvMu7jKBYzPjc-d93HWiK2THqSpLFA==
x-amz-cf-pop: FRA60-P4
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:58584356-ee8f-4de0-abcc-b50f847fba2c
x-amz-meta-codebuild-content-md5: d3f9c0952d74faa30fada14e06b377b0
x-amz-meta-codebuild-content-sha256: 8aa4841af9e8588faa6f0e126d94acab1f39eb0115dfa16eac2daccf149690d0
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 13EC 36 KB
11 KB 26ms
25ms Script
text/html 184.30.22.30
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.22.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-22-30.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: bcde8a2e818836cff71753e0c09b9348ccdc18647d05f04376ae8b39a101c4e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Mon, 09 Oct 2023 01:54:04 GMT
Content-Encoding: gzip
Last-Modified: Sun, 08 Oct 2023 14:49:55 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=46581
Connection: keep-alive
Content-Length: 10540
Expires: Mon, 09 Oct 2023 14:50:25 GMT

GET
H/1.1 200
OK log
c21lg-d.media.net/ Frame 1596 35 B
296 B 298ms
172ms Image
image/gif 23.212.88.20

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c21lg-d.media.net/log?logid=kfk&evtid=cs&del=2&vsid=3398180418395460000V10&origin=1&flt=0
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU18831I&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C359%2C437%2C97%2C55%2C99%2C2045%2C3012%2C3011%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C407%2C2011%2C2055%2C2099%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C459%2C339%2C70%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C345%2C225%2C468%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.88.20 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Oct 2023 01:54:04 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Mon, 09 Oct 2023 01:54:04 GMT

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame 13EC 7 B
380 B 23ms
10ms XHR
application/json 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Expires: 0

GET
H2 200 async_usersync Show response
ib.adnxs.com/ Frame D9FF 0
598 B 63ms
0ms Script
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:04 GMT
an-x-request-uuid: 6e674e2a-4770-42b0-8f87-9b3b340ba9bf
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache, private
x-proxy-origin: 185.213.155.146; 185.213.155.146; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 13926
g2.gumgum.com/usync/ Frame 17F2 4 KB
1 KB 174ms
0ms Document
text/html 3.248.143.162

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.143.162 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Mon, 09 Oct 2023 01:54:04 GMT
etag: W/"023efc7d76decc11f7d0966cbcea19bd9"
server: nginx
timing-allow-origin: *

GET
H2 204 /
onetag-sys.com/usync/ Frame 4630 0
0 72ms
0ms Document
text/plain 51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET sync
ssbsync.smartadserver.com/api/ Frame 457B 0
0

GET
H2 200 usermatch
ssum-sec.casalemedia.com/ Frame 94FF 2 KB
1 KB 126ms
31ms Document
text/html 104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 8132fe58ec0b5c98-FRA
content-encoding: br
content-type: text/html
date: Mon, 09 Oct 2023 01:54:04 GMT
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cuYXpuKylkMfw6z%2B8FQyeNWwatLXEpqr0NaGTbACBC%2BQ8o9lwDwDEfu0eGlvdGhyaRtruJut%2Bla1peF6Bx%2FVngolLw2J4d3bQLdr4um%2BDnabPI%2Bj8k9%2FZrlgBzaFSz8mwQYST5NMYvccyg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1

200
OK

usync.html
eus.rubiconproject.com/ Frame 1F46
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=duration_media&endpoint=us-east
https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east

281 B
554 B

70ms
8ms

Document
text/html

184.30.22.30
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.22.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-22-30.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 09 Oct 2023 01:54:04 GMT
ETag: "40011-119-6051b805b8000"
Last-Modified: Mon, 11 Sep 2023 20:52:16 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Mon, 09 Oct 2023 01:54:04 GMT
location: https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east
server: AkamaiGHost

GET
H2 200 user_sync.html
ads.pubmatic.com/AdServer/js/ Frame C440 15 KB
6 KB 153ms
0ms Document
text/html 184.30.16.195

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.195 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=132333
content-encoding: gzip
content-length: 5606
content-type: text/html
date: Mon, 09 Oct 2023 01:54:04 GMT
expires: Tue, 10 Oct 2023 14:39:37 GMT
last-modified: Fri, 01 Sep 2023 11:18:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 sync-iframe
cs-rtb.minutemedia-prebid.com/ Frame D134 0
525 B 260ms
81ms Document
text/html 2600:9000:2057:b400:1f:4c18:bd40:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://cs-rtb.minutemedia-prebid.com/sync-iframe?gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D348%26uid%3D%7BpartnerId%7D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:b400:1f:4c18:bd40:93a1 -, , ASN (),
Reverse DNS
Software: istio-envoy /
Resource Hash

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://public.servenobid.com/
content-length: 0
content-type: text/html
date: Mon, 09 Oct 2023 01:54:04 GMT
server: istio-envoy
via: 1.1 7ed7afde326861e358c3c83359e99894.cloudfront.net (CloudFront)
x-amz-cf-id: 80MR30pkmrEObemOhiQf_IPMkM6nQTUe7Ch6pQdTpCf21Cr7IEwVug==
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 1
x-reason: could not perform CS due to GDPR policy: gdpr is not applied

GET
H/1.1 200
OK user-sync
sync.adkernel.com/ Frame EC27 0
160 B 124ms
14ms Document
text/plain 77.245.57.72

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.adkernel.com/user-sync?zone=181225&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D152%26uid%3D%7BUID%7D&gdpr=0&gdpr_consent=&us_privacy=1YN-&
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 77.245.57.72 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Age: 0
Cache-Control: no-store
Connection: close
Content-Length: 0
Date: Mon, 09 Oct 2023 01:54:04 GMT
Pragma: no-cache
Server: nginx

GET sync-iframe
cs-server-s2s.yellowblue.io/ Frame 68A3 0
0

GET
H2

200

sync
ads.servenobid.com/ Frame A0F3
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
https://ads.servenobid.com/sync?pid=312&uid=3548010518329746433

0
344 B

46ms
7ms

Image
image/avif

52.214.251.135
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=312&uid=3548010518329746433
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 52.214.251.135 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-214-251-135.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:04 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

pragma: no-cache
date: Mon, 09 Oct 2023 01:54:04 GMT
an-x-request-uuid: 6c580b22-7747-436a-9bf8-15e0932aed60
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://ads.servenobid.com/sync?pid=312&uid=3548010518329746433
x-proxy-origin: 185.213.155.146; 185.213.155.146; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET

sync
ads.servenobid.com/ Frame A0F3
Redirect Chain

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1
https://ads.servenobid.com/sync?pid=310&uid=HdGSrRZHO_s6Y_c_SzKN7eGB

0
0

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame A0F3 0
277 B 59ms
17ms Image
text/plain 216.52.2.86
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.86 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 09 Oct 2023 01:54:04 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

GET

rmpssp
sync.1rx.io/usersync2/ Frame A0F3
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1696816444383

0
0

GET

sync
ads.servenobid.com/ Frame A0F3
Redirect Chain

https://p.rfihub.com/cm?pub=44007&in=1
https://ads.servenobid.com/sync?pid=324&uid=5140084927621237456

0
0

GET usa
sync.go.sonobi.com/ Frame A0F3 0
0

GET

sync
ads.servenobid.com/ Frame A0F3
Redirect Chain

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
https://ads.servenobid.com/sync?pid=327&uid=&us_privacy=1YN-&gdpr=0

0
0

GET
H2 204 occ
ups.analytics.yahoo.com/ups/58559/ Frame A0F3 0
38 B 70ms
0ms Image
text/plain 3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58559/occ

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.75 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:04 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.75
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET redirectuser
ssp.disqus.com/ Frame A0F3 0
0

GET
H2 204 occ
ups.analytics.yahoo.com/ups/58632/ Frame A0F3 0
15 B 65ms
0ms Image
text/plain 3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58632/occ

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.75 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:04 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.75
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 204 v1
match.sharethrough.com/universal/ Frame A0F3 0
34 B 61ms
0ms Image
text/plain 3.69.215.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/universal/v1?supply_id=KW3eSFMR&gdpr=0&gdpr_consent=&us_privacy=1YN-&
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.69.215.73 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-69-215-73.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:04 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame A0F3
Redirect Chain

https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D353%26uid%3D%3Cvsid%3E
https://ads.servenobid.com/sync?pid=353&uid=0000EEA

0
336 B

113ms
0ms

Image
image/avif

52.214.251.135
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=353&uid=0000EEA
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 52.214.251.135 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-214-251-135.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 01:54:04 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=86400 ; includeSubDomains, max-age=604800
date: Mon, 09 Oct 2023 01:54:04 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
location: https://ads.servenobid.com/sync?pid=353&uid=0000EEA
content-type: text/html
cache-control: max-age=0, no-cache, no-store
content-length: 154
x-mnet-hl2: E
expires: Mon, 09 Oct 2023 01:54:04 GMT

GET

pixel
cm.g.doubleclick.net/ Frame 94FF
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZSNdOrAIjtG6oFwvPqerjgAA

0
0

GET

usermatchredir
ssum-sec.casalemedia.com/ Frame 94FF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZSNdOrAIjtG6oFwvPqerjgAADS4AAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEKkayUMeOHdWaTkZ1VrHJhE&google_cver=1

0
0

GET dcm
s.amazon-adsystem.com/ Frame 94FF 0
0

GET casale
match.adsrvr.org/track/cmf/ Frame 94FF 0
0

GET /
b1sync.zemanta.com/usersync/index/ Frame 94FF 0
0

GET sync
ssbsync.smartadserver.com/api/ Frame 94FF 0
0

GET

rum
dsum-sec.casalemedia.com/ Frame 94FF
Redirect Chain

https://cms.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=KxHCGChAw0gwE8QTeB3dTypCxEgwF5ZJKxy7MLZd

0
0

GET index
dmp.brand-display.com/cm/api/ Frame 94FF 0
0

GET sync
ads.servenobid.com/ Frame 94FF 0
0

GET PugMaster
image6.pubmatic.com/AdServer/ Frame C440 0
0

GET getuid
secure.adnxs.com/ Frame 17F2 0
0

GET

sync
x.bidswitch.net/ul_cb/ Frame 17F2
Redirect Chain

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_a8d26658-f484-4db0-9931-7e76204dce0b&gdpr=0&gdpr_consent=&us_privacy=1---
https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_a8d26658-f484-4db0-9931-7e76204dce0b&gdpr=0&gdpr_consent=&us_privacy=1---

0
0

GET redirectObuid
sync.outbrain.com/ Frame 17F2 0
0

GET cm
us-u.openx.net/w/1.0/ Frame 17F2 0
0

GET sync
sync.srv.stackadapt.com/ Frame 17F2 0
0

GET gumgum
pr-bh.ybp.yahoo.com/sync/ Frame 17F2 0
0

GET generic
sync.ipredictive.com/d/sync/cookie/ Frame 17F2 0
0

GET 142
match.deepintent.com/usersync/ Frame 17F2 0
0

GET /
b1sync.zemanta.com/usersync/gumgum/ Frame 17F2 0
0

GET server_match
ad.360yield.com/ Frame 17F2 0
0

GET rtset
bh.contextweb.com/bh/ Frame 17F2 0
0

GET sync
ssbsync.smartadserver.com/api/ Frame 17F2 0
0

GET sync
ads.servenobid.com/ Frame 17F2 0
0

GET match
c1.adform.net/serving/cookie/ Frame 1FAE 0
0

GET URnmbSKM
sync-tm.everesttech.net/upi/pid/ Frame FEBD 0
0

GET pixel
cm.g.doubleclick.net/ Frame 5A20 0
0

GET user_sync.html
ads.pubmatic.com/AdServer/js/ Frame F74E 0
0

GET generic
match.adsrvr.org/track/cmf/ Frame 0D4C 0
0

GET idsync
tg.socdm.com/aux/ Frame 9474 0
0

GET gumgum
cs.admanmedia.com/sync/ Frame B235 0
0

GET cm-notify
creativecdn.com/ Frame 6FF5 0
0

GET multi-sync.html
secure-assets.rubiconproject.com/utils/xapi/ Frame F918 0
0

GET usync.js
eus.rubiconproject.com/ Frame 1F46 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID

Domain: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D352%26uid%3D%7BpartnerId%7D

Domain: ads.servenobid.com
URL: https://ads.servenobid.com/sync?pid=310&uid=HdGSrRZHO_s6Y_c_SzKN7eGB

Domain: sync.1rx.io
URL: https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1696816444383

Domain: ads.servenobid.com
URL: https://ads.servenobid.com/sync?pid=324&uid=5140084927621237456

Domain: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D

Domain: ads.servenobid.com
URL: https://ads.servenobid.com/sync?pid=327&uid=&us_privacy=1YN-&gdpr=0

Domain: ssp.disqus.com
URL: https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D346%26uid%3DBUYERUID

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZSNdOrAIjtG6oFwvPqerjgAA

Domain: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEKkayUMeOHdWaTkZ1VrHJhE&google_cver=1

Domain: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZSNdOrAIjtG6oFwvPqerjgAADS4AAAIB&gpp=&gpp_sid=

Domain: match.adsrvr.org
URL: https://match.adsrvr.org/track/cmf/casale

Domain: b1sync.zemanta.com
URL: https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid=

Domain: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=82&gdpr=$%7bGDPR%7d&gdpr_consent=$%7bGDPR_CONSENT%7d

Domain: dsum-sec.casalemedia.com
URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=KxHCGChAw0gwE8QTeB3dTypCxEgwF5ZJKxy7MLZd

Domain: dmp.brand-display.com
URL: https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3cIndex_user_id%3e

Domain: ads.servenobid.com
URL: https://ads.servenobid.com/sync?pid=333&uid=ZSNdOrAIjtG6oFwvPqerjgAADS4AAAIB

Domain: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=58844312&p=162412&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1YN-

Domain: secure.adnxs.com
URL: https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID

Domain: x.bidswitch.net
URL: https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_a8d26658-f484-4db0-9931-7e76204dce0b&gdpr=0&gdpr_consent=&us_privacy=1---

Domain: sync.outbrain.com
URL: https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D

Domain: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D

Domain: sync.srv.stackadapt.com
URL: https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=

Domain: pr-bh.ybp.yahoo.com
URL: https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=

Domain: sync.ipredictive.com
URL: https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D

Domain: match.deepintent.com
URL: https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D

Domain: b1sync.zemanta.com
URL: https://b1sync.zemanta.com/usersync/gumgum/?puid=e_a8d26658-f484-4db0-9931-7e76204dce0b&gdpr=0&gdpr_consent=&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__

Domain: ad.360yield.com
URL: https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D

Domain: bh.contextweb.com
URL: https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25

Domain: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=

Domain: ads.servenobid.com
URL: https://ads.servenobid.com/sync?pid=309&uid=e_a8d26658-f484-4db0-9931-7e76204dce0b

Domain: c1.adform.net
URL: https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=

Domain: sync-tm.everesttech.net
URL: https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9hOGQyNjY1OC1mNDg0LTRkYjAtOTkzMS03ZTc2MjA0ZGNlMGI=&gdpr=0&gdpr_consent=&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv

Domain: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=

Domain: match.adsrvr.org
URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=

Domain: tg.socdm.com
URL: https://tg.socdm.com/aux/idsync?proto=gumgum

Domain: cs.admanmedia.com
URL: https://cs.admanmedia.com/sync/gumgum?puid=e_a8d26658-f484-4db0-9931-7e76204dce0b&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Daad%26i%3D%5BDSP_USER_ID%5D&gdpr=0&gdpr_consent=&ccpa=1---

Domain: creativecdn.com
URL: https://creativecdn.com/cm-notify?pi=gumgum

Domain: secure-assets.rubiconproject.com
URL: https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum

Domain: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js

Verdicts & Comments Add Verdict or Comment

171 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

32 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.criteo.com/	1970-01-21 00:41:52	Name: uid Value: 407af906-290e-4149-8848-64e35554f053
.adnxs.com/	1970-01-20 17:29:52	Name: icu Value: ChgIvahBEAoYASABKAEwuLqNqQY4AUABSAEQuLqNqQYYAA..
.adnxs.com/	1970-01-20 17:29:52	Name: uuid2 Value: 3548010518329746433
.openx.net/	1970-01-21 00:05:52	Name: i Value: bb59820e-d4a2-4ddd-bd2f-7069936b1199\|1696816440
.rubiconproject.com/	1970-01-21 00:05:52	Name: khaos Value: LNI8P50X-12-9IPF
.rubiconproject.com/	1970-01-21 00:05:52	Name: audit Value: 1\|naVuGyos1qp91ae9x0v2wz5APvdogVCbaTd6KyMQnas9gLr7Yht2fXe09QxxkDp2tjr9BQ320rtNK4vGyfbdaMxuhZpbWKLtKo1K0XDjsVm+xUA9sgf/4eNEKcfJxgEB
.wheregoes.com/	1970-01-21 00:41:52	Name: __gads Value: ID=887ae4992dcb1455:T=1696816441:RT=1696816441:S=ALNI_MYcciCCT_eqOZvD8Pfx3UDmWE1JNg
.wheregoes.com/	1970-01-21 00:41:52	Name: __gpi Value: UID=00000c92f125a09c:T=1696816441:RT=1696816441:S=ALNI_Mb63GqIGBqunTMysO9UZ6xDxN5vWQ
.doubleclick.net/	1970-01-21 00:41:52	Name: IDE Value: AHWqTUns5YvDklB7nBRI7gdOYWmKl8q3SUjXEZmD7KqnXOY4sEykNnxEQWDJyTO0plk
.bing.com/	1970-01-21 00:41:52	Name: MUID Value: 182C9B3FD70764790900889AD670653E
.media.net/	1970-01-20 16:03:28	Name: data-c-ts Value: 1696816441
.media.net/	1970-01-20 16:03:28	Name: data-c Value: k-26QJ-QQRjFerJNaOgB-lNy9-4YZdigEWRgqL2A~~3
.media.net/	1970-01-21 00:05:52	Name: visitor-id Value: 3398180418395460000V10
exchange.mediavine.com/	1970-01-20 15:40:26	Name: criteo Value: %7B%22id%22%3A%22k-Zy1eKwQRjFerJNaOgB-lNy9-4YZnIRsXJaZYHg%22%2C%22version%22%3A%22criteo%22%7D
exchange.mediavine.com/	1970-01-20 15:40:26	Name: mv_tokens Value: %7B%22mv_uuid%22%3A%22b8433460-6646-11ee-832e-bbfa664d4b33%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 15:40:26	Name: mv_tokens_eu-v1 Value: %7B%22mv_uuid%22%3A%22b8433460-6646-11ee-832e-bbfa664d4b33%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 15:40:26	Name: am_tokens Value: %7B%22mv_uuid%22%3A%22b8433460-6646-11ee-832e-bbfa664d4b33%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 15:40:26	Name: am_tokens_eu-v1 Value: %7B%22mv_uuid%22%3A%22b8433460-6646-11ee-832e-bbfa664d4b33%22%2C%22version%22%3A%22eu-v1%22%7D
.omnitagjs.com/	1970-01-20 16:03:28	Name: ayl_visitor Value: f3dd8de75342cec8fc18ed9e761caafa
.casalemedia.com/	1970-01-21 00:05:52	Name: CMID Value: ZSNdOrAIjtG6oFwvPqerjgAA
.casalemedia.com/	1970-01-20 17:29:52	Name: CMPS Value: 3374
.casalemedia.com/	1970-01-20 17:29:52	Name: CMPRO Value: 3374
.pubmatic.com/	1970-01-20 16:03:28	Name: KRTBCOOKIE_97 Value: 3385-uid:k-n3bhrAQRjFerJNaOgB-lNy9-4YZ8TeHStXv4qQ&KRTB&23144-uid:k-n3bhrAQRjFerJNaOgB-lNy9-4YZ8TeHStXv4qQ&KRTB&23286-uid:k-n3bhrAQRjFerJNaOgB-lNy9-4YZ8TeHStXv4qQ&KRTB&23287-uid:k-n3bhrAQRjFerJNaOgB-lNy9-4YZ8TeHStXv4qQ
.pubmatic.com/	1970-01-20 16:03:28	Name: PugT Value: 1696816440
.postrelease.com/	1970-01-21 00:05:52	Name: opt_out Value: 1
.adnxs.com/	1970-01-20 17:29:52	Name: anj Value: dTM7k!M4/rCxrEQF']wIg2In6gL.C!!]tbPl@/D!9hy6]/CwgYmuJ/17^W?02`e`G3D@$C<R7asiWj`F4='h6fy5?d]_W5b?12#^mRdrn%nugO%v4VB%nr]F+cBAd
.demdex.net/	1970-01-20 19:39:28	Name: demdex Value: 16103761921930203971197781817181196079
.dpm.demdex.net/	1970-01-20 19:39:28	Name: dpm Value: 16103761921930203971197781817181196079
.tremorhub.com/	1970-01-20 16:03:28	Name: tv_UICR Value: k-y6XeEwQRjFerJNaOgB-lNy9-4Ya5HdCGWiEFTQ
.tremorhub.com/	1970-01-21 00:06:13	Name: tvid Value: 3c02b7c718984adea476c76a7284118a
.krxd.net/	1970-01-20 19:39:28	Name: _kuid_ Value: P2AFpvHk
.wheregoes.com/	1970-01-21 00:41:52	Name: cto_bundle Value: CKiZm19PdUVuSkJJQWJHUVQxTVFHTkNpRTJXSWVBMllKQ2JBY0R4ZmxUdGhISGxtb2FMUm9MSUFhc0xnMzdLN2xJWWUzRDRrWHBnTmR2JTJCYm5RWVVYMU1hVHFJWVdjaUpISUpROUhYQ0VQUUx6RGptOGxxNEdzZFhNczk2M1llaXZ2ZDNrbWE3SmtpQnhEY2JkWjJhNTh6ODcxQSUzRCUzRA

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	(Line 1) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6711e90510414ef3402793eed4ecc805.safeframe.googlesyndication.com
a.twiago.com
acdn.adnxs.com
ad.360yield.com
ad.yieldlab.net
ads.eu.criteo.com
ads.pubmatic.com
ads.servenobid.com
adsdk.microsoft.com
ams3-ib.adnxs.com
ap.lijit.com
api.fouanalytics.com
b1sync.zemanta.com
bcp.crwdcntrl.net
beacon-ams3.rubiconproject.com
beacon.krxd.net
bh.contextweb.com
bidder.criteo.com
c1.adform.net
c21lg-d.media.net
cat.fr3.eu.criteo.com
cdn.adnxs.com
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
cdn4.buysellads.net
cdnjs.cloudflare.com
cm.adform.net
cm.g.doubleclick.net
contextual.media.net
creativecdn.com
criteo-partners.tremorhub.com
criteo-sync.teads.tv
cs-rtb.minutemedia-prebid.com
cs-server-s2s.yellowblue.io
cs.admanmedia.com
csm.eu.criteo.net
dis.criteo.com
dmp.brand-display.com
dpm.demdex.net
dsum-sec.casalemedia.com
e1.emxdgt.com
eb2.3lift.com
eus.rubiconproject.com
exchange.mediavine.com
fastlane.rubiconproject.com
g2.gumgum.com
google-bidout-d.openx.net
gum.criteo.com
hb-api.omnitagjs.com
hbx.media.net
ib.adnxs.com
id5-sync.com
image6.pubmatic.com
imageproxy.eu.criteo.net
jadserve.postrelease.com
match.adsrvr.org
match.deepintent.com
match.sharethrough.com
matching.ivitrack.com
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
onetag-sys.com
pagead2.googlesyndication.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
prebid.media.net
public.servenobid.com
r.casalemedia.com
rtb-csync.smartadserver.com
s.amazon-adsystem.com
s.thebrighttag.com
secure-assets.rubiconproject.com
secure-gl.imrworldwide.com
secure.adnxs.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
srv.buysellads.com
ssbsync.smartadserver.com
ssp.disqus.com
ssum-sec.casalemedia.com
static.criteo.net
sync-criteo.ads.yieldmo.com
sync-t1.taboola.com
sync-tm.everesttech.net
sync.1rx.io
sync.adkernel.com
sync.go.sonobi.com
sync.ipredictive.com
sync.outbrain.com
sync.srv.stackadapt.com
tags.crwdcntrl.net
tg.socdm.com
token.rubiconproject.com
tpc.googlesyndication.com
ups.analytics.yahoo.com
us-u.openx.net
visitor.omnitagjs.com
wheregoes.com
widget.fr3.eu.criteo.com
www.bing.com
www.google.com
www.googletagservices.com
x.bidswitch.net
ad.360yield.com
ads.pubmatic.com
ads.servenobid.com
b1sync.zemanta.com
bh.contextweb.com
c1.adform.net
cm.g.doubleclick.net
creativecdn.com
cs-server-s2s.yellowblue.io
cs.admanmedia.com
dmp.brand-display.com
dsum-sec.casalemedia.com
eus.rubiconproject.com
image6.pubmatic.com
match.adsrvr.org
match.deepintent.com
pr-bh.ybp.yahoo.com
s.amazon-adsystem.com
secure-assets.rubiconproject.com
secure.adnxs.com
ssbsync.smartadserver.com
ssp.disqus.com
ssum-sec.casalemedia.com
sync-tm.everesttech.net
sync.1rx.io
sync.go.sonobi.com
sync.ipredictive.com
sync.outbrain.com
sync.srv.stackadapt.com
tg.socdm.com
us-u.openx.net
x.bidswitch.net
104.102.35.84
104.18.26.193
13.248.245.213
141.226.228.48
142.250.184.226
151.139.128.10
162.19.138.118
178.250.1.11
178.250.1.9
178.250.7.11
178.250.7.9
178.62.198.146
18.194.51.36
18.221.230.31
18.66.147.73
184.30.16.195
184.30.17.243
184.30.20.22
184.30.22.30
185.86.139.101
185.89.210.122
198.47.127.205
2.18.160.23
216.52.2.86
23.201.255.110
23.212.88.20
23.32.184.180
2600:1f18:612b:4264:496c:d23f:8720:f8bc
2600:9000:2057:b400:1f:4c18:bd40:93a1
2600:9000:223c:9c00:1e:a43d:b640:93a1
2600:9000:2250:ec00:a:e047:753:6381
2602:803:c003:200::51
2602:803:c003:200::67
2606:4700:10::6816:3556
2606:4700:3035::ac43:b70e
2606:4700::6810:5714
2606:4700::6811:190e
2606:4700:e2::ac40:8920
2620:1ec:46::45
2a00:1450:4001:806::2002
2a00:1450:4001:80f::2001
2a00:1450:4001:812::2001
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2004
2a02:2638:3::c
2a02:2638:d::11
2a02:2638:d::13
2a02:2638:d::2
2a02:2638:d::4
2a02:2638:d::a
2a02:26f0:480:22::1726:62f9
3.125.57.54
3.248.143.162
3.69.215.73
3.71.149.231
3.75.11.145
34.102.146.192
34.117.157.22
34.120.107.143
34.120.63.153
34.250.238.79
34.255.244.27
34.98.64.218
37.157.6.232
51.89.9.254
52.210.78.166
52.214.251.135
54.217.255.105
54.229.132.93
54.76.247.56
64.202.112.255
65.9.66.97
69.173.144.138
77.245.57.72
85.215.5.31
99.81.152.59
0060f3fa259a2ae02df7db839b32df5c8e08390e14cbbfd3a565fde9c66739a3
0129e5b48ea2aa4cf8760050d5d59bb220c1c83d882674b3069c1b61d28164b7
0152ec54bafb1f951d4dc7585aebae598d2235c78d9e81ade8399006f8eb3b9b
021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94
05f125dcff74cdb98cf0e79d19d615ba6d721bb455e45513bb4a55fcce678b42
08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0ac2396efafe75e0da9c789ea30edc630485c937fcb0700f00fb265aa5b3bf6a
0c1ce1aa8e07e9cd49cd881147c0495b5c636dab10ab1c30ceb935b74a8c0ecd
0c94f7120af1dd1e52881cfb218fb4fda3f26d6971c0ebd317ba23b459dcaa1e
1060091178cbd6c843b802f516f230f1a3a1e85f1afbd6ef84d80e5430ba457e
16f97878909c2763c2d7c1219472c3d3130a8007a6ea852049e388ea752fb697
19f4129c1cfc1a9fcb2e94b35853f3d2085c0807564e37971d1ccb6ef2a7e852
1be08882dfeb8650bd7e5095225c4486fca31df5c071bb103f053f2c45b715ca
1c20d54555b098aef8269b6fa89b316fa731aac67e6926c1203c27edf8cf9dbd
21f67631530bfe0e3a995897eb9414ab92ad1ad2901fe1f04919752fdce8271e
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2837983772f75c423589df6f2963b308312e314bc8507d69f32082c1a2c1fb5d
2e896a678d4974483df91ef41c17026ca35449a0166a08a1dd00ba9426714a38
2fce74af21aa125f328a75a9b99be632bca88f5a001b9806cc013a347bd796e6
3077c047c7210f4e52a637ba10a8d5346ed72d4e29956c96aaa8f8aac58d440c
30af571851609f95e6c48541fec975b906e4debb8a79e331e84f47efab592697
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
41a65bfc1157d14a7bddd775fede275437dc49f1468bd25429b28e5ec373bcda
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
455dfec854895ed2c7f9204662d0c9861a84a7aca05b1d23f2373f267add032f
4672e11a0ddc1063a6a119cac90b54f9820fc93de2ddae2baba935805c522a13
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bd1f80773ff9ecf45fcd099dcd4b104512cc03460d35f1a8890411917aedd5d
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
53f35734d4e6db5d7d1ce8e480b4a93b7fe3ae72af91cb24baa2bf8fb18169af
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc
590902941df60bb8d5a4733cf248267f869a2bd2dec49a3e373a992573745f2f
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
5fe46d2da01452067736578431f6c6e8116a24e616f58c72d9d81fdb2c7c9569
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61e4cd17cd84adc5ed49ce361925ab89ed9210810bf03c51eb875b7f59d99127
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
6c6efc7ebfdc3b2cb78340640cc6f20ed8a50586b44617d95beac2241c7310d3
6fa6c69e1277bb593a4e788d538d19e7807a52ad32e0c53234d4c1bc3d0bd583
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc
75c8de3ba4043fd9dab660900b35ca6c6af748d523ae20e6976505c8a9cd5980
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628
826f05aca2e8d5916f38b3d3d1496bb996e9397772a53a814e0631ab7fa6259e
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8d8311f04699875ceb49422f49ae378d923533a0b40fbcedf3f356999239cded
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
940237e5b80c927a656ad2ac73211077ac8fa628d5d07583ed42e911c2c140a8
961fdbb67cdf65238a19d9332533c52cca1f3561583adf6b4101fe14778e9e33
9ab1e5ef8baed1d906b9e8ea4126ad958556881a46150cd6712ad5ebc40f4e46
9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4239ee2f47a585d93faf9d397ee95ffcdd74d4b1ed65ec9a2645512e6ba9d6e
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a58a5d8ecccfbee49488f2c52f48cd7098545ccbbcfe02b7f64664bb550f1609
a63dfd713cc51d399b4ba5a01736efd903cfee3d1acd075a9792bf5b553fe784
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a9c49f9f526c232731b2ff9aa3e31b686b8b339bdd246bbf74f804c802f9755d
ac7e7782a3c25629405bbb7dc9015c6158a49bcbb200879c33190ee077639ee2
ad1c8d7fbe184dc60b52f4fd8ab4fdf2a98d813097e67d918e5ed916b1c37d1f
adb0c1ab3e8e50952cae5ec25ee05f1f6ba693cdfe9c2c4b204467b0ce1f376f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b206c4dae798a4c2463de84f9112ed6db30d5ae85de7dec6f03d9cd3cf999e33
b3279a8f64a3eaf5ef9eec9f393e50b49598df74ed2817d18e0afdc316c9529e
ba20d5806e9847556edd74c9ef0bc3962e3b247741dac5c069d3131e7c17c65f
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bbf2413b9511bb70a14ab3712ba3e2c2d8974e3253f209a613c15f4257fbdac4
bcde8a2e818836cff71753e0c09b9348ccdc18647d05f04376ae8b39a101c4e8
c72f57881ea9665da29cc614802f61a04084e06b14de9f1d79ce26273e66a991
c746ca687b3e79023240e45eb684f036fd9a1312b454758a6018b3ece635dafb
c85d578521a9aa69f45bddec80565fd47deb3368c354387ef1fef7108611393e
c93511d8919a02bcbed203fee66c4c949de2dffeea9fee68f72c96ec1ecfa8bd
cc3b04e00cede182123138355e4659b44ea24ad4a89243615203533591cedc61
ce239b562034663bb5adff652f43ccd91832747f4df1978ab6d8a45ca5b2b5dd
d12f2f9af322921638fbc8b4e8db5152069ae6eb32f793b67d27818f14302635
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
d48f7d7bc477f61c161f38835c0daaead5a64ca51be3656755d0b08c866dfcf2
daa281744cfede042bf6ee84f5411afcee5d716d4b1a61e2561b0dfccf8564d5
dd3ea3c868cc78a72f5b591514b7f60b4cd4416daa379ff79eeccfd37c97ed7b
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2
ee394e6bad8b58e9e05342581e377e527b90b5b49a2f658119d3fa055c75d6c1
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f848fd0e0f026035049eee96edc984fa9de5a07aebdaeb12604e1c8d3ee2d7f1
fa4a3a01096bcf7ac1ba125e914238a69ed59fef56ba5915ca73f5e58b1d82bb
fa55d3ac729d921e81aed86c32825194a3a233f27937e18b60fab049a874774e
fc7c40a691ec06cc17cda8babcd07e7ac7b8fbf58d63c13e15e0ff6233322b94

wheregoes.com Open in urlscan Pro 2606:4700:3035::ac43:b70e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

261 Requests

77 %HTTPS

32 %IPv6

69 Domains

105 Subdomains

75 IPs

8 Countries

1419 kBTransfer

3779 kBSize

32 Cookies

1 Outgoing links

Redirected requests

261 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

wheregoes.com Open in urlscan Pro
2606:4700:3035::ac43:b70e Public Scan

Screenshot
Live screenshot

Full Image

261
Requests

77 %
HTTPS

32 %
IPv6

69
Domains

105
Subdomains

75
IPs

8
Countries

1419 kB
Transfer

3779 kB
Size

32
Cookies

261 HTTP transactions
4 data transactions