urlscan.io logo urlscan.io
SecurityTrails logo

dailyvoice.com Open in urlscan Pro
35.169.18.93  Public Scan

Go To Rescan Add Verdict Report
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds...
Submission: On April 27 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 183 IPs in 18 countries across 149 domains to perform 1004 HTTP transactions. The main IP is 35.169.18.93, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is dailyvoice.com. The Cisco Umbrella rank of the primary domain is 86367.
TLS certificate: Issued by Amazon on December 28th 2021. Valid for: a year.
This is the only time dailyvoice.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 35.169.18.93 14618 (AMAZON-AES)
23 2a04:4e42::393 54113 (FASTLY)
4 2a00:1450:400... 15169 (GOOGLE)
6 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2600:9000:206... 16509 (AMAZON-02)
9 2600:9000:206... 16509 (AMAZON-02)
2 2600:9000:205... 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a03:2880:f01... 32934 (FACEBOOK)
6 35.201.71.192 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 3 99.86.7.38 16509 (AMAZON-02)
4 8 2620:116:800d... 16509 (AMAZON-02)
1 4 2600:9000:205... 16509 (AMAZON-02)
1 99.86.7.73 16509 (AMAZON-02)
49 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:205... 16509 (AMAZON-02)
1 9 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:206... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 23.35.237.64 16625 (AKAMAI-AS)
3 143.204.202.50 16509 (AMAZON-02)
17 142.250.186.66 15169 (GOOGLE)
3 3 2600:1f18:730... 14618 (AMAZON-AES)
3 44.194.206.200 14618 (AMAZON-AES)
1 35.241.45.217 15169 (GOOGLE)
1 1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
4 54 23.35.236.247 16625 (AKAMAI-AS)
5 2a03:2880:f11... 32934 (FACEBOOK)
5 54.227.185.17 14618 (AMAZON-AES)
10 65.9.66.173 16509 (AMAZON-02)
2 99.86.7.66 16509 (AMAZON-02)
28 2600:9000:205... 16509 (AMAZON-02)
15 52.28.203.152 16509 (AMAZON-02)
11 2602:803:c003... 26667 (RUBICONPR...)
2 18 34.98.64.218 15169 (GOOGLE)
6 185.64.189.112 62713 (AS-PUBMATIC)
6 18.195.0.245 16509 (AMAZON-02)
5 63.32.224.74 16509 (AMAZON-02)
31 35.158.59.51 16509 (AMAZON-02)
5 35.156.14.215 16509 (AMAZON-02)
5 35.211.165.199 19527 (GOOGLE-2)
4 18 216.52.2.39 29791 (VOXEL-DOT...)
6 34.107.148.139 15169 (GOOGLE)
5 18.200.109.242 16509 (AMAZON-02)
7 23.32.59.34 16625 (AKAMAI-AS)
6 29 185.33.221.14 29990 (ASN-APPNEX)
1 23.21.79.77 14618 (AMAZON-AES)
1 104.75.88.126 16625 (AKAMAI-AS)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 23.206.210.112 16625 (AKAMAI-AS)
1 46.105.202.126 16276 (OVH)
1 130.211.23.194 15169 (GOOGLE)
1 141.95.3.9 16276 (OVH)
1 65.9.68.105 16509 (AMAZON-02)
1 2.18.232.7 16625 (AKAMAI-AS)
2 18.196.86.25 16509 (AMAZON-02)
11 99.80.41.206 16509 (AMAZON-02)
1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
1 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
10 2a00:1450:400... 15169 (GOOGLE)
1 23.35.237.151 16625 (AKAMAI-AS)
3 178.250.2.131 44788 (ASN-CRITE...)
2 5 35.172.159.73 14618 (AMAZON-AES)
2 2600:9000:206... 16509 (AMAZON-02)
1 99.86.7.67 16509 (AMAZON-02)
1 143.204.202.23 16509 (AMAZON-02)
2 65.9.68.93 16509 (AMAZON-02)
5 2a00:1450:400... 15169 (GOOGLE)
11 23.35.236.201 16625 (AKAMAI-AS)
3 4 185.94.180.125 35220 (SPOTX-AMS)
1 2a06:8640:476... 55081 (24SHELLS)
14 63.250.60.65 204548 (CLOUDWEBM...)
9 15 3.121.19.101 16509 (AMAZON-02)
3 3 23.88.75.186 24940 (HETZNER-AS)
6 37 76.223.111.18 16509 (AMAZON-02)
6 13 69.173.144.138 26667 (RUBICONPR...)
4 5 185.33.221.90 29990 (ASN-APPNEX)
1 2 2600:1f18:612... 14618 (AMAZON-AES)
4 2a00:1450:400... 15169 (GOOGLE)
22 2a00:1450:400... 15169 (GOOGLE)
1 18.156.195.47 16509 (AMAZON-02)
1 52.57.69.5 16509 (AMAZON-02)
1 81.17.55.161 60781 (LEASEWEB-...)
2 5 37.157.6.242 198622 (ADFORM)
7 8 2.18.234.233 16625 (AKAMAI-AS)
13 13 216.200.232.249 30419 (MEDIAMATH...)
5 14 52.223.40.198 16509 (AMAZON-02)
2 2600:1f18:444... 14618 (AMAZON-AES)
2 3 52.30.28.241 16509 (AMAZON-02)
2 3 104.111.215.191 16625 (AKAMAI-AS)
3 34.98.67.61 15169 (GOOGLE)
1 2 2a04:4e42:400... 54113 (FASTLY)
35 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
5 10 185.64.190.78 62713 (AS-PUBMATIC)
8 23.227.139.243 55081 (24SHELLS)
3 3 185.184.8.90 204995 (RTB-HOUSE...)
3 2600:9000:206... 16509 (AMAZON-02)
5 2a00:1450:400... 15169 (GOOGLE)
7 54.158.72.110 14618 (AMAZON-AES)
1 13 18.158.238.206 16509 (AMAZON-02)
22 2a00:1450:400... 15169 (GOOGLE)
19 57 142.250.185.130 15169 (GOOGLE)
26 93.184.221.133 15133 (EDGECAST)
2 2a02:2638:1::3 44788 (ASN-CRITE...)
2 104.111.242.245 16625 (AKAMAI-AS)
4 18.224.78.125 16509 (AMAZON-02)
1 217.79.188.2 24961 (MYLOC-AS ...)
1 13 91.216.195.18 12516 (WEBORAMA ...)
4 2607:f8b0:402... 15169 (GOOGLE)
1 108.177.15.156 15169 (GOOGLE)
5 5 18.193.50.241 16509 (AMAZON-02)
8 11 18.156.0.31 16509 (AMAZON-02)
1 1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
12 217.79.188.10 24961 (MYLOC-AS ...)
2 2 35.186.193.173 15169 (GOOGLE)
4 4 85.114.159.93 24961 (MYLOC-AS ...)
2 35.227.252.103 15169 (GOOGLE)
4 16 51.75.86.98 16276 (OVH)
3 8 66.155.71.25 13768 (COGECO-PEER1)
4 142.250.184.194 15169 (GOOGLE)
1 1 62.209.227.211 13036 (TMOBILE-)
6 185.86.139.89 201081 (SMARTADSE...)
10 23.205.235.133 16625 (AKAMAI-AS)
6 104.17.120.107 13335 (CLOUDFLAR...)
1 1 18.134.84.22 16509 (AMAZON-02)
9 9 52.210.7.127 16509 (AMAZON-02)
5 8 2a05:d018:d29... 16509 (AMAZON-02)
9 9 52.58.249.203 16509 (AMAZON-02)
7 72.251.245.181 29791 (VOXEL-DOT...)
1 34.96.105.8 15169 (GOOGLE)
3 3 34.246.109.130 16509 (AMAZON-02)
12 12 213.19.147.45 26120 (RHYTHMONE)
4 185.86.139.104 201081 (SMARTADSE...)
2 68.232.34.163 15133 (EDGECAST)
3 7 52.46.130.91 16509 (AMAZON-02)
1 1 108.128.72.205 16509 (AMAZON-02)
2 192.132.33.46 18568 (BIDTELLECT)
1 143.204.202.99 16509 (AMAZON-02)
2 2620:1ec:22::14 8068 (MICROSOFT...)
2 4 52.95.126.160 16509 (AMAZON-02)
1 2a00:1288:80:... 203220 (YAHOO-DEB)
2 35.244.174.68 15169 (GOOGLE)
3 3 213.155.156.169 1299 (TWELVE99 ...)
1 82.113.101.132 6805 (TDDE-ASN1)
2 3 178.250.2.151 44788 (ASN-CRITE...)
1 2a01:28:cb6:3... 39392 (SUPERNETW...)
2 2 72.251.244.140 29791 (VOXEL-DOT...)
1 3.217.136.163 14618 (AMAZON-AES)
1 34.120.133.55 396982 (GOOGLE-CL...)
1 2620:1ec:bdf::45 8068 (MICROSOFT...)
6 23.35.228.23 16625 (AKAMAI-AS)
2 23 34.248.76.8 16509 (AMAZON-02)
1 67.202.105.24 32748 (STEADFAST)
1 1 216.52.2.19 29791 (VOXEL-DOT...)
1 2 34.234.148.240 14618 (AMAZON-AES)
3 3 193.0.160.128 54312 (ROCKETFUEL)
2 178.162.133.149 60781 (LEASEWEB-...)
1 1 145.40.89.200 54825 (PACKET)
9 151.101.130.49 54113 (FASTLY)
1 1 52.70.185.145 14618 (AMAZON-AES)
2 5 54.220.157.118 16509 (AMAZON-02)
2 52.200.145.253 14618 (AMAZON-AES)
6 11 70.42.32.31 22075 (AS-OUTBRAIN)
4 5 34.237.23.137 14618 (AMAZON-AES)
5 5 54.159.94.231 14618 (AMAZON-AES)
2 150.136.156.92 31898 (ORACLE-BM...)
2 2 96.16.141.156 16625 (AKAMAI-AS)
2 3 18.195.155.181 16509 (AMAZON-02)
2 2 124.146.215.45 2514 (INFOSPHER...)
1 8.2.111.142 46636 (NATCOWEB)
2 2 52.17.151.21 16509 (AMAZON-02)
9 13 198.47.127.18 3257 (GTT-BACKB...)
6 11 169.50.137.184 36351 (SOFTLAYER)
8 169.197.150.8 398989 (DEEPINTENT)
4 4 70.42.32.63 22075 (AS-OUTBRAIN)
3 34.241.76.6 16509 (AMAZON-02)
4 4 198.148.27.139 19189 (PULSEPOINT)
1 5 37.157.3.28 198622 (ADFORM)
1 1 185.86.139.103 201081 (SMARTADSE...)
4 5 185.64.190.80 62713 (AS-PUBMATIC)
1 2a00:1450:400... 15169 (GOOGLE)
4 4 2001:678:cb4:... 56396 (AMOBEE)
2 4 2a02:fa8:8806... 41041 (VCLK-EU-SE)
2 2 154.59.122.79 174 (COGENT-174)
7 11 185.64.189.110 62713 (AS-PUBMATIC)
4 7 185.64.190.81 62713 (AS-PUBMATIC)
1 2 2606:4700:440... 13335 (CLOUDFLAR...)
1 5.161.54.172 213230 (HETZNER-C...)
1 195.5.165.20 44968 (IPROM-AS)
1 1 141.94.73.195 16276 (OVH)
2 2 141.94.170.77 16276 (OVH)
4 4 54.78.254.47 16509 (AMAZON-02)
1 151.101.129.44 54113 (FASTLY)
3 3 15.235.15.221 16276 (OVH)
1 3 2606:4700:10:... 13335 (CLOUDFLAR...)
1 1 178.62.202.251 14061 (DIGITALOC...)
1 1 34.102.253.54 15169 (GOOGLE)
1 2 2a02:2638:1::13 44788 (ASN-CRITE...)
2 178.250.0.157 44788 (ASN-CRITE...)
5 151.101.193.108 54113 (FASTLY)
2 2 188.42.29.168 7979 (SERVERS-COM)
1 2620:1ec:c11:... 8068 (MICROSOFT...)
4 4 18.184.64.118 16509 (AMAZON-02)
1 1 35.170.66.104 14618 (AMAZON-AES)
1 2 54.66.168.86 16509 (AMAZON-02)
1 54.205.113.20 14618 (AMAZON-AES)
1 1 185.184.10.30 203690 (RTB-HOUSE...)
1 1 34.223.145.238 16509 (AMAZON-02)
1 1 18.215.81.12 14618 (AMAZON-AES)
1 38.27.122.158 174 (COGENT-174)
2 2 35.201.96.126 15169 (GOOGLE)
1 204.237.133.247 3257 (GTT-BACKB...)
1 2 77.243.60.138 42697 (NETIC-AS)
1 2 23.22.109.120 14618 (AMAZON-AES)
2 2 135.125.160.160 16276 (OVH)
2 2 34.233.31.154 14618 (AMAZON-AES)
1 1 34.200.28.249 14618 (AMAZON-AES)
1 1 34.111.151.213 15169 (GOOGLE)
2 3 23.75.246.168 16625 (AKAMAI-AS)
1 1 185.183.112.148 60350 (VP)
1 1 34.111.129.221 15169 (GOOGLE)
1 35.201.81.244 15169 (GOOGLE)
2 99.83.181.31 ()
2 142.250.184.226 ()
2 35.227.238.208 ()
1004 183
1    35.169.18.93 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-169-18-93.compute-1.amazonaws.com
dailyvoice.com
23    2a04:4e42::393 (United States)

ASN54113 (FASTLY, US)
daily-voice-res.cloudinary.com
res.cloudinary.com
4    2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
maps.googleapis.com
6    2606:4700:20::681a:18b (United States)

ASN13335 (CLOUDFLARENET, US)
a.pub.network
1    2600:9000:206f:ee00:3:f9b0:4040:93a1 (United States)

ASN16509 (AMAZON-02, US)
ccpa-wrapper.privacymanager.io
9    2600:9000:206f:3800:4:b37b:9440:93a1 (United States)

ASN16509 (AMAZON-02, US)
rumcdn.geoedge.be
2    2600:9000:2057:a800:8:8845:1500:93a1 (United States)

ASN16509 (AMAZON-02, US)
b-code.liadm.com
2    2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
6    35.201.71.192 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 192.71.201.35.bc.googleusercontent.com
d.pub.network
c.pub.network
1    2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
3    99.86.7.38 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-7-38.fra6.r.cloudfront.net
sb.scorecardresearch.com
8    2620:116:800d:21:36a9:ecb:e518:b308 (United States)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
pixel.quantserve.com
cms.quantserve.com
4    2600:9000:2057:5400:e:ec66:e40:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.keywee.co
1    99.86.7.73 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-7-73.fra6.r.cloudfront.net
ats.rlcdn.com
49    2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
pagead2.googlesyndication.com
1    2600:9000:2057:f200:9:dc53:cc00:93a1 (United States)

ASN16509 (AMAZON-02, US)
ccpa.privacymanager.io
9    2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.co.uk
1    2600:9000:206f:5200:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
1    2a00:1450:4001:82a::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
static.doubleclick.net
1    23.35.237.64 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-237-64.deploy.static.akamaitechnologies.com
s.ntv.io
3    143.204.202.50 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-202-50.fra53.r.cloudfront.net
geo.privacymanager.io
17    142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net
securepubads.g.doubleclick.net
3    2600:1f18:730:b110:6bc4:b288:af66:f0fb (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
rp.liadm.com
3    44.194.206.200 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-194-206-200.compute-1.amazonaws.com
rp4.liadm.com
1    35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com
pghub.io
1    2606:4700:20::681a:932 (United States)

ASN13335 (CLOUDFLARENET, US)
freestar-io.videoplayerhub.com
1    2606:4700:20::681a:78b (United States)

ASN13335 (CLOUDFLARENET, US)
btloader.com
54    23.35.236.247 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-247.deploy.static.akamaitechnologies.com
js-sec.indexww.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
ssum.casalemedia.com
dsum.casalemedia.com
5    2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
5    54.227.185.17 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-227-185-17.compute-1.amazonaws.com
jadserve.postrelease.com
10    65.9.66.173 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-173.fra56.r.cloudfront.net
c.amazon-adsystem.com
2    99.86.7.66 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-7-66.fra6.r.cloudfront.net
dau-prod.launch.liveramp.com
28    2600:9000:2057:6800:1a:5235:f980:93a1 (United States)

ASN16509 (AMAZON-02, US)
live.primis.tech
15    52.28.203.152 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
c2shb.ssp.yahoo.com
c2shb.pubgw.yahoo.com
11    2602:803:c003:200::31 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
18    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
freestar-d.openx.net
u.openx.net
primis-d.openx.net
us-u.openx.net
6    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
6    18.195.0.245 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-0-245.eu-central-1.compute.amazonaws.com
hb.emxdgt.com
5    63.32.224.74 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-224-74.eu-west-1.compute.amazonaws.com
c.deployads.com
31    35.158.59.51 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
btlr.sharethrough.com
5    35.156.14.215 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-14-215.eu-central-1.compute.amazonaws.com
tlx.3lift.com
5    35.211.165.199 (North Charleston, United States)

ASN19527 (GOOGLE-2, US)
PTR: 199.165.211.35.bc.googleusercontent.com
grid.bidswitch.net
18    216.52.2.39 (United States)

ASN29791 (VOXEL-DOT-NET, US)
ap.lijit.com
6    34.107.148.139 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 139.148.107.34.bc.googleusercontent.com
prebid.media.net
5    18.200.109.242 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-200-109-242.eu-west-1.compute.amazonaws.com
ads.yieldmo.com
7    23.32.59.34 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-59-34.deploy.static.akamaitechnologies.com
htlb.casalemedia.com
29    185.33.221.14 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
1    23.21.79.77 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-21-79-77.compute-1.amazonaws.com
pixel.keywee.co
1    104.75.88.126 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-126.deploy.static.akamaitechnologies.com
s7.addthis.com
2    2606:4700:20::681a:246 (United States)

ASN13335 (CLOUDFLARENET, US)
ad-delivery.net
1    23.206.210.112 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-206-210-112.deploy.static.akamaitechnologies.com
secure.cdn.fastclick.net
1    46.105.202.126 (France)

ASN16276 (OVH, FR)
cdn.id5-sync.com
1    130.211.23.194 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 194.23.211.130.bc.googleusercontent.com
api.btloader.com
1    141.95.3.9 (France)

ASN16276 (OVH, FR)
PTR: p32.id5-sync.com
id5-sync.com
1    65.9.68.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-68-105.fra56.r.cloudfront.net
get.s-onetag.com
1    2.18.232.7 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-7.deploy.static.akamaitechnologies.com
a.teads.tv
2    18.196.86.25 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-86-25.eu-central-1.compute.amazonaws.com
pre.ads.justpremium.com
11    99.80.41.206 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-41-206.eu-west-1.compute.amazonaws.com
ads.servenobid.com
1    2a02:fa8:8806:13::1460 (Singapore)

ASN41041 (VCLK-EU-SE, US)
web.hb.ad.cpe.dotomi.com
1    2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
6    2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
10    2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
1    23.35.237.151 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-237-151.deploy.static.akamaitechnologies.com
z.moatads.com
3    178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com
bidder.criteo.com
5    35.172.159.73 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-172-159-73.compute-1.amazonaws.com
i.liadm.com
2    2600:9000:206f:9c00:e:16bc:8080:93a1 (United States)

ASN16509 (AMAZON-02, US)
sli.dailyvoice.com
1    99.86.7.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-7-67.fra6.r.cloudfront.net
onetag-geo.s-onetag.com
1    143.204.202.23 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-202-23.fra53.r.cloudfront.net
signal-beacon.s-onetag.com
2    65.9.68.93 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-68-93.fra56.r.cloudfront.net
prebid.s-onetag.com
5    2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
11    23.35.236.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-201.deploy.static.akamaitechnologies.com
ads.pubmatic.com
4    185.94.180.125 (Amsterdam, Netherlands)

ASN35220 (SPOTX-AMS, US)
sync.search.spotxchange.com
1    2a06:8640:476:0:ec4:7aff:fe7e:de5e (Piscataway, United States)

ASN55081 (24SHELLS, US)
s.console.adtarget.com.tr
14    63.250.60.65 (Frankfurt am Main, Germany)

ASN204548 (CLOUDWEBMANAGE-IL-FR, US)
video.primis.tech
15    3.121.19.101 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-19-101.eu-central-1.compute.amazonaws.com
x.bidswitch.net
3    23.88.75.186 (Gunzenhausen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.186.75.88.23.clients.your-server.de
csync.loopme.me
37    76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
13    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
token.rubiconproject.com
pixel-eu.rubiconproject.com
5    185.33.221.90 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
secure.adnxs.com
2    2600:1f18:612b:4200:5e70:34f8:9284:341c (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
60687.publishers.tremorhub.com
4    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
22    2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
googleads.g.doubleclick.net
1    18.156.195.47 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
c2shb.pubgw.yahoo.com
1    52.57.69.5 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-69-5.eu-central-1.compute.amazonaws.com
prebid-server.rubiconproject.com
1    81.17.55.161 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
prg.smartadserver.com
5    37.157.6.242 (Denmark)

ASN198622 (ADFORM, DK)
adx.adform.net
cm.adform.net
track.adform.net
8    2.18.234.233 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-233.deploy.static.akamaitechnologies.com
ads.stickyadstv.com
13    216.200.232.249 (Frederick, United States)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
14    52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
2    2600:1f18:444a:4602:2c20:3113:5c28:1366 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
i6.liadm.com
3    52.30.28.241 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-28-241.eu-west-1.compute.amazonaws.com
dpm.demdex.net
3    104.111.215.191 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com
x.dlx.addthis.com
stags.bluekai.com
3    34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com
odr.mookie1.com
2    2a04:4e42:400::300 (United States)

ASN54113 (FASTLY, US)
trc.taboola.com
35    2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
3    2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
10    185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
8    23.227.139.243 (Piscataway, United States)

ASN55081 (24SHELLS, US)
sync.console.adtarget.com.tr
3    185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net
creativecdn.com
3    2600:9000:206f:c200:f:4f64:8940:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.adscale.de
5    2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
7    54.158.72.110 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-158-72-110.compute-1.amazonaws.com
gw.geoedge.be
13    18.158.238.206 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-238-206.eu-central-1.compute.amazonaws.com
ih.adscale.de
22    2a00:1450:4001:812::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
57    142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net
cm.g.doubleclick.net
26    93.184.221.133 (London, United Kingdom)

ASN15133 (EDGECAST, US)
cstatic.weborama.fr
2    2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
static.criteo.net
2    104.111.242.245 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-245.deploy.static.akamaitechnologies.com
sync.teads.tv
4    18.224.78.125 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-224-78-125.us-east-2.compute.amazonaws.com
pba.aws.lijit.com
1    217.79.188.2 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: ad1.adfarm1.adition.com
ad1.adfarm1.adition.com
13    91.216.195.18 (France)

ASN12516 (WEBORAMA Weborama provides Internet Services, FR)
PTR: std-collect-lb-c03-01-vip.weborama.fr
deptagencynl1.solution.weborama.fr
4    2607:f8b0:4023:1009::5e (Fort Worth, United States)

ASN15169 (GOOGLE, US)
csi.gstatic.com
1    108.177.15.156 (United States)

ASN15169 (GOOGLE, US)
PTR: wr-in-f156.1e100.net
bid.g.doubleclick.net
5    18.193.50.241 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-50-241.eu-central-1.compute.amazonaws.com
pixel.advertising.com
11    18.156.0.31 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
1    2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
gcdn.2mdn.net
2    2a00:1450:4001:62::8 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
r3---sn-4g5e6nsk.c.2mdn.net
12    217.79.188.10 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: imagesrv.adition.com
imagesrv.adition.com
2    35.186.193.173 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com
gcm.ctnsnet.com
cm.ctnsnet.com
4    85.114.159.93 (Rheinfelden, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com
dsp.adfarm1.adition.com
2    35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com
rtb.openx.net
16    51.75.86.98 (France)

ASN16276 (OVH, FR)
PTR: ip98.ip-51-75-86.eu
onetag-sys.com
8    66.155.71.25 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)
pixel-sync.sitescout.com
4    142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net
googleads4.g.doubleclick.net
1    62.209.227.211 (Kostany, Czech Republic)

ASN13036 (TMOBILE-, CZ)
PTR: bbnautid2.ibillboard.com
bbnaut.ibillboard.com
6    185.86.139.89 (France)

ASN201081 (SMARTADSERVER, FR)
rtb-csync.smartadserver.com
10    23.205.235.133 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-235-133.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
6    104.17.120.107 (None, )

ASN13335 (CLOUDFLARENET, US)
biddr.brealtime.com
1    18.134.84.22 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-134-84-22.eu-west-2.compute.amazonaws.com
1f2e7.v.fwmrm.net
9    52.210.7.127 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-7-127.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
8    2a05:d018:d29:3602:54d1:782f:29ca:abc0 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
9    52.58.249.203 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-249-203.eu-central-1.compute.amazonaws.com
pm.w55c.net
7    72.251.245.181 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)
cm.adgrx.com
1    34.96.105.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.105.96.34.bc.googleusercontent.com
tr.blismedia.com
3    34.246.109.130 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-109-130.eu-west-1.compute.amazonaws.com
match.360yield.com
ad.360yield.com
12    213.19.147.45 (Utrecht, Netherlands)

ASN26120 (RHYTHMONE, US)
sync.1rx.io
4    185.86.139.104 (France)

ASN201081 (SMARTADSERVER, FR)
ssbsync.smartadserver.com
2    68.232.34.163 (United States)

ASN15133 (EDGECAST, US)
media.adrcdn.com
7    52.46.130.91 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
1    108.128.72.205 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-72-205.eu-west-1.compute.amazonaws.com
d.adroll.com
2    192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com
bttrack.com
1    143.204.202.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-202-99.fra53.r.cloudfront.net
check.analytics.rlcdn.com
2    2620:1ec:22::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
4    52.95.126.160 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
1    2a00:1288:80:807::1 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)
ads.yahoo.com
2    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
id.rlcdn.com
3    213.155.156.169 (Uppsala, Sweden)

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)
PTR: 213-155-156-169.teliacarrier-cust.com
d5p.de17a.com
1    82.113.101.132 (Hanau, Germany)

ASN6805 (TDDE-ASN1, DE)
PTR: portal.o2online.de
portal.o2online.de
3    178.250.2.151 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
dis.criteo.com
1    2a01:28:cb6:3::10 (Czech Republic)

ASN39392 (SUPERNETWORK ^_^, CZ)
rr5---sn-n02xgoxufvg3-2gbs.googlevideo.com
2    72.251.244.140 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)
PTR: tracking-failover-01.ams2.m6r.eu
tracking.m6r.eu
1    3.217.136.163 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-136-163.compute-1.amazonaws.com
idx.liadm.com
1    34.120.133.55 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 55.133.120.34.bc.googleusercontent.com
api.rlcdn.com
1    2620:1ec:bdf::45 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
public.servenobid.com
6    23.35.228.23 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-228-23.deploy.static.akamaitechnologies.com
contextual.media.net
23    34.248.76.8 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
rtb.gumgum.com
g2.gumgum.com
1    67.202.105.24 (United States)

ASN32748 (STEADFAST, US)
PTR: ip24.67-202-105.static.steadfastdns.net
pixel.33across.com
1    216.52.2.19 (United States)

ASN29791 (VOXEL-DOT-NET, US)
ce.lijit.com
2    34.234.148.240 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-234-148-240.compute-1.amazonaws.com
x.yieldlift.com
3    193.0.160.128 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
2    178.162.133.149 (Rijswijk, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com
sync.go.sonobi.com
1    145.40.89.200 (Ashburn, United States)

ASN54825 (PACKET, US)
prebid.a-mo.net
9    151.101.130.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
1    52.70.185.145 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-70-185-145.compute-1.amazonaws.com
sync.extend.tv
5    54.220.157.118 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-220-157-118.eu-west-1.compute.amazonaws.com
sync.crwdcntrl.net
id.crwdcntrl.net
2    52.200.145.253 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-145-253.compute-1.amazonaws.com
rtb.adentifi.com
11    70.42.32.31 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
sync.outbrain.com
5    34.237.23.137 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-237-23-137.compute-1.amazonaws.com
sync.srv.stackadapt.com
5    54.159.94.231 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-159-94-231.compute-1.amazonaws.com
sync.ipredictive.com
2    150.136.156.92 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)
sync.technoratimedia.com
2    96.16.141.156 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a96-16-141-156.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
3    18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
cs.emxdgt.com
2    124.146.215.45 (Japan)

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)
tg.socdm.com
1    8.2.111.142 (United States)

ASN46636 (NATCOWEB, US)
cs.admanmedia.com
2    52.17.151.21 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-151-21.eu-west-1.compute.amazonaws.com
ads.avct.cloud
13    198.47.127.18 (United States)

ASN3257 (GTT-BACKBONE GTT, US)
image8.pubmatic.com
11    169.50.137.184 (United States)

ASN36351 (SOFTLAYER, US)
PTR: b8.89.32a9.ip4.static.sl-reverse.com
um.simpli.fi
8    169.197.150.8 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com
match.deepintent.com
4    70.42.32.63 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
b1sync.zemanta.com
3    34.241.76.6 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-76-6.eu-west-1.compute.amazonaws.com
usersync.gumgum.com
4    198.148.27.139 (New York, United States)

ASN19189 (PULSEPOINT, US)
bh.contextweb.com
5    37.157.3.28 (Denmark)

ASN198622 (ADFORM, DK)
dmp.adform.net
c1.adform.net
1    185.86.139.103 (France)

ASN201081 (SMARTADSERVER, FR)
ssbsync-global.smartadserver.com
5    185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
1    2a00:1450:400c:c02::8b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
s.youtube.com
4    2001:678:cb4:bbbb::11 (United Kingdom)

ASN56396 (AMOBEE, GB)
ad.turn.com
4    2a02:fa8:8806:12::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)
casale-match.dotomi.com
pubmatic-match.dotomi.com
triplelift-match.dotomi.com
2    154.59.122.79 (United States)

ASN174 (COGENT-174, US)
ums.acuityplatform.com
11    185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
7    185.64.190.81 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image4.pubmatic.com
simage4.pubmatic.com
2    2606:4700:4400::ac40:98f5 (United States)

ASN13335 (CLOUDFLARENET, US)
a.tribalfusion.com
s.tribalfusion.com
1    5.161.54.172 (Germany)

ASN213230 (HETZNER-CLOUD2-AS, DE)
PTR: static.172.54.161.5.clients.your-server.de
matching.truffle.bid
1    195.5.165.20 (Slovenia)

ASN44968 (IPROM-AS, SI)
core.iprom.net
1    141.94.73.195 (France)

ASN16276 (OVH, FR)
PTR: bixel-2.cloudy.ovh
green.erne.co
2    141.94.170.77 (France)

ASN16276 (OVH, FR)
PTR: pikafka-eu-6.cloudy.ovh
pixel-eu.onaudience.com
4    54.78.254.47 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-254-47.eu-west-1.compute.amazonaws.com
loada.exelator.com
1    151.101.129.44 (United States)

ASN54113 (FASTLY, US)
match.taboola.com
3    15.235.15.221 (Canada)

ASN16276 (OVH, FR)
PTR: pikafka-us-3.cloudy.ovh
pixel.onaudience.com
3    2606:4700:10::6816:1857 (United States)

ASN13335 (CLOUDFLARENET, US)
spl.zeotap.com
mwzeom.zeotap.com
1    178.62.202.251 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
match.adsby.bidtheatre.com
1    34.102.253.54 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 54.253.102.34.bc.googleusercontent.com
ads.playground.xyz
2    2a02:2638:1::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
2    178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
5    151.101.193.108 (United States)

ASN54113 (FASTLY, US)
acdn.adnxs.com
2    188.42.29.168 (Luxembourg)

ASN7979 (SERVERS-COM, US)
ads.betweendigital.com
1    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
4    18.184.64.118 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-64-118.eu-central-1.compute.amazonaws.com
rtb.mfadsrvr.com
1    35.170.66.104 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-170-66-104.compute-1.amazonaws.com
sync.hgrtb.com
2    54.66.168.86 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-66-168-86.ap-southeast-2.compute.amazonaws.com
sasinator.realestate.com.au
1    54.205.113.20 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-205-113-20.compute-1.amazonaws.com
usersync.getpublica.com
1    185.184.10.30 (Poland)

ASN203690 (RTB-HOUSE-ASH, PL)
PTR: ip-185-184-10-30.rtbhouse.net
us.creativecdn.com
1    34.223.145.238 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-223-145-238.us-west-2.compute.amazonaws.com
www.storygize.net
1    18.215.81.12 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-215-81-12.compute-1.amazonaws.com
nep.advangelists.com
1    38.27.122.158 (Chestertown, United States)

ASN174 (COGENT-174, US)
match.bnmla.com
2    35.201.96.126 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 126.96.201.35.bc.googleusercontent.com
visitor.fiftyt.com
1    204.237.133.247 (West Chester, United States)

ASN3257 (GTT-BACKBONE GTT, US)
aud.pubmatic.com
2    77.243.60.138 (Aalborg, Denmark)

ASN42697 (NETIC-AS, DK)
uipglob.semasio.net
2    23.22.109.120 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-22-109-120.compute-1.amazonaws.com
a.audrte.com
2    135.125.160.160 (France)

ASN16276 (OVH, FR)
PTR: ns3198892.ip-135-125-160.eu
gu.dyntrk.com
2    34.233.31.154 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-233-31-154.compute-1.amazonaws.com
beacon.lynx.cognitivlabs.com
1    34.200.28.249 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-28-249.compute-1.amazonaws.com
s.company-target.com
1    34.111.151.213 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 213.151.111.34.bc.googleusercontent.com
dmp.brand-display.com
3    23.75.246.168 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-75-246-168.deploy.static.akamaitechnologies.com
px.owneriq.net
1    185.183.112.148 (Meaux, France)

ASN60350 (VP, FR)
sync.adotmob.com
1    34.111.129.221 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 221.129.111.34.bc.googleusercontent.com
cr.frontend.weborama.fr
1    35.201.81.244 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 244.81.201.35.bc.googleusercontent.com
idsync.frontend.weborama.fr
2    99.83.181.31 (None, )

ASN- ()
connect-metrics-collector.s-onetag.com
signal-metrics-collector-beta.s-onetag.com
2    142.250.184.226 (None, )

ASN- ()
ade.googlesyndication.com
2    35.227.238.208 (None, )

ASN- ()
api.floors.dev
Apex Domain
Subdomains		 Transfer
100 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 80
static.doubleclick.net — Cisco Umbrella Rank: 328
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 174
googleads.g.doubleclick.net — Cisco Umbrella Rank: 38
cm.g.doubleclick.net — Cisco Umbrella Rank: 195
bid.g.doubleclick.net — Cisco Umbrella Rank: 473
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 272
391 KB
88 googlesyndication.com
3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 127
pagead2.googlesyndication.com — Cisco Umbrella Rank: 96
ade.googlesyndication.com
469 KB
64 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 445
ads.pubmatic.com — Cisco Umbrella Rank: 435
image6.pubmatic.com — Cisco Umbrella Rank: 565
image8.pubmatic.com — Cisco Umbrella Rank: 580
image2.pubmatic.com — Cisco Umbrella Rank: 819
simage2.pubmatic.com — Cisco Umbrella Rank: 584
image4.pubmatic.com — Cisco Umbrella Rank: 810
aud.pubmatic.com — Cisco Umbrella Rank: 4071
simage4.pubmatic.com
94 KB
46 casalemedia.com
htlb.casalemedia.com — Cisco Umbrella Rank: 452
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 528
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 530
ssum.casalemedia.com — Cisco Umbrella Rank: 1273
dsum.casalemedia.com — Cisco Umbrella Rank: 1232
65 KB
42 3lift.com
tlx.3lift.com — Cisco Umbrella Rank: 531
eb2.3lift.com — Cisco Umbrella Rank: 341
21 KB
42 primis.tech
live.primis.tech — Cisco Umbrella Rank: 2784
video.primis.tech — Cisco Umbrella Rank: 5583
3 MB
41 weborama.fr
cstatic.weborama.fr — Cisco Umbrella Rank: 22165
deptagencynl1.solution.weborama.fr — Cisco Umbrella Rank: 94534
cr.frontend.weborama.fr — Cisco Umbrella Rank: 22151
idsync.frontend.weborama.fr — Cisco Umbrella Rank: 37364
3 MB
39 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 226
secure.adnxs.com — Cisco Umbrella Rank: 394
acdn.adnxs.com — Cisco Umbrella Rank: 566
142 KB
37 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 451
pixel.rubiconproject.com — Cisco Umbrella Rank: 318
prebid-server.rubiconproject.com — Cisco Umbrella Rank: 992
eus.rubiconproject.com — Cisco Umbrella Rank: 537
token.rubiconproject.com — Cisco Umbrella Rank: 671
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1011
pixel-eu.rubiconproject.com — Cisco Umbrella Rank: 2481
66 KB
36 yahoo.com
c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 790
c2shb.pubgw.yahoo.com — Cisco Umbrella Rank: 978
ups.analytics.yahoo.com — Cisco Umbrella Rank: 283
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 406
ads.yahoo.com — Cisco Umbrella Rank: 1083
12 KB
31 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 944
3 KB
26 gumgum.com
rtb.gumgum.com — Cisco Umbrella Rank: 1168
g2.gumgum.com — Cisco Umbrella Rank: 1369
usersync.gumgum.com — Cisco Umbrella Rank: 3718
8 KB
25 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 252
gcdn.2mdn.net — Cisco Umbrella Rank: 909
r3---sn-4g5e6nsk.c.2mdn.net
513 KB
23 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 567
pba.aws.lijit.com — Cisco Umbrella Rank: 35389
ce.lijit.com — Cisco Umbrella Rank: 820
9 KB
23 cloudinary.com
daily-voice-res.cloudinary.com — Cisco Umbrella Rank: 119001
res.cloudinary.com — Cisco Umbrella Rank: 2238
403 KB
21 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 284
s.amazon-adsystem.com — Cisco Umbrella Rank: 266
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1249
89 KB
20 bidswitch.net
grid.bidswitch.net — Cisco Umbrella Rank: 1016
x.bidswitch.net — Cisco Umbrella Rank: 274
8 KB
20 openx.net
freestar-d.openx.net — Cisco Umbrella Rank: 7836
u.openx.net — Cisco Umbrella Rank: 673
primis-d.openx.net — Cisco Umbrella Rank: 10738
us-u.openx.net — Cisco Umbrella Rank: 369
rtb.openx.net — Cisco Umbrella Rank: 1434
2 KB
17 adition.com
ad1.adfarm1.adition.com — Cisco Umbrella Rank: 47404
imagesrv.adition.com — Cisco Umbrella Rank: 19450
dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1591
103 KB
16 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 778
7 KB
16 adscale.de
js.adscale.de — Cisco Umbrella Rank: 6971
ih.adscale.de — Cisco Umbrella Rank: 5611
16 KB
16 liadm.com
b-code.liadm.com — Cisco Umbrella Rank: 3521
rp.liadm.com — Cisco Umbrella Rank: 2672
rp4.liadm.com — Cisco Umbrella Rank: 11095
i.liadm.com — Cisco Umbrella Rank: 519
i6.liadm.com — Cisco Umbrella Rank: 1604
idx.liadm.com — Cisco Umbrella Rank: 5214
26 KB
16 geoedge.be
rumcdn.geoedge.be — Cisco Umbrella Rank: 1494
gw.geoedge.be — Cisco Umbrella Rank: 1682
1001 KB
15 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 669
15 KB
15 google.com
www.google.com — Cisco Umbrella Rank: 2
adservice.google.com — Cisco Umbrella Rank: 64
2 KB
14 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 326
5 KB
14 googleapis.com
maps.googleapis.com — Cisco Umbrella Rank: 321
fonts.googleapis.com — Cisco Umbrella Rank: 39
imasdk.googleapis.com — Cisco Umbrella Rank: 411
632 KB
13 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 419
7 KB
12 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 500
5 KB
12 smartadserver.com
prg.smartadserver.com — Cisco Umbrella Rank: 1336
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 595
ssbsync.smartadserver.com — Cisco Umbrella Rank: 1226
ssbsync-global.smartadserver.com — Cisco Umbrella Rank: 2413
3 KB
12 servenobid.com
ads.servenobid.com — Cisco Umbrella Rank: 1689
public.servenobid.com — Cisco Umbrella Rank: 3245
8 KB
12 media.net
prebid.media.net — Cisco Umbrella Rank: 1055
contextual.media.net — Cisco Umbrella Rank: 496
53 KB
12 pub.network
a.pub.network — Cisco Umbrella Rank: 5801
d.pub.network — Cisco Umbrella Rank: 6134
c.pub.network — Cisco Umbrella Rank: 5972
352 KB
11 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 765
4 KB
11 outbrain.com
sync.outbrain.com — Cisco Umbrella Rank: 788
4 KB
11 gstatic.com
fonts.gstatic.com
www.gstatic.com
csi.gstatic.com
69 KB
10 adform.net
adx.adform.net — Cisco Umbrella Rank: 4212
cm.adform.net — Cisco Umbrella Rank: 2304
track.adform.net — Cisco Umbrella Rank: 4378
dmp.adform.net — Cisco Umbrella Rank: 2487
c1.adform.net — Cisco Umbrella Rank: 556
3 KB
10 criteo.com
bidder.criteo.com — Cisco Umbrella Rank: 746
dis.criteo.com — Cisco Umbrella Rank: 741
gum.criteo.com — Cisco Umbrella Rank: 381
mug.criteo.com — Cisco Umbrella Rank: 3086
4 KB
9 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 547
698 B
9 w55c.net
pm.w55c.net — Cisco Umbrella Rank: 834
6 KB
9 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 446
4 KB
9 adtarget.com.tr
s.console.adtarget.com.tr — Cisco Umbrella Rank: 5137
sync.console.adtarget.com.tr — Cisco Umbrella Rank: 5532
4 KB
9 emxdgt.com
hb.emxdgt.com — Cisco Umbrella Rank: 2019
cs.emxdgt.com — Cisco Umbrella Rank: 860
1 KB
8 deepintent.com
match.deepintent.com — Cisco Umbrella Rank: 801
225 B
8 sitescout.com
pixel-sync.sitescout.com — Cisco Umbrella Rank: 569
2 KB
8 stickyadstv.com
ads.stickyadstv.com — Cisco Umbrella Rank: 623
6 KB
8 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 163
282 KB
8 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 892
pixel.quantserve.com — Cisco Umbrella Rank: 398
cms.quantserve.com — Cisco Umbrella Rank: 1043
12 KB
7 adgrx.com
cm.adgrx.com — Cisco Umbrella Rank: 1408
3 KB
7 s-onetag.com
get.s-onetag.com — Cisco Umbrella Rank: 3403
onetag-geo.s-onetag.com — Cisco Umbrella Rank: 3917
signal-beacon.s-onetag.com — Cisco Umbrella Rank: 3959
prebid.s-onetag.com — Cisco Umbrella Rank: 42371
connect-metrics-collector.s-onetag.com
signal-metrics-collector-beta.s-onetag.com
141 KB
6 brealtime.com
biddr.brealtime.com — Cisco Umbrella Rank: 2498
5 onaudience.com
pixel-eu.onaudience.com — Cisco Umbrella Rank: 15131
pixel.onaudience.com — Cisco Umbrella Rank: 2991
2 KB
5 ipredictive.com
sync.ipredictive.com — Cisco Umbrella Rank: 963
2 KB
5 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 766
2 KB
5 crwdcntrl.net
sync.crwdcntrl.net — Cisco Umbrella Rank: 600
id.crwdcntrl.net — Cisco Umbrella Rank: 1506
1 KB
5 advertising.com
pixel.advertising.com — Cisco Umbrella Rank: 400
sync.adaptv.advertising.com Failed
2 KB
5 dotomi.com
web.hb.ad.cpe.dotomi.com — Cisco Umbrella Rank: 1781
casale-match.dotomi.com — Cisco Umbrella Rank: 2809
pubmatic-match.dotomi.com — Cisco Umbrella Rank: 2860
triplelift-match.dotomi.com — Cisco Umbrella Rank: 4215
1 KB
5 yieldmo.com
ads.yieldmo.com — Cisco Umbrella Rank: 621
1 KB
5 deployads.com
c.deployads.com — Cisco Umbrella Rank: 3470
96 KB
5 postrelease.com
jadserve.postrelease.com — Cisco Umbrella Rank: 1164
3 KB
5 facebook.com
www.facebook.com — Cisco Umbrella Rank: 102
506 B
5 rlcdn.com
ats.rlcdn.com — Cisco Umbrella Rank: 1251
check.analytics.rlcdn.com — Cisco Umbrella Rank: 3836
id.rlcdn.com — Cisco Umbrella Rank: 553
api.rlcdn.com — Cisco Umbrella Rank: 777
38 KB
5 keywee.co
cdn.keywee.co — Cisco Umbrella Rank: 7737
pixel.keywee.co — Cisco Umbrella Rank: 6624
35 KB
5 privacymanager.io
ccpa-wrapper.privacymanager.io — Cisco Umbrella Rank: 54731
ccpa.privacymanager.io — Cisco Umbrella Rank: 61538
geo.privacymanager.io — Cisco Umbrella Rank: 1341
50 KB
4 mfadsrvr.com
rtb.mfadsrvr.com — Cisco Umbrella Rank: 779
3 KB
4 exelator.com
loada.exelator.com — Cisco Umbrella Rank: 24569
4 KB
4 turn.com
ad.turn.com — Cisco Umbrella Rank: 732
2 KB
4 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 551
1 KB
4 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 555
2 KB
4 creativecdn.com
creativecdn.com — Cisco Umbrella Rank: 657
us.creativecdn.com — Cisco Umbrella Rank: 2822
1 KB
4 spotxchange.com
sync.search.spotxchange.com — Cisco Umbrella Rank: 517
3 KB
4 google.de
adservice.google.de — Cisco Umbrella Rank: 9242
1 KB
3 owneriq.net
px.owneriq.net — Cisco Umbrella Rank: 947
1 KB
3 zeotap.com
spl.zeotap.com — Cisco Umbrella Rank: 1622
mwzeom.zeotap.com — Cisco Umbrella Rank: 1451
1 KB
3 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 690
2 KB
3 de17a.com
d5p.de17a.com — Cisco Umbrella Rank: 5381
1014 B
3 360yield.com
match.360yield.com — Cisco Umbrella Rank: 3735
ad.360yield.com — Cisco Umbrella Rank: 651
990 B
3 taboola.com
trc.taboola.com — Cisco Umbrella Rank: 630
match.taboola.com — Cisco Umbrella Rank: 1966
693 B
3 mookie1.com
odr.mookie1.com — Cisco Umbrella Rank: 870
478 B
3 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 199
2 KB
3 loopme.me
csync.loopme.me — Cisco Umbrella Rank: 897
653 B
3 teads.tv
a.teads.tv — Cisco Umbrella Rank: 1218
sync.teads.tv — Cisco Umbrella Rank: 932
591 B
3 addthis.com
s7.addthis.com — Cisco Umbrella Rank: 1385
x.dlx.addthis.com — Cisco Umbrella Rank: 1111
115 KB
3 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 129
2 KB
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 137
200 KB
3 dailyvoice.com
dailyvoice.com — Cisco Umbrella Rank: 86367
sli.dailyvoice.com — Cisco Umbrella Rank: 321171
30 KB
2 floors.dev
api.floors.dev
179 B
2 cognitivlabs.com
beacon.lynx.cognitivlabs.com — Cisco Umbrella Rank: 1261
756 B
2 dyntrk.com
gu.dyntrk.com — Cisco Umbrella Rank: 1199
850 B
2 audrte.com
a.audrte.com — Cisco Umbrella Rank: 2274
4 KB
2 semasio.net
uipglob.semasio.net — Cisco Umbrella Rank: 1027
1 KB
2 fiftyt.com
visitor.fiftyt.com — Cisco Umbrella Rank: 3741
624 B
2 realestate.com.au
sasinator.realestate.com.au — Cisco Umbrella Rank: 4327
1 KB
2 betweendigital.com
ads.betweendigital.com — Cisco Umbrella Rank: 1831
1 KB
2 tribalfusion.com
a.tribalfusion.com — Cisco Umbrella Rank: 775
s.tribalfusion.com — Cisco Umbrella Rank: 2340
1 KB
2 acuityplatform.com
ums.acuityplatform.com — Cisco Umbrella Rank: 1172
1 KB
2 avct.cloud
ads.avct.cloud — Cisco Umbrella Rank: 2733
892 B
2 socdm.com
tg.socdm.com — Cisco Umbrella Rank: 1746
1 KB
2 technoratimedia.com
sync.technoratimedia.com — Cisco Umbrella Rank: 1062
586 B
2 adentifi.com
rtb.adentifi.com — Cisco Umbrella Rank: 1028
93 B
2 sonobi.com
sync.go.sonobi.com — Cisco Umbrella Rank: 914
991 B
2 yieldlift.com
x.yieldlift.com — Cisco Umbrella Rank: 57104
1 KB
2 m6r.eu
tracking.m6r.eu — Cisco Umbrella Rank: 12645
1 KB
2 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 397
852 B
2 bttrack.com
bttrack.com — Cisco Umbrella Rank: 781
760 B
2 adrcdn.com
media.adrcdn.com — Cisco Umbrella Rank: 38822
19 KB
2 ctnsnet.com
gcm.ctnsnet.com — Cisco Umbrella Rank: 41441
cm.ctnsnet.com — Cisco Umbrella Rank: 2574
847 B
2 criteo.net
static.criteo.net — Cisco Umbrella Rank: 628
58 KB
2 tremorhub.com
60687.publishers.tremorhub.com — Cisco Umbrella Rank: 6323
646 B
2 justpremium.com
pre.ads.justpremium.com — Cisco Umbrella Rank: 5312
7 KB
2 id5-sync.com
cdn.id5-sync.com — Cisco Umbrella Rank: 1525
id5-sync.com — Cisco Umbrella Rank: 639
12 KB
2 ad-delivery.net
ad-delivery.net — Cisco Umbrella Rank: 1221
1 KB
2 liveramp.com
dau-prod.launch.liveramp.com — Cisco Umbrella Rank: 67240
468 B
2 btloader.com
btloader.com — Cisco Umbrella Rank: 1007
api.btloader.com — Cisco Umbrella Rank: 1209
38 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 35
20 KB
1 adotmob.com
sync.adotmob.com — Cisco Umbrella Rank: 1411
307 B
1 brand-display.com
dmp.brand-display.com — Cisco Umbrella Rank: 1869
366 B
1 company-target.com
s.company-target.com — Cisco Umbrella Rank: 4024
397 B
1 bnmla.com
match.bnmla.com — Cisco Umbrella Rank: 1447
114 B
1 advangelists.com
nep.advangelists.com — Cisco Umbrella Rank: 2244
232 B
1 storygize.net
www.storygize.net — Cisco Umbrella Rank: 2004
419 B
1 getpublica.com
usersync.getpublica.com — Cisco Umbrella Rank: 3486
198 B
1 hgrtb.com
sync.hgrtb.com — Cisco Umbrella Rank: 2940
259 B
1 bing.com
c.bing.com — Cisco Umbrella Rank: 209
596 B
1 playground.xyz
ads.playground.xyz — Cisco Umbrella Rank: 3427
466 B
1 bidtheatre.com
match.adsby.bidtheatre.com — Cisco Umbrella Rank: 2389
534 B
1 erne.co
green.erne.co — Cisco Umbrella Rank: 17163
366 B
1 iprom.net
core.iprom.net — Cisco Umbrella Rank: 5511
280 B
1 truffle.bid
matching.truffle.bid — Cisco Umbrella Rank: 5795
1 youtube.com
s.youtube.com — Cisco Umbrella Rank: 693
1 bluekai.com
stags.bluekai.com — Cisco Umbrella Rank: 467
754 B
1 admanmedia.com
cs.admanmedia.com — Cisco Umbrella Rank: 1416
225 B
1 extend.tv
sync.extend.tv — Cisco Umbrella Rank: 1599
546 B
1 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 1131
311 B
1 33across.com
pixel.33across.com — Cisco Umbrella Rank: 2089
1 googlevideo.com
rr5---sn-n02xgoxufvg3-2gbs.googlevideo.com
3 MB
1 o2online.de
portal.o2online.de — Cisco Umbrella Rank: 68896
609 B
1 adroll.com
d.adroll.com — Cisco Umbrella Rank: 1463
112 B
1 blismedia.com
tr.blismedia.com — Cisco Umbrella Rank: 2793
173 B
1 fwmrm.net
1f2e7.v.fwmrm.net — Cisco Umbrella Rank: 3948
511 B
1 ibillboard.com
bbnaut.ibillboard.com — Cisco Umbrella Rank: 17434
550 B
1 moatads.com
z.moatads.com — Cisco Umbrella Rank: 350
1 KB
1 fastclick.net
secure.cdn.fastclick.net — Cisco Umbrella Rank: 1520
17 KB
1 videoplayerhub.com
freestar-io.videoplayerhub.com — Cisco Umbrella Rank: 6803
538 B
1 pghub.io
pghub.io — Cisco Umbrella Rank: 1436
4 KB
1 ntv.io
s.ntv.io — Cisco Umbrella Rank: 3271
115 KB
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 833
353 B
1 google.co.uk
www.google.co.uk — Cisco Umbrella Rank: 3476
501 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 58
38 KB
1004 149
Domain Requested by
57 cm.g.doubleclick.net 19 redirects googleads.g.doubleclick.net
3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
ssum-sec.casalemedia.com
dailyvoice.com
rtb.gumgum.com
onetag-sys.com
g2.gumgum.com
eb2.3lift.com
41 pagead2.googlesyndication.com rumcdn.geoedge.be
srcdoc
3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
tpc.googlesyndication.com
s0.2mdn.net
dailyvoice.com
37 eb2.3lift.com 6 redirects a.pub.network
eb2.3lift.com
35 tpc.googlesyndication.com 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
rumcdn.geoedge.be
s0.2mdn.net
imasdk.googleapis.com
tpc.googlesyndication.com
31 btlr.sharethrough.com a.pub.network
daily-voice-res.cloudinary.com
29 ib.adnxs.com 6 redirects a.pub.network
googleads.g.doubleclick.net
prebid.s-onetag.com
ssum-sec.casalemedia.com
dailyvoice.com
eb2.3lift.com
acdn.adnxs.com
28 live.primis.tech rumcdn.geoedge.be
live.primis.tech
dailyvoice.com
26 cstatic.weborama.fr rumcdn.geoedge.be
cstatic.weborama.fr
26 dsum-sec.casalemedia.com 1 redirects googleads.g.doubleclick.net
ssum-sec.casalemedia.com
22 rtb.gumgum.com 2 redirects pre.ads.justpremium.com
rtb.gumgum.com
g2.gumgum.com
dailyvoice.com
22 s0.2mdn.net imasdk.googleapis.com
rumcdn.geoedge.be
s0.2mdn.net
3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
20 daily-voice-res.cloudinary.com dailyvoice.com
daily-voice-res.cloudinary.com
19 googleads.g.doubleclick.net 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
rumcdn.geoedge.be
dailyvoice.com
18 ap.lijit.com 4 redirects a.pub.network
daily-voice-res.cloudinary.com
prebid.s-onetag.com
public.servenobid.com
17 securepubads.g.doubleclick.net rumcdn.geoedge.be
www.googletagservices.com
securepubads.g.doubleclick.net
imasdk.googleapis.com
dailyvoice.com
16 onetag-sys.com 4 redirects 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
public.servenobid.com
onetag-sys.com
15 x.bidswitch.net 9 redirects dailyvoice.com
rtb.gumgum.com
eb2.3lift.com
ssum-sec.casalemedia.com
15 js-sec.indexww.com a.pub.network
live.primis.tech
ssum-sec.casalemedia.com
daily-voice-res.cloudinary.com
14 match.adsrvr.org 5 redirects 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
ssum-sec.casalemedia.com
dailyvoice.com
rtb.gumgum.com
a.pub.network
eb2.3lift.com
14 video.primis.tech dailyvoice.com
live.primis.tech
14 c2shb.ssp.yahoo.com a.pub.network
13 image8.pubmatic.com 9 redirects ads.pubmatic.com
dailyvoice.com
13 deptagencynl1.solution.weborama.fr 1 redirects 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
rumcdn.geoedge.be
13 ih.adscale.de 1 redirects js.adscale.de
ih.adscale.de
13 sync.mathtag.com 13 redirects
12 sync.1rx.io 12 redirects public.servenobid.com
12 imagesrv.adition.com ad1.adfarm1.adition.com
imagesrv.adition.com
11 simage2.pubmatic.com 7 redirects ads.pubmatic.com
dailyvoice.com
11 um.simpli.fi 6 redirects g2.gumgum.com
ssum-sec.casalemedia.com
11 sync.outbrain.com 6 redirects rtb.gumgum.com
ads.pubmatic.com
dailyvoice.com
11 ups.analytics.yahoo.com 8 redirects googleads.g.doubleclick.net
ssum-sec.casalemedia.com
dailyvoice.com
11 ads.pubmatic.com rumcdn.geoedge.be
live.primis.tech
public.servenobid.com
rtb.gumgum.com
g2.gumgum.com
dailyvoice.com
a.pub.network
11 ads.servenobid.com daily-voice-res.cloudinary.com
public.servenobid.com
ssbsync.smartadserver.com
g2.gumgum.com
onetag-sys.com
ssum-sec.casalemedia.com
11 fastlane.rubiconproject.com a.pub.network
daily-voice-res.cloudinary.com
10 eus.rubiconproject.com live.primis.tech
eus.rubiconproject.com
daily-voice-res.cloudinary.com
rtb.gumgum.com
g2.gumgum.com
a.pub.network
10 image6.pubmatic.com 5 redirects ads.pubmatic.com
10 ssum-sec.casalemedia.com 2 redirects js-sec.indexww.com
public.servenobid.com
10 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com securepubads.g.doubleclick.net
rumcdn.geoedge.be
10 c.amazon-adsystem.com a.pub.network
c.amazon-adsystem.com
live.primis.tech
9 sync-tm.everesttech.net ssum-sec.casalemedia.com
rtb.gumgum.com
g2.gumgum.com
ads.pubmatic.com
eb2.3lift.com
9 pm.w55c.net 9 redirects
9 match.prod.bidr.io 9 redirects
9 www.google.com 1 redirects dailyvoice.com
3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
rumcdn.geoedge.be
9 rumcdn.geoedge.be dailyvoice.com
rumcdn.geoedge.be
8 match.deepintent.com g2.gumgum.com
ads.pubmatic.com
eb2.3lift.com
ssum-sec.casalemedia.com
8 pr-bh.ybp.yahoo.com 5 redirects ssum-sec.casalemedia.com
dailyvoice.com
8 pixel-sync.sitescout.com 3 redirects ssum-sec.casalemedia.com
dailyvoice.com
eb2.3lift.com
8 sync.console.adtarget.com.tr s.console.adtarget.com.tr
js.adscale.de
8 ads.stickyadstv.com 7 redirects live.primis.tech
8 pixel.rubiconproject.com 2 redirects dailyvoice.com
public.servenobid.com
onetag-sys.com
eus.rubiconproject.com
8 www.googletagservices.com dailyvoice.com
3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
rumcdn.geoedge.be
7 s.amazon-adsystem.com 3 redirects ssum-sec.casalemedia.com
onetag-sys.com
eb2.3lift.com
7 cm.adgrx.com dailyvoice.com
ads.pubmatic.com
ssum-sec.casalemedia.com
7 gw.geoedge.be rumcdn.geoedge.be
7 u.openx.net rumcdn.geoedge.be
live.primis.tech
a.pub.network
7 htlb.casalemedia.com a.pub.network
daily-voice-res.cloudinary.com
live.primis.tech
6 contextual.media.net daily-voice-res.cloudinary.com
a.pub.network
6 biddr.brealtime.com live.primis.tech
a.pub.network
6 rtb-csync.smartadserver.com googleads.g.doubleclick.net
ssbsync.smartadserver.com
ads.pubmatic.com
6 adservice.google.com rumcdn.geoedge.be
imasdk.googleapis.com
6 prebid.media.net a.pub.network
daily-voice-res.cloudinary.com
6 hb.emxdgt.com a.pub.network
live.primis.tech
6 hbopenbid.pubmatic.com a.pub.network
live.primis.tech
6 a.pub.network dailyvoice.com
rumcdn.geoedge.be
5 acdn.adnxs.com a.pub.network
5 image4.pubmatic.com 4 redirects dailyvoice.com
5 image2.pubmatic.com 4 redirects ads.pubmatic.com
5 sync.ipredictive.com 5 redirects
5 sync.srv.stackadapt.com 4 redirects rtb.gumgum.com
5 pixel.advertising.com 5 redirects
5 us-u.openx.net 2 redirects googleads.g.doubleclick.net
rtb.gumgum.com
5 c.pub.network a.pub.network
5 imasdk.googleapis.com live.primis.tech
imasdk.googleapis.com
rumcdn.geoedge.be
dailyvoice.com
5 secure.adnxs.com 4 redirects ssum-sec.casalemedia.com
5 fonts.googleapis.com dailyvoice.com
rumcdn.geoedge.be
3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
5 i.liadm.com 2 redirects rumcdn.geoedge.be
i.liadm.com
5 ads.yieldmo.com a.pub.network
5 grid.bidswitch.net a.pub.network
5 tlx.3lift.com a.pub.network
5 c.deployads.com a.pub.network
5 freestar-d.openx.net a.pub.network
5 jadserve.postrelease.com rumcdn.geoedge.be
dailyvoice.com
5 www.facebook.com dailyvoice.com
4 rtb.mfadsrvr.com 4 redirects
4 loada.exelator.com 4 redirects
4 c1.adform.net ssum-sec.casalemedia.com
ads.pubmatic.com
dailyvoice.com
eb2.3lift.com
4 ad.turn.com 4 redirects
4 bh.contextweb.com 4 redirects
4 b1sync.zemanta.com 4 redirects
4 sync.crwdcntrl.net 2 redirects ssum-sec.casalemedia.com
public.servenobid.com
4 aax-eu.amazon-adsystem.com 2 redirects dailyvoice.com
eb2.3lift.com
4 token.rubiconproject.com 4 redirects
4 ssbsync.smartadserver.com 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
public.servenobid.com
g2.gumgum.com
4 googleads4.g.doubleclick.net dailyvoice.com
4 dsp.adfarm1.adition.com 4 redirects
4 csi.gstatic.com imasdk.googleapis.com
4 pba.aws.lijit.com prebid.s-onetag.com
4 fonts.gstatic.com fonts.googleapis.com
4 sync.search.spotxchange.com 3 redirects googleads.g.doubleclick.net
4 adservice.google.de rumcdn.geoedge.be
4 pixel.quantserve.com 3 redirects dailyvoice.com
4 cdn.keywee.co 1 redirects dailyvoice.com
rumcdn.geoedge.be
cdn.keywee.co
4 maps.googleapis.com dailyvoice.com
maps.googleapis.com
rumcdn.geoedge.be
3 px.owneriq.net 2 redirects ssum-sec.casalemedia.com
3 pixel.onaudience.com 3 redirects
3 usersync.gumgum.com g2.gumgum.com
ads.pubmatic.com
3 cs.emxdgt.com 2 redirects rtb.gumgum.com
3 p.rfihub.com 3 redirects
3 dis.criteo.com 2 redirects ads.pubmatic.com
3 d5p.de17a.com 3 redirects
3 cms.quantserve.com 1 redirects 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
3 js.adscale.de s.console.adtarget.com.tr
js.adscale.de
ih.adscale.de
3 creativecdn.com 3 redirects
3 www.gstatic.com 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
3 odr.mookie1.com i.liadm.com
3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
onetag-sys.com
3 dpm.demdex.net 2 redirects ssum-sec.casalemedia.com
3 csync.loopme.me 3 redirects
3 bidder.criteo.com a.pub.network
3 rp4.liadm.com dailyvoice.com
3 rp.liadm.com 3 redirects
3 geo.privacymanager.io ats.rlcdn.com
ccpa.privacymanager.io
3 sb.scorecardresearch.com 1 redirects dailyvoice.com
3 res.cloudinary.com daily-voice-res.cloudinary.com
3 connect.facebook.net dailyvoice.com
connect.facebook.net
2 api.floors.dev a.pub.network
2 ade.googlesyndication.com 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
2 simage4.pubmatic.com ads.pubmatic.com
2 beacon.lynx.cognitivlabs.com 2 redirects
2 gu.dyntrk.com 2 redirects
2 a.audrte.com 1 redirects public.servenobid.com
2 uipglob.semasio.net 1 redirects public.servenobid.com
2 visitor.fiftyt.com 2 redirects
2 sasinator.realestate.com.au 1 redirects eb2.3lift.com
2 ads.betweendigital.com 2 redirects
2 mug.criteo.com dailyvoice.com
2 gum.criteo.com 1 redirects
2 mwzeom.zeotap.com dailyvoice.com
public.servenobid.com
2 pixel-eu.onaudience.com 2 redirects
2 ums.acuityplatform.com 2 redirects
2 dsum.casalemedia.com ssum-sec.casalemedia.com
2 casale-match.dotomi.com 2 redirects
2 ads.avct.cloud 2 redirects
2 tg.socdm.com 2 redirects
2 secure-assets.rubiconproject.com 2 redirects
2 sync.technoratimedia.com rtb.gumgum.com
g2.gumgum.com
2 rtb.adentifi.com ssum-sec.casalemedia.com
eb2.3lift.com
2 sync.go.sonobi.com public.servenobid.com
eb2.3lift.com
2 x.yieldlift.com 1 redirects ads.pubmatic.com
2 tracking.m6r.eu 2 redirects
2 track.adform.net 2 redirects
2 id.rlcdn.com dailyvoice.com
onetag-sys.com
2 px.ads.linkedin.com dailyvoice.com
eb2.3lift.com
2 bttrack.com ssum-sec.casalemedia.com
eb2.3lift.com
2 media.adrcdn.com cstatic.weborama.fr
2 match.360yield.com 2 redirects
2 rtb.openx.net 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
2 r3---sn-4g5e6nsk.c.2mdn.net 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
2 sync.teads.tv googleads.g.doubleclick.net
2 static.criteo.net a.pub.network
static.criteo.net
2 trc.taboola.com 1 redirects i.liadm.com
2 x.dlx.addthis.com 1 redirects i.liadm.com
2 i6.liadm.com i.liadm.com
2 adx.adform.net live.primis.tech
2 c2shb.pubgw.yahoo.com live.primis.tech
2 60687.publishers.tremorhub.com 1 redirects dailyvoice.com
2 prebid.s-onetag.com get.s-onetag.com
2 sli.dailyvoice.com dailyvoice.com
2 pre.ads.justpremium.com daily-voice-res.cloudinary.com
2 ad-delivery.net dailyvoice.com
2 dau-prod.launch.liveramp.com ccpa.privacymanager.io
2 www.google-analytics.com dailyvoice.com
2 b-code.liadm.com dailyvoice.com
rumcdn.geoedge.be
1 signal-metrics-collector-beta.s-onetag.com signal-beacon.s-onetag.com
1 connect-metrics-collector.s-onetag.com get.s-onetag.com
1 idsync.frontend.weborama.fr public.servenobid.com
1 cr.frontend.weborama.fr 1 redirects
1 sync.adotmob.com 1 redirects
1 dmp.brand-display.com 1 redirects
1 s.company-target.com 1 redirects
1 cm.ctnsnet.com 1 redirects
1 aud.pubmatic.com public.servenobid.com
1 match.bnmla.com ads.pubmatic.com
1 nep.advangelists.com 1 redirects
1 www.storygize.net 1 redirects
1 us.creativecdn.com 1 redirects
1 usersync.getpublica.com eb2.3lift.com
1 triplelift-match.dotomi.com eb2.3lift.com
1 sync.hgrtb.com 1 redirects
1 c.bing.com eb2.3lift.com
1 id.crwdcntrl.net a.pub.network
1 ads.playground.xyz 1 redirects
1 pubmatic-match.dotomi.com dailyvoice.com
1 match.adsby.bidtheatre.com 1 redirects
1 spl.zeotap.com 1 redirects
1 match.taboola.com ads.pubmatic.com
1 green.erne.co 1 redirects
1 core.iprom.net ads.pubmatic.com
1 matching.truffle.bid ads.pubmatic.com
1 s.tribalfusion.com ads.pubmatic.com
1 a.tribalfusion.com 1 redirects
1 s.youtube.com dailyvoice.com
1 ssbsync-global.smartadserver.com 1 redirects
1 dmp.adform.net 1 redirects
1 pixel-eu.rubiconproject.com onetag-sys.com
1 ad.360yield.com 1 redirects
1 stags.bluekai.com 1 redirects
1 cs.admanmedia.com ssbsync.smartadserver.com
1 sync.extend.tv 1 redirects
1 prebid.a-mo.net 1 redirects
1 ce.lijit.com 1 redirects
1 pixel.33across.com public.servenobid.com
1 g2.gumgum.com public.servenobid.com
1 public.servenobid.com daily-voice-res.cloudinary.com
1 api.rlcdn.com daily-voice-res.cloudinary.com
1 idx.liadm.com b-code.liadm.com
1 rr5---sn-n02xgoxufvg3-2gbs.googlevideo.com dailyvoice.com
1 portal.o2online.de 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
1 ads.yahoo.com dailyvoice.com
1 check.analytics.rlcdn.com daily-voice-res.cloudinary.com
1 d.adroll.com 1 redirects
1 ssum.casalemedia.com 1 redirects
1 tr.blismedia.com 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
1 1f2e7.v.fwmrm.net 1 redirects
1 bbnaut.ibillboard.com 1 redirects
1 gcm.ctnsnet.com 1 redirects
1 gcdn.2mdn.net 1 redirects
1 bid.g.doubleclick.net imasdk.googleapis.com
1 ad1.adfarm1.adition.com 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
1 cm.adform.net s.console.adtarget.com.tr
1 prg.smartadserver.com live.primis.tech
1 primis-d.openx.net live.primis.tech
1 prebid-server.rubiconproject.com live.primis.tech
1 s.console.adtarget.com.tr rumcdn.geoedge.be
1 signal-beacon.s-onetag.com rumcdn.geoedge.be
1 onetag-geo.s-onetag.com get.s-onetag.com
1 z.moatads.com s7.addthis.com
1 web.hb.ad.cpe.dotomi.com daily-voice-res.cloudinary.com
1 a.teads.tv daily-voice-res.cloudinary.com
1 get.s-onetag.com rumcdn.geoedge.be
1 id5-sync.com cdn.id5-sync.com
1 api.btloader.com freestar-io.videoplayerhub.com
1 cdn.id5-sync.com rumcdn.geoedge.be
1 secure.cdn.fastclick.net rumcdn.geoedge.be
1 s7.addthis.com daily-voice-res.cloudinary.com
1 pixel.keywee.co dailyvoice.com
1 btloader.com dailyvoice.com
1 freestar-io.videoplayerhub.com 1 redirects
1 pghub.io a.pub.network
1 s.ntv.io daily-voice-res.cloudinary.com
1 static.doubleclick.net daily-voice-res.cloudinary.com
1 rules.quantcount.com secure.quantserve.com
1 www.google.co.uk dailyvoice.com
1 ccpa.privacymanager.io ccpa-wrapper.privacymanager.io
1 ats.rlcdn.com dailyvoice.com
1 secure.quantserve.com dailyvoice.com
1 stats.g.doubleclick.net www.google-analytics.com
1 d.pub.network a.pub.network
1 www.googletagmanager.com dailyvoice.com
1 ccpa-wrapper.privacymanager.io dailyvoice.com
1 dailyvoice.com
0 sync.adaptv.advertising.com Failed 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
1004 261
Subject Issuer Validity Valid
*.dailyvoice.com
Amazon		 2021-12-28 -
2023-01-24		 a year crt.sh
*.cloudinary.com
Go Daddy Secure Certificate Authority - G2		 2020-05-27 -
2022-06-22		 2 years crt.sh
upload.video.google.com
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-06-16 -
2022-06-15		 a year crt.sh
*.privacymanager.io
Amazon		 2021-09-25 -
2022-10-24		 a year crt.sh
gw.geoedge.be
Amazon		 2021-10-13 -
2022-11-10		 a year crt.sh
*.liadm.com
Amazon		 2022-01-31 -
2023-03-01		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-02-04 -
2022-05-05		 3 months crt.sh
*.pub.network
Go Daddy Secure Certificate Authority - G2		 2022-03-19 -
2023-04-20		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
*.scorecardresearch.com
Amazon		 2022-01-29 -
2023-02-27		 a year crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-22 -
2022-09-21		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2022-02-03 -
2023-02-25		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
www.google.co.uk
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
*.ntv.io
DigiCert SHA2 Secure Server CA		 2021-12-04 -
2022-12-06		 a year crt.sh
*.anyword.com
Amazon		 2021-08-04 -
2022-09-02		 a year crt.sh
*.pghub.io
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-02 -
2023-02-17		 a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-12-12 -
2022-12-13		 a year crt.sh
*.postrelease.com
Amazon		 2021-12-28 -
2023-01-25		 a year crt.sh
c.amazon-adsystem.com
Amazon		 2021-07-06 -
2022-06-27		 a year crt.sh
*.launch.liveramp.com
Amazon		 2021-09-16 -
2022-10-15		 a year crt.sh
*.primis.tech
Amazon		 2021-10-28 -
2022-11-26		 a year crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-03-08 -
2022-08-31		 6 months crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-08 -
2023-04-04		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2021-08-04 -
2022-09-04		 a year crt.sh
*.emxdgt.com
Amazon		 2021-07-02 -
2022-07-31		 a year crt.sh
*.deployads.com
Amazon		 2021-06-04 -
2022-07-03		 a year crt.sh
*.sharethrough.com
Amazon		 2021-08-13 -
2022-09-11		 a year crt.sh
*.3lift.com
Amazon		 2021-06-12 -
2022-07-11		 a year crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2022-04-05 -
2023-05-04		 a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2022-03-11 -
2023-04-12		 a year crt.sh
*.media.net
Sectigo RSA Domain Validation Secure Server CA		 2021-04-12 -
2022-05-05		 a year crt.sh
*.yieldmo.com
Amazon		 2022-04-25 -
2023-05-24		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2022-02-11 -
2023-03-14		 a year crt.sh
pixel.keywee.co
Sectigo ECC Domain Validation Secure Server CA		 2022-02-01 -
2023-03-03		 a year crt.sh
odc-addthis-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2022-02-27 -
2023-02-28		 a year crt.sh
secure.cdn.fastclick.net
DigiCert SHA2 Secure Server CA		 2022-01-15 -
2023-01-17		 a year crt.sh
cdn.id5-sync.com
R3		 2022-04-13 -
2022-07-12		 3 months crt.sh
api.btloader.com
GTS CA 1D4		 2022-04-24 -
2022-07-23		 3 months crt.sh
*.id5-sync.com
R3		 2022-03-08 -
2022-06-06		 3 months crt.sh
*.s-onetag.com
Amazon		 2022-01-04 -
2023-02-01		 a year crt.sh
teads.tv
R3		 2022-03-23 -
2022-06-21		 3 months crt.sh
tracking.justpremium.com
Amazon		 2022-01-30 -
2023-02-28		 a year crt.sh
ads.servenobid.com
Amazon		 2021-06-28 -
2022-07-27		 a year crt.sh
ad.cpe.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2021-07-13 -
2022-06-25		 a year crt.sh
*.google.de
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
moatads.com
DigiCert SHA2 Secure Server CA		 2021-11-27 -
2022-11-29		 a year crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-04-11 -
2022-07-07		 3 months crt.sh
sli.dailyvoice.com
Amazon		 2021-10-27 -
2022-11-25		 a year crt.sh
s.console.adtarget.com.tr
ZeroSSL ECC Domain Secure Site CA		 2022-03-29 -
2022-06-27		 3 months crt.sh
primis.tech
Go Daddy Secure Certificate Authority - G2		 2022-04-19 -
2022-06-18		 2 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-25 -
2023-01-25		 a year crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-06 -
2022-10-07		 a year crt.sh
ads.stickyadstv.com
DigiCert SHA2 Secure Server CA		 2021-09-19 -
2022-09-20		 a year crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-28 -
2022-12-29		 a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
sync.console.adtarget.com.tr
R3		 2022-03-28 -
2022-06-26		 3 months crt.sh
*.adscale.de
Amazon		 2021-08-08 -
2022-09-06		 a year crt.sh
*.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-05-28 -
2022-06-15		 a year crt.sh
protect.geoedge.be
Sectigo ECC Domain Validation Secure Server CA		 2022-01-02 -
2023-02-02		 a year crt.sh
edgecastcdn.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-21 -
2022-10-22		 a year crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-04-11 -
2022-07-13		 3 months crt.sh
*.aws.lijit.com
Amazon		 2022-04-10 -
2023-05-09		 a year crt.sh
*.adfarm1.adition.com
AlphaSSL CA - SHA256 - G2		 2021-05-21 -
2022-06-22		 a year crt.sh
*.adition.com
AlphaSSL CA - SHA256 - G2		 2021-04-15 -
2022-05-17		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2022-03-31 -
2023-05-02		 a year crt.sh
*.brealtime.com
Go Daddy Secure Certificate Authority - G2		 2022-01-21 -
2023-02-22		 a year crt.sh
tr.blismedia.com
GTS CA 1D4		 2022-04-21 -
2022-07-20		 3 months crt.sh
*.c.docs.google.com
GTS CA 1C3		 2022-04-19 -
2022-06-28		 2 months crt.sh
*.solution.weborama.fr
Sectigo RSA Domain Validation Secure Server CA		 2022-02-15 -
2023-02-15		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-01-18 -
2022-07-13		 6 months crt.sh
*.bttrack.com
Sectigo RSA Domain Validation Secure Server CA		 2022-03-21 -
2023-04-20		 a year crt.sh
analytics.rlcdn.com
Amazon		 2021-08-26 -
2022-09-24		 a year crt.sh
*.o2online.de
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-11 -
2023-03-08		 a year crt.sh
*.googlevideo.com
GTS CA 1C3		 2022-04-19 -
2022-06-28		 2 months crt.sh
public.servenobid.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-17 -
2023-02-17		 a year crt.sh
*.gumgum.com
Amazon		 2021-06-05 -
2022-07-04		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-23 -
2022-09-30		 a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-10 -
2023-01-03		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2021-12-08 -
2023-01-09		 a year crt.sh
*.everesttech.net
GlobalSign Atlas R3 DV TLS CA 2022 Q1		 2022-02-03 -
2023-03-07		 a year crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-01-11 -
2022-07-06		 6 months crt.sh
adentifi.com
Amazon		 2021-09-04 -
2022-10-03		 a year crt.sh
*.srv.stackadapt.com
Amazon		 2021-11-09 -
2022-12-07		 a year crt.sh
*.technoratimedia.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-09-17 -
2022-10-05		 a year crt.sh
*.admanmedia.com
Go Daddy Secure Certificate Authority - G2		 2021-04-20 -
2022-05-22		 a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2020-04-09 -
2022-06-08		 2 years crt.sh
*.sitescout.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2021-12-15 -
2023-01-15		 a year crt.sh
*.ad-server.k8s.ie.ggops.com
Amazon		 2022-02-15 -
2023-03-16		 a year crt.sh
*.outbrain.com
Thawte RSA CA 2018		 2021-10-24 -
2022-11-24		 a year crt.sh
public1.adgear.com
Sectigo RSA Domain Validation Secure Server CA		 2022-03-01 -
2023-03-28		 a year crt.sh
truffle.bid
R3		 2022-04-16 -
2022-07-15		 3 months crt.sh
*.iprom.net
R3		 2022-03-24 -
2022-06-22		 3 months crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2021-08-10 -
2022-09-11		 a year crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2		 2021-04-29 -
2022-05-31		 a year crt.sh
cdn.adnxs.com
GeoTrust TLS RSA CA G1		 2022-03-11 -
2023-04-11		 a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2022-03-28 -
2022-09-28		 6 months crt.sh
www.bing.com
Microsoft RSA TLS CA 01		 2022-03-16 -
2022-09-16		 6 months crt.sh
*.getpublica.com
Amazon		 2021-07-01 -
2022-07-30		 a year crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-19 -
2022-11-19		 a year crt.sh
*.bnmla.com
Go Daddy Secure Certificate Authority - G2		 2021-01-06 -
2022-02-07		 a year crt.sh
*.yieldlift.com
Amazon		 2022-01-14 -
2023-02-11		 a year crt.sh
api.floors.dev
GTS CA 1D4		 2022-04-13 -
2022-07-12		 3 months crt.sh

This page contains 163 frames:

Primary Page: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Frame ID: D93DF13CA4452AC240082254B54124AC
Requests: 284 HTTP requests in this frame

Frame: https://live.primis.tech/live/liveView.php?s=106981&cbuster=1651041656&pubUrl=https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/&x=700&y=476&playerApiId=freestarPrimisPlayer&schain=1.0,1!freestar.com,864,1&cbuster=1651041656&pubUrlAuto=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Frame ID: 900141E3E2C33F79AB027122234E8CAC
Requests: 36 HTTP requests in this frame

Frame: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 2D4E4A317D7DE10209CF1793D61F0947
Requests: 1 HTTP requests in this frame

Frame: https://i.liadm.com/s/c/a-00ex?s=&cim=&ps=true&ls=true&duid=6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Frame ID: E06562190EE952E62B6631CA405EF4B9
Requests: 8 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 2F827A89B63637DC71C01D7167095FD2
Requests: 1 HTTP requests in this frame

Frame: https://prebid.s-onetag.com/21151f2e-6fc8-4e5d-881a-18a0f86778a8/prebid.min.js
Frame ID: D749C2ED2838D5CFE5EF7D84D754FC2A
Requests: 3 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto&display=swap
Frame ID: 4674A6B3F268B045391C82CBC278EC24
Requests: 5 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Frame ID: 633E11237AB5CB3711A2C9D739C23C58
Requests: 2 HTTP requests in this frame

Frame: https://live.primis.tech/live/liveCS.php?source=external&csuuid=6268e57844f1e&pixel=&advId=94&advUuid=fe2a860b-c5f4-11ec-9aa9-102ad03c0106
Frame ID: 0E891D01A68C84B45222EEF7FB9FF4DF
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3D%26advId%3D98%26advUuid%3D
Frame ID: D4FBB13B19746866DE31088D50921D9C
Requests: 1 HTTP requests in this frame

Frame: https://s.console.adtarget.com.tr/sync.html?aid=556966
Frame ID: 79D3909BFA38211C92A1920F62C84E0E
Requests: 4 HTTP requests in this frame

Frame: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 521A55CE389D1EDB9243D549255AC25C
Requests: 5 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: B9EE111D4B5AB9B4598FD8C610DD4934
Requests: 1 HTTP requests in this frame

Frame: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 389A748E0756B33B11038D15130F5C4D
Requests: 22 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 35ABB7E4863AF2EEE4D486EDDE7D5214
Requests: 8 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=550070&extuid=${USER_ID}
Frame ID: AD8F55B859120E95CED7D1FB3A0418EE
Requests: 1 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=QuO7j6tCXszybLZpKdGp&pi=admatic&tc=1
Frame ID: 6669A9A5AB2E587E6DAA705AFD4BE3EC
Requests: 1 HTTP requests in this frame

Frame: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Frame ID: 1D6F4177112D0EBA41593B919A56BF6F
Requests: 5 HTTP requests in this frame

Frame: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
Frame ID: 9D7A9A3A270E07328DC150AB6FD27202
Requests: 1 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=502624&extuid=${USER_ID}
Frame ID: E5C43AFD7836BEDFDB147D69CD2A3D85
Requests: 1 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=544989&extuid=${USER_ID}
Frame ID: 836963B944A4A1A658400FFEB46A0DC2
Requests: 1 HTTP requests in this frame

Frame: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B996180FB08D7F9D5333C3C8A981B0AE
Requests: 13 HTTP requests in this frame

Frame: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Frame ID: 5E465332B3E79A7DC0512760ABEE9290
Requests: 10 HTTP requests in this frame

Frame: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D5360439E25F1613203E2847E5BFFC2E
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: DF29834F07C18E76673CF2D762693C27
Requests: 2 HTTP requests in this frame

Frame: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9F247DB3FD1D6765C12505A089A731A1
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-p_psDEOa-zKMDGJju28cBMAE&v=APEucNUnsrlQuD0dNflgQnvk78Rd2QqWPiNDXpq6FJRN51C4-e1LtBLiPvr2FIj7_qeyczeZhIGukLEbjSCBf3w3t2G1CQtukJ1xEavGr4nTfka-7p78Xht1pND7F2T5EsvztkDNOIaat6t-PKvvLsqK9AK8En46njZT7AO__WIrZDv_TamFzCo
Frame ID: B4A2FC0FF90E93C10040881F419B15FB
Requests: 5 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.512.0_en.html
Frame ID: C44BD5BAAFD1BF47C1C0E601726D6182
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNu5KRCFnZQBGJLKmMgBMAE&v=APEucNU5fJYZ_9adui4Mtdk8ey25FOSxX8DSc83g7c3UX2IZV7xCB28prJK5dsBuyN1nMOUk2xQU-Zx_LzHM9fxEe_yuzggoFneW_z3XnIdo4q6KnN0PHZV9HuT7q0bQIznvp57mYHEnbR5gjbFaVql4w3tbumFT7JRdkN9-BsXP0KpVONy7BDo
Frame ID: 05576172597AC170858AB9EB66698536
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: BE3F6786E8587C4EE04EBF6EEDC11F74
Requests: 1 HTTP requests in this frame

Frame: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 2DCFE0E29B68C7BC3243F8303D2C25AA
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNupDBD70OkBGJn9wLkBMAE&v=APEucNUtvBA_5fGKrkK8ZMitxPPGbIsN0yFxHI27VY9f4SMDxwFrBypCMvdLwsCPcDHdXL48W72i1gFK2vCkgIeuGp3a7aKUR3OEnXKi3P1wod0sVh7B1tXw62NvQjwNhuOBdP4EsV2f31tErdPQWWuIkC1OKilulWyfmfXi7Mt37rj9hSMARxA
Frame ID: 3A8E6CBC6DC5DDFAA5A60FF1CA15367A
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 6C117142D8D8ACBC9C057A04766BF11E
Requests: 3 HTTP requests in this frame

Frame: https://ad1.adfarm1.adition.com/banner?sid=4483354&gdpr=&gdpr_consent=&kid=5191607&wpt=H&clickurl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD_AuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E-qAMBqgT3AU_QuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo_n9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr-m01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh_CUYKE3aU4ApAZa_DA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn-lTAnJ9x72IBUBGTPIyAGhlREHwTLN_jBIgGPLb9iIrKXqjv3JJ2FXahzABN_i2aOFBOAEA5AGAaAGTYAH-cT0eqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64_0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca-pub-3605257360853185%26dbm_c%3DAKAmf-DiIl05kEah8IsX3lgrmvo-UhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG_2wU3m94T_r3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu-iON5_GA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm_d%3DAKAmf-CV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS-z-Z8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ-Al9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw_eMXh_Lp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK_W13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6-9h42QvTVeVlo-Flt5AQFU--ZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1-qqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO-BrRhgVDuuJlTNOg39jS9f%26adurl%3D
Frame ID: 28B622049100F8398B57E77D02D88436
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C62D72774B5A0B46B781919FAA5D1158
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B631D9013FB0F4BC090C01CA85A169F2
Requests: 9 HTTP requests in this frame

Frame: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Frame ID: 686403A51334AC434B9452B39D965899
Requests: 11 HTTP requests in this frame

Frame: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: CFBD626EE03037A1FBCE774BFCB65098
Requests: 18 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 414E7D15FBC7DD514ACDA37CFB4F80DC
Requests: 3 HTTP requests in this frame

Frame: https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
Frame ID: 4E2B93738061AF9ED976321B06AB760B
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiA_aO-ATAB&v=APEucNWRhvbIPcplkHLRcsjPJ8_HbPy47Pt9V5r-qo9Zjs5L6jopnaaudzzNtYmLuc3WXk0XRTdhqHw1l9J4bleqph4WthEY9xofq0zI77m1XqzW_huXHg-aL1yzIH2eGO8QbfFeKJdfk6CIvCmoH0O1yo-A3LBJMR5r0sKxAhWObEXYRCOM314
Frame ID: EA5EE6910833D95C96209931B1CB6238
Requests: 4 HTTP requests in this frame

Frame: https://s0.2mdn.net/5524229/1637932082541/160x600/index.html
Frame ID: 4BF60C68A6DD3D5A76DBC9A97019C39C
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: EDE8DAB1431EC366392794CD891745CF
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 33D7F886BDDE56AA3F98573030AC510D
Requests: 3 HTTP requests in this frame

Frame: https://cstatic.weborama.fr/advertiser/6709/46/304/411/970x90.html?scrrefstr=scr_26141625667banner1651041704560&scrdebug=0&scrwidth=970&scrheight=90&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Frame ID: ACAE1CB7D2ABA0E6B6440848CAAC4425
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 587862DC0EA1A9A10C27D50070FE1F83
Requests: 3 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Frame ID: 329761ABB12960F9F8C62E7B98748DF9
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Frame ID: 58FE1437167DB51CA638DD1ECAFFED73
Requests: 10 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Frame ID: 09AFECEE1BFD0BFA32FB4A8D221DB5F0
Requests: 19 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 5A3FF12DEAF9092DE532B9231CDBA1CC
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html?gdpr=1&gdpr_consent=
Frame ID: 814276113D1B4290F661B7C7C0926EB8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-p_psDEOa-zKMDGNXY28cBMAE&v=APEucNWb1EeXrBxic9P7OEC30dQa0T0d9ukhgXQfzSwURQ7HRfEdRXLZlg_Vp2kHtlVzUFqw7Gj9s4_Ww1YdkQata2IRiQxA4I_ADy2CJ-BXZfifxaJyxtMHDt1VASdf-58zB0x3Cv1edoxzNkU-eUjqj9NRVT4LKOnXw6osIl-VVT97Hm9qYvU
Frame ID: CF0D0468C1C886DAEBC5DF7767BAD690
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/11180611858476302336/300x600.html?e=69&leftOffset=0&topOffset=0&c=OV7OpjooV4&t=1&renderingType=2
Frame ID: F71909AF87AF1B0193DD9CCEE8F256CE
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 11396A6E45EB6E57D083D38A2D742700
Requests: 8 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: 7F7F06580C4E02EA8CCDDE5F71A70BCB
Requests: 10 HTTP requests in this frame

Frame: https://prebid.s-onetag.com/21151f2e-6fc8-4e5d-881a-18a0f86778a8/prebid.min.js
Frame ID: 3DBCED7CFB34BA3D61D55BCA4D32D2D9
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F7F88FAF4AA99B333B4CAF035CC49236
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F590CEA03D56B48DA3F3851D44739049
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 8B071154FA75ED6022709816AF250AE4
Requests: 9 HTTP requests in this frame

Frame: https://cstatic.weborama.fr/advertiser/6709/46/307/414/300x600.html?scrrefstr=scr_39218609124banner1651041698788&scrdebug=0&scrwidth=300&scrheight=600&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Frame ID: 2C5A17F6E3CA2C2FF6C009C5F88C88A2
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/LOnNfct_OK6AKwq7GByGz0_K8O7BrCXN6Fs6Py5gnPc.js
Frame ID: 2F10C516615E6DC684D2E283DBF1B101
Requests: 1 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: 76FBDF2725E1AD104AC2A3E8C9D6F41D
Requests: 11 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: C614FAE583090B1E4DDD79AAA66F484B
Requests: 2 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUR0N35X&prvid=2034%2C2033%2C173%2C251%2C175%2C178%2C233%2C3018%2C3017%2C159%2C214%2C236%2C3016%2C237%2C117%2C337%2C338%2C70%2C97%2C99%2C77%2C3012%2C182%2C3010%2C141%2C222%2C201%2C3007%2C246%2C4%2C203%2C10000%2C80%2C108%2C229%2C9%2C109%2C208%2C307&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 01FCF6909868FAA0D2F3B9CD03D84407
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 1BB173C3B59C181331CC00213D55D166
Requests: 1 HTTP requests in this frame

Frame: https://pre.ads.justpremium.com/v/1.0/t/sync?_c=a8um8db1651041656857
Frame ID: 4578A81EF3ABF9CE176DB1FEB578F526
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13410438
Frame ID: E72BB32B913B2B17CCFEF6C22D87E1EB
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/hhrtBw21.html
Frame ID: AEB9DBE579E511096639C96C863F2D1A
Requests: 3 HTTP requests in this frame

Frame: https://cstatic.weborama.fr/iframe/external.html?gdpr_cmp_failure=1
Frame ID: 4B9C6D61ACF4C1415F0795B67BB6B974
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-980b0e51-fee1-433d-8ba0-5e54271b5428-7348-576199536%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Frame ID: 5FF100853F9EEA0B9D578376675E5817
Requests: 9 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: 07C9D0025C06E64DF968667CCAF12766
Requests: 10 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fx.yieldlift.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1YN-%26uid%3D
Frame ID: CB541432FB7D8A5A961A7D64B80BC6EC
Requests: 7 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: 01290F6B471A3F59E9D38D65DA3C0CD9
Requests: 16 HTTP requests in this frame

Frame: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Frame ID: A2853C0B313B6144AE5B83704B40FFFA
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: EF23E75EBFC1F368E6B3A483165EAB91
Requests: 17 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: E9B76C8EC4B18A7B4DCA542078B96830
Requests: 6 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Frame ID: 100064D3FF5125BC3F5A65A7382247E5
Requests: 10 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=1&gdpr_consent=
Frame ID: 5C21051A39FA50C585EED72BDF5D3B48
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=
Frame ID: 4B0A9BFC0439145188CAF929CEA95756
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV83MjY2ODcyYy1mOGYwLTRiM2UtODI2OS1kZGY5OWQ1OGRlNjk=&gdpr=1&gdpr_consent=
Frame ID: 4C7DD3FB22AC45715735D4C7F5193374
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Frame ID: 50F32F3F52369CD27F9EB827708678A3
Requests: 2 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
Frame ID: 36F34D321523AF6607CAB0A9FEEB273B
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: 30BC75707ABDA4665C2C7A6CDA22551F
Requests: 3 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=1&gdpr_consent=
Frame ID: C91A4B2D7D54EBF9C0FE102012D6EE2D
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YmjlfMCo8XkAAJ5jFUAAAAAA
Frame ID: 0E8216948B871566FF68DFDD9386C37E
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=0&gdpr_consent=
Frame ID: DDA78C20EC67C21B6F7FA7B3EBFB3794
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
Frame ID: 2DE002B7BF5A65B2FB861BAF548BD832
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV80ZDQwY2E4Yy1hZTc4LTRjNjktODU1MC00NzNjYWY3MmRmMzg=&gdpr=0&gdpr_consent=
Frame ID: D9EBFC1F61EF81AF2E583775157C9810
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: 727A3BEF7D70CF363E82253CF2E8E58F
Requests: 4 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=ttd&i=1c450bec-b2fe-4198-a495-f72f24a1217e&t=1653633660
Frame ID: 777462CCC0D59215D960934E5EF297B7
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: F407520655BF2365D4B341AA3A2B8E7D
Requests: 2 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=emx&uid=4382111657419277628brt16951651041660284998f1
Frame ID: 3C14413DACFE51D606D7EC04F312A4E9
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YmjlfMCo8XcAAK7YJ8UAAAAA
Frame ID: EBA51EBD64B51C754F093FC7FBDD0407
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=QuO7j6tCXszybLZpKdGp&pi=gumgum
Frame ID: 41E85A3627F867629880DDF20699361D
Requests: 1 HTTP requests in this frame

Frame: https://cstatic.weborama.fr/iframe/external.html?gdpr_cmp_failure=1
Frame ID: 6CBA7D525CE4CBDF3026D6C9F75297DC
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?party=14&cid=473A70B1-97BC-4D1F-B401-450179C13E19
Frame ID: BEC5925B9D191EBE7D45362DB2437803
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=
Frame ID: E5C0DC7C83C2F9773ACFEC77217FD604
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=
Frame ID: 47C0FD47ECB688AF80D8D1411DA406E7
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=1&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: F299E2EA0F6EFD8E8EA530902A02C7F6
Requests: 1 HTTP requests in this frame

Frame: https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82&uid=473A70B1-97BC-4D1F-B401-450179C13E19
Frame ID: CE463A02E391AB051F965BB962D8AF04
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D1%26gdpr_consent%3D
Frame ID: A473EE8B069FB7793273E4B96575F598
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=1
Frame ID: 4AF407F968489248124D14BBC5B3D239
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: FAD98ADF637648289E5F22213E8E241B
Requests: 1 HTTP requests in this frame

Frame: https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82&uid=473A70B1-97BC-4D1F-B401-450179C13E19
Frame ID: ECD42F7683463DB7CA29EAAD7B5C47AE
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=1&gdpr_consent=
Frame ID: F84E8A56D40F4DB184C2834175739842
Requests: 1 HTTP requests in this frame

Frame: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AACpnk7E0csAADZj0efulg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Frame ID: 3583AD19A2D46DFBDBFE1B16480778E1
Requests: 1 HTTP requests in this frame

Frame: https://matching.truffle.bid/sync/pub?sid=161&suid=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDQmdGw9MjAxNjA=&piggybackCookie=$UID
Frame ID: 3BD78590201B8BB34DF069E3BBF71594
Requests: 1 HTTP requests in this frame

Frame: https://core.iprom.net/cookiesync
Frame ID: 436E85409C78747D292DFC5F03F4DFC7
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=NOvcHvPGbWhQWjhhXMYhaUVV
Frame ID: D61824D6109A0A24F7D27BD3D2009983
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
Frame ID: C73F44DFF590042E8D6D2114247CDCA5
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=0bab17a1-aaf4-4032-81ea-c46472bb087e-tuct9626afe&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: 50C9DA902AD72CCF2A47600A47B03C7A
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=1&gdpr_consent=
Frame ID: 17F7C6EEC518D4087E2B329E1F791496
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=
Frame ID: 44F4DB90ACC24B6EE19E0D74431B0BEC
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 1FB6FB702F801F2C43F04BB3BEF7F86F
Requests: 11 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156696
Frame ID: 58C61043185FF8192702CFA4F744A00F
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUJ8GUQF&prvid=2030%2C173%2C251%2C175%2C178%2C157%2C2027%2C3017%2C159%2C2026%2C214%2C3016%2C336%2C117%2C238%2C337%2C338%2C339%2C97%2C99%2C77%2C56%2C59%2C3012%2C141%2C222%2C201%2C3007%2C246%2C4%2C126%2C203%2C226%2C10000%2C228%2C80%2C108%2C229%2C9%2C109%2C307%2C82&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 32BC66F1861322475FE47BB3C264E0AD
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156696
Frame ID: 2AE6BA783844780B5B088BB13581AF14
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUJ8GUQF&prvid=2030%2C173%2C251%2C175%2C178%2C157%2C2027%2C3017%2C159%2C2026%2C214%2C3016%2C336%2C117%2C238%2C337%2C338%2C339%2C97%2C99%2C77%2C56%2C59%2C3012%2C141%2C222%2C201%2C3007%2C246%2C4%2C126%2C203%2C226%2C10000%2C228%2C80%2C108%2C229%2C9%2C109%2C307%2C82&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 9A443B8E594B9AB07E81E40DB081D364
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156696
Frame ID: 40EB40BDE639F652FE82F62F61227BA4
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: F59ECF1283D7C1A014F1F2F1D1BBB7E8
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: EE49A58EC1B8F6D3A54BDC918654AC5C
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 320ED59340BC82820C53D4BB34B96333
Requests: 11 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 540DC2CB066C1AF66829C704FCB3BC06
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 820DE8C0BF96A94E5CE662C44524CE9F
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 02E8AB3B6A01A3765B18E1A620238902
Requests: 3 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 5BA1AA787E76B75C8CAEA477F5930AB2
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 62926297D033BAE2D4A208A10FD60A7E
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 3D7B5E706971F5C632554874B9ED10BA
Requests: 11 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: C404BAA1F166EE37E1ACE4A835D66B71
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUJ8GUQF&prvid=2030%2C173%2C251%2C175%2C178%2C157%2C2027%2C3017%2C159%2C2026%2C214%2C3016%2C336%2C117%2C238%2C337%2C338%2C339%2C97%2C99%2C77%2C56%2C59%2C3012%2C141%2C222%2C201%2C3007%2C246%2C4%2C126%2C203%2C226%2C10000%2C228%2C80%2C108%2C229%2C9%2C109%2C307%2C82&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 67F0011FD64337F917CDAE06918F6039
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 5F8451105573B5880AA6F01C52DC92B3
Requests: 11 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156696
Frame ID: 64753F6AC90C35CA72F889437665632E
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13388523
Frame ID: E8B48A286A05D13C182EAFF4923C2009
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 78EA960774FE49ACC662DD24E77BE589
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 6EE4DC4593BFE2AEFCD94C79DF4DE669
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13388523
Frame ID: 96E8AF3DC7EDC0BC45C70582AA8DA46D
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 574CBB746491CF6C1BAFD97FD444E5A6
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUJ8GUQF&prvid=2030%2C173%2C251%2C175%2C178%2C157%2C2027%2C3017%2C159%2C2026%2C214%2C3016%2C336%2C117%2C238%2C337%2C338%2C339%2C97%2C99%2C77%2C56%2C59%2C3012%2C141%2C222%2C201%2C3007%2C246%2C4%2C126%2C203%2C226%2C10000%2C228%2C80%2C108%2C229%2C9%2C109%2C307%2C82&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 00B244EC54CD9C3078BDD6D36123F110
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: D860DEC9301F53AA32D63137E233957B
Requests: 2 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 48592D5AF9535F43CE291D66C1915F71
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156696
Frame ID: 4BB1D36ACB8136D94247C83FD977DCC3
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUJ8GUQF&prvid=2030%2C173%2C251%2C175%2C178%2C157%2C2027%2C3017%2C159%2C2026%2C214%2C3016%2C336%2C117%2C238%2C337%2C338%2C339%2C97%2C99%2C77%2C56%2C59%2C3012%2C141%2C222%2C201%2C3007%2C246%2C4%2C126%2C203%2C226%2C10000%2C228%2C80%2C108%2C229%2C9%2C109%2C307%2C82&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 89A4C2C0F90A6C09E6DB35384EE95EB4
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: AE3AB4CED2AEB4F9177CD5FC3A93D300
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13388523
Frame ID: C8710E5C9FEEAEED9FDA61509C4A3557
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 9043C344125954F17DC8BA367D9F8DD7
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: F9B1F478BF203515D1D7F439347C97C9
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13388523
Frame ID: 0538A89896EEF6D2DD031628503F48E2
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 3412A8B12A2559DF68846BA8755C4EC7
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 29ABE20559464541B3302AEBD55198B8
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 1D6D41E0C1EE4ABC6166B5A1CF6F6812
Requests: 11 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: C497B5D9CD40807AFF6C3BD4865275A1
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 0C9658B7C7F1192365400A78DD77915D
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 19B9C1105546892A05EACBDBFA89E0A7
Requests: 3 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13388523
Frame ID: AA2F703D939B4485F9581FD53939D02B
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: 2293A10AAB3E43278C105A21081E9410
Requests: 10 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: CC331F5B22109AF9EA11F541CE429A35
Requests: 10 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: 816AF00C3C31C0A4B7EA5FE48920A9E7
Requests: 10 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: 9ED316C9F3B629469B97B585FB040ABA
Requests: 10 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: EBA5A7770510504E46F0FBD3C629B50E
Requests: 10 HTTP requests in this frame

Frame: https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
Frame ID: 86493DDDAB2527BB684DD151A801BBD4
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:29DFB062F03745C1AB22E13B516BBAFA
Frame ID: A96B381445E7D4B0C56D5E6217AEA679
Requests: 1 HTTP requests in this frame

Frame: https://x.yieldlift.com/setuid?bidder=pubmatic&gdpr=0&gdpr_consent=&us_privacy=1YN-&uid=473A70B1-97BC-4D1F-B401-450179C13E19
Frame ID: B6C8391A22E7C680DAB223DD86258E7F
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=pbm&i=473A70B1-97BC-4D1F-B401-450179C13E19
Frame ID: 6CAA68170DED4C8DF3FF1BF529F92B9A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

NY Doctor Claimed More Than $1 Million In Fraudulent Tax Deductions, Feds Say | Orangetown Daily Voice

Detected technologies

Overall confidence: 100%
Detected patterns
  • //maps\.google(?:apis)?\.com/maps/api/js
Overall confidence: 100%
Detected patterns
  • addthis\.com/js/
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • moatads\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • <iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
  • \.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

Page Statistics

1004
Requests

81 %
HTTPS

25 %
IPv6

149
Domains

261
Subdomains

183
IPs

18
Countries

14792 kB
Transfer

27441 kB
Size

219
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 34
  • https://cdn.keywee.co/dist/analytics.min.js HTTP 301
  • https://cdn.keywee.co/dist/analytics-1.5.12.min.js
Request Chain 43
  • https://sb.scorecardresearch.com/b?c1=2&c2=20236510&ns__t=1651041655815&ns_c=UTF-8&cv=3.5&c8=NY%20Doctor%20Claimed%20More%20Than%20%241%20Million%20In%20Fraudulent%20Tax%20Deductions%2C%20Feds%20Say%20%7C%20Orangetown%20Daily%20Voice&c7=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=20236510&ns__t=1651041655815&ns_c=UTF-8&cv=3.5&c8=NY%20Doctor%20Claimed%20More%20Than%20%241%20Million%20In%20Fraudulent%20Tax%20Deductions%2C%20Feds%20Say%20%7C%20Orangetown%20Daily%20Voice&c7=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&c9=
Request Chain 53
  • https://rp.liadm.com/j?dtstmp=1651041655924&aid=a-00ex&se=e30&duid=6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw&tna=v2.3.0&pu=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&wpn=lc-bundle&c=PHRpdGxlPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5IHwgT3JhbmdldG93biBEYWlseSBWb2ljZTwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IkEgTmV3IFlvcmsgZG9jdG9yIGhhcyBhZG1pdHRlZCB0byB0YXggZXZhc2lvbiBhZnRlciBmZWRlcmFsIGF1dGhvcml0aWVzIHNheSBoZSBjbGFpbWVkIG1vcmUgdGhhbiAkMSBtaWxsaW9uIGluIGZyYXVkdWxlbnQgdGF4IGRlZHVjdGlvbnMuTG9uZyBJc2xhbmQgcmVzaWRlbnQgSm9yZGFuIFN1ZGJlcmcgcGxlYWRlZCBndWlsdHkgb24gVHVlc2RheSwgTm92LiAyMyB0byB0YXggZXZhc2lvbiBmb3IgdGhlIGNhbGVuZGFy4oCmIj48bGluayByZWw9ImNhbm9uaWNhbCIgaHJlZj0iaHR0cHM6Ly9kYWlseXZvaWNlLmNvbS9uZXcteW9yay9vcmFuZ2V0b3duL25ld3MvbnktZG9jdG9yLWNsYWltZWQtbW9yZS10aGFuLTEtbWlsbGlvbi1pbi1mcmF1ZHVsZW50LXRheC1kZWR1Y3Rpb25zLWZlZHMtc2F5LzgyMDY0Mi8iPjxoMSBjbGFzcz0iZS1hcnRpY2xlLXRpdGxlIiBqcy1hcnRpY2xlLXRpdGxlPSIiPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5PC9oMT4 HTTP 302
  • https://rp4.liadm.com/j?dtstmp=1651041655924&aid=a-00ex&se=e30&duid=6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw&tna=v2.3.0&pu=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&wpn=lc-bundle&c=PHRpdGxlPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5IHwgT3JhbmdldG93biBEYWlseSBWb2ljZTwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IkEgTmV3IFlvcmsgZG9jdG9yIGhhcyBhZG1pdHRlZCB0byB0YXggZXZhc2lvbiBhZnRlciBmZWRlcmFsIGF1dGhvcml0aWVzIHNheSBoZSBjbGFpbWVkIG1vcmUgdGhhbiAkMSBtaWxsaW9uIGluIGZyYXVkdWxlbnQgdGF4IGRlZHVjdGlvbnMuTG9uZyBJc2xhbmQgcmVzaWRlbnQgSm9yZGFuIFN1ZGJlcmcgcGxlYWRlZCBndWlsdHkgb24gVHVlc2RheSwgTm92LiAyMyB0byB0YXggZXZhc2lvbiBmb3IgdGhlIGNhbGVuZGFy4oCmIj48bGluayByZWw9ImNhbm9uaWNhbCIgaHJlZj0iaHR0cHM6Ly9kYWlseXZvaWNlLmNvbS9uZXcteW9yay9vcmFuZ2V0b3duL25ld3MvbnktZG9jdG9yLWNsYWltZWQtbW9yZS10aGFuLTEtbWlsbGlvbi1pbi1mcmF1ZHVsZW50LXRheC1kZWR1Y3Rpb25zLWZlZHMtc2F5LzgyMDY0Mi8iPjxoMSBjbGFzcz0iZS1hcnRpY2xlLXRpdGxlIiBqcy1hcnRpY2xlLXRpdGxlPSIiPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5PC9oMT4&i6=MmEwMjo2ZWEwOmM3MWI6MDoxMDEyOmZmMDY6Mjg0MDoxZGJk&n3pc=true
Request Chain 57
  • https://freestar-io.videoplayerhub.com/gallery.js HTTP 301
  • https://btloader.com/tag?h=freestar-io&upapi=true
Request Chain 133
  • https://rp.liadm.com/j?dtstmp=1651041656429&aid=a-00ex&se=e30&duid=6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw&tna=v2.3.0&pu=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&wpn=lc-bundle&c=PHRpdGxlPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5IHwgT3JhbmdldG93biBEYWlseSBWb2ljZTwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IkEgTmV3IFlvcmsgZG9jdG9yIGhhcyBhZG1pdHRlZCB0byB0YXggZXZhc2lvbiBhZnRlciBmZWRlcmFsIGF1dGhvcml0aWVzIHNheSBoZSBjbGFpbWVkIG1vcmUgdGhhbiAkMSBtaWxsaW9uIGluIGZyYXVkdWxlbnQgdGF4IGRlZHVjdGlvbnMuTG9uZyBJc2xhbmQgcmVzaWRlbnQgSm9yZGFuIFN1ZGJlcmcgcGxlYWRlZCBndWlsdHkgb24gVHVlc2RheSwgTm92LiAyMyB0byB0YXggZXZhc2lvbiBmb3IgdGhlIGNhbGVuZGFy4oCmIj48bGluayByZWw9ImNhbm9uaWNhbCIgaHJlZj0iaHR0cHM6Ly9kYWlseXZvaWNlLmNvbS9uZXcteW9yay9vcmFuZ2V0b3duL25ld3MvbnktZG9jdG9yLWNsYWltZWQtbW9yZS10aGFuLTEtbWlsbGlvbi1pbi1mcmF1ZHVsZW50LXRheC1kZWR1Y3Rpb25zLWZlZHMtc2F5LzgyMDY0Mi8iPjxoMSBjbGFzcz0iZS1hcnRpY2xlLXRpdGxlIiBqcy1hcnRpY2xlLXRpdGxlPSIiPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5PC9oMT4 HTTP 302
  • https://rp4.liadm.com/j?dtstmp=1651041656429&aid=a-00ex&se=e30&duid=6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw&tna=v2.3.0&pu=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&wpn=lc-bundle&c=PHRpdGxlPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5IHwgT3JhbmdldG93biBEYWlseSBWb2ljZTwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IkEgTmV3IFlvcmsgZG9jdG9yIGhhcyBhZG1pdHRlZCB0byB0YXggZXZhc2lvbiBhZnRlciBmZWRlcmFsIGF1dGhvcml0aWVzIHNheSBoZSBjbGFpbWVkIG1vcmUgdGhhbiAkMSBtaWxsaW9uIGluIGZyYXVkdWxlbnQgdGF4IGRlZHVjdGlvbnMuTG9uZyBJc2xhbmQgcmVzaWRlbnQgSm9yZGFuIFN1ZGJlcmcgcGxlYWRlZCBndWlsdHkgb24gVHVlc2RheSwgTm92LiAyMyB0byB0YXggZXZhc2lvbiBmb3IgdGhlIGNhbGVuZGFy4oCmIj48bGluayByZWw9ImNhbm9uaWNhbCIgaHJlZj0iaHR0cHM6Ly9kYWlseXZvaWNlLmNvbS9uZXcteW9yay9vcmFuZ2V0b3duL25ld3MvbnktZG9jdG9yLWNsYWltZWQtbW9yZS10aGFuLTEtbWlsbGlvbi1pbi1mcmF1ZHVsZW50LXRheC1kZWR1Y3Rpb25zLWZlZHMtc2F5LzgyMDY0Mi8iPjxoMSBjbGFzcz0iZS1hcnRpY2xlLXRpdGxlIiBqcy1hcnRpY2xlLXRpdGxlPSIiPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5PC9oMT4&i6=MmEwMjo2ZWEwOmM3MWI6MDoxMDEyOmZmMDY6Mjg0MDoxZGJk
Request Chain 161
  • https://rp.liadm.com/p?dtstmp=1651041656428&aid=a-00ex&tna=v2.3.0&pu=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&ae=eyJtZXNzYWdlIjoie1wiYXBwSWRcIjpbXCJhLTAwZXhcIixudWxsXSxcIndyYXBwZXJOYW1lXCI6W1wibGMtYnVuZGxlXCIsXCJwcmViaWRcIl0sXCJjb2xsZWN0b3JVcmxcIjpbXCJodHRwczovL3JwLmxpYWRtLmNvbVwiLG51bGxdfSIsIm5hbWUiOiJMQ0R1cGxpY2F0aW9uIiwic3RhY2tUcmFjZSI6IkNvbmZpZ1NlbnQ6IEFkZGl0aW9uYWwgY29uZmlndXJhdGlvbiByZWNlaXZlZFxuICAgIGF0IGh0dHBzOi8vZGFpbHktdm9pY2UtcmVzLmNsb3VkaW5hcnkuY29tL3Jhdy91cGxvYWQvdjE2NDA5MTUyMjIvc3RhdGkuLi4ifQ&wpn=lc-bundle&c=PHRpdGxlPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5IHwgT3JhbmdldG93biBEYWlseSBWb2ljZTwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IkEgTmV3IFlvcmsgZG9jdG9yIGhhcyBhZG1pdHRlZCB0byB0YXggZXZhc2lvbiBhZnRlciBmZWRlcmFsIGF1dGhvcml0aWVzIHNheSBoZSBjbGFpbWVkIG1vcmUgdGhhbiAkMSBtaWxsaW9uIGluIGZyYXVkdWxlbnQgdGF4IGRlZHVjdGlvbnMuTG9uZyBJc2xhbmQgcmVzaWRlbnQgSm9yZGFuIFN1ZGJlcmcgcGxlYWRlZCBndWlsdHkgb24gVHVlc2RheSwgTm92LiAyMyB0byB0YXggZXZhc2lvbiBmb3IgdGhlIGNhbGVuZGFy4oCmIj48bGluayByZWw9ImNhbm9uaWNhbCIgaHJlZj0iaHR0cHM6Ly9kYWlseXZvaWNlLmNvbS9uZXcteW9yay9vcmFuZ2V0b3duL25ld3MvbnktZG9jdG9yLWNsYWltZWQtbW9yZS10aGFuLTEtbWlsbGlvbi1pbi1mcmF1ZHVsZW50LXRheC1kZWR1Y3Rpb25zLWZlZHMtc2F5LzgyMDY0Mi8iPjxoMSBjbGFzcz0iZS1hcnRpY2xlLXRpdGxlIiBqcy1hcnRpY2xlLXRpdGxlPSIiPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5PC9oMT4 HTTP 302
  • https://rp4.liadm.com/p?dtstmp=1651041656428&aid=a-00ex&tna=v2.3.0&pu=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&ae=eyJtZXNzYWdlIjoie1wiYXBwSWRcIjpbXCJhLTAwZXhcIixudWxsXSxcIndyYXBwZXJOYW1lXCI6W1wibGMtYnVuZGxlXCIsXCJwcmViaWRcIl0sXCJjb2xsZWN0b3JVcmxcIjpbXCJodHRwczovL3JwLmxpYWRtLmNvbVwiLG51bGxdfSIsIm5hbWUiOiJMQ0R1cGxpY2F0aW9uIiwic3RhY2tUcmFjZSI6IkNvbmZpZ1NlbnQ6IEFkZGl0aW9uYWwgY29uZmlndXJhdGlvbiByZWNlaXZlZFxuICAgIGF0IGh0dHBzOi8vZGFpbHktdm9pY2UtcmVzLmNsb3VkaW5hcnkuY29tL3Jhdy91cGxvYWQvdjE2NDA5MTUyMjIvc3RhdGkuLi4ifQ&wpn=lc-bundle&c=PHRpdGxlPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5IHwgT3JhbmdldG93biBEYWlseSBWb2ljZTwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IkEgTmV3IFlvcmsgZG9jdG9yIGhhcyBhZG1pdHRlZCB0byB0YXggZXZhc2lvbiBhZnRlciBmZWRlcmFsIGF1dGhvcml0aWVzIHNheSBoZSBjbGFpbWVkIG1vcmUgdGhhbiAkMSBtaWxsaW9uIGluIGZyYXVkdWxlbnQgdGF4IGRlZHVjdGlvbnMuTG9uZyBJc2xhbmQgcmVzaWRlbnQgSm9yZGFuIFN1ZGJlcmcgcGxlYWRlZCBndWlsdHkgb24gVHVlc2RheSwgTm92LiAyMyB0byB0YXggZXZhc2lvbiBmb3IgdGhlIGNhbGVuZGFy4oCmIj48bGluayByZWw9ImNhbm9uaWNhbCIgaHJlZj0iaHR0cHM6Ly9kYWlseXZvaWNlLmNvbS9uZXcteW9yay9vcmFuZ2V0b3duL25ld3MvbnktZG9jdG9yLWNsYWltZWQtbW9yZS10aGFuLTEtbWlsbGlvbi1pbi1mcmF1ZHVsZW50LXRheC1kZWR1Y3Rpb25zLWZlZHMtc2F5LzgyMDY0Mi8iPjxoMSBjbGFzcz0iZS1hcnRpY2xlLXRpdGxlIiBqcy1hcnRpY2xlLXRpdGxlPSIiPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5PC9oMT4&i6=MmEwMjo2ZWEwOmM3MWI6MDoxMDEyOmZmMDY6Mjg0MDoxZGJk
Request Chain 203
  • https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3D%26advId%3D94%26advUuid%3D%24SPOTX_USER_ID HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3D%26advId%3D94%26advUuid%3D%24SPOTX_USER_ID&__user_check__=1&sync_id=fe2a864f-c5f4-11ec-9aa9-102ad03c0106 HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=6268e57844f1e&pixel=&advId=94&advUuid=fe2a860b-c5f4-11ec-9aa9-102ad03c0106
Request Chain 214
  • https://csync.loopme.me/?redirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3D%26advId%3D93%26advUuid%3D%7Bdevice_id%7D HTTP 307
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=6268e57844f1e&pixel=&advId=93&advUuid=72f4b8a9-aa2d-4994-a209-8e347bff1eff
Request Chain 215
  • https://ssum-sec.casalemedia.com/usermatchredir?s=192962&cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3D%26advId%3D99%26advUuid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3D%26advId%3D99%26advUuid%3D&s=192962&C=1 HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=6268e57844f1e&pixel=&advId=99&advUuid=YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB
Request Chain 216
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%252Fprofiles_engine%252FProfilesEngineServlet%253Fat%253D20%2526mi%253D10%2526dpi%253D259151345%2526pcid%253D%24UID%26advId%3D121%26advUuid%3D%24UID HTTP 302
  • https://eb2.3lift.com/getuid?ld=1&gdpr=1&cmp_cs=&us_privacy=&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%252Fprofiles_engine%252FProfilesEngineServlet%253Fat%253D20%2526mi%253D10%2526dpi%253D259151345%2526pcid%253D%24UID%26advId%3D121%26advUuid%3D%24UID HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&pixel=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26mi%3D10%26dpi%3D259151345%26pcid%3D4082658486579978729870&advId=121&advUuid=4082658486579978729870
Request Chain 218
  • https://secure.adnxs.com/getuid?https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3D%26advId%3D105%26advUuid%3D%24UID HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=6268e57844f1e&pixel=&advId=105&advUuid=4382111657419277628
Request Chain 219
  • https://60687.publishers.tremorhub.com/pubsync?redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%252Fprofiles_engine%252FProfilesEngineServlet%253Fat%253D20%2526mi%253D10%2526dpi%253D%2B584182936%2526pcid%253D%5Btvid%5D%26advId%3D126%26advUuid%3D%5Btvid%5D HTTP 302
  • https://60687.publishers.tremorhub.com/pubsync/verify?redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%252Fprofiles_engine%252FProfilesEngineServlet%253Fat%253D20%2526mi%253D10%2526dpi%253D%2B584182936%2526pcid%253D%5Btvid%5D%26advId%3D126%26advUuid%3D%5Btvid%5D
Request Chain 287
  • https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-00ex%2F0%2F49a121f076f0419fad1d9544f0ab0768%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&13711f39-e3c9-46dc-a55e-2054f1e848d7 HTTP 302
  • https://i.liadm.com/s/e/a-00ex/0/49a121f076f0419fad1d9544f0ab0768?mpid=7156&muid=671e6268-e579-4a00-9b31-03aa76d871a7
Request Chain 288
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=liveintent&ttd_tpi=1 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=liveintent&ttd_tpi=1 HTTP 302
  • https://i.liadm.com/s/35759?bidder_id=44489&bidder_uuid=1c450bec-b2fe-4198-a495-f72f24a1217e HTTP 303
  • https://i6.liadm.com/s/35759?bidder_id=44489&bidder_uuid=1c450bec-b2fe-4198-a495-f72f24a1217e
Request Chain 289
  • https://dpm.demdex.net/ibs:dpid=127444&dpuuid=13711f39-e3c9-46dc-a55e-2054f1e848d7&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-00ex%2F0%2F49a121f076f0419fad1d9544f0ab0768%3Fmpid%3D82775%26muid%3D%24%7BDD_UUID%7D HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=127444&dpuuid=13711f39-e3c9-46dc-a55e-2054f1e848d7&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-00ex%2F0%2F49a121f076f0419fad1d9544f0ab0768%3Fmpid%3D82775%26muid%3D%24%7BDD_UUID%7D HTTP 302
  • https://i.liadm.com/s/e/a-00ex/0/49a121f076f0419fad1d9544f0ab0768?mpid=82775&muid=18111496120938825200621355339970630952
Request Chain 290
  • https://x.dlx.addthis.com/e/live_intent_sync?na_exid=13711f39-e3c9-46dc-a55e-2054f1e848d7 HTTP 302
  • https://x.dlx.addthis.com/e/live_intent_sync?na_exid=13711f39-e3c9-46dc-a55e-2054f1e848d7&rd=Y
Request Chain 291
  • https://x.bidswitch.net/syncd?dsp_id=256&user_group=2&user_id=13711f39-e3c9-46dc-a55e-2054f1e848d7&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D HTTP 302
  • https://x.bidswitch.net/ul_cb/syncd?dsp_id=256&user_group=2&user_id=13711f39-e3c9-46dc-a55e-2054f1e848d7&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D HTTP 302
  • https://i.liadm.com/s/52176?bidder_id=5298&bidder_uuid=2275a37a-a7fe-43bf-85f5-f6d1ffd0e621 HTTP 303
  • https://i6.liadm.com/s/52176?bidder_id=5298&bidder_uuid=2275a37a-a7fe-43bf-85f5-f6d1ffd0e621
Request Chain 292
  • https://x.bidswitch.net/sync?ssp=liveintent&user_id=13711f39-e3c9-46dc-a55e-2054f1e848d7 HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=liveintent&user_id=13711f39-e3c9-46dc-a55e-2054f1e848d7 HTTP 302
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=2275a37a-a7fe-43bf-85f5-f6d1ffd0e621&ssp=liveintent&gdpr=&gdpr_consent=
Request Chain 308
  • https://creativecdn.com/cm-notify?pi=admatic HTTP 302
  • https://creativecdn.com/cm-notify?pi=admatic&tc=1 HTTP 302
  • https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=QuO7j6tCXszybLZpKdGp&pi=admatic&tc=1
Request Chain 333
  • https://ih.adscale.de/uu?cbfn=receive&t=1651041657 HTTP 302
  • https://ih.adscale.de/uu?cbfn=receive&t=1651041657&nut&uu=63b73b1226f445519ec494ffac245040
Request Chain 366
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIKti-wuA3zjx961IRuf9kE&google_cver=1
Request Chain 367
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YmjleKUCRbN6zLlXA4o4fwAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIKti-wuA3zjx961IRuf9kE&google_cver=1
Request Chain 368
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESECmxUzNxgbJfXIa8kKxEeZc&google_cver=1
Request Chain 369
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDM4MjExMTY1NzQxOTI3NzYyOA%3D%3D
Request Chain 378
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 381
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKmsuNmVX5IfUNUxLAdBx7M&google_cver=1
Request Chain 383
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
  • https://sync.teads.tv/um?eid=3&uid=CAESEKSYo-RxU6v5O-ksaazQ3Bo&google_cver=1
Request Chain 405
  • https://deptagencynl1.solution.weborama.fr/fcgi-bin/dispatch.fcgi?a.A=im&a.si=6709&a.te=518&a.ra=1651041656887405&a.agi=199&g.de=0&ca=46563887000&a.hr=js&a.wi=970&a.he=90&a.sh=1200&a.sw=1600&a.ycp=&g.ism=0&gdpr_cmp_failure=1&g.did=&a.we=1&a.pc=https%3A//googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCdgkEeOVoYu2UNq6k9u8P4saPiAG08eiraf3o5-jOD4fRor3AARABINrXxTlgleq3gsgHoAHD7pDBKMgBCakC2I91ZFTasT6oAwGqBPIBT9AvpgicXL4a4fn3RvF0c8Z2lEhKZAlS7INGYK3iJug_FiDQDNLnXJ9aobexlLAam1bApJHPt6XFoYyUO28oFWTmtape9_GF_YQE9NbTguMIc49RtCTGbmrdtNlJ0XMXrGK7bC_IIV-GDdooUi8fJixVSb_Q0_FLLeZSa4LoazUD675sip8Mpqv0iN2y_mjLfbTJrJgZw5OIi9q3bz5ZWs7MvOyxYLbjRto60WTQMYpDUJL6clGHfWjvrYgr9k8RNIXwu4s3s1HtQXtrxCwVhpUJi8v5-AnfeopuPGvQyeV8QP6Qmtr6rRqr7w0zhTjDSpzABLfHmJX4A-AEA5AGAaAGTYAHw6bhoAOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB3yCBthZHgtc3Vic3luLTkwMTIxODg0NTE2Mjk5MzSACgOYCwHICwGADAGwE66Qgg_IE6-v498D0BMA2BMK2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJ-Roob-_3AXJ0ObXClMJ6w9z1VIrGPS1ZD-jcrWvj-arIKAe5jqhfg%26sig%3DAOD64_0uU6QrAy8KSTo_EGXc1JmerOUdIA%26client%3Dca-pub-3605257360853185%26dbm_c%3DAKAmf-DTYd7Vel-3HXMajE9XUzDZSbL7erJETZr287IK1MOmS6gXP6YkjJwaxH9EH7EQUwDqk_jcjpI_KVbgI1GAoZCu1bVSLfq-BD-RJQN4CSKr0Tpm1d8g36NTv7yEM1y3wsR5Lsli6VRruKo4wa7ghdlhz9eEjA%26cry%3D1%26dbm_d%3DAKAmf-AYOk1q471aAcP_-_TFAx3PlCPWkj4OH983Nj-aPpA8dMAhbC8farq9R-teL44IiC6W5urjoyjHf8epgxrWTFG37VqjFRimoc-ILCdzgqng1B_O4-P2hdr6l2KeDGFMhC0zC62DY8NWFsgD6SC1m3S9hmhKEM6VGB0Uv-Qebv6sJ5qtA26DgTk4K8vvItZG6dlHEZ06y8uch4d_lggcp2UN3DQBiDP9u1cTywD79ibdgq_d-iea8oUstGlwZfcyL07DV1qrPzg8mnQmyJUdn2b_Gt-Aizt4XB3NWBWHVs32Zeuw7LjGV7aDbsptyipijfShOim5xQhCHNEiYThK2WinulFTya9HypDZG-dVDAPkTbzU37Kqte4fRdR6ivtFagE8vMgJ2pczZx1RttqpeegHBhsj4-E9Fr36R_8TO6HPUoxsUQVDF2QfmRHisELpb73ybwpHk7OSUHuw2OADXMkFHJEP6g%26adurl%3D&g.pu=&g.ru= HTTP 302
  • https://deptagencynl1.solution.weborama.fr/fcgi-bin/dispatch.fcgi?g.bo=OK&g.rn=228168&a.A=im&a.si=6709&a.te=518&a.ra=1651041656887405&a.agi=199&g.de=0&ca=46563887000&a.hr=js&a.wi=970&a.he=90&a.sh=1200&a.sw=1600&a.ycp=&g.ism=0&gdpr_cmp_failure=1&g.did=&a.we=1&a.pc=https%3A//googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCdgkEeOVoYu2UNq6k9u8P4saPiAG08eiraf3o5-jOD4fRor3AARABINrXxTlgleq3gsgHoAHD7pDBKMgBCakC2I91ZFTasT6oAwGqBPIBT9AvpgicXL4a4fn3RvF0c8Z2lEhKZAlS7INGYK3iJug_FiDQDNLnXJ9aobexlLAam1bApJHPt6XFoYyUO28oFWTmtape9_GF_YQE9NbTguMIc49RtCTGbmrdtNlJ0XMXrGK7bC_IIV-GDdooUi8fJixVSb_Q0_FLLeZSa4LoazUD675sip8Mpqv0iN2y_mjLfbTJrJgZw5OIi9q3bz5ZWs7MvOyxYLbjRto60WTQMYpDUJL6clGHfWjvrYgr9k8RNIXwu4s3s1HtQXtrxCwVhpUJi8v5-AnfeopuPGvQyeV8QP6Qmtr6rRqr7w0zhTjDSpzABLfHmJX4A-AEA5AGAaAGTYAHw6bhoAOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB3yCBthZHgtc3Vic3luLTkwMTIxODg0NTE2Mjk5MzSACgOYCwHICwGADAGwE66Qgg_IE6-v498D0BMA2BMK2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJ-Roob-_3AXJ0ObXClMJ6w9z1VIrGPS1ZD-jcrWvj-arIKAe5jqhfg%26sig%3DAOD64_0uU6QrAy8KSTo_EGXc1JmerOUdIA%26client%3Dca-pub-3605257360853185%26dbm_c%3DAKAmf-DTYd7Vel-3HXMajE9XUzDZSbL7erJETZr287IK1MOmS6gXP6YkjJwaxH9EH7EQUwDqk_jcjpI_KVbgI1GAoZCu1bVSLfq-BD-RJQN4CSKr0Tpm1d8g36NTv7yEM1y3wsR5Lsli6VRruKo4wa7ghdlhz9eEjA%26cry%3D1%26dbm_d%3DAKAmf-AYOk1q471aAcP_-_TFAx3PlCPWkj4OH983Nj-aPpA8dMAhbC8farq9R-teL44IiC6W5urjoyjHf8epgxrWTFG37VqjFRimoc-ILCdzgqng1B_O4-P2hdr6l2KeDGFMhC0zC62DY8NWFsgD6SC1m3S9hmhKEM6VGB0Uv-Qebv6sJ5qtA26DgTk4K8vvItZG6dlHEZ06y8uch4d_lggcp2UN3DQBiDP9u1cTywD79ibdgq_d-iea8oUstGlwZfcyL07DV1qrPzg8mnQmyJUdn2b_Gt-Aizt4XB3NWBWHVs32Zeuw7LjGV7aDbsptyipijfShOim5xQhCHNEiYThK2WinulFTya9HypDZG-dVDAPkTbzU37Kqte4fRdR6ivtFagE8vMgJ2pczZx1RttqpeegHBhsj4-E9Fr36R_8TO6HPUoxsUQVDF2QfmRHisELpb73ybwpHk7OSUHuw2OADXMkFHJEP6g%26adurl%3D&g.pu=&g.ru=
Request Chain 418
  • https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEBCZUG4MiXs5bGCslvfQPGk&google_cver=1
Request Chain 419
  • https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZmUyYTg2MGItYzVmNC0xMWVjLTlhYTktMTAyYWQwM2MwMTA2
Request Chain 420
  • https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_dbm&_origin=1 HTTP 302
  • https://pixel.advertising.com/ups/55946/sync?uid=CAESEKEvmEfsmGXJ1r7fxpbRts8&_origin=1&google_cver=1 HTTP 302
  • https://pixel.advertising.com/ups/55946/sync?uid=CAESEKEvmEfsmGXJ1r7fxpbRts8&_origin=1&google_cver=1&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEKEvmEfsmGXJ1r7fxpbRts8&_origin=1&google_cver=1&apid=UPff0ac2f5-c5f4-11ec-8f58-06867cf268a4 HTTP 302
  • https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEKEvmEfsmGXJ1r7fxpbRts8&_origin=1&google_cver=1&apid=UPff0ac2f5-c5f4-11ec-8f58-06867cf268a4&verify=true
Request Chain 421
  • https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true HTTP 302
  • https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&redir=true&apid=UPff0ac2f5-c5f4-11ec-8f58-06867cf268a4 HTTP 302
  • https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&redir=true&apid=UPff0ac2f5-c5f4-11ec-8f58-06867cf268a4&verify=true HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVBmZjBhYzJmNS1jNWY0LTExZWMtOGY1OC0wNjg2N2NmMjY4YTQ%3D
Request Chain 429
  • https://gcdn.2mdn.net/videoplayback/id/8c41f3bdf2567a85/itag/344/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1682577658/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/A7E17CF6B024B9702B5223A7130590CDE7C02908.36EEB4E0C5D85EF1F6D566DB5057E97D6B69070A/key/ck2/file/file.mp4 HTTP 302
  • https://r3---sn-4g5e6nsk.c.2mdn.net/videoplayback/id/8c41f3bdf2567a85/itag/344/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1682577658/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/6FBFC8C1E704BB7DD7A1A0CD3467CD1FD14B798D.2DA27368F84201D835CF13E919D0A635B75A7831/key/cms1/cms_redirect/yes/mh/bu/mip/2a02:6ea0:c71b:0:1012:ff06:2840:1dbd/mm/42/mn/sn-4g5e6nsk/ms/onc/mt/1651041037/mv/u/mvi/3/pl/43/file/file.mp4
Request Chain 431
  • https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEGPP8W7bzRC6-mkR5ce23Uo&google_cver=1&google_push=AYg5qPJ1ohtc08g3XB07cyxgf0tUm_KEj4mau1XpQ9l9aBkg751ips_m5etDLC_pgo5rEtOfgXCJuczR0XUF8pi8XqNKRyrZYRK9Hw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJ1ohtc08g3XB07cyxgf0tUm_KEj4mau1XpQ9l9aBkg751ips_m5etDLC_pgo5rEtOfgXCJuczR0XUF8pi8XqNKRyrZYRK9Hw&google_hm=B0MP1cfKT6WGRfy7ui1BBIU
Request Chain 432
  • https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESELSEGB6nGNDKj4RGDni90jw&google_cver=1&google_push=AYg5qPI6Df5E6_WEvMp49rnk33YS41yeGqfy9G036JwDyJOEGdTNblGiSlYVy2xcUQXkkNXB1CU_z3luDT9Un6JS5iUhhBUtyhuBSw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA5MTE2OTkyNTQ0NTQ1MzAxMA%3D%3D&google_push=AYg5qPI6Df5E6_WEvMp49rnk33YS41yeGqfy9G036JwDyJOEGdTNblGiSlYVy2xcUQXkkNXB1CU_z3luDT9Un6JS5iUhhBUtyhuBSw
Request Chain 433
  • https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDvHrMpt5YLnXxe_1hRhzow&google_cver=1&google_push=AYg5qPK7S8_rQxX9hnoLXIRwNURnP8QEXbLxN3cDyV5soC_jIjkgJwYxkatB6LJuPNHLv8tXM6_Hhj_fVfiiHfhH2MZ-j-9pH44SHw HTTP 302
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=2275a37a-a7fe-43bf-85f5-f6d1ffd0e621&ssp=google&gdpr=&gdpr_consent=
Request Chain 435
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDeuYSRBBs4AWHQJle7BJ-I&google_cver=1&google_push=AYg5qPLOO2KL0Q5BC2lQvbcoSndmzsPpOHgTQvvMJb4N5AyUlVteA0gyU4HePWnPNLtnwwpwP5dUtIG6Q0zgQEMPbxUC61JjHlYg HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDJIN0tOOTctMVMtSlNITw==&google_push=AYg5qPLOO2KL0Q5BC2lQvbcoSndmzsPpOHgTQvvMJb4N5AyUlVteA0gyU4HePWnPNLtnwwpwP5dUtIG6Q0zgQEMPbxUC61JjHlYg
Request Chain 436
  • https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEIrgbN8GcHdBG52AUjmdqRw&google_cver=1&google_push=AYg5qPKYOwX_yPQUMk2HxvEMTteOuGnWgMDDuuuuj1rzgpuO2T4uazyq2kuaXGPY0ZPGcFlXlZS8U6R_5YucO1r-MGk8u_bGtT-26g HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABgGnAZct-kgnQfVdjdqOrT_gy4F3XBHMmgA&google_push=AYg5qPKYOwX_yPQUMk2HxvEMTteOuGnWgMDDuuuuj1rzgpuO2T4uazyq2kuaXGPY0ZPGcFlXlZS8U6R_5YucO1r-MGk8u_bGtT-26g HTTP 302
  • https://onetag-sys.com/sync/i,19/?google_error=5
Request Chain 442
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEOv1g2wNRg3Lam8VAnnJhOY&google_cver=1&google_push=AYg5qPKn-iPTBhfitysXM_XTkpZh2s_Xu3iUODSW-Xsu7EgT4JhY8VrWr0wUTgOUryIwGr24bRS0PXdMDC7Z47bygVk8k1BoPzI9Fg HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=8&google_gid=CAESEOv1g2wNRg3Lam8VAnnJhOY&google_cver=1&google_push=AYg5qPKn-iPTBhfitysXM_XTkpZh2s_Xu3iUODSW-Xsu7EgT4JhY8VrWr0wUTgOUryIwGr24bRS0PXdMDC7Z47bygVk8k1BoPzI9Fg HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=BNDTPTA1S5uw_VZYhMPEimJo5Xo
Request Chain 443
  • https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESENlmtWyiEzsParyAh-l2TZ4&google_cver=1&google_push=AYg5qPKrbchAP_UqVasdXElOHXOB_C2c2vNQ7ACdVF7_WKRJSumo-ltuuiB9VA03v9xAqu9F8UgFVbaWYWESQp4TAcLBf7xAj9M0kQ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA5MTE2OTkyNTQ0NTQ1MzAxMA%3D%3D&google_push=AYg5qPKrbchAP_UqVasdXElOHXOB_C2c2vNQ7ACdVF7_WKRJSumo-ltuuiB9VA03v9xAqu9F8UgFVbaWYWESQp4TAcLBf7xAj9M0kQ
Request Chain 444
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESELXUQQAkblUfGAJzxOCBB-k&google_cver=1&google_push=AYg5qPI4kCjxjEjsjR4YzWqcCNm5sXC7xs0Yi58PP520FFZOCy8jfx6aWekq4BrR8FgdDK1zCiRXtNRR8DnFa5ja94n_7NFL5Dbuaw HTTP 302
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESELXUQQAkblUfGAJzxOCBB-k&google_cver=1&google_push=AYg5qPI4kCjxjEjsjR4YzWqcCNm5sXC7xs0Yi58PP520FFZOCy8jfx6aWekq4BrR8FgdDK1zCiRXtNRR8DnFa5ja94n_7NFL5Dbuaw&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=RzpwsZe8TR-0AUUBecE-GQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI4kCjxjEjsjR4YzWqcCNm5sXC7xs0Yi58PP520FFZOCy8jfx6aWekq4BrR8FgdDK1zCiRXtNRR8DnFa5ja94n_7NFL5Dbuaw
Request Chain 445
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESENbwiumUhwBwSnfmCZBG2MA&google_cver=1&google_push=AYg5qPL4sfxMLsk0lu0ld9U7VW0xisK-sLhYmqgND0WOE3bLVEXB6AbnhuxigF54RDA5_tn7la7yqEysAjGT-6_7q7Sak2H3YQeaHw HTTP 307
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESENbwiumUhwBwSnfmCZBG2MA&google_cver=1&google_push=AYg5qPL4sfxMLsk0lu0ld9U7VW0xisK-sLhYmqgND0WOE3bLVEXB6AbnhuxigF54RDA5_tn7la7yqEysAjGT-6_7q7Sak2H3YQeaHw&sovrn_retry=true HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPL4sfxMLsk0lu0ld9U7VW0xisK-sLhYmqgND0WOE3bLVEXB6AbnhuxigF54RDA5_tn7la7yqEysAjGT-6_7q7Sak2H3YQeaHw&google_hm=d89d8fb3624ba299d31d58b0
Request Chain 446
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEDWj2IVRnuX6keiWh8k_MXY&google_cver=1&google_push=AYg5qPI5LhjfIerq_2iS4DKCir_DCtQc28TNhDGTa9S9yrVO01ciBfRhBys2wbL-GeBjwyNKI1ZidrWvo9C2UfNipJrNVLtQ8ax2uQ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA4MjY1ODQ4NjU3OTk3ODcyOTg3MA%3D%3D&google_push=AYg5qPI5LhjfIerq_2iS4DKCir_DCtQc28TNhDGTa9S9yrVO01ciBfRhBys2wbL-GeBjwyNKI1ZidrWvo9C2UfNipJrNVLtQ8ax2uQ
Request Chain 464
  • https://bbnaut.ibillboard.com/match/AdScale?partneruid=63b73b1226f445519ec494ffac245040&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F6de2f23660ee4ae997dfec95845e2fc6%2F1651041658215%2F0%2Fimg%3Ftpid%3D101%26tpuid%3DIBB_USER_ID&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/6de2f23660ee4ae997dfec95845e2fc6/1651041658215/0/img?tpid=101&tpuid=BBID-01-03257556584655875-16587864
Request Chain 476
  • https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1IN3ROaU5kRTJ1RzY5NHhkMUlNRExURDJwRjB5a3pPRX5B
Request Chain 477
  • https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_dbm HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEEVBiVXupGwcoJEjhn2BZ4M&google_cver=1
Request Chain 501
  • https://ads.stickyadstv.com/auto-user-sync?gdpr=1&gdpr_consent= HTTP 302
  • https://1f2e7.v.fwmrm.net/ad/u?_dv=2&dsp_user_mapping=true&127719=dc87d5fdf19768f58f5cedc353dc9d6&rdU=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D1169%26userId%3d%23%7buser.id%7d&gdpr=1&gdpr_consent= HTTP 302
  • https://ads.stickyadstv.com/user-registering?dataProviderId=1169&userId=l12c6_7091169925444348927 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_cm=&google_sc&google_hm=ZGM4N2Q1ZmRmMTk3NjhmNThmNWNlZGMzNTNkYzlkNg==&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.stickyadstv.com/user-registering?dataProviderId=141&userId=CAESEJkCvn-F1v-oqPUfbwB3Kao&google_cver=1&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=stickyads&ttd_tpi=1&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.stickyadstv.com/user-registering?dataProviderId=208&userId=1c450bec-b2fe-4198-a495-f72f24a1217e HTTP 302
  • https://match.prod.bidr.io/cookie-sync/stv?gdpr=0&gdpr_consent= HTTP 303
  • https://match.prod.bidr.io/cookie-sync/stv?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
  • https://ads.stickyadstv.com/user-registering?dataProviderId=817&userId=AACpnk7E0csAADZj0efulg&gdpr=0 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/stickyads/dc87d5fdf19768f58f5cedc353dc9d6?gdpr=0&gdpr_consent=&gdpr=0 HTTP 302
  • https://ads.stickyadstv.com/user-registering?dataProviderId=199&userId=y-5Ey_FgtE2oPa72_poSyufO7LDW1KVdjSVKckWJEr~A HTTP 302
  • https://pm.w55c.net/ping_match.gif?st=FREEWHEEL&rurl=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D593&userId=_wfivefivec_ HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&st=FREEWHEEL&rurl=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D593&userId=_wfivefivec_ HTTP 302
  • https://ads.stickyadstv.com/user-registering?dataProviderId=593&userId=iOlBJwNX1NJBmb5 HTTP 302
  • https://cm.adgrx.com/bridge?AG_PID=freewheel&AG_SETCOOKIE
Request Chain 510
  • https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEBp0te39fcfogWl02qwZqSI&google_cver=1&google_push=AYg5qPJ3FzxFP0KxsWB6HC8QY8VC0RvRqTnL31jtq8JGfAhCgElaH7C2tDMUQNaKrVtsYHuyd-n8Hc-1pSyIh0FGG6Yr3TPUjmFn HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA5MTE2OTkyNTQ0NTQ1MzAxMA%3D%3D&google_push=AYg5qPJ3FzxFP0KxsWB6HC8QY8VC0RvRqTnL31jtq8JGfAhCgElaH7C2tDMUQNaKrVtsYHuyd-n8Hc-1pSyIh0FGG6Yr3TPUjmFn
Request Chain 512
  • https://match.360yield.com/match/ebda?google_gid=CAESELkYCFvMyftGHVp4bZCQsx0&google_cver=1&google_push=AYg5qPLBsCQWYYsV3udoozDOChF1o3462aS158tj7RojT78VaFLxhClmk6WTQIplNTQAOPDvnETyfxJ9zG7kw-XlYTrK2LZQgzk HTTP 302
  • https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESELkYCFvMyftGHVp4bZCQsx0&google_cver=1&google_push=AYg5qPLBsCQWYYsV3udoozDOChF1o3462aS158tj7RojT78VaFLxhClmk6WTQIplNTQAOPDvnETyfxJ9zG7kw-XlYTrK2LZQgzk HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=L-9Yl-ihQYiYOe_AfnU9MQ&google_push=AYg5qPLBsCQWYYsV3udoozDOChF1o3462aS158tj7RojT78VaFLxhClmk6WTQIplNTQAOPDvnETyfxJ9zG7kw-XlYTrK2LZQgzk
Request Chain 513
  • https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEONtxc3N1IKWERxJlBZNnDA&google_cver=1&google_push=AYg5qPImfota0u13Pm2USewKFGtX9wI9brayon9s6YynR6Vc4UD8RR63dplXNh9Wf7_MiW-pac6bS8h4pmduret3lScE3kidDPw- HTTP 302
  • https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AYg5qPImfota0u13Pm2USewKFGtX9wI9brayon9s6YynR6Vc4UD8RR63dplXNh9Wf7_MiW-pac6bS8h4pmduret3lScE3kidDPw-&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1651041659802 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPImfota0u13Pm2USewKFGtX9wI9brayon9s6YynR6Vc4UD8RR63dplXNh9Wf7_MiW-pac6bS8h4pmduret3lScE3kidDPw-&google_hm=
Request Chain 514
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEAkNyUEFbOPFtOQ7Ib0HUe4&google_cver=1&google_push=AYg5qPIxVGnLSp6flDVO2zxtqPoKlLXUY797D5kF7cPSJQawK6yaRtJXOznT2d-cEdQQndiwUBcMkNpkB0BfaeM3REVzDhsegDFU HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA4MjY1ODQ4NjU3OTk3ODcyOTg3MA%3D%3D&google_push=AYg5qPIxVGnLSp6flDVO2zxtqPoKlLXUY797D5kF7cPSJQawK6yaRtJXOznT2d-cEdQQndiwUBcMkNpkB0BfaeM3REVzDhsegDFU
Request Chain 523
  • https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=d97b2a2bef2774ba6d722369584269ecc02fcd16707b3660b922ef3461e2e89e&tpid=63&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F6de2f23660ee4ae997dfec95845e2fc6%2F1651041658215%2F0%2Fimg&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=YmjleKUCRbN6zLlXA4o4fwAA%261164
Request Chain 546
  • https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D108%26tpuid%3D%5BMM_UUID%5D&uid=0731ea2ad9aad4153bb0dad9f182c727babdc1b863bdc9a922c2d25fde7ebd6d&tpid=108&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F6de2f23660ee4ae997dfec95845e2fc6%2F1651041658215%2F0%2Fimg&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=0&gdpr_consent=
Request Chain 552
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB&dcc=t
Request Chain 554
  • https://d.adroll.com/cm/index/ssp?gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
Request Chain 555
  • https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=PvQsF23zLRcl9yJNP_E3Gz-nexol8ysebqepOrxv
Request Chain 556
  • https://match.prod.bidr.io/cookie-sync/ie?gdpr=1 HTTP 303
  • https://match.prod.bidr.io/cookie-sync/ie?gdpr=1&_bee_ppp=1 HTTP 303
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AACpnk7E0csAADZj0efulg&expiration=1652251259&gdpr=1
Request Chain 560
  • https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESELwPkNwUcXXzfZ1s3mxuVCY&google_cver=1&google_push=AYg5qPJX9yfZRPc5S-OIqPT2SJ5i2P4ZFYtPRdVcLaYnhdIg1VTuM39FrgbE6kdVa01kq2H6Jq8Axs-A3grwRThraTJTLl9Rcaw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=Zx5iaOV5SgCbMQOqdthxpw&google_push=AYg5qPJX9yfZRPc5S-OIqPT2SJ5i2P4ZFYtPRdVcLaYnhdIg1VTuM39FrgbE6kdVa01kq2H6Jq8Axs-A3grwRThraTJTLl9Rcaw
Request Chain 561
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEOv1g2wNRg3Lam8VAnnJhOY&google_cver=1&google_push=AYg5qPL04eMrXa3ahSRtLapYwGVFxNiWpiUx1L7gJpyfmlbgimFvIdkLYk28cqh0XwwdBOrdLs-oXp5t6vqOeT2kFuY9dIUghwP7 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=BNDTPTA1S5uw_VZYhMPEimJo5Xo
Request Chain 562
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESELXUQQAkblUfGAJzxOCBB-k&google_cver=1&google_push=AYg5qPIG_rZCvsqcGrqX1N3letHk3fs7gc5o5zE04RCog6QgnvXC0iCCaHKXWoTazRJmrlu7VA4aoC1HRlo1VSBb6vzxZmMzHTo HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=RzpwsZe8TR-0AUUBecE-GQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIG_rZCvsqcGrqX1N3letHk3fs7gc5o5zE04RCog6QgnvXC0iCCaHKXWoTazRJmrlu7VA4aoC1HRlo1VSBb6vzxZmMzHTo
Request Chain 563
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESENbwiumUhwBwSnfmCZBG2MA&google_cver=1&google_push=AYg5qPKhm-MdtSusVFHhySnx4amWy8GdR8l5t5NUixthMh5sphZS6Brg7yveQ8ZCoVFMXDDGock05GSCCHQiH-P4M0cxE1XsQA8 HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPKhm-MdtSusVFHhySnx4amWy8GdR8l5t5NUixthMh5sphZS6Brg7yveQ8ZCoVFMXDDGock05GSCCHQiH-P4M0cxE1XsQA8&google_hm=d89d8fb3624ba299d31d58b0
Request Chain 564
  • https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEArsFFkSEt2u3lJfdPpDmbM&google_cver=1&google_push=AYg5qPKWbYZdUrSRSNdFmBWwhiDHMhKBYBZpmI7Ot3VhwnMGyZSZAQ8BYyEbOFkOzLPwIbjCFQ7D_jh9UNqA7XyBH8pso8smAh1Rkw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABgGnAYuUobBpGQDR1ic4IlPo5HTp0ckQ-bw&google_push=AYg5qPKWbYZdUrSRSNdFmBWwhiDHMhKBYBZpmI7Ot3VhwnMGyZSZAQ8BYyEbOFkOzLPwIbjCFQ7D_jh9UNqA7XyBH8pso8smAh1Rkw HTTP 302
  • https://onetag-sys.com/sync/i,19/?google_error=5
Request Chain 571
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=1&us_privacy=1--- HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=1&put=CAESEI9IFlujqZqjFsbtpPac2vM&google_cver=1
Request Chain 573
  • https://token.rubiconproject.com/token?pid=36584&gdpr=1&us_privacy=1--- HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L2H7KN97-1S-JSHO&gdpr=1&us_privacy=1---
Request Chain 574
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=1&us_privacy=1--- HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/Ng2WDYWhC4cg_pEdUKO9Vcn5EUdSAgOZEtemQ7w0kco?csrc=&gdpr=1&us_privacy=1--- HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=4647532096596413448
Request Chain 575
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1--- HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---&dcc=t
Request Chain 576
  • https://token.rubiconproject.com/token?pid=26594&gdpr=1&us_privacy=1--- HTTP 302
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L2H7KN97-1S-JSHO&sigv=1&esig=2~bb1ee7fc752a116df361f2019190de4d3793d5cb&gdpr=1&us_privacy=1---
Request Chain 577
  • https://token.rubiconproject.com/token?pid=2249&pt=n&gdpr=1&us_privacy=1--- HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YzUyOTU3ZDU3OWZlNmMxYWM3YTY3OTIxM2NiODQ2N2NjNGFjNjFkYg&gdpr=1&us_privacy=1---
Request Chain 586
  • https://d5p.de17a.com/cookies/google?google_gid=CAESEJp7fyFBKyOb4qSgdIFQjUg&google_cver=1&google_push=AYg5qPInNpFNR5FOTeQ-mPuhfHch4K65tdpnR2f9ejGdFuOwhtCAR9eavTegUgfRRlwe_tgl8QWv8RXJvNbrW3tWo8B3dmtzQ6I HTTP 302
  • https://d5p.de17a.com/cookies/google;c?google_gid=CAESEJp7fyFBKyOb4qSgdIFQjUg&google_cver=1&google_push=AYg5qPInNpFNR5FOTeQ-mPuhfHch4K65tdpnR2f9ejGdFuOwhtCAR9eavTegUgfRRlwe_tgl8QWv8RXJvNbrW3tWo8B3dmtzQ6I HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPInNpFNR5FOTeQ-mPuhfHch4K65tdpnR2f9ejGdFuOwhtCAR9eavTegUgfRRlwe_tgl8QWv8RXJvNbrW3tWo8B3dmtzQ6I
Request Chain 588
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEDrjuhDAaZPfOjDSBLKEiOY&google_cver=1&google_push=AYg5qPJGaEl0EOzU2ebeSU4J3AJp8RsXN0AFKW001Lxcunm0wNAjxAvNCvHtwXETNEqJJoI182UWSSC61dkTI1g1MkchHPa_modr HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=RzpwsZe8TR-0AUUBecE-GQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJGaEl0EOzU2ebeSU4J3AJp8RsXN0AFKW001Lxcunm0wNAjxAvNCvHtwXETNEqJJoI182UWSSC61dkTI1g1MkchHPa_modr
Request Chain 589
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFVQqHeeMvrp7VPcWGcxIUs&google_cver=1&google_push=AYg5qPJJuu-u6VTkCxQR9bs7D9jleSeo5FGPVmVl-vgTerx-3LZDWZGI3lfTMNIyM9Rn9FaN814b5qQXGUCigtZrro4JS55SZ8Q HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDJIN0tOOTctMVMtSlNITw==&google_push=AYg5qPJJuu-u6VTkCxQR9bs7D9jleSeo5FGPVmVl-vgTerx-3LZDWZGI3lfTMNIyM9Rn9FaN814b5qQXGUCigtZrro4JS55SZ8Q
Request Chain 590
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESECsm8hRlWsCTZ8348YSPt0s&google_cver=1&google_push=AYg5qPJJDkL7Y0pS_mvYU6_empltfxUbPF4FCdO013B27KSI_rZQoMdiyfHOtdagdK5nfSLoHwLCfgB_hA7Qvn9NYdeNkxkjZlP0 HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJJDkL7Y0pS_mvYU6_empltfxUbPF4FCdO013B27KSI_rZQoMdiyfHOtdagdK5nfSLoHwLCfgB_hA7Qvn9NYdeNkxkjZlP0&google_hm=d89d8fb3624ba299d31d58b0
Request Chain 591
  • https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEONtxc3N1IKWERxJlBZNnDA&google_cver=1&google_push=AYg5qPLN53YCrkGg-poW2DAq0rOTo2d1vh7yD5SfkP45_e4DkdA98zwCBvT3pQ1F_gxpDpnMqWf_ph-Y2ajeyQZkJVah-l0_QHyH HTTP 302
  • https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AYg5qPLN53YCrkGg-poW2DAq0rOTo2d1vh7yD5SfkP45_e4DkdA98zwCBvT3pQ1F_gxpDpnMqWf_ph-Y2ajeyQZkJVah-l0_QHyH&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1651041659159 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPLN53YCrkGg-poW2DAq0rOTo2d1vh7yD5SfkP45_e4DkdA98zwCBvT3pQ1F_gxpDpnMqWf_ph-Y2ajeyQZkJVah-l0_QHyH&google_hm=
Request Chain 594
  • https://track.adform.net/serving/cookie/match/?party=9&uid=7b02ae63e25242d977b478f6bb5abafc9b6e98c867cc28336cdaec787a7f6438&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F6de2f23660ee4ae997dfec95845e2fc6%2F1651041658215%2F0%2Fimg&gdpr=0 HTTP 302
  • https://track.adform.net/serving/cookie/match/?CC=1&party=9&uid=7b02ae63e25242d977b478f6bb5abafc9b6e98c867cc28336cdaec787a7f6438&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F6de2f23660ee4ae997dfec95845e2fc6%2F1651041658215%2F0%2Fimg&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/6de2f23660ee4ae997dfec95845e2fc6/1651041658215/0/img?tpid=42&gdpr=0&tpuid=7378935371015770253
Request Chain 607
  • https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&uid=8d8fec3be98b8c18c67eb5e6ef2913b21f92a37baeed8b4887cf3800731e2b01&tpid=40&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F6de2f23660ee4ae997dfec95845e2fc6%2F1651041658215%2F0%2Fimg&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=59a1600e-0f3a-4c9e-8fe0-6369948a946e&gdpr=0
Request Chain 616
  • https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=ff3a7d08e832d7eff9581911cb53ac2aa6f823f00ded299e39852a7fc304aeb6&tpid=39&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F6de2f23660ee4ae997dfec95845e2fc6%2F1651041658215%2F0%2Fimg&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=0&gdpr_consent=
Request Chain 635
  • https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_sc&uid=836e304e9f9c310d921286d1f5780bf277695ff7ecbac33f19541387fc50b801&tpid=38&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F6de2f23660ee4ae997dfec95845e2fc6%2F1651041658215%2F0%2Fimg&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/6de2f23660ee4ae997dfec95845e2fc6/1651041658215/0/img?uid=836e304e9f9c310d921286d1f5780bf277695ff7ecbac33f19541387fc50b801&tpid=38&gdpr=0&tpuid=CAESEPMdCjruO_nJ-7cLolOK4MQ&google_cver=1
Request Chain 638
  • https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=6176f821e68719d3ab4c811588171f7e27b76a9b333d8f0fd0d1e9d24b145040&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F6de2f23660ee4ae997dfec95845e2fc6%2F1651041658215%2F0%2Fjs&gdpr=0 HTTP 302
  • https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=6176f821e68719d3ab4c811588171f7e27b76a9b333d8f0fd0d1e9d24b145040&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F6de2f23660ee4ae997dfec95845e2fc6%2F1651041658215%2F0%2Fjs&gdpr=0&checkcookies=true HTTP 302
  • https://ih.adscale.de/sium/6de2f23660ee4ae997dfec95845e2fc6/1651041658215/0/js?tpid=48&tpuid=1de816c23bb88879ffa86fb1faf799b6
Request Chain 677
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
  • https://ads.servenobid.com/sync?pid=312&uid=4382111657419277628
Request Chain 678
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D HTTP 302
  • https://ads.servenobid.com/sync?pid=310&uid=d89d8fb3624ba299d31d58b0
Request Chain 680
  • https://x.yieldlift.com/getuid?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D314%26uid%3D%24UID HTTP 301
  • https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiYWY2YzgwOWItNzFhOC00OGRmLWI2YWUtMDViNTU3ZmQwYjU5IiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNC0yN1QwNjo0MTowMC40NjI1MzVaIn0=
Request Chain 682
  • https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
  • https://ads.servenobid.com/sync?pid=324&uid=5144588520131858600
Request Chain 684
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
  • https://ads.servenobid.com/sync?pid=327&uid=828e9447-06f4-4492-9978-ee5ec1ef4c4b&gdpr=0&gdpr_consent=&us_privacy=1YN-
Request Chain 685
  • https://ups.analytics.yahoo.com/ups/58559/occ HTTP 302
  • https://ads.servenobid.com/sync?pid=337&uid=y-6ZfGNzBE2uG_G4BGO02v1w1IbmQczXalfLeqEuw-~A
Request Chain 689
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=1&gdpr_consent=
Request Chain 691
  • https://sync.extend.tv/r.gif?exchange=index HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=956c06c7-d18f-417d-b6cc-da1115f6fb4f
Request Chain 692
  • https://sync.crwdcntrl.net/qmap?c=6725&tp=INDX&tpid=YmjleKUCRbN6zLlXA4o4fwAA%261164&gdpr=1&gdpr_consent=&us_privacy= HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=6725&tp=INDX&tpid=YmjleKUCRbN6zLlXA4o4fwAA%261164&gdpr=1&gdpr_consent=&us_privacy=&ct=y
Request Chain 695
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://rtb.gumgum.com/usersync?b=apn&i=4382111657419277628
Request Chain 697
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=1&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%28RolI8uDdeG62eGQ3hYOPAb44bW2fKqmHC867sdav67lf7naOwveNRHS5sGyB0u0J%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28RolI8uDdeG62eGQ3hYOPAb44bW2fKqmHC867sdav67lf7naOwveNRHS5sGyB0u0J%29 HTTP 302
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_4d40ca8c-ae78-4c69-8550-473caf72df38&obuid=ENC(RolI8uDdeG62eGQ3hYOPAb44bW2fKqmHC867sdav67lf7naOwveNRHS5sGyB0u0J) HTTP 302
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
  • https://sync.1rx.io/usersync2/rmpssp?sub=outbrain&redirect=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dunruly%26uid%3Duuid%3D%5BRX_UUID%5D%26obUid%3DRwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82 HTTP 302
  • https://sync.1rx.io/usersync2/rmpssp?sub=outbrain&zcc=1&cb=1651041661607 HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=unruly&uid=OPTOUT&obUid=$D
Request Chain 700
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=1&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=oth&i=y-d07gHRdE2pfojnEAZYhtf1kp1JyFoy5io9x5~A
Request Chain 701
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=1&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=vnt&i=005e4457-c5f5-11ec-a021-4d86a53e2b06
Request Chain 703
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=1&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
  • https://rtb.gumgum.com/usersync?b=mmh&i=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=1&gdpr_consent=
Request Chain 708
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 710
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=sus&i=YmjlfMCo8XkAAJ5jFUAAAAAA
Request Chain 712
  • https://sync.mathtag.com/sync/img?mt_exid=39&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D25%26partneruserid%3D%5BMM_UUID%5D&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=25&partneruserid=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=0&gdpr_consent=
Request Chain 713
  • https://dis.criteo.com/dis/usersync.aspx?r=30&p=273&cp=smartortb&cu=1&url=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D79%26partneruserid%3D%40%40CRITEO_USERID%40%40&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=79&partneruserid=59a1600e-0f3a-4c9e-8fe0-6369948a946e&gdpr=0&gdpr_consent=
Request Chain 714
  • https://pixel.quantserve.com/pixel/p-EtBqU4Lj3YbAv.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=2ghNHYkPTB3BC0NH2w1WEdtbGhDBD0oUilsbFh6L
Request Chain 716
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://rtb.gumgum.com/usersync?b=apn&i=4382111657419277628
Request Chain 717
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_4d40ca8c-ae78-4c69-8550-473caf72df38&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgumgum2 HTTP 307
  • https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgumgum2 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=59&user_id=efa0ec7f-7a01-430e-992f-d163b25d14bf&ssp=gumgum2 HTTP 302
  • https://rtb.gumgum.com/usersync?b=bsw&i=2275a37a-a7fe-43bf-85f5-f6d1ffd0e621
Request Chain 718
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%28RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82%29 HTTP 302
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_4d40ca8c-ae78-4c69-8550-473caf72df38&obuid=ENC(RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82) HTTP 302
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160065&gdpr=PM_GDPR&gdpr_consent=PM_CONSENT&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160065%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fsync.outbrain.com%252Fcookie-sync%253Fp%253Dpubmatic%2526obUid%253DRwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82%2526uid%253D%2523PMUID HTTP 302
  • https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=PM_CONSENT
Request Chain 719
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=opx&i=b9dd46b2-d86f-4dfd-9377-d0f414cc0ff4
Request Chain 720
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=sta&i=0-2b196980-0ccf-4d76-6d4a-d76f85212a65$ip$138.199.38.133
Request Chain 721
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=oth&i=y-d07gHRdE2pfojnEAZYhtf1kp1JyFoy5io9x5~A
Request Chain 722
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=vnt&i=0063e9eb-c5f5-11ec-8220-5f16f286a6e8
Request Chain 725
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_4d40ca8c-ae78-4c69-8550-473caf72df38&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://stags.bluekai.com/site/23178?id=Oc2Stf5sMtY6CvvACRw9&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2T3DGJJXIZRVONGXIWJWIN3HMQKDKJ3TSJTVONPXA4TJOZQWG6J5GEWS2LI&gdpr=0&us_privacy=1--- HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2T3DGJJXIZRVONGXIWJWIN3HMQKDKJ3TSJTVONPXA4TJOZQWG6J5GEWS2LI HTTP 302
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=Oc2Stf5sMtY6CvvACRw9&us_privacy=1---
Request Chain 726
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://usersync.gumgum.com/usersync?b=idi&i=2fef5897-e8a1-4188-9839-efc07e753d31
Request Chain 727
  • https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.1rx.io/usersync2/floor6?zcc=1&cb=1651041660355 HTTP 302
  • https://rtb.gumgum.com/usersync?b=rhy&i=OPTOUT
Request Chain 728
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://rtb.gumgum.com/usersync?b=pln&i=poDrh0pGchoE&ev=1&pid=558355
Request Chain 731
  • https://sync.mathtag.com/sync/img?mt_exid=75&redir=%2F%2Fonetag-sys.com%2Fsync%2Fi%2C1%2F%5BMM_UUID%5D HTTP 302
  • https://onetag-sys.com/sync/i,1/671e6268-e579-4a00-9b31-03aa76d871a7
Request Chain 733
  • https://dmp.adform.net/serving/cookie/match?party=1167&cid=SrADCIRy6rK7oRvgkwnVU8eqN1KDvjd1D42gLRICfKA HTTP 302
  • https://onetag-sys.com/sync/i,34/7378935371015770253
Request Chain 734
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D98%26gdpr%3D0%26gdpr_consent%3D%26uid%3D$UID HTTP 302
  • https://onetag-sys.com/match/?int_id=98&gdpr=0&gdpr_consent=&uid=4382111657419277628
Request Chain 736
  • https://pixel.advertising.com/ups/58198/sync?&gdpr=0&gdpr_consent=&redir=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/58198/sync?&gdpr=0&gdpr_consent=&redir=true&apid=UPff0ac2f5-c5f4-11ec-8f58-06867cf268a4 HTTP 302
  • https://onetag-sys.com/sync/i,39/y-vKz6yvdE2uEavwmxnnAnl.Wf4z6ghAwK~A~UPff0ac2f5-c5f4-11ec-8f58-06867cf268a4
Request Chain 737
  • https://onetag-sys.com/match/?int_id=106&redir=1&ot_initiated=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABgGnAbUU6mRbxuxKyXSS3M0jkrBt8iHoRIA
Request Chain 738
  • https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=&us_privacy=1YN-&redirectUri=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D107%26uid%3D[ssb_sync_pid] HTTP 302
  • https://onetag-sys.com/match/?int_id=107&uid=5142193176481493273
Request Chain 740
  • https://onetag-sys.com/match/?int_id=113&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Donetag.com%26id%3D%24%7BUSER_TOKEN%7D&ot_initiated=1 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=-KmBIR6RgDqC1uhDCUpggV5nDSWlNlrlEgxR8zXq4CY
Request Chain 741
  • https://image8.pubmatic.com/AdServer/ImgSync?p=159706&gdpr=0&gdpr_consent=&us_privacy=1YN-&pu=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D114%26uid%3D%23PMUID HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NDczQTcwQjEtOTdCQy00RDFGLUI0MDEtNDUwMTc5QzEzRTE5&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDH8GT0DoGLwq_ZMN-Rre3o&google_cver=1 HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://onetag-sys.com/match/?int_id=114&uid=473A70B1-97BC-4D1F-B401-450179C13E19
Request Chain 742
  • https://cm.g.doubleclick.net/pixel?google_nid=onetag_eb&google_cm HTTP 302
  • https://onetag-sys.com/match/?int_id=106&google_gid=CAESEC087wa9xzlqi5N-HWoCUzo&google_cver=1
Request Chain 743
  • https://ups.analytics.yahoo.com/ups/58488/occ HTTP 302
  • https://onetag-sys.com/match/?int_id=92&uid=y-6ZfGNzBE2uG_G4BGO02v1w1IbmQczXalfLeqEuw-~A
Request Chain 744
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=0&gdpr_consent= HTTP 302
  • https://onetag-sys.com/sync/i,29/?tdid=1c450bec-b2fe-4198-a495-f72f24a1217e&ttl=1653633660
Request Chain 745
  • https://x.bidswitch.net/sync?ssp=onetag HTTP 302
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=2275a37a-a7fe-43bf-85f5-f6d1ffd0e621&ssp=onetag&gdpr=&gdpr_consent=
Request Chain 748
  • https://ad.turn.com/r/cs?pid=21&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4177690674198123042
Request Chain 749
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1 HTTP 302
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1651128060&gdpr=1
Request Chain 752
  • https://ums.acuityplatform.com/tum?umid=8 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=10&external_user_id=665800460170
Request Chain 753
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB&dcc=t
Request Chain 757
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
  • https://rtb.gumgum.com/usersync?b=mmh&i=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=0&gdpr_consent=
Request Chain 761
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=ttd&i=1c450bec-b2fe-4198-a495-f72f24a1217e&t=1653633660
Request Chain 762
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 763
  • https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=0&gdpr_consent= HTTP 302
  • https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID HTTP 302
  • https://cs.emxdgt.com/umcheck?apnxid=4382111657419277628&redirect=https://usersync.gumgum.com/usersync?b=emx&i=$EMXUID HTTP 302
  • https://usersync.gumgum.com/usersync?b=emx&uid=4382111657419277628brt16951651041660284998f1
Request Chain 764
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=sus&i=YmjlfMCo8XcAAK7YJ8UAAAAA
Request Chain 765
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=rth&i=QuO7j6tCXszybLZpKdGp&pi=gumgum
Request Chain 777
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=1&gdpr_consent= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=
Request Chain 778
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=1&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=1&gdpr_consent=&piggybackCookie=5933655983883860888 HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=
Request Chain 780
  • https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7091169925445453010 HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?p=160065&pmc=1&pr=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dpubmatic%26obUid%3DRwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82%26uid%3D473A70B1-97BC-4D1F-B401-450179C13E19 HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82&uid=473A70B1-97BC-4D1F-B401-450179C13E19
Request Chain 782
  • https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=1&gdpr_consent= HTTP 307
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=1
Request Chain 783
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Request Chain 784
  • https://sync.srv.stackadapt.com/sync?nid=11 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=KxlpgAzPTXZtStdvhSEqZYrHJoU HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?p=160065&pmc=1&pr=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dpubmatic%26obUid%3DRwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82%26uid%3D473A70B1-97BC-4D1F-B401-450179C13E19 HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82&uid=473A70B1-97BC-4D1F-B401-450179C13E19
Request Chain 786
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=1&gdpr_consent= HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFDcG5rN0UwY3NBQURaajBlZnVsZw&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
  • https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AACpnk7E0csAADZj0efulg&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AACpnk7E0csAADZj0efulg&pid=558502&do=add HTTP 303
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AACpnk7E0csAADZj0efulg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Request Chain 789
  • https://green.erne.co/pubmatic/cm HTTP 302
  • https://pixel-eu.onaudience.com/?partner=270&smartmap=1&gdpr=&gdpr_consent=&redirect=image2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%26piggybackCookie%3D%25_rid HTTP 302
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D%26redirect%3Dhttps%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%2526piggybackCookie%253DNOvcHvPGbWhQWjhhXMYhaUVV HTTP 302
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D%26redirect%3Dhttps%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%2526piggybackCookie%253DNOvcHvPGbWhQWjhhXMYhaUVV&xl8blockcheck=1 HTTP 302
  • https://pixel-eu.onaudience.com/?partner=161&icm&cver&mapped=d075bc9693d2e1d6bc02c23db15cf0fc&gdpr=&redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%26piggybackCookie%3DNOvcHvPGbWhQWjhhXMYhaUVV HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=NOvcHvPGbWhQWjhhXMYhaUVV
Request Chain 790
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=1&gdpr_consent= HTTP 302
  • https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1651041661869 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
Request Chain 791
  • https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
  • https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=0bab17a1-aaf4-4032-81ea-c46472bb087e-tuct9626afe&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Request Chain 793
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=1&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:iOlBJwNX1NJBmb5&gdpr=1&gdpr_consent= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=
Request Chain 794
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=RzpwsZe8TR-0AUUBecE-GQ%3D%3D HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Request Chain 795
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=671e6268-e579-4a00-9b31-03aa76d871a7
Request Chain 796
  • https://pixel.onaudience.com/?partner=214&mapped=473A70B1-97BC-4D1F-B401-450179C13E19 HTTP 302
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D0 HTTP 302
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D0&xl8blockcheck=1 HTTP 302
  • https://pixel.onaudience.com/?partner=161&icm&cver&mapped=2fdf1deda5c4cc56cb6a1c563f28d7fc&gdpr=0 HTTP 302
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=06c877626d832d44/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D HTTP 302
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=&gdpr=0 HTTP 302
  • https://spl.zeotap.com/?zdid=1332&zcluid=06c877626d832d44 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=05441684-9e01-4838-753b-c1807d7e68a5&reqId=5d487b24-9910-41b3-7d14-69446eb43ee1&zcluid=06c877626d832d44&zdid=1332 HTTP 302
  • https://mwzeom.zeotap.com/mw?google_gid=CAESEN0OckqReJf59wWZyALjBvo&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=05441684-9e01-4838-753b-c1807d7e68a5&reqId=5d487b24-9910-41b3-7d14-69446eb43ee1&zcluid=06c877626d832d44&zdid=1332
Request Chain 800
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=1&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=L_d4gnzweYI09HbYLvJjji6kL4808H-Lf6Q4yjAN HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=0063e9eb-c5f5-11ec-8220-5f16f286a6e8&gdpr=0&gdpr_consent=
Request Chain 804
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=1&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:7e591755-4410-4197-8c71-0b387d7bb9c0&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?p=160065&pmc=1&pr=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dpubmatic%26obUid%3DRwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82%26uid%3D473A70B1-97BC-4D1F-B401-450179C13E19 HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82&uid=473A70B1-97BC-4D1F-B401-450179C13E19
Request Chain 806
  • https://ad.turn.com/r/cs?pid=1&gdpr=1&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4177690674198123042&gdpr=1&gdpr_consent=&us_privacy= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=
Request Chain 808
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=4382111657419277628 HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?p=160065&pmc=1&pr=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dpubmatic%26obUid%3DRwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82%26uid%3D473A70B1-97BC-4D1F-B401-450179C13E19 HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82&uid=473A70B1-97BC-4D1F-B401-450179C13E19
Request Chain 815
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fdailyvoice.com%2F&domain=dailyvoice.com&cw=1&pbt=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=XtkX6HxpK0pyQjlWZ1RNRGdRcW1pR1J5UG51TXZ4U3FPemZOVUFSaHZsbXcrTFVCN0xySERlZEpta2NyaUxSa3hVL2cvWi9WVk1MTnBBWE1sZFpaWEZPNCtuaFdWMUVSMDF1eUM2RUdhVyticHQ5ekJKQUpaQnZ2UVRMUFByakRZMVNQcm5YNEVWdUIyZWlneVNFRy9jbjFOUUlYZG5tS1QrZkZncWxqVEFuK0NZcUI3eDdsblFVQkRUSjEwZWk2bWZ1azBiT0Z6YkREN2xzZnJtYmV2QnlDNXdxQXdGS1p6dUYrWlNtZ1pnMVFmbzdZYnpjWWRrc25VaFBHNkNyeVFvYkxiRjBUSkU5SHdpN0huZUlWRGFORDhjUT09fA&cppv=2
Request Chain 859
  • https://x.bidswitch.net/sync?ssp=themediagrid HTTP 302
  • https://ads.betweendigital.com/match?bidder_id=43092&gdpr=&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dthemediagrid%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D%26gdpr_consent%3D HTTP 302
  • https://ads.betweendigital.com/match?bidder_id=43092&gdpr=&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dthemediagrid%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D%26gdpr_consent%3D&crf=1 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=429&user_id=de3c4d2a-750f-5175-ba9f-340cd8f7d173&ssp=themediagrid&expires=30&user_group=1&gdpr=&gdpr_consent=
Request Chain 861
  • https://eb2.3lift.com/ebda?sync=1&gdpr=1&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA4MjY1ODQ4NjU3OTk3ODcyOTg3MA%3D%3D
Request Chain 863
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA4MjY1ODQ4NjU3OTk3ODcyOTg3MA%3D%3D
Request Chain 865
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/4082658486579978729870?gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-jg5NI15E2oRtQ19E8Kla6Ww6dsILiE5WMMpF8_THrQ--~A&dongle=0883
Request Chain 868
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=4082658486579978729870 HTTP 302
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4082658486579978729870&dcc=t
Request Chain 869
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=Oc2Stf5sMtY6CvvACRw9&gdpr=1
Request Chain 873
  • https://match.prod.bidr.io/cookie-sync/trl HTTP 303
  • https://eb2.3lift.com/xuid?mid=7255&xuid=AACpnk7E0csAADZj0efulg&dongle=bzwx
Request Chain 874
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://eb2.3lift.com/xuid?mid=3702&xuid=${ADELPHIC_CUID}&dongle=d54f&gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3702&xuid=0063e9eb-c5f5-11ec-8220-5f16f286a6e8&dongle=d54f&gdpr=1&gdpr_consent=
Request Chain 875
  • https://sync.srv.stackadapt.com/sync?nid=13&gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2319&xuid=0-2b196980-0ccf-4d76-6d4a-d76f85212a65$ip$138.199.38.133&dongle=4430
Request Chain 877
  • https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=1%26gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3335&xuid=4382111657419277628&dongle=4d58&gdpr=1&gdpr_consent=
Request Chain 878
  • https://rtb.mfadsrvr.com/sync?ssp=triplelift&gdpr=1&gdpr_consent= HTTP 302
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=triplelift&gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=4945&xuid=e2cd560a-dcc3-4fdb-b5bd-6a9e66cac51a&dongle=31ac
Request Chain 879
  • https://ad.turn.com/r/cs?pid=49&gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=4771&xuid=4177690674198123042&dongle=d407
Request Chain 880
  • https://sync.mathtag.com/sync/img?mt_exid=62&redir=%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3690%26xuid%3D%5BMM_UUID%5D%26dongle%3D3995%26gdpr=1%26gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3690&xuid=671e6268-e579-4a00-9b31-03aa76d871a7&dongle=3995&gdpr=1&gdpr_consent=
Request Chain 883
  • https://match.prod.bidr.io/cookie-sync/trl HTTP 303
  • https://eb2.3lift.com/xuid?mid=7255&xuid=AACpnk7E0csAADZj0efulg&dongle=bzwx
Request Chain 884
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://eb2.3lift.com/xuid?mid=3702&xuid=${ADELPHIC_CUID}&dongle=d54f&gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3702&xuid=0063e9eb-c5f5-11ec-8220-5f16f286a6e8&dongle=d54f&gdpr=1&gdpr_consent=
Request Chain 885
  • https://sync.srv.stackadapt.com/sync?nid=13&gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2319&xuid=0-2b196980-0ccf-4d76-6d4a-d76f85212a65$ip$138.199.38.133&dongle=4430
Request Chain 887
  • https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=1%26gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3335&xuid=4382111657419277628&dongle=4d58&gdpr=1&gdpr_consent=
Request Chain 888
  • https://rtb.mfadsrvr.com/sync?ssp=triplelift&gdpr=1&gdpr_consent= HTTP 302
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=triplelift&gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=4945&xuid=e2cd560a-dcc3-4fdb-b5bd-6a9e66cac51a&dongle=31ac
Request Chain 889
  • https://ad.turn.com/r/cs?pid=49&gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=4771&xuid=4177690674198123042&dongle=d407
Request Chain 890
  • https://sync.mathtag.com/sync/img?mt_exid=62&redir=%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3690%26xuid%3D%5BMM_UUID%5D%26dongle%3D3995%26gdpr=1%26gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3690&xuid=671e6268-e579-4a00-9b31-03aa76d871a7&dongle=3995&gdpr=1&gdpr_consent=
Request Chain 892
  • https://sync.hgrtb.com/triplelift?redir=http%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D7666%26xuid%3Dmy_external_user_id%26dongle%3D8f7 HTTP 302
  • https://eb2.3lift.com/xuid?mid=7666&xuid=1884f9e9-c003-4c8e-abe2-78689c1bc5fc&dongle=8f7
Request Chain 894
  • https://cms.quantserve.com/pixel/p-VtN-a_yLd-GB-.gif?idmatch=0&gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?&mid=5316&dongle=fa68&xuid=acbNVTrBzFVyxcMPaMPWWWiVmlhywcpcOZUslLFG
Request Chain 895
  • https://aax-eu.amazon-adsystem.com/s/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=4082658486579978729870 HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4082658486579978729870&dcc=t
Request Chain 896
  • https://sasinator.realestate.com.au/rea/setid/external=TRIPLELIFT/value=4082658486579978729870 HTTP 302
  • https://sasinator.realestate.com.au/rea/lserver/setid/external=TRIPLELIFT/value=4082658486579978729870
Request Chain 898
  • https://pm.w55c.net/ping_match.gif?st=TRIPLELIFT&rurl=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D6019%26xuid%3D_wfivefivec_%26dongle%3D465e%26gdpr=1%26gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=6019&xuid=iOlBJwNX1NJBmb5&dongle=465e&gdpr=1&gdpr_consent=
Request Chain 899
  • https://us.creativecdn.com/cm-notify?pi=triplelift&gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=6547&xuid=QuO7j6tCXszybLZpKdGp&dongle=45fg&pi=triplelift&gdpr=1&gdpr_consent=
Request Chain 902
  • https://csync.loopme.me/?redirect=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D6126%26xuid%3D%7Bdevice_id%7D%26dongle%3D9e4f%26gdpr=1%26gdpr_consent= HTTP 307
  • https://eb2.3lift.com/xuid?mid=6126&xuid=650a56bd-65ad-4363-aed9-f0f1a2750f63&dongle=9e4f&gdpr
Request Chain 906
  • https://bh.contextweb.com/bh/sync/3lift?rurl=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D2636%26xuid%3D%25%25VGUID%25%25%26dongle%3D8bee%26gdpr=1%26gdpr_consent= HTTP 302
  • https://bh.contextweb.com/bh/rtset?pid=558356&ev=1&daaqp=1&rurl=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D2636%26xuid%3DPPbFdmaSFn2g%26dongle%3D8bee%26gdpr%3D1%26gdpr_consent%3D HTTP 302
  • https://eb2.3lift.com/xuid?mid=2636&xuid=PPbFdmaSFn2g&dongle=8bee&gdpr=1&gdpr_consent=
Request Chain 908
  • https://www.storygize.net/ccm/9779a491-75d6-4ad2-92bd-2f159c9892ab HTTP 302
  • https://eb2.3lift.com/xuid?mid=3396&xuid=37cf273d-6031-4a9e-b4c2-17b86d952301&dongle=c7e1
Request Chain 909
  • https://um.simpli.fi/triplelift HTTP 302
  • https://eb2.3lift.com/xuid?mid=7969&xuid=29DFB062F03745C1AB22E13B516BBAFA&dongle=yf3
Request Chain 910
  • https://ums.acuityplatform.com/tum?umid=23&uid=4082658486579978729870&gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3391&xuid=665800460170&dongle=6f30
Request Chain 911
  • https://sync.1rx.io/usersync2/triplelift HTTP 302
  • https://sync.1rx.io/usersync2/triplelift?zcc=1&cb=1651041663233 HTTP 302
  • https://eb2.3lift.com/xuid?mid=4070&xuid=OPTOUT&dongle=2dcc
Request Chain 923
  • https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1 HTTP 302
  • https://um.simpli.fi/no_match_opted_out
Request Chain 926
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=iOlBJwNX1NJBmb5&gdpr=1
Request Chain 927
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1 HTTP 302
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1651128063&gdpr=1
Request Chain 932
  • https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1 HTTP 302
  • https://um.simpli.fi/no_match_opted_out
Request Chain 935
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=iOlBJwNX1NJBmb5&gdpr=1
Request Chain 939
  • https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-e2989857-2aac-4c5e-9edd-c9c3ae45551c
Request Chain 942
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:29DFB062F03745C1AB22E13B516BBAFA
Request Chain 944
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=473A70B1-97BC-4D1F-B401-450179C13E19&gdpr= HTTP 302
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=473A70B1-97BC-4D1F-B401-450179C13E19&gdpr=&fbounce=1 HTTP 302
  • https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=473A70B1-97BC-4D1F-B401-450179C13E19&addseg=19,36,42
Request Chain 945
  • https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=473A70B1-97BC-4D1F-B401-450179C13E19&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
  • https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=473A70B1-97BC-4D1F-B401-450179C13E19&sInitiator=external&gdpr=0&gdpr_consent=
Request Chain 947
  • https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=473A70B1-97BC-4D1F-B401-450179C13E19 HTTP 302
  • https://a.audrte.com/p
Request Chain 948
  • https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1 HTTP 302
  • https://um.simpli.fi/no_match_opted_out
Request Chain 950
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=iOlBJwNX1NJBmb5&gdpr=1
Request Chain 952
  • https://cm.ctnsnet.com/int/cm?exc=19&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=109&external_user_id=07430fd5c7ca4fa58645fcbbba2d4104&expiration=1653633663
Request Chain 953
  • https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1 HTTP 302
  • https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1&prevuid=&knw=0 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
Request Chain 954
  • https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5144588520131858600
Request Chain 955
  • https://beacon.lynx.cognitivlabs.com/ix.gif HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=46b51b4d-bbf7-4096-81db-1df1f4ee4803&expiration=1682577663
Request Chain 957
  • https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1 HTTP 302
  • https://um.simpli.fi/no_match_opted_out
Request Chain 960
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=iOlBJwNX1NJBmb5&gdpr=1
Request Chain 961
  • https://s.company-target.com/s/ix?cm_dsp_id=18&us_privacy=&gdpr=1&gdpr_consent= HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1666852863&external_user_id=c11e4a48-4743-4a4a-baa1-af50315103a6
Request Chain 962
  • https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=1&gdpr_consent= HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=Oc2Stf5sMtY6CvvACRw9&gdpr=1
Request Chain 963
  • https://beacon.lynx.cognitivlabs.com/ix.gif HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=efb5d0d5-62d7-4c9a-9571-935c7d2023d1&expiration=1682577663
Request Chain 964
  • https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=16d57df4-f577-73ba-c87a937a
Request Chain 967
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=iOlBJwNX1NJBmb5&gdpr=1
Request Chain 969
  • https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5144588520131858600
Request Chain 972
  • https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID) HTTP 302
  • https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ7043280631636501034&uid=Q7043280631636501034&ref=%2Feucm%2Fp%2Fcc HTTP 302
  • https://px.owneriq.net/noop?ct=image%2Fgif
Request Chain 973
  • https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
Request Chain 977
  • https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fidsync.frontend.weborama.fr%2Fids%3Fkey%3Dpubmatic%26value%3D%23PM_USER_ID&gdpr=0 HTTP 302
  • https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=473A70B1-97BC-4D1F-B401-450179C13E19

1004 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/ 		121 KB
29 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.169.18.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-169-18-93.compute-1.amazonaws.com
Software
nginx/1.21.6 /
Resource Hash
59c27e82ed2313402709eb044ba09d8f1476118ba297a2f71548f5292529baab
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
content-encoding
gzip
content-length
29208
content-security-policy
upgrade-insecure-requests; default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https:
content-security-policy-report-only
default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://dailyvoice.report-uri.com/r/d/csp/reportOnly
content-type
text/html; charset=utf-8
date
Wed, 27 Apr 2022 06:40:53 GMT
referrer-policy
same-origin
server
nginx/1.21.6
vary
Accept-Encoding
via
1.1 varnish (Varnish/6.2)
x-content-type-options
nosniff
x-days-since-update
154
x-frame-options
SAMEORIGIN
x-storage
f1
x-varnish
912359558
public_grjvqj.css
daily-voice-res.cloudinary.com/raw/upload/v1650912245/dynamic/ 		514 KB
52 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://daily-voice-res.cloudinary.com/raw/upload/v1650912245/dynamic/public_grjvqj.css
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
f18ad917d75c5f23c8d72876d43e328d4f6ddaeb2f198ddfbb0fa103d8a7bf83
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:54 GMT
content-encoding
br
last-modified
Mon, 25 Apr 2022 18:44:06 GMT
server
Cloudinary
etag
W/"b6dbec2db5797eeed98441c3b4534982"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary
cache-control
public, no-transform, immutable, max-age=31557600
server-timing
fastly;dur=1;cpu=0;start=2022-04-27T06:40:54.848Z;desc=hit,rtt;dur=274
strict-transport-security
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
53591
js
maps.googleapis.com/maps/api/ 		162 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js?key=AIzaSyB5kIm2RDdQ85S5eYuUXQRbOxsNNQjFNkI&libraries=places
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
mafe /
Resource Hash
77bfd7289f3f787d708f0eaa70b730fd09ea31464eb83c8539a81c4dc4f5ced7
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:54 GMT
content-encoding
gzip
vary
Accept-Language
server
mafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
cross-origin-resource-policy
cross-origin
server-timing
gfet4t7; dur=25
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
54151
x-xss-protection
0
expires
Wed, 27 Apr 2022 07:10:54 GMT
cls.css
a.pub.network/core/pubfig/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://a.pub.network/core/pubfig/cls.css
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d510e16e6e569e573980fd67a55221795d539fd56688ecaca8d284255e86ee6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-goog-hash
crc32c=kjwd8A==, md5=KtQsmezne0blpCqFIHo3UA==
date
Wed, 27 Apr 2022 06:40:54 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
389
x-guploader-uploadid
ADPycdtuLM_N5jokmalL6sAqS_TOG_4SErOnVzeyNK6IVPQBw_RzpxumPQQkXgj5jX8qlNp6jkRKG2dLDg9L_AfCssZmjnxBdQ-C
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-type
text/css
last-modified
Tue, 11 May 2021 20:31:48 GMT
server
cloudflare
etag
W/"2ad42c99ece77b46e5a42a85207a3750"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g00wEvzl1woFsJw7cWKnVEbn2aQ89ZFBLaYl9cQ6ClVHcmWboDmA6ML2zIYTr%2FFXzy40ebHgbEvZLwp9GsSkedDm55HVcjjj46%2FRQKRcWgha9MWdkiy8LUQjc0LohnEeknck9%2B714wM7%2BJ4%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1620765108454625
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=3600
x-goog-stored-content-length
1752
cf-ray
702591c25a106903-FRA
expires
Wed, 27 Apr 2022 07:34:25 GMT
dv-logo.svg
daily-voice-res.cloudinary.com/image/upload/v1438259160/static/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://daily-voice-res.cloudinary.com/image/upload/v1438259160/static/dv-logo.svg
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
2d872ff0d2ad9d34546ccd9e2576ee43ebc6e11342e8f9933b83c4fc1caf7dfa
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:54 GMT
content-encoding
br
x-content-type-options
nosniff
content-disposition
attachment; filename="dv-logo.svg"
server-timing
fastly;dur=1;start=2022-04-27T06:40:54.848Z;desc=hit,rtt;dur=274
vary
Accept-Encoding
content-length
751
last-modified
Thu, 30 Jul 2015 12:26:01 GMT
server
Cloudinary
etag
W/"96d7864dd655a7e0ef941eb1ebb4f063"
strict-transport-security
max-age=604800
content-type
image/svg+xml
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control
public, no-transform, immutable, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
novc.png
daily-voice-res.cloudinary.com/image/upload/v1437498050/weather_icons/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://daily-voice-res.cloudinary.com/image/upload/v1437498050/weather_icons/novc.png
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
ea317dc06808b696968c801c9b00b3989d048069d229f97e7d156baabd6edb08
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:54 GMT
x-content-type-options
nosniff
last-modified
Sat, 22 Aug 2015 01:20:11 GMT
server
Cloudinary
etag
"5e99ce9ca54b1f013b0de214cab09839"
strict-transport-security
max-age=604800
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,X-Content-Type-Options
cache-control
public, no-transform, immutable, max-age=2592000
server-timing
fastly;dur=1;start=2022-04-27T06:40:54.848Z;desc=hit,rtt;dur=274
accept-ranges
bytes
timing-allow-origin
*
content-length
13199
14089122_10157339275450223_411407102106161454_n_wkfjn4.jpg
daily-voice-res.cloudinary.com/image/upload/c_fill,g_face,h_40,q_auto:eco,w_40/ 		668 B
764 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://daily-voice-res.cloudinary.com/image/upload/c_fill,g_face,h_40,q_auto:eco,w_40/14089122_10157339275450223_411407102106161454_n_wkfjn4.jpg
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
300f74eff2336007e7a5107935298fcefaf47213e41f01231de59a77ed965ab8
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:54 GMT
x-content-type-options
nosniff
last-modified
Sun, 06 Sep 2020 23:16:35 GMT
server
Cloudinary
etag
"5354f925720acd20a511dc096b82716f"
strict-transport-security
max-age=604800
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,X-Content-Type-Options
cache-control
public, no-transform, immutable, max-age=31557600
server-timing
fastly;dur=1;cpu=0;start=2022-04-27T06:40:54.848Z;desc=hit,rtt;dur=274
accept-ranges
bytes
timing-allow-origin
*
content-length
668
Screen_Shot_2020-12-22_at_11.22.15_AM_v8uvyz
daily-voice-res.cloudinary.com/image/upload/c_fill,dpr_1,f_auto,q_auto:eco,w_640/ 		57 KB
58 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://daily-voice-res.cloudinary.com/image/upload/c_fill,dpr_1,f_auto,q_auto:eco,w_640/Screen_Shot_2020-12-22_at_11.22.15_AM_v8uvyz
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
faec7bcab6bb94b28f5e13877fb5439f2a0e3b819558bd824b779c95ba9a37d3
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
x-content-type-options
nosniff
content-disposition
inline; filename="Screen_Shot_2020-12-22_at_11.22.webp"
server-timing
fastly;dur=468;cpu=0;start=2022-04-27T06:40:55.126Z;desc=miss,rtt;dur=274,cloudinary;dur=147;start=2022-04-27T06:40:55.263Z
vary
Accept,User-Agent
content-length
58756
last-modified
Thu, 03 Jun 2021 18:12:42 GMT
server
Cloudinary
etag
"4c44472ccadf6289b1c68de3aeb1c446"
strict-transport-security
max-age=604800
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control
private, no-transform, immutable, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
Dongzhang_Zheng_hzna9u.jpg
daily-voice-res.cloudinary.com/image/upload/ar_1:1,c_fill,dpr_1,f_auto,g_faces,q_auto:eco,w_80/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://daily-voice-res.cloudinary.com/image/upload/ar_1:1,c_fill,dpr_1,f_auto,g_faces,q_auto:eco,w_80/Dongzhang_Zheng_hzna9u.jpg
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
9fb842b8a368c68bed4d30c200070a8851ae7697ac2e5f59d381bae5850a46b1
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
x-content-type-options
nosniff
last-modified
Tue, 26 Apr 2022 20:00:04 GMT
server
Cloudinary
etag
"bad34b91550b338b8a7957bda5d98c04"
vary
Accept,User-Agent
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control
private, no-transform, immutable, max-age=31557600
server-timing
fastly;dur=390;cpu=0;start=2022-04-27T06:40:55.126Z;desc=miss,rtt;dur=274,cloudinary;dur=60;start=2022-04-27T06:40:55.277Z
strict-transport-security
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
2824
megan_eonrsl.jpg
daily-voice-res.cloudinary.com/image/upload/ar_1:1,c_fill,dpr_1,f_auto,g_faces,q_auto:eco,w_80/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://daily-voice-res.cloudinary.com/image/upload/ar_1:1,c_fill,dpr_1,f_auto,g_faces,q_auto:eco,w_80/megan_eonrsl.jpg
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
c68190b90f8c0ea70a1318124b25f5d336986cfc79fdbda01ba6e525280f4633
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
x-content-type-options
nosniff
content-disposition
inline; filename="megan_eonrsl.webp"
server-timing
fastly;dur=382;cpu=0;start=2022-04-27T06:40:55.126Z;desc=miss,rtt;dur=274,cloudinary;dur=54;start=2022-04-27T06:40:55.270Z
vary
Accept,User-Agent
content-length
8468
last-modified
Tue, 26 Apr 2022 20:00:04 GMT
server
Cloudinary
etag
"36540af91c42df79b499bae161a911f6"
strict-transport-security
max-age=604800
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control
private, no-transform, immutable, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
Screen_Shot_2021-11-30_at_3.56.06_PM_jjz2ux.jpg
daily-voice-res.cloudinary.com/image/upload/ar_1:1,c_fill,dpr_1,f_auto,g_faces,q_auto:eco,w_80/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://daily-voice-res.cloudinary.com/image/upload/ar_1:1,c_fill,dpr_1,f_auto,g_faces,q_auto:eco,w_80/Screen_Shot_2021-11-30_at_3.56.06_PM_jjz2ux.jpg
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
4b8e197f5712a6e8c11c449b5b1ce249629393eebf0452f77a9dc4869fac6cc2
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
x-content-type-options
nosniff
content-disposition
inline; filename="Screen_Shot_2021-11-30_at_3.56.06_PM_jjz2ux.webp"
server-timing
fastly;dur=423;cpu=0;start=2022-04-27T06:40:55.126Z;desc=miss,rtt;dur=274,cloudinary;dur=96;start=2022-04-27T06:40:55.268Z
vary
Accept,User-Agent
content-length
7646
last-modified
Tue, 30 Nov 2021 20:57:44 GMT
server
Cloudinary
etag
"b7959fe0425214742f5b75cc42c8ef7c"
strict-transport-security
max-age=604800
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control
private, no-transform, immutable, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
14089122_10157339275450223_411407102106161454_n_wkfjn4.jpg
daily-voice-res.cloudinary.com/image/upload/c_fill,g_face,h_40,w_40/ 		742 B
882 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://daily-voice-res.cloudinary.com/image/upload/c_fill,g_face,h_40,w_40/14089122_10157339275450223_411407102106161454_n_wkfjn4.jpg
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
e68d41b14c69a89181e12e6e73f48f80934e1339e1e0f5e321699d699328b810
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
x-content-type-options
nosniff
last-modified
Sun, 06 Sep 2020 23:16:35 GMT
server
Cloudinary
etag
"b35f211e1b20a41e12a01b6d61ccc4a5"
strict-transport-security
max-age=604800
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,X-Content-Type-Options
cache-control
public, no-transform, immutable, max-age=31557600
server-timing
fastly;dur=1;cpu=0;start=2022-04-27T06:40:55.126Z;desc=hit,rtt;dur=274
accept-ranges
bytes
timing-allow-origin
*
content-length
742
gauravdeep-singh-bansal-caC13DIDe9E-unsplash_xs43qz.jpg
daily-voice-res.cloudinary.com/image/upload/ar_1:1,c_fill,dpr_1,f_auto,g_faces,q_auto:eco,w_80/ 		868 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://daily-voice-res.cloudinary.com/image/upload/ar_1:1,c_fill,dpr_1,f_auto,g_faces,q_auto:eco,w_80/gauravdeep-singh-bansal-caC13DIDe9E-unsplash_xs43qz.jpg
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
e0aacbcd75f50159e9980ad15bb8c07672a3da851b9cc56f27267f67bfa3551d
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
x-content-type-options
nosniff
content-disposition
inline; filename="gauravdeep-singh-bansal-caC13DIDe9E-unsplash_xs43qz.webp"
server-timing
fastly;dur=381;cpu=0;start=2022-04-27T06:40:55.126Z;desc=miss,rtt;dur=274,cloudinary;dur=59;start=2022-04-27T06:40:55.266Z
vary
Accept,User-Agent
content-length
868
last-modified
Sat, 23 Apr 2022 20:00:14 GMT
server
Cloudinary
etag
"e08ad4a73ad93b1601126437253a0390"
strict-transport-security
max-age=604800
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control
private, no-transform, immutable, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
count-gdb10cb011_1920_cyiyxn.jpg
daily-voice-res.cloudinary.com/image/upload/ar_1:1,c_fill,dpr_1,f_auto,g_faces,q_auto:eco,w_80/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://daily-voice-res.cloudinary.com/image/upload/ar_1:1,c_fill,dpr_1,f_auto,g_faces,q_auto:eco,w_80/count-gdb10cb011_1920_cyiyxn.jpg
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
91977b0f9d0f87ecfd027fb262155f234c4f28a3da7672c3e0d029c02dc0e122
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
x-content-type-options
nosniff
content-disposition
inline; filename="count-gdb10cb011_1920_cyiyxn.webp"
server-timing
fastly;dur=1;cpu=0;start=2022-04-27T06:40:55.127Z;desc=hit,rtt;dur=274
vary
Accept,User-Agent
content-length
1422
last-modified
Tue, 15 Feb 2022 20:00:03 GMT
server
Cloudinary
etag
"8882ec5b1a926fb8c119a9070ae8f8d0"
strict-transport-security
max-age=604800
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control
private, no-transform, immutable, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
murray_odkquz.jpg
daily-voice-res.cloudinary.com/image/upload/ar_1:1,c_fill,dpr_1,f_auto,g_faces,q_auto:eco,w_80/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://daily-voice-res.cloudinary.com/image/upload/ar_1:1,c_fill,dpr_1,f_auto,g_faces,q_auto:eco,w_80/murray_odkquz.jpg
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
900b8cf7fd4b77591295bf24195fcc10f39a1c547a3adf383feed312c89a1c81
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
x-content-type-options
nosniff
content-disposition
inline; filename="murray_odkquz.webp"
server-timing
fastly;dur=1;cpu=0;start=2022-04-27T06:40:55.127Z;desc=hit,rtt;dur=274
vary
Accept,User-Agent
content-length
1214
last-modified
Fri, 22 Apr 2022 16:01:23 GMT
server
Cloudinary
etag
"253aba4a6a1f1b42ceff63567f82921e"
strict-transport-security
max-age=604800
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control
private, no-transform, immutable, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
common_hfg3f9.js
daily-voice-res.cloudinary.com/raw/upload/v1650912243/dynamic/ 		266 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://daily-voice-res.cloudinary.com/raw/upload/v1650912243/dynamic/common_hfg3f9.js
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
27b5f8b16836c70e7b6a64849706d30b3585305498281406a9102e67ae4947c7
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:54 GMT
content-encoding
br
last-modified
Mon, 25 Apr 2022 18:44:04 GMT
server
Cloudinary
etag
W/"9d0f78eb52926f7b150ec4df63ccb0a8"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary
cache-control
public, no-transform, immutable, max-age=31557600
server-timing
fastly;dur=1;cpu=0;start=2022-04-27T06:40:54.848Z;desc=hit,rtt;dur=274
strict-transport-security
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
79598
ccpa-liveramp.js
ccpa-wrapper.privacymanager.io/ccpa/ff42a9f2-125b-40bb-a362-3a504e7353c7/ 		24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ccpa-wrapper.privacymanager.io/ccpa/ff42a9f2-125b-40bb-a362-3a504e7353c7/ccpa-liveramp.js
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:ee00:3:f9b0:4040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2a30d597b887245f03e9b93c73beb736bb3ea5f96bd26b041540dfffa81246cb

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-amz-version-id
QAa0hwC4_BoqCTI31iX5Toe3fMhAfzrc
content-encoding
gzip
etag
W/"fe9eca399f8bba28d973a9c8f99e590c"
age
10075
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-disposition
attachment; filename="ccpa-liveramp.js"
last-modified
Tue, 08 Sep 2020 18:52:06 GMT
server
AmazonS3
date
Wed, 27 Apr 2022 04:32:06 GMT
vary
Accept-Encoding
content-type
text/javascript
via
1.1 c2b4a332b09677da722930ae336c8bfc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
BRHx2SDbgAQWDubHsIj9Q7YBbFwkRR3yQ5NBJD58Uer9K2nuo_aRVA==
grumi-ip.js
rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:3800:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e2d037a027cbc47a55a7c1f1851dbde0a699cdf08a727160789c252e48cf3492

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 04:17:29 GMT
content-encoding
br
last-modified
Sun, 06 Mar 2022 09:40:29 GMT
server
AmazonS3
age
8606
etag
W/"d1f1f33125a85f881446c489ff0d0894"
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
X.1d7It5OkYRkt.yDbrUMLFYq_1g4Wgj
via
1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control
public, max-age: 14400, stale-while-revalidate=14400, immutable
x-amz-cf-pop
FRA56-C1
content-type
application/javascript
x-amz-cf-id
5m4xk9Shfi8-tiWWVGsdCPVtxSxgsjBH-42TlzcwRaq2Dw6LCdWHOg==
a-00ex.min.js
b-code.liadm.com/ 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://b-code.liadm.com/a-00ex.min.js
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:a800:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
b99af1bb0d9ab5b7cc8b6e98f0070ff9ea21ccbd7c83656aaa845449c7b6491d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 17:02:07 GMT
via
1.1 92ab13182d4b89ed20b3b5c10adc4f22.cloudfront.net (CloudFront)
age
49127
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=86400
x-amz-cf-pop
FRA6-C1
content-encoding
gzip
x-amz-cf-id
pGGN-jPaiSletGZ0OSZjDNDY8uxqFU1mBF4VjerwXzplwE5XBHeHag==
public_ayfjr1.js
daily-voice-res.cloudinary.com/raw/upload/v1650912241/dynamic/ 		169 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://daily-voice-res.cloudinary.com/raw/upload/v1650912241/dynamic/public_ayfjr1.js
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
320cc0834b1ee423c53956a1f587fedc32bc909fc9ed55521cb918d567cf3065
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:54 GMT
content-encoding
br
last-modified
Mon, 25 Apr 2022 18:44:02 GMT
server
Cloudinary
etag
W/"e0e1cfedbcab5503e32a344e93e6f9bc"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary
cache-control
public, no-transform, immutable, max-age=31557600
server-timing
fastly;dur=1;start=2022-04-27T06:40:54.848Z;desc=hit,rtt;dur=274
strict-transport-security
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
49157
print_rfx3bk.css
daily-voice-res.cloudinary.com/raw/upload/v1650912244/dynamic/ 		46 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://daily-voice-res.cloudinary.com/raw/upload/v1650912244/dynamic/print_rfx3bk.css
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
7f0133854d49c393c55e25e41e53881a9d5a66c57966437aef896c1013643203
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
content-encoding
br
last-modified
Mon, 25 Apr 2022 18:44:05 GMT
server
Cloudinary
etag
W/"467406211ca049bcdd31a487e2108d33"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary
cache-control
public, no-transform, immutable, max-age=31557600
server-timing
fastly;dur=1;cpu=0;start=2022-04-27T06:40:55.127Z;desc=hit,rtt;dur=274
strict-transport-security
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
7360
pubfig.min.js
a.pub.network/dailyvoice-com/ 		118 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.pub.network/dailyvoice-com/pubfig.min.js
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aed88869f49a09c92a20bec456e4b03d0854d4c4293b621174031046585c974c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-goog-hash
crc32c=TDW6ag==, md5=AyotdoIFn0JqQjtH6sK2tw==
date
Wed, 27 Apr 2022 06:40:55 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
52964
x-guploader-uploadid
ADPycduAk4qLgwi64-jb8ACl3_Nb3ddOQ2E44eEOU-2Yz8CMJuA_FSeXpbU8Pia2Zypo7D4EnXfW4P_zQeL4eAZDtlSW7g
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
application/javascript
last-modified
Mon, 18 Apr 2022 15:17:30 GMT
server
cloudflare
etag
W/"032a2d7682059f426a423b47eac2b6b7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pJJ2D3EVUXPXy%2BxvQZTv6cep0FdJk7p7q%2Fd%2FfW4a3NXA%2F0OQPVeZydelPme9PAlkT%2FqgaP4JhkFlmDXbHnJ3ST0jRVNm3zK8T8ESxqgpzHyRMB05qqHnOMFGCDEVMsGCE%2FNz67SD%2BLIlx7A%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1650295050075308
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=1800
x-goog-stored-content-length
120888
cf-ray
702591cb99c26903-FRA
expires
Tue, 26 Apr 2022 15:59:11 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
1424
date
Wed, 27 Apr 2022 06:17:11 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 27 Apr 2022 08:17:11 GMT
gtm.js
www.googletagmanager.com/ 		106 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-T5CPN2G
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4c8162a2e137a756d51b6e40cd02a736efcd29dcb461fb48b4b31743b17efbaa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38577
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 27 Apr 2022 06:40:55 GMT
fbevents.js
connect.facebook.net/en_US/ 		99 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26311
x-xss-protection
0
pragma
public
x-fb-debug
S5fA6GZnKXdelCTeKcmXKYS0/+FEN1S8uK/arh3OmJ1vvzS1TW5qnWd0UQwsX6/8Gnn/axFBh0hPAWRXH70xjA==
x-fb-trip-id
686109401
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Wed, 27 Apr 2022 06:40:55 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
google-play.svg
res.cloudinary.com/daily-voice/image/upload/v1/static/ 		1 KB
749 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://res.cloudinary.com/daily-voice/image/upload/v1/static/google-play.svg
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1650912245/dynamic/public_grjvqj.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
9ee7d9f8e5d3c6dfa344ba2cd352da17acf8f5c6a8065349b094caf6a2a0ccfe
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://daily-voice-res.cloudinary.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
content-encoding
br
x-content-type-options
nosniff
content-disposition
attachment; filename="google-play.svg"
server-timing
fastly;dur=1;cpu=0;start=2022-04-27T06:40:55.768Z;desc=hit,rtt;dur=274
vary
Accept-Encoding
content-length
509
last-modified
Tue, 19 Jun 2018 06:37:37 GMT
server
Cloudinary
etag
W/"9b649ad06a3e80861a7e5ca03dad06c9"
strict-transport-security
max-age=604800
content-type
image/svg+xml
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control
public, no-transform, immutable, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
apple-icon-white.svg
res.cloudinary.com/daily-voice/image/upload/v1/static/ 		1 KB
695 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://res.cloudinary.com/daily-voice/image/upload/v1/static/apple-icon-white.svg
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1650912245/dynamic/public_grjvqj.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
7383a0e8f344704002797c756d99471f2f51cc4604e05605ed2778cac4ff6662
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://daily-voice-res.cloudinary.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
content-encoding
br
x-content-type-options
nosniff
content-disposition
attachment; filename="apple-icon-white.svg"
server-timing
fastly;dur=1;cpu=0;start=2022-04-27T06:40:55.768Z;desc=hit,rtt;dur=274
vary
Accept-Encoding
content-length
570
last-modified
Tue, 19 Jun 2018 06:37:15 GMT
server
Cloudinary
etag
W/"344d0b445d6c0d5684ee5554e605d210"
strict-transport-security
max-age=604800
content-type
image/svg+xml
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control
public, no-transform, immutable, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
icons-10192016.woff2
daily-voice-res.cloudinary.com/raw/upload/v1438260550/static/fonts/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://daily-voice-res.cloudinary.com/raw/upload/v1438260550/static/fonts/icons-10192016.woff2
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1650912245/dynamic/public_grjvqj.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
3dcff22576afe55b8b9f2f2b9be42b5fe5b41e2c72b5f61c7441f84c64ed8815
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://daily-voice-res.cloudinary.com/raw/upload/v1650912245/dynamic/public_grjvqj.css
Origin
https://dailyvoice.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
last-modified
Wed, 19 Oct 2016 20:44:46 GMT
server
Cloudinary
etag
"8197f0b31d5a8349cb8c747eab001471"
strict-transport-security
max-age=604800
content-type
application/octet-stream
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing
cache-control
public, no-transform, immutable, max-age=31557600
content-disposition
attachment; filename="icons-10192016.woff2"
server-timing
fastly;dur=0;start=2022-04-27T06:40:56.322Z;desc=hit,rtt;dur=276
accept-ranges
bytes
timing-allow-origin
*
content-length
22392
gen_204
maps.googleapis.com/maps/api/mapsjs/ 		3 B
45 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyB5kIm2RDdQ85S5eYuUXQRbOxsNNQjFNkI&libraries=places
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://dailyvoice.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
vary
Origin, X-Origin, Referer
content-length
23
x-xss-protection
0
init
d.pub.network/v2/ 		36 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://d.pub.network/v2/init?siteId=1876&env=PROD
Requested by
Host: a.pub.network
URL: https://a.pub.network/dailyvoice-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.71.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
192.71.201.35.bc.googleusercontent.com
Software
/
Resource Hash
3376dca60a13acb10866799527b6127e3fa7a9ff6f194bbab9c63a2fd3481f48

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
content-encoding
gzip
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
content-type
application/json
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
collect
stats.g.doubleclick.net/j/ 		7 B
444 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-21621912-1&cid=2030874453.1651041656&jid=1520908686&gjid=1272100032&_gid=1748060043.1651041656&_u=YGBAgEABAAAAAE~&z=1105605537
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 27 Apr 2022 06:40:55 GMT
content-type
text/plain
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=1903727552&t=pageview&_s=1&dl=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&ul=en-us&de=UTF-8&dt=NY%20Doctor%20Claimed%20More%20Than%20%241%20Million%20In%20Fraudulent%20Tax%20Deductions%2C%20Feds%20Say%20%7C%20Orangetown%20Daily%20Voice&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEAB~&jid=1520908686&gjid=1272100032&cid=2030874453.1651041656&tid=UA-21621912-1&_gid=1748060043.1651041656&cd7=freestar&cd12=dv&cd10=820642&z=1909687560
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 26 Apr 2022 13:45:56 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
60899
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
1732630646777229
connect.facebook.net/signals/config/ 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1732630646777229?v=2.9.57&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b60030b1128df160435124336350a9c36b86e62b67e865b4290c1754ee0adc47
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection
0
pragma
public
x-fb-debug
nXxZ5OrkYGFvp8em5klJAcTS2PKdn4KU0ye4GF5+wJnMDZRhdlwq6vTvFpjzZhnaPeSRL5SkDnb/F9ZkF6tFKg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 27 Apr 2022 06:40:55 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts
1651041655943
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
beacon.js
sb.scorecardresearch.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.7.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-7-38.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 03:22:40 GMT
content-encoding
gzip
etag
W/"1827f116c73f319409b97f10b8a58ade"
last-modified
Fri, 26 Feb 2021 14:35:05 GMT
server
AmazonS3
age
11897
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
yS7K5cEw1D3NGZwF5ex9hLTYGEQowD7vke-QVtGDBE2sKBIRGYgY-A==
quant.js
secure.quantserve.com/ 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
content-encoding
gzip
etag
"u2JtyZzqnTXwzBUswy2r+w=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
expires
Wed, 04 May 2022 06:40:55 GMT
analytics-1.5.12.min.js
cdn.keywee.co/dist/
Redirect Chain
  • https://cdn.keywee.co/dist/analytics.min.js
  • https://cdn.keywee.co/dist/analytics-1.5.12.min.js
22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.keywee.co/dist/analytics-1.5.12.min.js
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Server
2600:9000:2057:5400:e:ec66:e40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d29d84e698eb10452f97d8a6f249b73496beb844cef58e920e3832bd321d64a2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Mon, 25 Apr 2022 04:09:13 GMT
content-encoding
gzip
last-modified
Mon, 28 Dec 2020 09:55:56 GMT
server
AmazonS3
age
181903
etag
W/"13a05c433850fad0455e2ee1a1707eb0"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 08bbe291f260c2b80a00874a80ade07c.cloudfront.net (CloudFront)
cache-control
max-age=259200,public
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
9a4E9vlbgWnQP0DkAEwPnQAHtrVrPeCYwthvgLc7LGCidvwqDRyJcw==

Redirect headers

date
Wed, 27 Apr 2022 06:39:49 GMT
via
1.1 08bbe291f260c2b80a00874a80ade07c.cloudfront.net (CloudFront)
server
AmazonS3
age
67
x-cache
Hit from cloudfront
location
/dist/analytics-1.5.12.min.js
x-amz-cf-pop
FRA6-C1
content-length
0
x-amz-cf-id
3JGvjI7Q6qRvGlDKdVoURgGHH2kD6YKH41-NFIuuj5vUx7nldaLQDQ==
ats.js
ats.rlcdn.com/ 		110 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ats.rlcdn.com/ats.js
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.7.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-7-73.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
07da28929f6d4cb8894de074ff1ae095860bf6686c7bb3024168c6c8e5e65ad8

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-amz-version-id
VE.TmwhV1._nzA5UkJnv.qeHE6SJ9zlu
content-encoding
gzip
etag
W/"d03ceb6300ba5d767156d2d186bfc621"
age
10362
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/ATSLibrary-prod:d9620690-a522-4865-bdcf-c40a5e58864a
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
229018ce14d22cf5d355aa4c24ac99ff
last-modified
Thu, 07 Apr 2022 09:05:05 GMT
server
AmazonS3
date
Wed, 27 Apr 2022 03:48:14 GMT
vary
Accept-Encoding
x-amz-meta-codebuild-content-sha256
37cf43d799bffc4fdad3431bef2fdbc097a3382eab6b0735d08d25e96b4565dc
via
1.1 89c822bb1ce1445a7be6d1057088cfbe.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=86400
x-amz-cf-pop
FRA6-C1
content-type
application/x-javascript
x-amz-cf-id
Nz5d3c7E_108xg0z7Gs8PcPGxKo3hCWuG4zKi8_WgUzbEGbPgr99Ow==
gpt.js
www.googletagservices.com/tag/js/ 		84 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7156b45752a71503d0c62be49c8108aa203626ae44dd1c8addd658881f848f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28718
x-xss-protection
0
server
sffe
etag
"1198 / 785 of 1000 / last-modified: 1651010823"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 27 Apr 2022 06:40:55 GMT
Prebid6.5.0_20211230.js
daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/ 		304 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
d577257aee17f276c14925a8ad6bc548c586bfb77941e04cec1b12d3f22179f4
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
content-encoding
br
last-modified
Fri, 31 Dec 2021 01:49:30 GMT
server
Cloudinary
etag
W/"3759f59ecd9a9b0611136f176cd4c0c1"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary
cache-control
public, no-transform, immutable, max-age=31557600
server-timing
fastly;dur=0;start=2022-04-27T06:40:55.904Z;desc=hit,rtt;dur=274
strict-transport-security
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
85244
ccpa.bundle.js
ccpa.privacymanager.io/1/ 		131 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ccpa.privacymanager.io/1/ccpa.bundle.js
Requested by
Host: ccpa-wrapper.privacymanager.io
URL: https://ccpa-wrapper.privacymanager.io/ccpa/ff42a9f2-125b-40bb-a362-3a504e7353c7/ccpa-liveramp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:f200:9:dc53:cc00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a6175d081940061cb96a2e8c9c90887b6f603361fe584bb053761581a36cb908

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-amz-version-id
S55.q4LHTQasxIIGmk7UfPvyt9yqJHGy
content-encoding
gzip
etag
W/"7f5aef4d639402ac1025ddfa0b62c5d8"
age
6207
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/CCPALibrary-prod:a6c91178-f8bd-4f06-8ae8-e76e8e3a3629
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
cb289bc810fc195ae8814bb681f582bb
last-modified
Tue, 16 Nov 2021 19:24:49 GMT
server
AmazonS3
date
Wed, 27 Apr 2022 04:58:23 GMT
vary
Accept-Encoding
x-amz-meta-codebuild-content-sha256
74033cf5ad3c6b4675a2f160d9899f764650cd888b96172f921de07f527a8f56
via
1.1 2f0580a0593ad9d3fb82aee9226d8178.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
content-type
application/x-javascript
x-amz-cf-id
z4enzTF0nvnv5wrOTlN8lbWP7TsP2nuNxqr9cYbnWqW4Qe0rtgnPhw==
grumi.js
rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/ 		396 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:3800:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8516f3bacba504d2453300a736341c9414df397c954ff91af67a5f013d427e01

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:29:52 GMT
content-encoding
br
last-modified
Wed, 27 Apr 2022 04:54:23 GMT
server
AmazonS3
age
664
etag
W/"57938d65da62154855cce311969c8bcb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
cObTKsYjixhVnwv_BH1tmaOp_Df79_eF
via
1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control
public,max-age=1800,stale-while-revalidate=3600,immutable,must-revalidate
x-amz-cf-pop
FRA56-C1
content-type
text/javascript
x-amz-cf-id
GKhKQeRCOwqIVFf2GZ18Gdnl7dyipN5Vt8OavrRDSOQZvIBxQNyk2Q==
sync-container.js
b-code.liadm.com/ 		6 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://b-code.liadm.com/sync-container.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:a800:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
58a07739b05fec4d319e4d5c6b1fa4ac79e2a625e08ab3f303929b77fde5bdf4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-amz-version-id
CQKQeFXs_ero.dSxGj8yyrCkT6TzPcRS
via
1.1 92ab13182d4b89ed20b3b5c10adc4f22.cloudfront.net (CloudFront)
etag
"ae5e94de938b0387eda6df8f20da811a"
last-modified
Wed, 02 Jun 2021 16:15:01 GMT
server
AmazonS3
age
1407475
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
application/javascript
date
Sun, 10 Apr 2022 23:43:01 GMT
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
content-length
5904
x-amz-cf-id
iqShVhe77-jwioM9_K2hxuLyB87vn0sKyy96f-r1DxS5Brz_0cLsZg==
ga-audiences
www.google.com/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-21621912-1&cid=2030874453.1651041656&jid=1520908686&_u=YGBAgEABAAAAAE~&z=2104132590
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.co.uk/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-21621912-1&cid=2030874453.1651041656&jid=1520908686&_u=YGBAgEABAAAAAE~&z=2104132590
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=20236510&ns__t=1651041655815&ns_c=UTF-8&cv=3.5&c8=NY%20Doctor%20Claimed%20More%20Than%20%241%20Million%20In%20Fraudulent%20Tax%20Deductions%2C%20Feds%20Sa...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=20236510&ns__t=1651041655815&ns_c=UTF-8&cv=3.5&c8=NY%20Doctor%20Claimed%20More%20Than%20%241%20Million%20In%20Fraudulent%20Tax%20Deductions%2C%20Feds%20S...
0
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=20236510&ns__t=1651041655815&ns_c=UTF-8&cv=3.5&c8=NY%20Doctor%20Claimed%20More%20Than%20%241%20Million%20In%20Fraudulent%20Tax%20Deductions%2C%20Feds%20Say%20%7C%20Orangetown%20Daily%20Voice&c7=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&c9=
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Server
99.86.7.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-7-38.fra6.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
via
1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
WLV7AZ9PCtTm0y3ZgV7e4WVEJxllbGauFeldEdyg1IvCWnd2xh0yEQ==
x-cache
Miss from cloudfront

Redirect headers

location
/b2?c1=2&c2=20236510&ns__t=1651041655815&ns_c=UTF-8&cv=3.5&c8=NY%20Doctor%20Claimed%20More%20Than%20%241%20Million%20In%20Fraudulent%20Tax%20Deductions%2C%20Feds%20Say%20%7C%20Orangetown%20Daily%20Voice&c7=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&c9=
date
Wed, 27 Apr 2022 06:40:55 GMT
via
1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
content-length
0
x-amz-cf-id
GsbYSBxp9FhZRCuuZGlR0-emQil4v75NQEXtdQ9mURfMIH0iG429Hw==
x-cache
Miss from cloudfront
rules-p-Ce0yyn5JGuMFX.js
rules.quantcount.com/ 		2 B
353 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-Ce0yyn5JGuMFX.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:5200:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:19:22 GMT
via
1.1 9570c3a1725c20e6faed117bbb74223a.cloudfront.net (CloudFront)
server
AmazonS3
age
1292
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
cross-origin-resource-policy
cross-origin
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA56-C1
content-length
2
x-amz-cf-id
rRubpbBO24ifyCT_Yah4Q7uAIkqh-_WxvsW4aOqhX-Qz1JHPzA-j4A==
ad_status.js
static.doubleclick.net/instream/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://static.doubleclick.net/instream/ad_status.js
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1650912241/dynamic/public_ayfjr1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:38:11 GMT
x-content-type-options
nosniff
age
164
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29
x-xss-protection
0
last-modified
Thu, 12 Dec 2013 23:40:16 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 27 Apr 2022 06:53:11 GMT
support_icon.svg
res.cloudinary.com/daily-voice/image/upload/v1/static/ 		1 KB
790 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://res.cloudinary.com/daily-voice/image/upload/v1/static/support_icon.svg
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1650912245/dynamic/public_grjvqj.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
e877b423181eec5220876224daff0a9a5b521976e91a2f6f2a783526e880011f
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://daily-voice-res.cloudinary.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
content-encoding
br
x-content-type-options
nosniff
content-disposition
attachment; filename="group-3-copy-4.svg"
server-timing
fastly;dur=1;cpu=0;start=2022-04-27T06:40:55.968Z;desc=hit,rtt;dur=274
vary
Accept-Encoding
content-length
568
last-modified
Tue, 14 Jul 2020 09:58:07 GMT
server
Cloudinary
etag
W/"19732d7290bbc3ffe8e3f0177347a5ba"
strict-transport-security
max-age=604800
content-type
image/svg+xml
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control
public, no-transform, immutable, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
load.js
s.ntv.io/serve/ 		394 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.ntv.io/serve/load.js
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1650912241/dynamic/public_ayfjr1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.237.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-237-64.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
a0b374cb5be30cf745d18c8403fcf6d68c68720a8b72f6205960a38231056bc3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:40:55 GMT
Content-Encoding
gzip
x-amz-request-id
PAQEGJY2FF24QQWZ
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
Connection
keep-alive, Transfer-Encoding
x-amz-id-2
DP+QHwjKgfl9ur43zyuKLY9iNh+2xIn9Wdi6z00oyNeMStTbMxV3iITQ61xPp0nWUm5IlV2ne7k=
Last-Modified
Tue, 12 Apr 2022 15:30:17 GMT
Server
AmazonS3
ETag
"aa068ae425ad39385b7557af7408b5ba"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=3600
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
/
geo.privacymanager.io/ 		30 B
593 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://geo.privacymanager.io/
Requested by
Host: ats.rlcdn.com
URL: https://ats.rlcdn.com/ats.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.202.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-50.fra53.r.cloudfront.net
Software
/
Resource Hash
e257df7266563e157bb7df93fd09c6d13afb1c9554468b21c7378e09a94d3250

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 14:33:48 GMT
via
1.1 2ef0748a2a8fca13fd6065b6b046c33c.cloudfront.net (CloudFront), 1.1 c90147ea5199ff7ce77981c8da4247c4.cloudfront.net (CloudFront)
age
58027
x-amzn-requestid
66fb4147-6faf-42e2-ac62-7afbe836bff3
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-626802cc-0e9bc6ac4ae3b4252de2bdfb;Sampled=0
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA6-C1, FRA53-C1
x-amz-apigw-id
RMVf8FifjoEFrbg=
content-length
30
x-amz-cf-id
uhOzaTndGqZkiaDFIc8cS-zyjeGYHzdVANukA-UcG5IgALq7E7SYpQ==
access-control-allow-headers
Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
pubfig.engine.4.25.0.9384edf0e05467b8fcc058bd038d3ff50171db2479e2.js
a.pub.network/core/pubfig/ 		325 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.pub.network/core/pubfig/pubfig.engine.4.25.0.9384edf0e05467b8fcc058bd038d3ff50171db2479e2.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
78da514c9f16a47d8e2374012619445409c56fd4da464e9cbd7b581cbf809b08

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-goog-hash
crc32c=eaAmeQ==, md5=uqkd784+dh9bFq38ORsvMA==
date
Wed, 27 Apr 2022 06:40:55 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
54408
x-guploader-uploadid
ADPycdsr9Ahi1NnCxpCe8IIU5p2HQlf3gVEqWxC0cwqNQChLz_oE6eDZhyX0RmbrEmvr8YgvbACiqJ1jf6rIQNKVxkkAaK1ZRMF9
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-type
application/javascript
access-control-allow-origin
*
last-modified
Thu, 14 Apr 2022 20:41:55 GMT
server
cloudflare
etag
W/"baa91defce3e761f5b16adfc391b2f30"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UW9Gej%2BDogeglEpGnNvHPetEmawvLqtSI6PUoBQXDqTIf3eSLxhvJ9ezFGLq0MzZzRnwaKf49y7PXUG%2Ff82JlSN8ulHu8fUSzif96G5PUyMXzo6rK4vfKYdYn2zjldfOV4uor65uQXVWcpQ%3D"}],"group":"cf-nel","max_age":604800}
content-language
en
x-goog-generation
1649968915458077
access-control-expose-headers
*
cache-control
public, max-age=3600
x-goog-stored-content-length
332978
cf-ray
702591cd3c6a6903-FRA
expires
Tue, 26 Apr 2022 16:34:06 GMT
pubads_impl_2022042101.js
securepubads.g.doubleclick.net/gpt/ 		362 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
sffe /
Resource Hash
baa7346a51ac22b01b0f63ef8be8a7b0946a67fbe68ccf2c8a783a769bad8870
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:27:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
820
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
126124
x-xss-protection
0
last-modified
Thu, 21 Apr 2022 08:41:17 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 27 Apr 2023 06:27:15 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		204 B
759 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=dailyvoice.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
c3c1f8b592f2fcde68d5eed834f7999cac05bc34e2a8651bd05e05c64e793e1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 27 Apr 2022 06:40:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
123
x-xss-protection
0
expires
Wed, 27 Apr 2022 06:40:55 GMT
865.js
cdn.keywee.co/config/ 		208 B
547 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.keywee.co/config/865.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:5400:e:ec66:e40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9d8136095fa1dfbdb9c5465f58f704e70ef92f05a49177c027d4a66dfcc777ca

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
via
1.1 08bbe291f260c2b80a00874a80ade07c.cloudfront.net (CloudFront)
last-modified
Tue, 23 Apr 2019 15:32:27 GMT
server
AmazonS3
age
6959
etag
"c290dcd80b5975b746da517ea43f5714"
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400
x-amz-cf-pop
FRA6-C1
content-length
208
x-amz-cf-id
mJFLQvQdocFqPOVY_xIGHwERaXS-E7hobPjH3lpywLWMEv6hUUaquw==
j
rp4.liadm.com/
Redirect Chain
  • https://rp.liadm.com/j?dtstmp=1651041655924&aid=a-00ex&se=e30&duid=6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw&tna=v2.3.0&pu=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-cla...
  • https://rp4.liadm.com/j?dtstmp=1651041655924&aid=a-00ex&se=e30&duid=6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw&tna=v2.3.0&pu=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-cl...
47 B
586 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rp4.liadm.com/j?dtstmp=1651041655924&aid=a-00ex&se=e30&duid=6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw&tna=v2.3.0&pu=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&wpn=lc-bundle&c=PHRpdGxlPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5IHwgT3JhbmdldG93biBEYWlseSBWb2ljZTwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IkEgTmV3IFlvcmsgZG9jdG9yIGhhcyBhZG1pdHRlZCB0byB0YXggZXZhc2lvbiBhZnRlciBmZWRlcmFsIGF1dGhvcml0aWVzIHNheSBoZSBjbGFpbWVkIG1vcmUgdGhhbiAkMSBtaWxsaW9uIGluIGZyYXVkdWxlbnQgdGF4IGRlZHVjdGlvbnMuTG9uZyBJc2xhbmQgcmVzaWRlbnQgSm9yZGFuIFN1ZGJlcmcgcGxlYWRlZCBndWlsdHkgb24gVHVlc2RheSwgTm92LiAyMyB0byB0YXggZXZhc2lvbiBmb3IgdGhlIGNhbGVuZGFy4oCmIj48bGluayByZWw9ImNhbm9uaWNhbCIgaHJlZj0iaHR0cHM6Ly9kYWlseXZvaWNlLmNvbS9uZXcteW9yay9vcmFuZ2V0b3duL25ld3MvbnktZG9jdG9yLWNsYWltZWQtbW9yZS10aGFuLTEtbWlsbGlvbi1pbi1mcmF1ZHVsZW50LXRheC1kZWR1Y3Rpb25zLWZlZHMtc2F5LzgyMDY0Mi8iPjxoMSBjbGFzcz0iZS1hcnRpY2xlLXRpdGxlIiBqcy1hcnRpY2xlLXRpdGxlPSIiPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5PC9oMT4&i6=MmEwMjo2ZWEwOmM3MWI6MDoxMDEyOmZmMDY6Mjg0MDoxZGJk&n3pc=true
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Server
44.194.206.200 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-194-206-200.compute-1.amazonaws.com
Software
/
Resource Hash
5c691bfbaca0ce68d48828de40ed11ca48cebbb214d7883a74faf4e3c0cdd93f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
x-pixel-event-id
1854b2ff-8d83-4d01-8f16-3fb8c14b4b46
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies
master-only
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
null
x-xss-protection
1; mode=block
vary
Origin
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
trace-id
c11f6f0f47bcc92c
request-time
0
content-length
47
x-content-type-options
nosniff

Redirect headers

date
Wed, 27 Apr 2022 06:40:56 GMT
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies
master-only
location
https://rp4.liadm.com/j?dtstmp=1651041655924&aid=a-00ex&se=e30&duid=6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw&tna=v2.3.0&pu=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&wpn=lc-bundle&c=PHRpdGxlPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5IHwgT3JhbmdldG93biBEYWlseSBWb2ljZTwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IkEgTmV3IFlvcmsgZG9jdG9yIGhhcyBhZG1pdHRlZCB0byB0YXggZXZhc2lvbiBhZnRlciBmZWRlcmFsIGF1dGhvcml0aWVzIHNheSBoZSBjbGFpbWVkIG1vcmUgdGhhbiAkMSBtaWxsaW9uIGluIGZyYXVkdWxlbnQgdGF4IGRlZHVjdGlvbnMuTG9uZyBJc2xhbmQgcmVzaWRlbnQgSm9yZGFuIFN1ZGJlcmcgcGxlYWRlZCBndWlsdHkgb24gVHVlc2RheSwgTm92LiAyMyB0byB0YXggZXZhc2lvbiBmb3IgdGhlIGNhbGVuZGFy4oCmIj48bGluayByZWw9ImNhbm9uaWNhbCIgaHJlZj0iaHR0cHM6Ly9kYWlseXZvaWNlLmNvbS9uZXcteW9yay9vcmFuZ2V0b3duL25ld3MvbnktZG9jdG9yLWNsYWltZWQtbW9yZS10aGFuLTEtbWlsbGlvbi1pbi1mcmF1ZHVsZW50LXRheC1kZWR1Y3Rpb25zLWZlZHMtc2F5LzgyMDY0Mi8iPjxoMSBjbGFzcz0iZS1hcnRpY2xlLXRpdGxlIiBqcy1hcnRpY2xlLXRpdGxlPSIiPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5PC9oMT4&i6=MmEwMjo2ZWEwOmM3MWI6MDoxMDEyOmZmMDY6Mjg0MDoxZGJk&n3pc=true
x-frame-options
DENY
access-control-allow-origin
https://dailyvoice.com
x-xss-protection
1; mode=block
vary
Origin
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
trace-id
b5ffc2084a5ff50e
request-time
0
content-length
0
x-content-type-options
nosniff
/
geo.privacymanager.io/ 		30 B
593 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://geo.privacymanager.io/
Requested by
Host: ccpa.privacymanager.io
URL: https://ccpa.privacymanager.io/1/ccpa.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.202.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-50.fra53.r.cloudfront.net
Software
/
Resource Hash
e257df7266563e157bb7df93fd09c6d13afb1c9554468b21c7378e09a94d3250

Request headers

Accept
application/json
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 26 Apr 2022 14:33:48 GMT
via
1.1 2ef0748a2a8fca13fd6065b6b046c33c.cloudfront.net (CloudFront), 1.1 c90147ea5199ff7ce77981c8da4247c4.cloudfront.net (CloudFront)
age
58028
x-amzn-requestid
66fb4147-6faf-42e2-ac62-7afbe836bff3
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-626802cc-0e9bc6ac4ae3b4252de2bdfb;Sampled=0
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA6-C1, FRA53-C1
x-amz-apigw-id
RMVf8FifjoEFrbg=
content-length
30
x-amz-cf-id
mPojkahG64D1bDUBf3SsRu0jVLfes9TOnJzVVSCthXwfh71UotVFEw==
access-control-allow-headers
Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
/
geo.privacymanager.io/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://geo.privacymanager.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.202.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-50.fra53.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://dailyvoice.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Wed, 27 Apr 2022 06:40:55 GMT
via
1.1 055d899361491602a9ef1eb0cdc5e336.cloudfront.net (CloudFront), 1.1 c90147ea5199ff7ce77981c8da4247c4.cloudfront.net (CloudFront)
x-amz-apigw-id
ROjKxGcJDoEFnFw=
x-amz-cf-id
MlJ0TmAxvZcICePcqJJ5IwP7znXf7Wv17OfY-kc-3Ry3IgSZLlhLAw==
x-amz-cf-pop
FRA50-C1 FRA53-C1
x-amzn-requestid
560b3ce8-6203-4727-be99-ef4d80632bd6
x-cache
Miss from cloudfront
pandg-sdk.js
pghub.io/js/ 		14 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pghub.io/js/pandg-sdk.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.25.0.9384edf0e05467b8fcc058bd038d3ff50171db2479e2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
217.45.241.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
cb260fbfa3add6553864bf1c8dd753a45d7a1504b159c8aa6cbec89f9223a89d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 05:55:05 GMT
content-encoding
gzip
age
2751
x-guploader-uploadid
ADPycdssiUQmLhoxXKxNH2KJPaF0WoXI_7M0hISCG-_yMBEK2kiR_ZLnF-ZXkxXte5wtgXiClrnuD2Ptiev6NuIyOKIDg7uyEc7V
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3690
last-modified
Tue, 05 Apr 2022 17:08:24 GMT
server
UploadServer
etag
"1f39af8c4109e6a95d6895228aab0692"
vary
Accept-Encoding
x-goog-hash
crc32c=eS3F7w==, md5=HzmvjEEJ5qldaJUiiqsGkg==
x-goog-generation
1649178504809914
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin
cache-control
public,max-age=3600
x-goog-stored-content-length
3690
accept-ranges
bytes
content-type
application/javascript
tag
btloader.com/
Redirect Chain
  • https://freestar-io.videoplayerhub.com/gallery.js
  • https://btloader.com/tag?h=freestar-io&upapi=true
205 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://btloader.com/tag?h=freestar-io&upapi=true
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Server
2606:4700:20::681a:78b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f0d19e7d56aa281565beef26a0f1c99a292b9246f806ce2e6f76dca3e3f35ec1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1787
content-length
38093
last-modified
Wed, 27 Apr 2022 06:11:09 GMT
server
cloudflare
etag
"14618d39e6934dc198c6b3ee9e94722e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QRBiY7XZlLQ0fDY6MQslP9X9nx89%2FQqM106FK18Xe3yS0tnJjw8HbjlFdA%2B8RCqiMUz4EuhjI0eY3v0M%2F78diKbrDvtjuFnJAo%2BymzSEg%2BuEdJjnQHbtE4sLcDv%2BCnx2ZcD35xtFb07z6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
via
1.1 google
cache-control
public, max-age=300, must-revalidate, no-transform
accept-ranges
bytes
cf-ray
702591ce98936977-FRA

Redirect headers

date
Wed, 27 Apr 2022 06:40:56 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HYsSq6qA6EBb8eBftI3GiP9xrQXeiU0Q7opZoNUTe02K9jwsjuzJHC5MTNDKYy%2BvEmg4z%2FffjZ0%2B85WViip9GaDlUUArOdbpCOtx6ZxrgkrQStmNOIFAJtR3bVIKRe%2Fubjrp%2BoZNkL8i3HQzSfHr1tbmnb%2FNytlwNKhjUg%3D%3D"}],"group":"cf-nel","max_age":604800}
location
https://btloader.com/tag?h=freestar-io&upapi=true
cache-control
max-age=3600
cf-ray
702591ce1f2d9237-FRA
expires
Wed, 27 Apr 2022 07:40:56 GMT
184310-82987131453484.js
js-sec.indexww.com/ht/p/ 		0
453 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/ht/p/184310-82987131453484.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.25.0.9384edf0e05467b8fcc058bd038d3ff50171db2479e2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:40:56 GMT
Content-Encoding
gzip
Last-Modified
Wed, 27 Apr 2022 05:46:39 GMT
Server
Apache
ETag
"da32ea-0-5dd9c5552f7a6"
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=487
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/javascript
Content-Length
20
Expires
Wed, 27 Apr 2022 06:49:03 GMT
prebid-analytics-5.20.4.1.js
a.pub.network/core/ 		501 KB
143 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5aef37c7abe75530fac92a34f337cd7f558956e9800f5b0e05094fb83e963be6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-goog-hash
crc32c=nVgvkg==, md5=5nTDrv99g3t6RfM7pUYl1g==
date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
54408
x-guploader-uploadid
ADPycdsO2HS5yg2GeXE3Pjr5SGsU0jhhUQ7elm6YhwFdsaGbAzhXHW2iW0tLwmb1KD6BcGUTIgyPDZ3PtxS7kDnNe5cdyg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
content-type
text/html
last-modified
Thu, 07 Apr 2022 15:31:56 GMT
server
cloudflare
etag
W/"e674c3aeff7d837b7a45f33ba54625d6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x1nyfrkuk0jZbtS95dyjTNrgxKAw42NsDTe4lOSytNHxPE0nD7jan7UNyZJUTUAF6kXXP1RkdHZajZwG2ZLxAcPX9W3mZd3Y6vrjZvoo28fn7I8MLHnMj91cTOR%2FsKETucHYKCeApt7P1cc%3D"}],"group":"cf-nel","max_age":604800}
content-language
en
access-control-allow-origin
*
x-goog-generation
1649345516571407
access-control-expose-headers
*
cache-control
private, max-age=86400
x-goog-stored-content-length
512965
cf-ray
702591cdfdbb6903-FRA
expires
Wed, 26 Apr 2023 15:34:07 GMT
sp-2.9.1.js
cdn.keywee.co/dist/ 		75 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.keywee.co/dist/sp-2.9.1.js
Requested by
Host: cdn.keywee.co
URL: https://cdn.keywee.co/dist/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:5400:e:ec66:e40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8ae5b95f24ba3bf0fa5b9b21ffca4ef8a683558ae0a4985abf835f7b71ad0579

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 01:15:37 GMT
content-encoding
gzip
last-modified
Sun, 14 Oct 2018 12:37:03 GMT
server
AmazonS3
age
8486720
etag
W/"e0e6c30dc2f18c8cee12448a4cbb07eb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
via
1.1 08bbe291f260c2b80a00874a80ade07c.cloudfront.net (CloudFront)
cache-control
max-age=315360000
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
WXP0aG2zhSnnZeVuGty01ixEJLRiNg01trQd58gyyvNNyHn0gTmGnw==
1143148579201165
connect.facebook.net/signals/config/ 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1143148579201165?v=2.9.57&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b516f1c44bec0eb8ef8dd858d01e1b684f8353b7f6839a85bb9b16e9a5d49930
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection
0
pragma
public
x-fb-debug
oojYajHcFQG8pRMDMzqzrOUnhSuM220D42gfn7kgiVgwjYJXDOS+D788vSRxv/ELiF17N0QLEfRGMSplw7IKLg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 27 Apr 2022 06:40:56 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts
1651041656069
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
297 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1732630646777229&ev=PageView&dl=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&rl=&if=false&ts=1651041656019&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1651041656018.1904096205&it=1651041655741&coo=false&exp=p1&rqm=GET
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Wed, 27 Apr 2022 06:40:56 GMT
t
jadserve.postrelease.com/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jadserve.postrelease.com/t?ntv_url=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&ntv_mvi
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.227.185.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-227-185-17.compute-1.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
0f84771bafa571f25475772cc485457c61d8cc6ef83f4496c7426c796ce892af

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
server
nginx/1.12.1
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
text/javascript;charset=UTF-8
content-length
1193
expires
Mon, 1 Jan 1990 12:00:00 GMT
apstag.js
c.amazon-adsystem.com/aax2/ 		135 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.25.0.9384edf0e05467b8fcc058bd038d3ff50171db2479e2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-173.fra56.r.cloudfront.net
Software
Server /
Resource Hash
1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-amz-version-id
STlSjRvyyTgJyl_raxUeHIFBn6F5DqB3
content-encoding
gzip
etag
4abd427e43cd6822329a2c05539e321f
age
865
x-cache
Hit from cloudfront
server
Server
x-amz-rid
1MEY8SD311R0Y8AEWCFN
date
Wed, 27 Apr 2022 06:26:32 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 4162b603e4967e54c2386fa354705d6e.cloudfront.net (CloudFront)
cache-control
public, max-age=900
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
MUblEXrR6KY1EVRsGwgpRda6tMvq0iKzkNtxRFSyCSNWXkAJSc2kig==
records
dau-prod.launch.liveramp.com/kinesis/streams/daily-active-users-prod/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://dau-prod.launch.liveramp.com/kinesis/streams/daily-active-users-prod/records
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.7.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-7-66.fra6.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://dailyvoice.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods
GET,OPTIONS,POST
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Wed, 27 Apr 2022 06:40:56 GMT
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
x-amz-apigw-id
ROjK1FrVIAMF5ww=
x-amz-cf-id
yCL3u1D6s8u1ACwu3KpCc8ljwcHiyuOGZKQGhbP2C6vkCkrraKl6cA==
x-amz-cf-pop
FRA6-C1
x-amzn-requestid
1269bd0a-a906-44d1-b833-2d1bedd4f938
x-cache
Miss from cloudfront
records
dau-prod.launch.liveramp.com/kinesis/streams/daily-active-users-prod/ 		110 B
468 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://dau-prod.launch.liveramp.com/kinesis/streams/daily-active-users-prod/records
Requested by
Host: ccpa.privacymanager.io
URL: https://ccpa.privacymanager.io/1/ccpa.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.7.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-7-66.fra6.r.cloudfront.net
Software
/
Resource Hash
1c21ccd362b8f14a77565f498d83db5ae20bdb9938c91189768bbd6e299326e4

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amzn-requestid
7f27dbbe-37ea-40ab-a60a-e32ae6c9319a
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-6268e578-348f904a3190d3e804545d7b
x-amz-apigw-id
ROjK4EczIAMFoPA=
content-length
110
x-amz-cf-id
ceYcjlixpNQ8W7NXl5t1AS04oMqunsY8EJoiJdzgLqvDXOEYkCrFAg==
pixel;r=1633907051;rf=0;a=p-Ce0yyn5JGuMFX;url=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F;u...
pixel.quantserve.com/ 		35 B
372 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=1633907051;rf=0;a=p-Ce0yyn5JGuMFX;url=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F;uht=2;fpan=1;fpa=P0-965710457-1651041655908;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;us_privacy=1---;ref=;d=dailyvoice.com;je=0;sr=1600x1200x24;dst=0;et=1651041655908;tzo=0;ogl=url.https%3A%2F%2Fdailyvoice%252Ecom%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-mi%2Ctype.article%2Ctitle.NY%20Doctor%20Claimed%20More%20Than%20%241%20Million%20In%20Fraudulent%20Tax%20Deductions%252C%20Feds%20Say%2Cdescription.A%20New%20York%20doctor%20has%20admitted%20to%20tax%20evasion%20after%20federal%20authorities%20say%20he%20c%2Csite_name.Orangetown%20Daily%20Voice%2Cimage.https%3A%2F%2Fdaily-voice-res%252Ecloudinary%252Ecom%2Fimage%2Fupload%2Fc_limit%252Ce_sharpen%252Cq_auto%3Aeco
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
liveView.php
live.primis.tech/live/ 		44 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/live/liveView.php?s=106981&cbuster=1651041656&pubUrl=https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/&x=700&y=476&playerApiId=freestarPrimisPlayer&schain=1.0,1!freestar.com,864,1
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
7f4ccb6451f5796f0d140b7ecb587a14c9af6f234259d056a45f61f4373ddfe4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:55 GMT
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
server
nginx
age
0
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
no-store
x-amz-cf-pop
FRA6-C1
content-type
text/javascript; charset=utf-8
x-amz-cf-id
_YQYjnxAE2aMO02TXmxhM-jCzphWAAz0hu3RnLKfqjvkLAFIhrmBzA==
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type
image/svg+xml
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a9694120174744413194708f0170a00&cmd=bid&req=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&secure=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
5ad06a354ad401211a519d32b2d156b88a0ac240b0b96dfe5c706d54c087e84e

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
server
ATS/9.1.0.46
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
291 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a9698b40175759a19619dee240d0031&cmd=bid&req=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&secure=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
12299fde61e7f4c818100b910418e854e256d46c042b795447fb556ff44c6dab

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
server
ATS/9.1.0.46
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
content-length
62
fastlane.json
fastlane.rubiconproject.com/a/api/ 		686 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=2002856&size_id=2&alt_size_ids=55%2C221&rp_schain=1.0,1!freestar.com,864,1,,,&eid_pubcid.org=dce9db50-4dac-44ae-a4f1-659cb8a71eae%5E1&rf=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&tg_i.name=dailyvoice-com&tg_i.domain=dailyvoice.com&tg_i.cat=IAB12&tg_i.sectioncat=IAB12&tg_i.pagecat=IAB12&tg_i.page=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&tg_i.fs_ad_product=stickyFooter&tg_i.dfp_ad_unit_code=15184186%2C33043040%2Fdailyvoice_adhesion&tg_i.pbadslot=15184186%2C33043040%2Fdailyvoice_adhesion%2Fdailyvoice_adhesion&tk_flint=pbjs_lite_v5.20.4&x_source.tid=13d91d3b-3328-45e7-b5e2-53d7ad91ee50&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.262395869750943
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
5c11a0bd7f6d0da58ce9caac28f6ba0687f3285f575a69d8d6bb1aee8f67853f

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:56 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://dailyvoice.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
686
Expires
Wed, 17 Sep 1975 21:32:10 GMT
arj
freestar-d.openx.net/w/1.0/ 		73 B
378 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=13d91d3b-3328-45e7-b5e2-53d7ad91ee50&nocache=1651041656159&scsm=www.freestar.com%3A379&pubcid=f43b9d98-f955-406f-8f40-a6342cf7d32b&schain=1.0%2C1!freestar.com%2C864%2C1%2C%2C%2C&aus=1x1%2C728x90%2C970x90&divids=dailyvoice_adhesion&aucs=%252F15184186%252C33043040%252Fdailyvoice_adhesion%252Fdailyvoice_adhesion&auid=539181725
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
8ad957070bc5539c98cf10849dbdf10a2dbe0f216f836cb1084167d68796ce7b

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://dailyvoice.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
115 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:54 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
/
hb.emxdgt.com/ 		0
158 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=1200&ts=1651041656162&src=pbjs
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.0.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-0-245.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
auction
c.deployads.com/openrtb2/ 		19 KB
20 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.deployads.com/openrtb2/auction?src=prebid_prebid_5.20.4&host=dailyvoice.com
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.224.74 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-224-74.eu-west-1.compute.amazonaws.com
Software
SortableCactus/1.0 /
Resource Hash
d331ee57bddede9f3bf8953f1a8e9f5f51efa005e0149011c61c8d512f798594

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
server
SortableCactus/1.0
content-type
application/json
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
19909
v1
btlr.sharethrough.com/universal/ 		0
113 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
auction
tlx.3lift.com/header/ 		19 B
506 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=5.20.4&referrer=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&tmax=1200
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.156.14.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-14-215.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
accept-ch
sec-ch-width,sec-ch-ect,user-agent,sec-ch-downlink,sec-ch-ua-mobile,sec-ch-save-data,sec-ch-device-memory,sec-ch-dpr,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-viewport-width,sec-ch-ua-platform,sec-ch-viewport-height,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua,sec-ch-ua-bitness,sec-ch-prefers-color-scheme
content-type
application/json; charset=utf-8
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
hbjson
grid.bidswitch.net/ 		24 B
365 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://grid.bidswitch.net/hbjson
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.211.165.199 North Charleston, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS
199.165.211.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
f7cecedaaf4ae3489bf9ae2bc4a7ea12cb7e89d05598153a89b644745d004aa7

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 27 Apr 2022 06:40:56 GMT
Content-Encoding
gzip
Server
nginx
Content-Type
application/json
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
49
bid
ap.lijit.com/rtb/ 		94 B
744 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.20.4
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
585844c418b0381b3de661eb546493fb87463c2333bddb5ca36ead0aafc583e4

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 27 Apr 2022 06:40:56 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://dailyvoice.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap7ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
98
prebid
prebid.media.net/rtb/ 		1 KB
873 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUJ8GUQF
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
d1ab5f49d9228ed3ab50e673c384b3027165790b0195dcc9a66e843cfd5fc926

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
prebid
ads.yieldmo.com/exchange/ 		0
224 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/exchange/prebid?pbav=5.20.4&p=%5B%7B%22placement_id%22%3A%22dailyvoice_adhesion%22%2C%22callback_id%22%3A%22315923da9918f8e%22%2C%22sizes%22%3A%5B%5B1%2C1%5D%2C%5B728%2C90%5D%2C%5B970%2C90%5D%5D%2C%22ym_placement_id%22%3A%222662464007037722661%22%2C%22gpid%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_adhesion%2Fdailyvoice_adhesion%22%7D%5D&page_url=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&bust=1651041656170&pr=&scrd=1&dnt=false&description=A%20New%20York%20doctor%20has%20admitted%20to%20tax%20evasion%20after%20federal%20authorities%20say%20he%20claimed%20more%20than%20%241%20million%20in%20fraudulent%20tax%20deductions.Long%20Island%20resident%20Jordan%20Sudberg%20pleaded%20guilty%20on%20Tuesday%2C%20Nov.%2023%20to%20tax%20evasion%20for%20the%20calendar%E2%80%A6&title=NY%20Doctor%20Claimed%20More%20Than%20%241%20Million%20In%20Fraudulent%20Tax%20Deductions%2C%20Feds%20Say%20%7C%20Orangetown%20Daily%20Voice&w=1600&h=1200&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=&pubcid=dce9db50-4dac-44ae-a4f1-659cb8a71eae&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%22864%22%2C%22hp%22%3A1%7D%5D%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22dce9db50-4dac-44ae-a4f1-659cb8a71eae%22%2C%22atype%22%3A1%7D%5D%7D%5D
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.200.109.242 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-200-109-242.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
x-robots-tag
none,NOINDEX,NOFOLLOW
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
cygnus
htlb.casalemedia.com/ 		37 B
331 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=640422&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2232a3a1312e245f7%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F%22%2C%22name%22%3A%22dailyvoice-com%22%2C%22domain%22%3A%22dailyvoice.com%22%2C%22cat%22%3A%5B%22IAB12%22%5D%2C%22sectioncat%22%3A%5B%22IAB12%22%5D%2C%22pagecat%22%3A%5B%22IAB12%22%5D%2C%22ref%22%3A%22%22%2C%22content%22%3A%7B%22data%22%3A%5B%7B%22name%22%3A%22www.freestar.com%22%2C%22ext%22%3A%7B%22taxonomyname%22%3A%22iab_content_taxonomy%22%7D%2C%22segment%22%3A%5B%7B%22id%22%3A%22379%22%7D%5D%7D%5D%7D%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%225.20.4%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2233b16f1497db049%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A1%2C%22h%22%3A1%2C%22ext%22%3A%7B%22siteID%22%3A%22640422%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_adhesion%22%2C%22sid%22%3A%221x1%22%7D%7D%2C%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22640422%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_adhesion%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22640422%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_adhesion%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_adhesion%22%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%22864%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-32-59-34.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c1cb884cdeed5a135dd9c243e60c613830ddf720e61621a2ccce249436bf3ad3

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[138.199.38.133], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://dailyvoice.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
37
x-ak-client-geo
12
expires
Wed, 27 Apr 2022 06:40:56 GMT
prebid
ib.adnxs.com/ut/v3/ 		13 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4dc60f217a4619abae70e8b6c2cb9b6faf9bd32d5e7b01f552292ed08d792f6b
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 27 Apr 2022 06:40:56 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
be695b77-bd09-4d41-ba96-df2a606e8f88
Server
nginx/1.21.3
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://dailyvoice.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
fslogo-green.svg
a.pub.network/core/imgs/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.pub.network/core/imgs/fslogo-green.svg
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ecc20ed3c5dedbe5bbe73d1e7b14270c65a85f7d0ec4c94c4f0c9f0071e471a2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-goog-hash
crc32c=Jh+rSg==, md5=Mm1svZd2V+EgW9YW0fL6yg==
date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
366
x-guploader-uploadid
ADPycdt0VHAA0OBPqEVDtn1nxxZyWz8nFcVHptPBiVEc6l9TAjmZUgolzn9QPC-uBBFZTloGDxbfnHQHZFWGelQhjpy5Qxjjow1d
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-type
image/svg+xml
last-modified
Tue, 08 Sep 2020 17:04:37 GMT
server
cloudflare
etag
W/"326d6cbd977657e1205bd616d1f2faca"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UMcxK%2FZuYPEi4NiJ5By%2F93Lt0faNg%2FLSWAz92Mv9uUHnsaAtm2Ir3AakNysLSzXKiLXIyTCGB%2F%2BZ8MsNXBqiGnjaGbX9IgKDZTRaBeduNJ8UPKtOsHk%2BSBAnEDZm0K3sQIKhlb%2FFjjvD1Cc%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1599584677716817
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=3600
x-goog-stored-content-length
1193
cf-ray
702591cf1fee6903-FRA
expires
Wed, 27 Apr 2022 07:34:50 GMT
i
pixel.keywee.co/ 		43 B
295 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.keywee.co/i?stm=1651041656202&e=pv&url=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&page=NY%20Doctor%20Claimed%20More%20Than%20%241%20Million%20In%20Fraudulent%20Tax%20Deductions%2C%20Feds%20Say%20%7C%20Orangetown%20Daily%20Voice&tv=js-2.9.1&tna=cf&aid=865&p=web&tz=UTC&lang=en-US&cs=UTF-8&f_pdf=1&f_qt=0&f_realp=0&f_wma=0&f_dir=0&f_fla=0&f_java=0&f_gears=0&f_ag=0&res=1600x1200&cd=24&cookie=1&f_passive=1&f_wheel=wheel&eid=013790be-4fbd-4781-b4c1-4a41b612a5de&dtm=1651041656201&vp=1600x1200&ds=1600x3764&vid=1&sid=a800d15c-17e6-4e1e-89c5-44772fd0d41c&duid=4cab5a68-665a-4ee5-8c67-d1162cdb2bb8&fp=3056718821
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
23.21.79.77 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-21-79-77.compute-1.amazonaws.com
Software
nginx/1.21.3 /
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

status
200 OK
date
Wed, 27 Apr 2022 06:40:56 GMT
x-content-type-options
nosniff
server
nginx/1.21.3
content-type
image/gif
content-length
43
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1143148579201165&ev=KWCEPV&dl=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&rl=&if=false&ts=1651041656205&cd[noad30]=1&cd[noadcm]=1&cd[nokart]=0&cd[pvps]=1&cd[slensec]=0&cd[ar30d]=1&cd[arcm]=1&cd[kar30d]=0&cd[karcm]=0&cd[ts30d]=0&cd[tscm]=0&cd[kru]=0&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1651041656018.1904096205&it=1651041655741&coo=false&dpo=LDU&dpoco=0&dpost=0&tm=2&exp=p1&rqm=GET
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority
u=3,i
expires
Wed, 27 Apr 2022 06:40:56 GMT
/
www.facebook.com/tr/ 		44 B
91 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1143148579201165&ev=PageView&dl=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&rl=&if=false&ts=1651041656206&sw=1600&sh=1200&v=2.9.57&r=stable&ec=1&o=30&fbp=fb.1.1651041656018.1904096205&it=1651041655741&coo=false&dpo=LDU&dpoco=0&dpost=0&tm=1&exp=p1&rqm=GET
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority
u=3,i
expires
Wed, 27 Apr 2022 06:40:56 GMT
addthis_widget.js
s7.addthis.com/js/300/ 		353 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/js/300/addthis_widget.js
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1650912243/dynamic/common_hfg3f9.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-126.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
server
nginx/1.15.8
etag
W/"5f971164-5834c"
vary
Accept-Encoding
x-distribution
99
content-type
application/javascript
cache-control
public, max-age=600
date
Wed, 27 Apr 2022 06:40:56 GMT
x-host
s7.addthis.com
content-length
116389
DV_Cropped_Image_fsr6rf
daily-voice-res.cloudinary.com/image/upload/c_fill,h_80,q_auto:eco,w_80/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://daily-voice-res.cloudinary.com/image/upload/c_fill,h_80,q_auto:eco,w_80/DV_Cropped_Image_fsr6rf
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
297286161ace21782b6e45b0735d9deae64f5217e5859a7e7b7040a512dbc37b
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
x-content-type-options
nosniff
last-modified
Thu, 17 Mar 2022 20:00:08 GMT
server
Cloudinary
etag
"c335eb577df352f94d4cdf2ac6391d31"
strict-transport-security
max-age=604800
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,X-Content-Type-Options
cache-control
public, no-transform, immutable, max-age=31557600
server-timing
fastly;dur=1;cpu=0;start=2022-04-27T06:40:56.379Z;desc=hit,rtt;dur=274
accept-ranges
bytes
timing-allow-origin
*
content-length
1450
800px-Wegmans_in_Lancaster_PA_pyz3zv
daily-voice-res.cloudinary.com/image/upload/c_fill,h_80,q_auto:eco,w_80/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://daily-voice-res.cloudinary.com/image/upload/c_fill,h_80,q_auto:eco,w_80/800px-Wegmans_in_Lancaster_PA_pyz3zv
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
0db96ad8c255629a43abedbe219e2851dafa18a6b0e0d35c99b5384e7ac2abd2
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Apr 2022 20:01:21 GMT
server
Cloudinary
etag
"0623ba05ca96e6ba771dbf6b1c185ec4"
strict-transport-security
max-age=604800
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,X-Content-Type-Options
cache-control
public, no-transform, immutable, max-age=31557600
server-timing
fastly;dur=1;cpu=0;start=2022-04-27T06:40:56.380Z;desc=hit,rtt;dur=274
accept-ranges
bytes
timing-allow-origin
*
content-length
1635
Screenshot_2022-04-25_at_7.50.58_AM_frrdjv
daily-voice-res.cloudinary.com/image/upload/c_fill,h_80,q_auto:eco,w_80/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://daily-voice-res.cloudinary.com/image/upload/c_fill,h_80,q_auto:eco,w_80/Screenshot_2022-04-25_at_7.50.58_AM_frrdjv
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
693c1303fe6948a71ac932631114946859bcbde2da431e504f9dd7a9173332fc
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Apr 2022 12:00:22 GMT
server
Cloudinary
etag
"44f05f53af59d7d7f8e986d77f7bb7e1"
strict-transport-security
max-age=604800
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,X-Content-Type-Options
cache-control
public, no-transform, immutable, max-age=31557600
server-timing
fastly;dur=1;cpu=0;start=2022-04-27T06:40:56.380Z;desc=hit,rtt;dur=274
accept-ranges
bytes
timing-allow-origin
*
content-length
8621
config
c.amazon-adsystem.com/cdn/prod/ 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fdailyvoice.com&pubid=0ab198dd-b265-462a-ae36-74e163ad6159
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-173.fra56.r.cloudfront.net
Software
Server /
Resource Hash
649fc78f0d874b4e2e7cde4d0ee7255fe6c6a8ed2e909566752e4ac82d7abd03

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 01:27:45 GMT
via
1.1 4162b603e4967e54c2386fa354705d6e.cloudfront.net (CloudFront)
server
Server
age
18791
x-cache
Hit from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://dailyvoice.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-pop
FRA56-C1
content-length
1449
x-amz-cf-id
UmAB3cJV6Son1JkxHyhWJvYd1yIpTVR8Bp4fxx7ygoKrNCuBjtEhfQ==
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
492 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&pid=Ny5s1rHLkgSE3&cb=0&ws=1600x1200&v=7.75.0&t=1000&slots=%5B%7B%22sd%22%3A%22dailyvoice_adhesion%22%2C%22s%22%3A%5B%221x1%22%2C%22728x90%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_adhesion%22%7D%5D&schain=1.0%2C1!freestar.com%2C864%2C1%2C%2C%2C&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-173.fra56.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
via
1.1 4162b603e4967e54c2386fa354705d6e.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-C1
x-amz-rid
ZF5KZE40R4SGAZXM1KB8
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
23
x-amz-cf-id
L-TxPyEAFW4JVY5YGKaZ7YbrW6XVlMEXpNUN24SQdoUTVXtoi5vF3w==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-173.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-amz-version-id
khsXo6Z3HSo5bHNWbmb1eMp88IHhxPc.
content-encoding
gzip
etag
W/"a4d296427fc806b21335359e398c025c"
age
18790
x-cache
Hit from cloudfront
access-control-max-age
3000
access-control-allow-origin
*
last-modified
Thu, 17 Mar 2022 02:21:48 GMT
server
AmazonS3
date
Wed, 27 Apr 2022 01:27:47 GMT
vary
Origin
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 f58d1aa3b3b084adbea41c7523e2047e.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
R22mNBrWHLA0GQ5dIlQWykcG2Kr4FaS6ukric_bk2gZDpUlvydeiVA==
px.gif
ad-delivery.net/ 		43 B
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad-delivery.net/px.gif?ch=2
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
date
Wed, 27 Apr 2022 06:40:56 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1410645
x-guploader-uploadid
ADPycdvCK7q3Wdt7R9vKSQ60qF2eI0J1BOmfer-V5AEFV3TaCHpHa7CuGA3gUPG-l1aB3_JmybyzxFmidoOtVAbBRskLZJl5aQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
content-type
image/gif
content-length
43
last-modified
Wed, 05 May 2021 19:25:32 GMT
server
cloudflare
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=50pXgO%2BGYrAm43DCIqYLpiKwmP1pGtq7iF5OXQTP4MSZEoPR352vBqpoyd0cE6wBmjimcS5sEGfGBgiKSFbLbm9rx5ybWh9KqNBw7Dfglsaeu5HN0eHtWBnU%2B7y0WcIfm2%2FEgoBPuZLwl0q3gg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1620242732037093
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=86400
x-goog-stored-content-length
43
accept-ranges
bytes
cf-ray
702591cfc9f89010-FRA
expires
Sun, 10 Apr 2022 23:01:05 GMT
px.gif
ad-delivery.net/ 		43 B
942 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad-delivery.net/px.gif?ch=1&e=0.7916433072621214
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
date
Wed, 27 Apr 2022 06:40:56 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1410645
x-guploader-uploadid
ADPycdvCK7q3Wdt7R9vKSQ60qF2eI0J1BOmfer-V5AEFV3TaCHpHa7CuGA3gUPG-l1aB3_JmybyzxFmidoOtVAbBRskLZJl5aQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
content-type
image/gif
content-length
43
last-modified
Wed, 05 May 2021 19:25:32 GMT
server
cloudflare
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dX3xYGHJSjDHeu9OuOH2GRtsHK6cFbQjW6NWVHmP33%2FhyXmCi5RMPV%2BY3q7%2Ba7KJolhfxWW5NFUVgZzNmoo7OXlSJPVIcjyDzDNNNkrc6pub%2FMtRQbpPk4rsmKBZ%2F3a5E85n7MnrcMgR2sdDVw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1620242732037093
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=86400
x-goog-stored-content-length
43
accept-ranges
bytes
cf-ray
702591cfc9f99010-FRA
expires
Sun, 10 Apr 2022 23:01:05 GMT
liveView.php
live.primis.tech/live/ Frame 9001 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/live/liveView.php?s=106981&cbuster=1651041656&pubUrl=https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/&x=700&y=476&playerApiId=freestarPrimisPlayer&schain=1.0,1!freestar.com,864,1&cbuster=1651041656&pubUrlAuto=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=106981&cbuster=1651041656&pubUrl=https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/&x=700&y=476&playerApiId=freestarPrimisPlayer&schain=1.0,1!freestar.com,864,1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
d5348b4c8cd994e2139bc9a815a9afd2a8fea57feb64bd73c5f04ca9c13f9623

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:55 GMT
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
server
nginx
age
0
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
no-store
x-amz-cf-pop
FRA6-C1
content-type
text/javascript; charset=utf-8
x-amz-cf-id
yjSeUSFf1XPu8m1kJHZGtZr3IKzffzxM5mm-cNPMJpQD0RHFoSm1Bw==
pubcid.min.js
secure.cdn.fastclick.net/js/pubcid/latest/ 		53 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.210.112 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-206-210-112.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
last-modified
Tue, 01 Jun 2021 17:06:57 GMT
server
Apache
etag
"d398-5c3b75e9ebb41-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=900
accept-ranges
bytes
content-length
17087
expires
Wed, 27 Apr 2022 06:55:56 GMT
id5-api.js
cdn.id5-sync.com/api/1.0/ 		40 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.id5-sync.com/api/1.0/id5-api.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.105.202.126 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-cacheable
Matched cache
x-cdn-pop-ip
137.74.120.0/27
date
Wed, 27 Apr 2022 05:55:55 GMT
content-type
text/javascript;charset=utf-8
cache-control
max-age=3600
x-cdn-pop
sbg
content-disposition
attachment;filename="id5-api.js"
accept-ranges
bytes
content-length
11181
x-request-id
768967442
pv
api.btloader.com/ 		0
128 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.btloader.com/pv?tid=VZx06W78Kq&w=5670947827744768&o=5714937848528896&cv=2.0.6-2-g96db28a&r=false&vr=1600x1200&pageURL=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&upapi=true
Requested by
Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:40:56 GMT
cache-control
no-cache, no-store, must-revalidate
vary
Origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
iab_consent_sdk.v1.0.js
live.primis.tech/content/ClientDetections/ Frame 9001 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/content/ClientDetections/iab_consent_sdk.v1.0.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=106981&cbuster=1651041656&pubUrl=https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/&x=700&y=476&playerApiId=freestarPrimisPlayer&schain=1.0,1!freestar.com,864,1&cbuster=1651041656&pubUrlAuto=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
content-encoding
gzip
last-modified
Wed, 12 Feb 2020 15:01:36 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
etag
W/"5e441350-4be0"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
cache-control
max-age=31536000, public
x-amz-cf-id
zn9hWsNLe8A4sHpD7w7X7BZD7Wlea3Dq-YsRhmUooNTK6YPAR9O6Gw==
expires
Thu, 27 Apr 2023 06:40:55 GMT
DetectGDPR2.v1.1.js
live.primis.tech/content/ClientDetections/ Frame 9001 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/content/ClientDetections/DetectGDPR2.v1.1.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=106981&cbuster=1651041656&pubUrl=https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/&x=700&y=476&playerApiId=freestarPrimisPlayer&schain=1.0,1!freestar.com,864,1&cbuster=1651041656&pubUrlAuto=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
154212eb976f7df7c79f5844fcb356740bcb6c51edacb2e8515108e2d7effa67

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
content-encoding
gzip
last-modified
Thu, 11 Feb 2021 09:45:48 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
etag
W/"6024fccc-228f"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
cache-control
max-age=31536000, public
x-amz-cf-id
boLs8Yz23OvvVi8ZfrQAB1uZFDMi-zAOxOrONb_6deCEDYANnPnAsQ==
expires
Thu, 27 Apr 2023 06:40:55 GMT
DetectGDPR.v1.1.js
live.primis.tech/content/ClientDetections/ Frame 9001 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/content/ClientDetections/DetectGDPR.v1.1.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=106981&cbuster=1651041656&pubUrl=https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/&x=700&y=476&playerApiId=freestarPrimisPlayer&schain=1.0,1!freestar.com,864,1&cbuster=1651041656&pubUrlAuto=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
5bb08412d18881e3fc69fdb44226bfc6f66a77d45dfff3f10b98a100c09bc970

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
content-encoding
gzip
last-modified
Thu, 11 Feb 2021 09:45:48 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
etag
W/"6024fccc-1ef8"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
cache-control
max-age=31536000, public
x-amz-cf-id
FsU54nKAeUnyudKafPxareKXkE33Arg3qI427Ezt-nMuD-V-NgCPiw==
expires
Thu, 27 Apr 2023 06:40:55 GMT
hls.0.12.4_3.min.js
live.primis.tech/content/video/hls/ Frame 9001 		258 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=106981&cbuster=1651041656&pubUrl=https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/&x=700&y=476&playerApiId=freestarPrimisPlayer&schain=1.0,1!freestar.com,864,1&cbuster=1651041656&pubUrlAuto=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
a20010b26bce05ea3cfc83cf3a162b7c16b5d2fa2bcf2253b0394b0eb322347a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
content-encoding
gzip
last-modified
Wed, 23 Mar 2022 12:48:36 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
etag
W/"623b1724-409bc"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
cache-control
max-age=31536000, public
x-amz-cf-id
mjUO8-K2-GPkzGDwGlFuQDgb-6OniBEgqqb4ZWZItgEzmNpdUZPL3A==
expires
Thu, 27 Apr 2023 06:40:55 GMT
prebidVid.6.18.0_1.min.js
live.primis.tech/content/prebid/ Frame 9001 		468 KB
141 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/content/prebid/prebidVid.6.18.0_1.min.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=106981&cbuster=1651041656&pubUrl=https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/&x=700&y=476&playerApiId=freestarPrimisPlayer&schain=1.0,1!freestar.com,864,1&cbuster=1651041656&pubUrlAuto=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
12eb2bc0ae6531a7e14a1db935b87ab3cb19af9fc097ada63afb42d0c12a9cb2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
content-encoding
gzip
last-modified
Tue, 19 Apr 2022 12:16:36 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
etag
W/"625ea824-75130"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
cache-control
max-age=31536000, public
x-amz-cf-id
WfljOJdDJvtW3Ae_iFRmO6WH1kzoqofAR-Sa-jm2g3j71z3U5j0PtA==
expires
Thu, 27 Apr 2023 06:40:55 GMT
liveVideo.php
live.primis.tech/live/ Frame 9001 		639 KB
640 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30342D32375F30397D7B7331363237333138347D7B4335377D7B535A47467062486C3262326C6A5A53356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583730307D7B593437367D7B66317D7B7251554A5549433867596D6C6B6333647064474E6F494338674D53417649486470644768766458513D7D7B4C31303934347DFEFE&userIpAddr=2a02%3A6ea0%3Ac71b%3A0%3A1012%3Aff06%3A2840%3A1dbd&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F100.0.4896.127+Safari%2F537.36&debugInformation=ABT+%2F+bidswitch+%2F+1+%2F+without&isWePassGdpr=0&schain=1.0%2C1%21freestar.com%2C864%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=6268e57844f1e&debugInfo=16273184_ABT+%2F+bidswitch+%2F+1+%2F+without&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=16273184&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed28c9hxvurpzi&secondaryContent=&x=700&y=476&pubUrl=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=left&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=105&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.1188&geoLong=8.6843&vpTemplate=10944&flowMode=both&isRealPreroll=0&playerApiId=freestarPrimisPlayer&isApp=0&ccpa=0&ccpaConsent=&subId=dailyvoice.com
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=106981&cbuster=1651041656&pubUrl=https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/&x=700&y=476&playerApiId=freestarPrimisPlayer&schain=1.0,1!freestar.com,864,1&cbuster=1651041656&pubUrlAuto=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
ff80a1781c1875505c9093621a82a7701d8e40bbded69f5c10bda3013eb6fa6b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
Tzc1qNv02v7fgVruOUpIBXI3ufdJvhqayVTLLoq-lEdSujNnfyAdVg==
x-cache
Miss from cloudfront
content-type
text/html; charset=UTF-8
882.json
id5-sync.com/g/v2/ 		213 B
532 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/882.json
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
141.95.3.9 , France, ASN16276 (OVH, FR),
Reverse DNS
p32.id5-sync.com
Software
/
Resource Hash
076afb2bba2f1a7ba1afdc0baf4f3cca4e75cafb531532118e1aff120058c05f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://dailyvoice.com
Date
Wed, 27 Apr 2022 06:40:55 GMT
Access-Control-Allow-Credentials
true
Vary
Origin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Content-Type
application/json;charset=UTF-8
tag.min.js
get.s-onetag.com/21151f2e-6fc8-4e5d-881a-18a0f86778a8/ 		53 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://get.s-onetag.com/21151f2e-6fc8-4e5d-881a-18a0f86778a8/tag.min.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.68.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-68-105.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
921cc97818803e09579f28dd741626123534b998e325862eab059328de5f0105

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 07:36:21 GMT
content-encoding
gzip
last-modified
Tue, 05 Apr 2022 14:13:58 GMT
server
AmazonS3
age
83076
etag
W/"6db1b30af523328c6a8d3fe94ecc4aa3"
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
xDLvTVSPwPjdU07HDWoiybzHBuv22sye
via
1.1 fdd677a35b242f0199586a71e2f6859e.cloudfront.net (CloudFront)
cache-control
max-age=86400
x-amz-cf-pop
FRA56-C1
content-type
text/javascript
x-amz-cf-id
HJXsNemNnKdmUnZq4E-faqVVhJZ6gTHpiB8mE7hL5BKvWNO2jE4kUg==
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
491 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&pid=Ny5s1rHLkgSE3&cb=1&ws=1600x1200&v=7.75.0&t=1000&slots=%5B%7B%22sd%22%3A%22dailyvoice_leaderboard_atf_1%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_leaderboard_atf%22%7D%5D&schain=1.0%2C1!freestar.com%2C864%2C1%2C%2C%2C&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-173.fra56.r.cloudfront.net
Software
Server /
Resource Hash
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
via
1.1 4162b603e4967e54c2386fa354705d6e.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-C1
x-amz-rid
KYTCM75P8TA107VXVZ8E
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
23
x-amz-cf-id
LdfldcM6ZjBGrVd5-J3OsfH0CVorsv0vHO-Gvi-vAVBsgFuIL_Z-sg==
auction
tlx.3lift.com/header/ 		19 B
505 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=5.20.4&referrer=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&tmax=1200
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.156.14.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-14-215.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
accept-ch
sec-ch-viewport-height,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua,sec-ch-ua-bitness,sec-ch-prefers-color-scheme,sec-ch-width,sec-ch-ect,user-agent,sec-ch-downlink,sec-ch-ua-mobile,sec-ch-save-data,sec-ch-device-memory,sec-ch-dpr,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-viewport-width,sec-ch-ua-platform
content-type
application/json; charset=utf-8
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
auction
c.deployads.com/openrtb2/ 		19 KB
19 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.deployads.com/openrtb2/auction?src=prebid_prebid_5.20.4&host=dailyvoice.com
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.224.74 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-224-74.eu-west-1.compute.amazonaws.com
Software
SortableCactus/1.0 /
Resource Hash
2a84b8de0a98399eb164bf45b8a5af6b0d9ef50c1d8b6747e585f0ca48ee052b

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
server
SortableCactus/1.0
content-type
application/json
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
19299
bid
ap.lijit.com/rtb/ 		93 B
742 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.20.4
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
0095e54a146b2f4c601ba603521e3918e4e75726291d05e5a7d6e92f16b11a55

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 27 Apr 2022 06:40:56 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://dailyvoice.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap7ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
96
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a9694120174744413194708f0170a00&cmd=bid&req=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&secure=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
72e852ed343dfc6e04d15025c3be8f7d8a742d3acaacee8f335d718ac18c2063

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
server
ATS/9.1.0.46
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a969412017474441319470184320795&cmd=bid&req=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&secure=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
73db83bdb7e08a381b9c55c7d9bb0b6665856fcb42df8a0ab14a6e903b0abd5b

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
server
ATS/9.1.0.46
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a9698b40175759a19619dee240d0031&cmd=bid&req=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&secure=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
1ece651cbffa6a7e4d2dbb92ba362a89ad6e7a980b0c9b5a43da68b4062b72c1

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
server
ATS/9.1.0.46
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
content-length
62
/
hb.emxdgt.com/ 		0
157 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=1200&ts=1651041656353&src=pbjs
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.0.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-0-245.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
cygnus
htlb.casalemedia.com/ 		37 B
331 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=640422&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2256c3bfc8b20c21c%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F%22%2C%22name%22%3A%22dailyvoice-com%22%2C%22domain%22%3A%22dailyvoice.com%22%2C%22cat%22%3A%5B%22IAB12%22%5D%2C%22sectioncat%22%3A%5B%22IAB12%22%5D%2C%22pagecat%22%3A%5B%22IAB12%22%5D%2C%22ref%22%3A%22%22%2C%22content%22%3A%7B%22data%22%3A%5B%7B%22name%22%3A%22www.freestar.com%22%2C%22ext%22%3A%7B%22taxonomyname%22%3A%22iab_content_taxonomy%22%7D%2C%22segment%22%3A%5B%7B%22id%22%3A%22379%22%7D%5D%7D%5D%7D%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%225.20.4%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2257183c1d6fb45b8%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22640422%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_leaderboard_atf%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22640422%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_leaderboard_atf%22%2C%22sid%22%3A%22970x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22640422%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_leaderboard_atf%22%2C%22sid%22%3A%22970x250%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_leaderboard_atf%22%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%22864%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-32-59-34.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d3930b53bd72158e298e924a7585ea73a091f19d3a9294c6b12d23cbfcfc9319

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[138.199.38.133], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://dailyvoice.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
37
x-ak-client-geo
12
expires
Wed, 27 Apr 2022 06:40:56 GMT
translator
hbopenbid.pubmatic.com/ 		0
59 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
fastlane.json
fastlane.rubiconproject.com/a/api/ 		702 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=2002856&size_id=2&alt_size_ids=55%2C57&rp_schain=1.0,1!freestar.com,864,1,,,&eid_pubcid.org=dce9db50-4dac-44ae-a4f1-659cb8a71eae%5E1&rf=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&tg_i.name=dailyvoice-com&tg_i.domain=dailyvoice.com&tg_i.cat=IAB12&tg_i.sectioncat=IAB12&tg_i.pagecat=IAB12&tg_i.page=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&tg_i.fs_ad_product=banner&tg_i.dfp_ad_unit_code=15184186%2C33043040%2Fdailyvoice_leaderboard_atf&tg_i.pbadslot=15184186%2C33043040%2Fdailyvoice_leaderboard_atf%2Fdailyvoice_leaderboard_atf_1&tk_flint=pbjs_lite_v5.20.4&x_source.tid=a9afa5ae-608e-46cf-93c5-eec4c6c34281&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.1136180125951416
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
c2f33fcb598144487e211048ff19173f4aa9cd3531f06428367ce9f7883a4f15

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:56 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://dailyvoice.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
702
Expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
ads.yieldmo.com/exchange/ 		0
223 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/exchange/prebid?pbav=5.20.4&p=%5B%7B%22placement_id%22%3A%22dailyvoice_leaderboard_atf_1%22%2C%22callback_id%22%3A%22717f1538d5d2993%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%2C%5B970%2C90%5D%2C%5B970%2C250%5D%5D%2C%22ym_placement_id%22%3A%222662464007037722661%22%2C%22gpid%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_leaderboard_atf%2Fdailyvoice_leaderboard_atf_1%22%7D%5D&page_url=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&bust=1651041656360&pr=&scrd=1&dnt=false&description=A%20New%20York%20doctor%20has%20admitted%20to%20tax%20evasion%20after%20federal%20authorities%20say%20he%20claimed%20more%20than%20%241%20million%20in%20fraudulent%20tax%20deductions.Long%20Island%20resident%20Jordan%20Sudberg%20pleaded%20guilty%20on%20Tuesday%2C%20Nov.%2023%20to%20tax%20evasion%20for%20the%20calendar%E2%80%A6&title=NY%20Doctor%20Claimed%20More%20Than%20%241%20Million%20In%20Fraudulent%20Tax%20Deductions%2C%20Feds%20Say%20%7C%20Orangetown%20Daily%20Voice&w=1600&h=1200&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=&pubcid=dce9db50-4dac-44ae-a4f1-659cb8a71eae&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%22864%22%2C%22hp%22%3A1%7D%5D%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22dce9db50-4dac-44ae-a4f1-659cb8a71eae%22%2C%22atype%22%3A1%7D%5D%7D%5D
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.200.109.242 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-200-109-242.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
x-robots-tag
none,NOINDEX,NOFOLLOW
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
arj
freestar-d.openx.net/w/1.0/ 		73 B
101 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=a9afa5ae-608e-46cf-93c5-eec4c6c34281&nocache=1651041656360&scsm=www.freestar.com%3A379&pubcid=f43b9d98-f955-406f-8f40-a6342cf7d32b&schain=1.0%2C1!freestar.com%2C864%2C1%2C%2C%2C&aus=728x90%2C970x90%2C970x250&divids=dailyvoice_leaderboard_atf_1&aucs=%252F15184186%252C33043040%252Fdailyvoice_leaderboard_atf%252Fdailyvoice_leaderboard_atf_1&auid=539181725
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
bb74d4e30c15d92bc50119640af893ad2409af88dac09f6d59dcea529a81fdf6

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://dailyvoice.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		13 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
15dcaa495dc7f16f3bf7cf94dfd9ed6b5f5c670457e4643d6528e3d33a18c780
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 27 Apr 2022 06:40:56 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
ce5df60e-2321-400a-a0c6-c8304dac5aec
Server
nginx/1.21.3
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://dailyvoice.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
prebid
prebid.media.net/rtb/ 		1 KB
658 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUJ8GUQF
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
61044fc0d23ba36784d5967cea5f672a24bc4f24912cc3359136c9778a577407

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
hbjson
grid.bidswitch.net/ 		24 B
365 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://grid.bidswitch.net/hbjson
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.211.165.199 North Charleston, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS
199.165.211.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
be362e9725125d8db35fdef71f004f53f8cf70a87dcd14e689daa4c5029b61d1

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 27 Apr 2022 06:40:56 GMT
Content-Encoding
gzip
Server
nginx
Content-Type
application/json
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
49
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
490 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&pid=Ny5s1rHLkgSE3&cb=2&ws=1600x1200&v=7.75.0&t=1000&slots=%5B%7B%22sd%22%3A%22dailyvoice_mrec_atf_2%22%2C%22s%22%3A%5B%22300x250%22%2C%22120x600%22%2C%22160x600%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_mrec_atf%22%7D%5D&schain=1.0%2C1!freestar.com%2C864%2C1%2C%2C%2C&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-173.fra56.r.cloudfront.net
Software
Server /
Resource Hash
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
via
1.1 4162b603e4967e54c2386fa354705d6e.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-C1
x-amz-rid
W0YXTVZPRZ1D6G584CDX
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
23
x-amz-cf-id
ceXQlqtbSS3jh5foNY49L2U3IFDq-Y89zi2KijkPFt357mRl_up4-A==
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
491 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&pid=Ny5s1rHLkgSE3&cb=3&ws=1600x1200&v=7.75.0&t=1000&slots=%5B%7B%22sd%22%3A%22dailyvoice_mrec_btf_3%22%2C%22s%22%3A%5B%22300x250%22%2C%22120x600%22%2C%22160x600%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_mrec_btf%22%7D%5D&schain=1.0%2C1!freestar.com%2C864%2C1%2C%2C%2C&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-173.fra56.r.cloudfront.net
Software
Server /
Resource Hash
1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
via
1.1 4162b603e4967e54c2386fa354705d6e.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-C1
x-amz-rid
QM9KDN1EATBXHJRS2ZKV
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
23
x-amz-cf-id
NJdqI3pcHCQWk-i_SgRGZ3rShG72NrtsY5Ab9COGuBuVeE9fKdLKSQ==
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
490 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&pid=Ny5s1rHLkgSE3&cb=4&ws=1600x1200&v=7.75.0&t=1000&slots=%5B%7B%22sd%22%3A%22dailyvoice_mrec_btf_4%22%2C%22s%22%3A%5B%22300x250%22%2C%22120x600%22%2C%22160x600%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_mrec_btf%22%7D%5D&schain=1.0%2C1!freestar.com%2C864%2C1%2C%2C%2C&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-173.fra56.r.cloudfront.net
Software
Server /
Resource Hash
6139dddd3b6b6b847bccd476918dc8fb4f4f5a10908e5707c704f155e0918e84
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
via
1.1 4162b603e4967e54c2386fa354705d6e.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-C1
x-amz-rid
VM1751NQ415VNM0725MP
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
23
x-amz-cf-id
8sYIlsek4ynNb-1cT4bl56DsZZkCS8hkQtziZ5TXYU6Ybgsnt2ZT6Q==
j
rp4.liadm.com/
Redirect Chain
  • https://rp.liadm.com/j?dtstmp=1651041656429&aid=a-00ex&se=e30&duid=6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw&tna=v2.3.0&pu=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-cla...
  • https://rp4.liadm.com/j?dtstmp=1651041656429&aid=a-00ex&se=e30&duid=6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw&tna=v2.3.0&pu=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-cl...
47 B
585 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rp4.liadm.com/j?dtstmp=1651041656429&aid=a-00ex&se=e30&duid=6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw&tna=v2.3.0&pu=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&wpn=lc-bundle&c=PHRpdGxlPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5IHwgT3JhbmdldG93biBEYWlseSBWb2ljZTwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IkEgTmV3IFlvcmsgZG9jdG9yIGhhcyBhZG1pdHRlZCB0byB0YXggZXZhc2lvbiBhZnRlciBmZWRlcmFsIGF1dGhvcml0aWVzIHNheSBoZSBjbGFpbWVkIG1vcmUgdGhhbiAkMSBtaWxsaW9uIGluIGZyYXVkdWxlbnQgdGF4IGRlZHVjdGlvbnMuTG9uZyBJc2xhbmQgcmVzaWRlbnQgSm9yZGFuIFN1ZGJlcmcgcGxlYWRlZCBndWlsdHkgb24gVHVlc2RheSwgTm92LiAyMyB0byB0YXggZXZhc2lvbiBmb3IgdGhlIGNhbGVuZGFy4oCmIj48bGluayByZWw9ImNhbm9uaWNhbCIgaHJlZj0iaHR0cHM6Ly9kYWlseXZvaWNlLmNvbS9uZXcteW9yay9vcmFuZ2V0b3duL25ld3MvbnktZG9jdG9yLWNsYWltZWQtbW9yZS10aGFuLTEtbWlsbGlvbi1pbi1mcmF1ZHVsZW50LXRheC1kZWR1Y3Rpb25zLWZlZHMtc2F5LzgyMDY0Mi8iPjxoMSBjbGFzcz0iZS1hcnRpY2xlLXRpdGxlIiBqcy1hcnRpY2xlLXRpdGxlPSIiPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5PC9oMT4&i6=MmEwMjo2ZWEwOmM3MWI6MDoxMDEyOmZmMDY6Mjg0MDoxZGJk
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Server
44.194.206.200 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-194-206-200.compute-1.amazonaws.com
Software
/
Resource Hash
5c691bfbaca0ce68d48828de40ed11ca48cebbb214d7883a74faf4e3c0cdd93f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
x-pixel-event-id
1d027f47-0300-48e8-8073-0da240d39393
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies
master-only
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
null
x-xss-protection
1; mode=block
vary
Origin
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
trace-id
0483f3a94a31ba5c
request-time
0
content-length
47
x-content-type-options
nosniff

Redirect headers

date
Wed, 27 Apr 2022 06:40:56 GMT
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies
master-only
location
https://rp4.liadm.com/j?dtstmp=1651041656429&aid=a-00ex&se=e30&duid=6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw&tna=v2.3.0&pu=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&wpn=lc-bundle&c=PHRpdGxlPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5IHwgT3JhbmdldG93biBEYWlseSBWb2ljZTwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IkEgTmV3IFlvcmsgZG9jdG9yIGhhcyBhZG1pdHRlZCB0byB0YXggZXZhc2lvbiBhZnRlciBmZWRlcmFsIGF1dGhvcml0aWVzIHNheSBoZSBjbGFpbWVkIG1vcmUgdGhhbiAkMSBtaWxsaW9uIGluIGZyYXVkdWxlbnQgdGF4IGRlZHVjdGlvbnMuTG9uZyBJc2xhbmQgcmVzaWRlbnQgSm9yZGFuIFN1ZGJlcmcgcGxlYWRlZCBndWlsdHkgb24gVHVlc2RheSwgTm92LiAyMyB0byB0YXggZXZhc2lvbiBmb3IgdGhlIGNhbGVuZGFy4oCmIj48bGluayByZWw9ImNhbm9uaWNhbCIgaHJlZj0iaHR0cHM6Ly9kYWlseXZvaWNlLmNvbS9uZXcteW9yay9vcmFuZ2V0b3duL25ld3MvbnktZG9jdG9yLWNsYWltZWQtbW9yZS10aGFuLTEtbWlsbGlvbi1pbi1mcmF1ZHVsZW50LXRheC1kZWR1Y3Rpb25zLWZlZHMtc2F5LzgyMDY0Mi8iPjxoMSBjbGFzcz0iZS1hcnRpY2xlLXRpdGxlIiBqcy1hcnRpY2xlLXRpdGxlPSIiPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5PC9oMT4&i6=MmEwMjo2ZWEwOmM3MWI6MDoxMDEyOmZmMDY6Mjg0MDoxZGJk
x-frame-options
DENY
access-control-allow-origin
https://dailyvoice.com
x-xss-protection
1; mode=block
vary
Origin
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
trace-id
bca97423c2318852
request-time
0
content-length
0
x-content-type-options
nosniff
bid-request
a.teads.tv/hb/ 		16 B
247 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://a.teads.tv/hb/bid-request
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.232.7 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-232-7.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://dailyvoice.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
42
expires
Wed, 27 Apr 2022 06:40:56 GMT
bid
ap.lijit.com/rtb/ 		94 B
744 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.5.0
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
87da4a4debade20b4cacf0bae1509ad8a8f73e77f6c397b397a873f19fc5f021

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 27 Apr 2022 06:40:56 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://dailyvoice.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap7ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
98
prebid
prebid.media.net/rtb/ 		1 KB
616 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUR0N35X
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
93e96722ec4a84a6966275711a65c1f25cac57c3f3c4bd156dbfb26e9b1210d4

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
cygnus
htlb.casalemedia.com/ 		37 B
331 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=242765&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2234d2192aaef33df%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A6%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A6%2C%22ren%22%3Afalse%2C%22version%22%3A%226.5.0%22%2C%22userIds%22%3A%5B%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22357fd8c628bf873%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22242765%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22242765%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22242765%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2238a18c1d4a0960c%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22242768%22%2C%22dfp_ad_unit_code%22%3A%22%2F33043040%2Fbtf_rectangle%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22242768%22%2C%22dfp_ad_unit_code%22%3A%22%2F33043040%2Fbtf_rectangle%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F33043040%2Fbtf_rectangle%22%2C%22gpid%22%3A%22%2F33043040%2Fbtf_rectangle%22%7D%7D%2C%7B%22id%22%3A%2240214a229c0ba49%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22242766%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22242766%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%22421e2f8dfc4011%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22242768%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22242768%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2244abcd846dd34f6%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22242768%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22242768%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2246f602f0e362b2a%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22242765%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22242765%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%7D
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-32-59-34.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
1bab245024806397dc618d3885f6b8d19bf28d55dfec3d5df4a9266ce63f8603

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[138.199.38.133], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://dailyvoice.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
37
x-ak-client-geo
12
expires
Wed, 27 Apr 2022 06:40:56 GMT
xhr
pre.ads.justpremium.com/v/2.0/t/ 		52 B
255 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pre.ads.justpremium.com/v/2.0/t/xhr?i=1651041656457
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.86.25 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-86-25.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
52835a5de13027c91e4709a82eb02b19905042d852e9cbc148a5b57e44d3827b

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
cache-control
public, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-encoding
gzip
content-type
application/json
fastlane.json
fastlane.rubiconproject.com/a/api/ 		288 B
743 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17526&site_id=173454&zone_id=839168&size_id=2&alt_size_ids=55%2C57&p_pos=atf&rf=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&tg_i.pbadslot=dfp-ad-slot-1&tk_flint=pbjs_lite_v6.5.0&x_source.tid=ca948ede-0719-4a6d-bc42-287ef2d1c5da&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.07900680099663049
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
3048dc193a1dc9b41386eaff31ed0a6909ec7c9109674fce25bd59d775a1c080

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:56 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://dailyvoice.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
288
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		300 B
755 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17526&site_id=173454&zone_id=839174&size_id=15&alt_size_ids=10&p_pos=btf&rf=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&tg_i.pbadslot=%2F33043040%2Fbtf_rectangle&tk_flint=pbjs_lite_v6.5.0&x_source.tid=20085f46-54a1-427d-b6f5-b422dd616d07&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F33043040%2Fbtf_rectangle&slots=1&rand=0.24596059794948189
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
a5e0c8bd0458bdbc7313d1f28a901a9bca0be80c85f19073ddcb5b64b2da778c

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:56 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://dailyvoice.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
300
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		286 B
741 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17526&site_id=173454&zone_id=839170&size_id=15&alt_size_ids=10&p_pos=atf&rf=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&tg_i.pbadslot=dfp-ad-slot-6&tk_flint=pbjs_lite_v6.5.0&x_source.tid=c88a12fe-4f03-4247-84a0-efcfc5508217&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8994891403898662
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
1e34fc30bf2e34bada75d32fbf47eafc5a603d898ff7aaaddd405f150147742b

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:56 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://dailyvoice.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
286
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		286 B
741 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17526&site_id=173454&zone_id=839174&size_id=15&alt_size_ids=10&p_pos=btf&rf=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&tg_i.pbadslot=dfp-ad-slot-7&tk_flint=pbjs_lite_v6.5.0&x_source.tid=b554657f-e1b2-4e3b-b621-ceb77266b9fb&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.03952870642624107
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
50bbe6317c2bfabf7a41b037db24db1df8bba5781f9c9338d011adcbd1750f85

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:56 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://dailyvoice.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
286
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		286 B
741 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17526&site_id=173454&zone_id=839174&size_id=15&alt_size_ids=10&p_pos=btf&rf=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&tg_i.pbadslot=dfp-ad-slot-8&tk_flint=pbjs_lite_v6.5.0&x_source.tid=d851a080-530f-4e3d-981f-8f07c5899fb7&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.015628565266835537
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
64877dce73b97b31f263f6772a900097cf4f8ece93b9d494016af73514ff3f70

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:56 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://dailyvoice.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
286
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		286 B
741 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17526&site_id=173454&zone_id=839168&size_id=2&alt_size_ids=55&p_pos=btf&rf=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&tg_i.pbadslot=dfp-ad-slot-10&tk_flint=pbjs_lite_v6.5.0&x_source.tid=90f9c284-d5a4-47a9-a076-f503a8711308&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7402696253793557
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
65577c6e520bcca09ad7f2603844e41c9b7d609996b307585b0dee69b06b81ca

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:56 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://dailyvoice.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
286
Expires
Wed, 17 Sep 1975 21:32:10 GMT
adreq
ads.servenobid.com/ 		1000 B
753 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.servenobid.com/adreq?cb=7726
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.80.41.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-41-206.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e6d48b5955f17f3c211246d9d639b53924dde5186f62d93002558e57e974bec4

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
amp-access-control-allow-source-origin
*
vary
accept-encoding
content-type
application/json
access-control-allow-origin
https://dailyvoice.com
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
25
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ 		648 B
832 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:fa8:8806:13::1460 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
f329da22a54771557474b6516537b3314b710f8145cb5cef2522d344425d429b

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
server
nginx
content-type
application/json
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
648
expires
0
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
p
rp4.liadm.com/
Redirect Chain
  • https://rp.liadm.com/p?dtstmp=1651041656428&aid=a-00ex&tna=v2.3.0&pu=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions...
  • https://rp4.liadm.com/p?dtstmp=1651041656428&aid=a-00ex&tna=v2.3.0&pu=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deduction...
43 B
523 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rp4.liadm.com/p?dtstmp=1651041656428&aid=a-00ex&tna=v2.3.0&pu=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&ae=eyJtZXNzYWdlIjoie1wiYXBwSWRcIjpbXCJhLTAwZXhcIixudWxsXSxcIndyYXBwZXJOYW1lXCI6W1wibGMtYnVuZGxlXCIsXCJwcmViaWRcIl0sXCJjb2xsZWN0b3JVcmxcIjpbXCJodHRwczovL3JwLmxpYWRtLmNvbVwiLG51bGxdfSIsIm5hbWUiOiJMQ0R1cGxpY2F0aW9uIiwic3RhY2tUcmFjZSI6IkNvbmZpZ1NlbnQ6IEFkZGl0aW9uYWwgY29uZmlndXJhdGlvbiByZWNlaXZlZFxuICAgIGF0IGh0dHBzOi8vZGFpbHktdm9pY2UtcmVzLmNsb3VkaW5hcnkuY29tL3Jhdy91cGxvYWQvdjE2NDA5MTUyMjIvc3RhdGkuLi4ifQ&wpn=lc-bundle&c=PHRpdGxlPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5IHwgT3JhbmdldG93biBEYWlseSBWb2ljZTwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IkEgTmV3IFlvcmsgZG9jdG9yIGhhcyBhZG1pdHRlZCB0byB0YXggZXZhc2lvbiBhZnRlciBmZWRlcmFsIGF1dGhvcml0aWVzIHNheSBoZSBjbGFpbWVkIG1vcmUgdGhhbiAkMSBtaWxsaW9uIGluIGZyYXVkdWxlbnQgdGF4IGRlZHVjdGlvbnMuTG9uZyBJc2xhbmQgcmVzaWRlbnQgSm9yZGFuIFN1ZGJlcmcgcGxlYWRlZCBndWlsdHkgb24gVHVlc2RheSwgTm92LiAyMyB0byB0YXggZXZhc2lvbiBmb3IgdGhlIGNhbGVuZGFy4oCmIj48bGluayByZWw9ImNhbm9uaWNhbCIgaHJlZj0iaHR0cHM6Ly9kYWlseXZvaWNlLmNvbS9uZXcteW9yay9vcmFuZ2V0b3duL25ld3MvbnktZG9jdG9yLWNsYWltZWQtbW9yZS10aGFuLTEtbWlsbGlvbi1pbi1mcmF1ZHVsZW50LXRheC1kZWR1Y3Rpb25zLWZlZHMtc2F5LzgyMDY0Mi8iPjxoMSBjbGFzcz0iZS1hcnRpY2xlLXRpdGxlIiBqcy1hcnRpY2xlLXRpdGxlPSIiPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5PC9oMT4&i6=MmEwMjo2ZWEwOmM3MWI6MDoxMDEyOmZmMDY6Mjg0MDoxZGJk
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Server
44.194.206.200 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-194-206-200.compute-1.amazonaws.com
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
x-pixel-event-id
75f60425-241c-4590-9b05-74a12203dd85
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies
master-only
x-frame-options
DENY
content-type
image/gif
x-xss-protection
1; mode=block
vary
Origin
strict-transport-security
max-age=31536000; includeSubDomains
trace-id
b1da54d4920910ee
request-time
0
content-length
43
x-content-type-options
nosniff

Redirect headers

date
Wed, 27 Apr 2022 06:40:56 GMT
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies
master-only
x-frame-options
DENY
location
https://rp4.liadm.com/p?dtstmp=1651041656428&aid=a-00ex&tna=v2.3.0&pu=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&ae=eyJtZXNzYWdlIjoie1wiYXBwSWRcIjpbXCJhLTAwZXhcIixudWxsXSxcIndyYXBwZXJOYW1lXCI6W1wibGMtYnVuZGxlXCIsXCJwcmViaWRcIl0sXCJjb2xsZWN0b3JVcmxcIjpbXCJodHRwczovL3JwLmxpYWRtLmNvbVwiLG51bGxdfSIsIm5hbWUiOiJMQ0R1cGxpY2F0aW9uIiwic3RhY2tUcmFjZSI6IkNvbmZpZ1NlbnQ6IEFkZGl0aW9uYWwgY29uZmlndXJhdGlvbiByZWNlaXZlZFxuICAgIGF0IGh0dHBzOi8vZGFpbHktdm9pY2UtcmVzLmNsb3VkaW5hcnkuY29tL3Jhdy91cGxvYWQvdjE2NDA5MTUyMjIvc3RhdGkuLi4ifQ&wpn=lc-bundle&c=PHRpdGxlPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5IHwgT3JhbmdldG93biBEYWlseSBWb2ljZTwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IkEgTmV3IFlvcmsgZG9jdG9yIGhhcyBhZG1pdHRlZCB0byB0YXggZXZhc2lvbiBhZnRlciBmZWRlcmFsIGF1dGhvcml0aWVzIHNheSBoZSBjbGFpbWVkIG1vcmUgdGhhbiAkMSBtaWxsaW9uIGluIGZyYXVkdWxlbnQgdGF4IGRlZHVjdGlvbnMuTG9uZyBJc2xhbmQgcmVzaWRlbnQgSm9yZGFuIFN1ZGJlcmcgcGxlYWRlZCBndWlsdHkgb24gVHVlc2RheSwgTm92LiAyMyB0byB0YXggZXZhc2lvbiBmb3IgdGhlIGNhbGVuZGFy4oCmIj48bGluayByZWw9ImNhbm9uaWNhbCIgaHJlZj0iaHR0cHM6Ly9kYWlseXZvaWNlLmNvbS9uZXcteW9yay9vcmFuZ2V0b3duL25ld3MvbnktZG9jdG9yLWNsYWltZWQtbW9yZS10aGFuLTEtbWlsbGlvbi1pbi1mcmF1ZHVsZW50LXRheC1kZWR1Y3Rpb25zLWZlZHMtc2F5LzgyMDY0Mi8iPjxoMSBjbGFzcz0iZS1hcnRpY2xlLXRpdGxlIiBqcy1hcnRpY2xlLXRpdGxlPSIiPk5ZIERvY3RvciBDbGFpbWVkIE1vcmUgVGhhbiAkMSBNaWxsaW9uIEluIEZyYXVkdWxlbnQgVGF4IERlZHVjdGlvbnMsIEZlZHMgU2F5PC9oMT4&i6=MmEwMjo2ZWEwOmM3MWI6MDoxMDEyOmZmMDY6Mjg0MDoxZGJk
x-xss-protection
1; mode=block
vary
Origin
strict-transport-security
max-age=31536000; includeSubDomains
trace-id
2c75efbbc450132d
request-time
0
content-length
0
x-content-type-options
nosniff
integrator.js
adservice.google.de/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=dailyvoice.com
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=dailyvoice.com
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		116 KB
31 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1067390902724372&correlator=36474997200002&eid=31060890%2C31062930&output=ldjh&gdfp_req=1&vrg=2022042101&ptt=17&impl=fifs&us_privacy=1---&iu_parts=33043040%2Cinterstitial&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=1&adks=288153517&sfv=1-0-38&ecs=20220427&ists=1&fas=8&fsapi=false&eri=5&cust_params=user-agent%3DChrome&sc=1&cookie_enabled=1&cdm=dailyvoice.com&abxe=1&dt=1651041656506&dlt=1651041654086&idt=1986&biw=1600&bih=1200&adxs=-9&adys=-9&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fdailyvoice.com%2F&loc=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=2030874453.1651041656&ga_sid=1651041657&ga_hid=1903727552&ga_fc=true&btvi=-1&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
eb183b6343ad18a35e18560016920a43c5892031be3196fc65b4f193ba986642
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31330
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2D4E 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 06:40:56 GMT
expires
Thu, 27 Apr 2023 06:40:56 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pubads_impl_page_level_ads_2022042101.js
securepubads.g.doubleclick.net/gpt/ 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022042101.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
sffe /
Resource Hash
a5ce81d2be1292608446ea1fc02ade6a58f1b20ef6c9483c03e1c272f57f708a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 09:56:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
74661
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13277
x-xss-protection
0
last-modified
Thu, 21 Apr 2022 08:41:17 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 26 Apr 2023 09:56:35 GMT
moatframe.js
z.moatads.com/addthismoatframe568911941483/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-237-151.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
last-modified
Fri, 08 Nov 2019 20:13:52 GMT
server
AmazonS3
x-amz-request-id
D5503D14AA2F06AA
etag
"f14b4e1f799b14f798a195f43cf58376"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=56007
accept-ranges
bytes
content-length
948
x-amz-id-2
JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=
prebid
ads.yieldmo.com/exchange/ 		0
223 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/exchange/prebid?pbav=5.20.4&p=%5B%7B%22placement_id%22%3A%22dailyvoice_mrec_atf_2%22%2C%22callback_id%22%3A%228811fe018510faf%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%2C%5B120%2C600%5D%2C%5B160%2C600%5D%2C%5B300%2C600%5D%5D%2C%22ym_placement_id%22%3A%222662464007037722661%22%2C%22gpid%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_mrec_atf%2Fdailyvoice_mrec_atf_2%22%7D%5D&page_url=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&bust=1651041656616&pr=&scrd=1&dnt=false&description=A%20New%20York%20doctor%20has%20admitted%20to%20tax%20evasion%20after%20federal%20authorities%20say%20he%20claimed%20more%20than%20%241%20million%20in%20fraudulent%20tax%20deductions.Long%20Island%20resident%20Jordan%20Sudberg%20pleaded%20guilty%20on%20Tuesday%2C%20Nov.%2023%20to%20tax%20evasion%20for%20the%20calendar%E2%80%A6&title=NY%20Doctor%20Claimed%20More%20Than%20%241%20Million%20In%20Fraudulent%20Tax%20Deductions%2C%20Feds%20Say%20%7C%20Orangetown%20Daily%20Voice&w=1600&h=1200&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=&pubcid=dce9db50-4dac-44ae-a4f1-659cb8a71eae&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%22864%22%2C%22hp%22%3A1%7D%5D%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22dce9db50-4dac-44ae-a4f1-659cb8a71eae%22%2C%22atype%22%3A1%7D%5D%7D%5D
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.200.109.242 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-200-109-242.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
x-robots-tag
none,NOINDEX,NOFOLLOW
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
prebid
prebid.media.net/rtb/ 		1 KB
657 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUJ8GUQF
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
b10f211ff9cd977bb691756967e2f6cf97d510186a14d36d28bc373342acf991

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
translator
hbopenbid.pubmatic.com/ 		0
59 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
hbjson
grid.bidswitch.net/ 		24 B
365 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://grid.bidswitch.net/hbjson
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.211.165.199 North Charleston, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS
199.165.211.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
18e1cf62da03604a77fdc1fa50a09b34326c1134ae56df69e660a9c6c7502064

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 27 Apr 2022 06:40:56 GMT
Content-Encoding
gzip
Server
nginx
Content-Type
application/json
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
49
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a9694120174744413194708f3730a02&cmd=bid&req=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&secure=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
7a43fc8ce2b71de1e59d34ca62f0c692866b0255148d0adafe3c11ba644178a3

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
server
ATS/9.1.0.46
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a969412017474441319471d039f0b18&cmd=bid&req=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&secure=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
ba75bb0f7cf103ef67fd0b1076274deaf138220eef562c36a9dc108bbce6f0ff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
server
ATS/9.1.0.46
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a969412017474441319471d01dd0b17&cmd=bid&req=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&secure=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
0e2751d050bf16c31e60456618e144ca43a9422453e43a57000821373157032d

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
server
ATS/9.1.0.46
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
content-length
62
/
hb.emxdgt.com/ 		0
157 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=1200&ts=1651041656620&src=pbjs
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.0.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-0-245.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
cygnus
htlb.casalemedia.com/ 		38 B
332 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=640422&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22108a97a27a468634%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F%22%2C%22name%22%3A%22dailyvoice-com%22%2C%22domain%22%3A%22dailyvoice.com%22%2C%22cat%22%3A%5B%22IAB12%22%5D%2C%22sectioncat%22%3A%5B%22IAB12%22%5D%2C%22pagecat%22%3A%5B%22IAB12%22%5D%2C%22ref%22%3A%22%22%2C%22content%22%3A%7B%22data%22%3A%5B%7B%22name%22%3A%22www.freestar.com%22%2C%22ext%22%3A%7B%22taxonomyname%22%3A%22iab_content_taxonomy%22%7D%2C%22segment%22%3A%5B%7B%22id%22%3A%22379%22%7D%5D%7D%5D%7D%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%225.20.4%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22109fc681174f1999%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22640422%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_mrec_atf%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A120%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22640422%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_mrec_atf%22%2C%22sid%22%3A%22120x600%22%7D%7D%2C%7B%22w%22%3A160%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22640422%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_mrec_atf%22%2C%22sid%22%3A%22160x600%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22640422%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_mrec_atf%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_mrec_atf%22%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%22864%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-32-59-34.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e0df6019a770e4c176a897bee0fd492858f0028488a529edc70abc076855202e

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[138.199.38.133], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://dailyvoice.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
38
x-ak-client-geo
12
expires
Wed, 27 Apr 2022 06:40:56 GMT
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
prebid
ib.adnxs.com/ut/v3/ 		13 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
62385f6dc711131ce28a1d4e42e59ba5e03552ed436c17b114253657152a7c9f
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 27 Apr 2022 06:40:56 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
f5c4f876-862f-43ac-88e7-58776b71ebb1
Server
nginx/1.21.3
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://dailyvoice.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cdb
bidder.criteo.com/ 		18 B
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=34&wv=5.20.4&cb=70398457606
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
server
Finatra
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
44
bid
ap.lijit.com/rtb/ 		95 B
745 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.20.4
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
a22d01c890713e815890b34eabf20d24ed04f3692fa6308d3845a006f251edbb

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 27 Apr 2022 06:40:56 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://dailyvoice.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap7ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
99
auction
c.deployads.com/openrtb2/ 		19 KB
19 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.deployads.com/openrtb2/auction?src=prebid_prebid_5.20.4&host=dailyvoice.com
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.224.74 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-224-74.eu-west-1.compute.amazonaws.com
Software
SortableCactus/1.0 /
Resource Hash
ff9ad0e0d2bfaa4f516850923cce2eb0246ac4e0c4d9d573e47dd0b18c7c0026

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
server
SortableCactus/1.0
content-type
application/json
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
19269
arj
freestar-d.openx.net/w/1.0/ 		74 B
102 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=56c1f6a6-e85e-45d6-9652-77dfbbe63543&nocache=1651041656626&scsm=www.freestar.com%3A379&pubcid=f43b9d98-f955-406f-8f40-a6342cf7d32b&schain=1.0%2C1!freestar.com%2C864%2C1%2C%2C%2C&aus=300x250%2C120x600%2C160x600%2C300x600&divids=dailyvoice_mrec_atf_2&aucs=%252F15184186%252C33043040%252Fdailyvoice_mrec_atf%252Fdailyvoice_mrec_atf_2&auid=539181725
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
ca98d28bf4bf85850aa6731d4c1444f2d9861b51c343e1009224008325d1f315

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://dailyvoice.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
80
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
auction
tlx.3lift.com/header/ 		19 B
505 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=5.20.4&referrer=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&tmax=1200
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.156.14.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-14-215.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
accept-ch
sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-viewport-width,sec-ch-ua-platform,sec-ch-viewport-height,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua,sec-ch-ua-bitness,sec-ch-prefers-color-scheme,sec-ch-width,sec-ch-ect,user-agent,sec-ch-downlink,sec-ch-ua-mobile,sec-ch-save-data,sec-ch-device-memory,sec-ch-dpr,sec-ch-ua-full-version
content-type
application/json; charset=utf-8
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		686 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=2002856&size_id=15&alt_size_ids=9%2C8%2C10&rp_schain=1.0,1!freestar.com,864,1,,,&eid_pubcid.org=dce9db50-4dac-44ae-a4f1-659cb8a71eae%5E1&rf=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&tg_i.name=dailyvoice-com&tg_i.domain=dailyvoice.com&tg_i.cat=IAB12&tg_i.sectioncat=IAB12&tg_i.pagecat=IAB12&tg_i.page=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&tg_i.fs_ad_product=superflex&tg_i.dfp_ad_unit_code=15184186%2C33043040%2Fdailyvoice_mrec_atf&tg_i.pbadslot=15184186%2C33043040%2Fdailyvoice_mrec_atf%2Fdailyvoice_mrec_atf_2&tk_flint=pbjs_lite_v5.20.4&x_source.tid=56c1f6a6-e85e-45d6-9652-77dfbbe63543&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.17210717181622193
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
98f1c155503227f25beb8f627d9d177de5a9f52f8e5dd0604bec8b2a51262054

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:56 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://dailyvoice.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
686
Expires
Wed, 17 Sep 1975 21:32:10 GMT
a-00ex
i.liadm.com/s/c/ Frame E065 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://i.liadm.com/s/c/a-00ex?s=&cim=&ps=true&ls=true&duid=6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.172.159.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-172-159-73.compute-1.amazonaws.com
Software
/
Resource Hash
eedd403439065a3493fdae09f61c38fab32a5f98162d868b5c5d6f5457c36c18
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, max-age=0
Connection
keep-alive
Content-Encoding
gzip
Content-Length
640
Content-Type
text/html; charset=UTF-8
Date
Wed, 27 Apr 2022 06:40:55 GMT
ETag
1.61803398874
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
baker
sli.dailyvoice.com/ 		0
309 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sli.dailyvoice.com/baker?dtstmp=1651041656640
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:9c00:e:16bc:8080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
via
1.1 120ade321ed0e3697c81eb1eb19b5f62.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA56-C1
x-cache
FunctionGeneratedResponse from cloudfront
content-type
image/gif
content-length
0
x-amz-cf-id
xSOryl4FuZsWBCaBNFYnD6gwO9n62Hf2cOimCQqPEQVntDEbFJz4Dw==
/
www.facebook.com/tr/ Frame 2F82 		0
15 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
null
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
null
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 06:40:56 GMT
priority
u=0
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
trk.gif
jadserve.postrelease.com/ 		43 B
427 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jadserve.postrelease.com/trk.gif?ntv_at=394&ntv_usid=9761321&ntv_pl=1108768
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.227.185.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-227-185-17.compute-1.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
server
nginx/1.12.1
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
43
expires
Mon, 1 Jan 1990 12:00:00 GMT
trk.gif
jadserve.postrelease.com/ 		43 B
427 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jadserve.postrelease.com/trk.gif?ntv_ui=af703dfc-c75c-4eb0-9b5e-a93eb8d18405&ntv_fl=CF4se3gYGjAPzQcMJoAeWXxP_Ip9jtklRByAD80byHXZ9pLx7vS8GkZwUal_La2uDPfYxXZB5RT8UkSyOIM1ZEf-DuW8MVMVK2g62BKdZWBUtLwW6rPqnJwGrUwHluJdCfdFg_F1YgAABWMRnFO_LLYD6xSUYI4lqRasC1g21nY_0HPJkq_wmiUO2sZgtRPy8DiQpY7pb3mkShut0N4xggpJjeXwIzriAqJvs-LDt8glAtrXN84PsR_C8CiWvfW7Co-hp4R3U25iYnoruI0ugCji18Cs97iv4uUpHh-ZEOxOpPHzzkpGundUJ6L_TGpc&ntv_ht=eOVoYgA&ntv_at=303,302&ntv_a=AAAAAAAAAAIOsQA&ord=1651041656658&ntv_it
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.227.185.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-227-185-17.compute-1.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
server
nginx/1.12.1
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
43
expires
Mon, 1 Jan 1990 12:00:00 GMT
trk.gif
jadserve.postrelease.com/ 		43 B
427 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jadserve.postrelease.com/trk.gif?ntv_ui=bad5bb00-34f2-4ace-9d82-92b3daafe91d&ntv_fl=CF4se3gYGjAPzQcMJoAeWaY2_oTOIKH-0K8Ze5k7XW_9Y6gACbwxXIUoESjRvhRV0HFODmI9Y3c86v9suAFawU-ZkIsRL_UtPNGO62e_By7pvLHjzZnLSwGVCJBayrb--i9MMt98chjfVUUCEXMjF96aOT5JOQGjU-6hTj7X_3IBAPHQtWPdVMNYC6m1O2SQ8mhQvr0_9AErYXTGR1-GEQzSgrTzQ4hIvfolbE8hZJCdM4rkRWrV3peJkXGNItZbQLYICygCbl-oToQcBfptgdyRWdXecqGGaf5xJZbZE8MRnuxj57zejZh-XLJ1dw3S&ntv_ht=eOVoYgA&ntv_at=303&ntv_a=AAAAAAAAAA7PkQA&ord=1651041656660&ntv_it
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.227.185.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-227-185-17.compute-1.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
server
nginx/1.12.1
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
43
expires
Mon, 1 Jan 1990 12:00:00 GMT
gdprConsent
jadserve.postrelease.com/ 		43 B
427 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jadserve.postrelease.com/gdprConsent?ntv_pl=1108768&ntv_gdpr_consent=&ntv_it
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.227.185.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-227-185-17.compute-1.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
server
nginx/1.12.1
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
43
expires
Mon, 1 Jan 1990 12:00:00 GMT
/
onetag-geo.s-onetag.com/ 		555 B
967 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onetag-geo.s-onetag.com/
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/21151f2e-6fc8-4e5d-881a-18a0f86778a8/tag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.7.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-7-67.fra6.r.cloudfront.net
Software
/
Resource Hash
f51938710e179807bbf1be9a1e9d7e3441fa74e7dfe9f46841914fb12ca7de3c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 12:26:42 GMT
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront), 1.1 a7dcca466407f1871feceef50bc84272.cloudfront.net (CloudFront)
age
65654
x-amzn-requestid
47e13db7-0392-4e2e-a290-3c57934ba285
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-cf-pop
FRA2-C1, FRA6-C1
x-amz-apigw-id
RMC4aHrbCYcF4Eg=
content-length
555
x-amz-cf-id
1j_8DtvFUH1s9M_sCtCHh0AB1bRliEzgF6MKvFIINW2qF6d92wT0XQ==
beacon.min.js
signal-beacon.s-onetag.com/ 		30 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://signal-beacon.s-onetag.com/beacon.min.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.202.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-23.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2b174c2de49f6aa7f8b72125c63c163012b9ff34afdbdaea39b4c499e1d16df8

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-amz-version-id
uiJ1YCXqTfg4YsRV.iQoQhQ_4iTW1U6K
content-encoding
gzip
etag
W/"af8244025b2d978df209bf028c458664"
last-modified
Mon, 04 Apr 2022 13:02:16 GMT
server
AmazonS3
age
13791
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 c90147ea5199ff7ce77981c8da4247c4.cloudfront.net (CloudFront)
cache-control
max-age=86400
date
Wed, 27 Apr 2022 02:51:06 GMT
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
LqQ48OaaL_WQhSo_dN8X0iGYxMQupEmLDAklUcuocHQb7RYIcJiiqw==
prebid.min.js
prebid.s-onetag.com/21151f2e-6fc8-4e5d-881a-18a0f86778a8/ Frame D749 		181 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://prebid.s-onetag.com/21151f2e-6fc8-4e5d-881a-18a0f86778a8/prebid.min.js
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/21151f2e-6fc8-4e5d-881a-18a0f86778a8/tag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.68.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-68-93.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
893813e610ccf9b5af45ad55e64a7d9e7536df4d34bab43d26a99d45dd085ba1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-amz-version-id
9B2rhPwckhVzC3SlGdETsqP5FpUtDTOD
content-encoding
gzip
last-modified
Tue, 05 Apr 2022 14:12:14 GMT
server
AmazonS3
age
6349
etag
W/"d8cbba7b189144906ea1c12234301c81"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 7e513424eee237ee26467e8fd5656ec0.cloudfront.net (CloudFront)
cache-control
max-age=86400
date
Wed, 27 Apr 2022 05:00:30 GMT
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
BvLEjha77dIXABXalbWOsCRju2barEx6lTMgoTzaybdMDOOHx6-2FQ==
primisslate.css
live.primis.tech/content/video/css/ 		18 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/content/video/css/primisslate.css
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
616f41fbbcf44ba72bb9c97132871526164c81d78f56a15e04ece1a44eb5606a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
last-modified
Wed, 09 Feb 2022 07:06:30 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
etag
"620367f6-465a"
x-cache
Miss from cloudfront
content-type
text/css
accept-ranges
bytes
content-length
18010
x-amz-cf-id
EUZxZAoQ0lBATm4J3f607FnCWyxCAvnaKIifT9TdyyOAkUdnc0Nsbg==
apstag.js
c.amazon-adsystem.com/aax2/ Frame 9001 		135 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30342D32375F30397D7B7331363237333138347D7B4335377D7B535A47467062486C3262326C6A5A53356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583730307D7B593437367D7B66317D7B7251554A5549433867596D6C6B6333647064474E6F494338674D53417649486470644768766458513D7D7B4C31303934347DFEFE&userIpAddr=2a02%3A6ea0%3Ac71b%3A0%3A1012%3Aff06%3A2840%3A1dbd&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F100.0.4896.127+Safari%2F537.36&debugInformation=ABT+%2F+bidswitch+%2F+1+%2F+without&isWePassGdpr=0&schain=1.0%2C1%21freestar.com%2C864%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=6268e57844f1e&debugInfo=16273184_ABT+%2F+bidswitch+%2F+1+%2F+without&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=16273184&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed28c9hxvurpzi&secondaryContent=&x=700&y=476&pubUrl=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=left&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=105&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.1188&geoLong=8.6843&vpTemplate=10944&flowMode=both&isRealPreroll=0&playerApiId=freestarPrimisPlayer&isApp=0&ccpa=0&ccpaConsent=&subId=dailyvoice.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-173.fra56.r.cloudfront.net
Software
Server /
Resource Hash
1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-amz-version-id
STlSjRvyyTgJyl_raxUeHIFBn6F5DqB3
content-encoding
gzip
etag
4abd427e43cd6822329a2c05539e321f
age
865
x-cache
Hit from cloudfront
server
Server
x-amz-rid
1MEY8SD311R0Y8AEWCFN
date
Wed, 27 Apr 2022 06:26:32 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 4162b603e4967e54c2386fa354705d6e.cloudfront.net (CloudFront)
cache-control
public, max-age=900
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
6qbSixa8PXovA-IbOb_V-TfBhVYQIBHU1KXEhM-5mpI_u2P3s3hq7Q==
css
fonts.googleapis.com/ Frame 4674 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto&display=swap
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8c4967c13572e41e718dfbb3d84dddeacc748aa14cb2d65ad91ecdde60f50664
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 05:40:29 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 27 Apr 2022 06:40:56 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 27 Apr 2022 06:40:56 GMT
css
fonts.googleapis.com/ 		1 KB
504 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Poppins&display=swap
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e6ac25d541d15d00d8ac79cbb7e6f917732a768e2a187f5cf1ce2c255c7cec07
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 05:39:42 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 27 Apr 2022 06:40:56 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 27 Apr 2022 06:40:56 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 633E 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=22396
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Wed, 27 Apr 2022 06:40:56 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 27 Apr 2022 12:54:12 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
liveCS.php
live.primis.tech/live/ Frame 0E89
Redirect Chain
  • https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3D%26advId%3D94%26advUuid%3D%24...
  • https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3D%26advId%3D94%26advUuid%3D%24...
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=6268e57844f1e&pixel=&advId=94&advUuid=fe2a860b-c5f4-11ec-9aa9-102ad03c0106
0
333 B 		Document
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/live/liveCS.php?source=external&csuuid=6268e57844f1e&pixel=&advId=94&advUuid=fe2a860b-c5f4-11ec-9aa9-102ad03c0106
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
0
cache-control
no-store
content-type
text/html; charset=utf-8
date
Wed, 27 Apr 2022 06:40:56 GMT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
pragma
no-cache
server
nginx
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
x-amz-cf-id
KUi_IZRd0Cid05-pMCBwVDovSvZ7JwJGvqvLlt_zIY6NsBgenVNFaA==
x-amz-cf-pop
FRA6-C1
x-cache
Miss from cloudfront

Redirect headers

Access-Control-Allow-Credentials
false
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Connection
keep-alive
Content-Length
0
Content-Type
text/plain
Date
Wed, 27 Apr 2022 06:40:56 GMT
Location
https://live.primis.tech/live/liveCS.php?source=external&csuuid=6268e57844f1e&pixel=&advId=94&advUuid=fe2a860b-c5f4-11ec-9aa9-102ad03c0106
Server
nginx
X-fe
133
cm
u.openx.net/w/1.0/ Frame D4FB 		43 B
131 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3D%26advId%3D98%26advUuid%3D
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
e963e7196beb9123059ec3534b042ebcd1ef0a470fa568bfbebfeab2f33c4fda

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0, no-cache
content-encoding
gzip
content-length
56
content-type
text/html
date
Wed, 27 Apr 2022 06:40:56 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
via
1.1 google
sync.html
s.console.adtarget.com.tr/ Frame 79D3 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.console.adtarget.com.tr/sync.html?aid=556966
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a06:8640:476:0:ec4:7aff:fe7e:de5e Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software
Adtelligent /
Resource Hash
ff4be6ca48385b83c38c0a4a4614783421ce31164a3f81a3232f4e775e0f8bff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
837
Content-Type
text/html; charset=UTF-8
Date
Wed, 27 Apr 2022 06:40:56 GMT
Server
Adtelligent
X-Robots-Tag
noindex
liveView.php
live.primis.tech/live/ Frame 9001 		132 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0kJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMTQyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMwQ0ODUyMxZ2nWRyomE1MwM5NmM1MmpyMxZ2nWQ2MwY4YmU2MzEmOTQmNwUjNTx2NwE0Lz1jNCZ2nWRsY29hqGVhqF9cZD0lMTt4MTU5JaZcZF9wo250ZW50X2Ryp2M9Q2y0nSUlN3MeWzFgYW4eo24eTWFln2V0plguozQeU3RlYXRyZ2yyplZ2nWRsY29hqGVhqF90nXRfZT1DnXRcJTI3plgnYW1uovgiovgNYXJeZXRmK2FhZCgTqHJuqGVanWVmJaZcZF9wo250ZW50X2R1pzF0nW9hPTI1MlZxZWJ1Z0yhZz9loWF0nW9hPUFCVCfyMxYeYzyxp3qcqGNbKlUlRvfkKlUlRvg3nXRbo3V0Jat9Mmt3Jax9MwE4JaB1YyVloD1bqHRjplUmQSUlRvUlRzRunWk5qz9cY2UhY29gJTJGozV3LXyipzfyMxZipzFhZ2V0o3qhJTJGozV3plUlRz55LWRiY3Ripv1woGFcoWVxLW1ipzUgqGuuov0kLW1coGkco24gnW4gZaJuqWR1oGVhqC10YXtgZGVxqWN0nW9hpl1zZWRmLXNurSUlRwtlMDY0MvUlRvZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwMlMxQmMDM0MxQmMwM3NUYmMDM5N0Q3QwpmMmEmNwMlMmpmMmMkMmtmNDqEN0I0MmM1Mmp3RDqCNTM1QTQ3NDY3MDYlNDt2QmMlNwImMwZDNxE1QTUmMmU2QTYlMmImMDNEN0Q3QwYlNwM2ODplNxY2RDY1N0Q3QwpkNwQ2NTpmNxI3NDZGNmA3RDqCNxY3NmY5NxU2NDZGNmp3MmqEN0I1ODM3MmAmMDqEN0I1OTM0MmpmNwqEN0I2NwMkN0Q3QwplNTE1NTRBNTU0OTQmMmt2NmU5NxQ2QmZCNwMmMmY0NmA2NDQ3NEU2RwQ5NDMmODY3NEQ1MmQkNmY0OTQ4NwQ3MDY0NDp2ODp2NwQ1ODUkM0Q3RDqCNEMmMTMjMmxmNDM0N0RGRUZFJzymQXBjPTAzZ2ViTGF0nT01MC4kMTt4Jzqyo0kiozp9OC42ODQmJaVmZXJJpEFxZHI9MzEjMvUmQTZyYTAyM0FwNmFvJTNBMCUmQTEjMTIyM0FzZwA2JTNBMwt0MCUmQTFxYzQzqXNypyVBPU1irzyfoGEyMxY1LwAeJTI4V2yhZG93plgOVCfkMC4jJTNCK1qcowY0JTNCK3t2NCUlOSgBpHBfZVqyYxgcqCUlRwUmNl4mNvfyMwuLSFRNTCUlQlgfnWgyK0qyY2giJTI5K0Nbpz9gZSUlRwEjMC4jLwQ4OTYhMTI3K1NuZzFlnSUlRwUmNl4mNvZmY2uunW49MS4jJTJDMSUlMWZlZWVmqGFlLzNioSUlQmt2NCUlQmEzpGkurWVlQXBcSWQ9ZaJyZXN0YXJQpzygnXNQoGF5ZXIzY3N1qWyxPTYlNwuyNTp4NDRzMWUzY2J1p3Rypw0kNwUkMDQkNwU2Nmx0JzqxpHI9MSZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTA=
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30342D32375F30397D7B7331363237333138347D7B4335377D7B535A47467062486C3262326C6A5A53356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583730307D7B593437367D7B66317D7B7251554A5549433867596D6C6B6333647064474E6F494338674D53417649486470644768766458513D7D7B4C31303934347DFEFE&userIpAddr=2a02%3A6ea0%3Ac71b%3A0%3A1012%3Aff06%3A2840%3A1dbd&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F100.0.4896.127+Safari%2F537.36&debugInformation=ABT+%2F+bidswitch+%2F+1+%2F+without&isWePassGdpr=0&schain=1.0%2C1%21freestar.com%2C864%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=6268e57844f1e&debugInfo=16273184_ABT+%2F+bidswitch+%2F+1+%2F+without&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=16273184&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed28c9hxvurpzi&secondaryContent=&x=700&y=476&pubUrl=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=left&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=105&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.1188&geoLong=8.6843&vpTemplate=10944&flowMode=both&isRealPreroll=0&playerApiId=freestarPrimisPlayer&isApp=0&ccpa=0&ccpaConsent=&subId=dailyvoice.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
07b7cbb147b715741f9bcd1d9586e83fe9cae4af6e9a443d3f8de830465d2b8c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
server
nginx
age
0
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
https://dailyvoice.com
cache-control
no-store
access-control-allow-credentials
true
x-amz-cf-pop
FRA6-C1
content-type
application/json; charset=utf-8
content-length
11130
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
x-amz-cf-id
GxcpCtPXqq4OfEOyf5lokDLw-bPEFeJuhB9-6SeUUtX9w9hl4Q1TrA==
liveView.php
live.primis.tech/live/ Frame 9001 		132 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0kJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMTQyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMwQ0ODUyMxZ2nWRyomE1MwM5NmM1MmpyMxZ2nWQ2MwY4YmU2MzEmOTQmNwUjNTx2NwE0Lz1jNCZ2nWRsY29hqGVhqF9cZD0lMTt4MTU5JaZcZF9wo250ZW50X2Ryp2M9Q2y0nSUlN3MeWzFgYW4eo24eTWFln2V0plguozQeU3RlYXRyZ2yyplZ2nWRsY29hqGVhqF90nXRfZT1DnXRcJTI3plgnYW1uovgiovgNYXJeZXRmK2FhZCgTqHJuqGVanWVmJaZcZF9wo250ZW50X2R1pzF0nW9hPTI1MlZxZWJ1Z0yhZz9loWF0nW9hPUFCVCfyMxYeYzyxp3qcqGNbKlUlRvfkKlUlRvg3nXRbo3V0Jat9NDAjJax9MwI1JaB1YyVloD1bqHRjplUmQSUlRvUlRzRunWk5qz9cY2UhY29gJTJGozV3LXyipzfyMxZipzFhZ2V0o3qhJTJGozV3plUlRz55LWRiY3Ripv1woGFcoWVxLW1ipzUgqGuuov0kLW1coGkco24gnW4gZaJuqWR1oGVhqC10YXtgZGVxqWN0nW9hpl1zZWRmLXNurSUlRwtlMDY0MvUlRvZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwMlMxQmMDM0MxQmMwM3NUYmMDM5N0Q3QwpmMmEmNwMlMmpmMmMkMmtmNDqEN0I0MmM1Mmp3RDqCNTM1QTQ3NDY3MDYlNDt2QmMlNwImMwZDNxE1QTUmMmU2QTYlMmImMDNEN0Q3QwYlNwM2ODplNxY2RDY1N0Q3QwpkNwQ2NTpmNxI3NDZGNmA3RDqCNxY3NmY5NxU2NDZGNmp3MmqEN0I1ODM3MmAmMDqEN0I1OTM0MmpmNwqEN0I2NwMkN0Q3QwplNTE1NTRBNTU0OTQmMmt2NmU5NxQ2QmZCNwMmMmY0NmA2NDQ3NEU2RwQ5NDMmODY3NEQ1MmQkNmY0OTQ4NwQ3MDY0NDp2ODp2NwQ1ODUkM0Q3RDqCNEMmMTMjMmxmNDM0N0RGRUZFJzymQXBjPTAzZ2ViTGF0nT01MC4kMTt4Jzqyo0kiozp9OC42ODQmJaVmZXJJpEFxZHI9MzEjMvUmQTZyYTAyM0FwNmFvJTNBMCUmQTEjMTIyM0FzZwA2JTNBMwt0MCUmQTFxYzQzqXNypyVBPU1irzyfoGEyMxY1LwAeJTI4V2yhZG93plgOVCfkMC4jJTNCK1qcowY0JTNCK3t2NCUlOSgBpHBfZVqyYxgcqCUlRwUmNl4mNvfyMwuLSFRNTCUlQlgfnWgyK0qyY2giJTI5K0Nbpz9gZSUlRwEjMC4jLwQ4OTYhMTI3K1NuZzFlnSUlRwUmNl4mNvZmY2uunW49MS4jJTJDMSUlMWZlZWVmqGFlLzNioSUlQmt2NCUlQmEzpGkurWVlQXBcSWQ9ZaJyZXN0YXJQpzygnXNQoGF5ZXIzY3N1qWyxPTYlNwuyNTp4NDRzMWUzY2J1p3Rypw0kNwUkMDQkNwU2Nmx1JzqxpHI9MSZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTA=
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30342D32375F30397D7B7331363237333138347D7B4335377D7B535A47467062486C3262326C6A5A53356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583730307D7B593437367D7B66317D7B7251554A5549433867596D6C6B6333647064474E6F494338674D53417649486470644768766458513D7D7B4C31303934347DFEFE&userIpAddr=2a02%3A6ea0%3Ac71b%3A0%3A1012%3Aff06%3A2840%3A1dbd&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F100.0.4896.127+Safari%2F537.36&debugInformation=ABT+%2F+bidswitch+%2F+1+%2F+without&isWePassGdpr=0&schain=1.0%2C1%21freestar.com%2C864%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=6268e57844f1e&debugInfo=16273184_ABT+%2F+bidswitch+%2F+1+%2F+without&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=16273184&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed28c9hxvurpzi&secondaryContent=&x=700&y=476&pubUrl=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=left&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=105&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.1188&geoLong=8.6843&vpTemplate=10944&flowMode=both&isRealPreroll=0&playerApiId=freestarPrimisPlayer&isApp=0&ccpa=0&ccpaConsent=&subId=dailyvoice.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
db6c86cd4d63a343dd7017596980658ef0c020301971e7b194efb20a55a183ee

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
server
nginx
age
0
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
https://dailyvoice.com
cache-control
no-store
access-control-allow-credentials
true
x-amz-cf-pop
FRA6-C1
content-type
application/json; charset=utf-8
content-length
11132
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
x-amz-cf-id
2555z1gt9G260el4_odwIPyLoC0DSY8w36ldNFR8HZuUlbJcdUZWHQ==
liveView.php
live.primis.tech/live/ Frame 9001 		19 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0jJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMTQyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMwQ0ODUyMxZ2nWRyomE1MwM5NmM1MmpyMxZ2nWQ2MwY4YmU2MzEmOTQmNwUjNTx2NwE0Lz1jNCZ2nWRsY29hqGVhqF9cZD0lMTt4MTU5JaZcZF9wo250ZW50X2Ryp2M9Q2y0nSUlN3MeWzFgYW4eo24eTWFln2V0plguozQeU3RlYXRyZ2yyplZ2nWRsY29hqGVhqF90nXRfZT1DnXRcJTI3plgnYW1uovgiovgNYXJeZXRmK2FhZCgTqHJuqGVanWVmJaZcZF9wo250ZW50X2R1pzF0nW9hPTI1MlZxZWJ1Z0yhZz9loWF0nW9hPUFCVCfyMxYeYzyxp3qcqGNbKlUlRvfkKlUlRvg3nXRbo3V0Jat9Mmt3Jax9MwE4JaB1YyVloD1bqHRjplUmQSUlRvUlRzRunWk5qz9cY2UhY29gJTJGozV3LXyipzfyMxZipzFhZ2V0o3qhJTJGozV3plUlRz55LWRiY3Ripv1woGFcoWVxLW1ipzUgqGuuov0kLW1coGkco24gnW4gZaJuqWR1oGVhqC10YXtgZGVxqWN0nW9hpl1zZWRmLXNurSUlRwtlMDY0MvUlRvZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwMlMxQmMDM0MxQmMwM3NUYmMDM5N0Q3QwpmMmEmNwMlMmpmMmMkMmtmNDqEN0I0MmM1Mmp3RDqCNTM1QTQ3NDY3MDYlNDt2QmMlNwImMwZDNxE1QTUmMmU2QTYlMmImMDNEN0Q3QwYlNwM2ODplNxY2RDY1N0Q3QwpkNwQ2NTpmNxI3NDZGNmA3RDqCNxY3NmY5NxU2NDZGNmp3MmqEN0I1ODM3MmAmMDqEN0I1OTM0MmpmNwqEN0I2NwMkN0Q3QwplNTE1NTRBNTU0OTQmMmt2NmU5NxQ2QmZCNwMmMmY0NmA2NDQ3NEU2RwQ5NDMmODY3NEQ1MmQkNmY0OTQ4NwQ3MDY0NDp2ODp2NwQ1ODUkM0Q3RDqCNEMmMTMjMmxmNDM0N0RGRUZFJzymQXBjPTAzZ2ViTGF0nT01MC4kMTt4Jzqyo0kiozp9OC42ODQmJaVmZXJJpEFxZHI9MzEjMvUmQTZyYTAyM0FwNmFvJTNBMCUmQTEjMTIyM0FzZwA2JTNBMwt0MCUmQTFxYzQzqXNypyVBPU1irzyfoGEyMxY1LwAeJTI4V2yhZG93plgOVCfkMC4jJTNCK1qcowY0JTNCK3t2NCUlOSgBpHBfZVqyYxgcqCUlRwUmNl4mNvfyMwuLSFRNTCUlQlgfnWgyK0qyY2giJTI5K0Nbpz9gZSUlRwEjMC4jLwQ4OTYhMTI3K1NuZzFlnSUlRwUmNl4mNvZmY2uunW49MS4jJTJDMSUlMWZlZWVmqGFlLzNioSUlQmt2NCUlQmEzpGkurWVlQXBcSWQ9ZaJyZXN0YXJQpzygnXNQoGF5ZXIzY3N1qWyxPTYlNwuyNTp4NDRzMWUzY2J1p3Rypw0kNwUkMDQkNwU2ODA0JzqxpHI9MSZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTA=
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30342D32375F30397D7B7331363237333138347D7B4335377D7B535A47467062486C3262326C6A5A53356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583730307D7B593437367D7B66317D7B7251554A5549433867596D6C6B6333647064474E6F494338674D53417649486470644768766458513D7D7B4C31303934347DFEFE&userIpAddr=2a02%3A6ea0%3Ac71b%3A0%3A1012%3Aff06%3A2840%3A1dbd&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F100.0.4896.127+Safari%2F537.36&debugInformation=ABT+%2F+bidswitch+%2F+1+%2F+without&isWePassGdpr=0&schain=1.0%2C1%21freestar.com%2C864%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=6268e57844f1e&debugInfo=16273184_ABT+%2F+bidswitch+%2F+1+%2F+without&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=16273184&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed28c9hxvurpzi&secondaryContent=&x=700&y=476&pubUrl=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=left&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=105&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.1188&geoLong=8.6843&vpTemplate=10944&flowMode=both&isRealPreroll=0&playerApiId=freestarPrimisPlayer&isApp=0&ccpa=0&ccpaConsent=&subId=dailyvoice.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
ca64658153ae700c74647f48382042a71adcfe5baf099a9f615ef9b6a54faa23

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
server
nginx
age
0
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
https://dailyvoice.com
cache-control
no-store
access-control-allow-credentials
true
x-amz-cf-pop
FRA6-C1
content-type
application/json; charset=utf-8
content-length
4630
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
x-amz-cf-id
ZEvEWxZqx8zZOXub2c2HRF5JXZdV26wq78vxn6O4HzfLMB1Gdi13wA==
vid6268c562a3943650596614_thumb.jpg
video.primis.tech/uploads/cn14/video/users/converted/24485/video1523973537/ Frame 4674 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.primis.tech/uploads/cn14/video/users/converted/24485/video1523973537/vid6268c562a3943650596614_thumb.jpg?cbuster=1651033446
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
63.250.60.65 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software
Tengine /
Resource Hash
802457a9c0463c88d904a59b49bef6d759e31f6f339dc9845045412d8b5b8213

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
via
1.1 f06c87fa57d0c9fd7439d7fdbd148c62.cloudfront.net (CloudFront)
last-modified
Wed, 27 Apr 2022 04:28:46 GMT
server
Tengine
x-amz-cf-pop
FRA60-P3
etag
"c70a35deaeff4775ff3fe99a88daf041"
content-type
image/jpeg
access-control-allow-origin
*
expires
Wed, 11 May 2022 06:40:56 GMT
cache-control
max-age=1209600
accept-ranges
bytes
content-length
2298
x-amz-cf-id
UZ__DMdmrkurq1xC5v_VGwUFoV__dkVnoBpDVciwHBHRtj0I0XHj9g==
x-proxy-cache
HIT
vid6268a2f4bd999660833177_thumb.jpg
video.primis.tech/uploads/cn14/video/users/converted/24485/video1523973537/ Frame 4674 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.primis.tech/uploads/cn14/video/users/converted/24485/video1523973537/vid6268a2f4bd999660833177_thumb.jpg?cbuster=1651024631
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
63.250.60.65 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software
Tengine /
Resource Hash
d91e2b9b2e3c069838da675a04baba50c6d7e761cfdd6fb372b43335e2dea788

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
via
1.1 69154db4091f3dbde5ecf072840fdce0.cloudfront.net (CloudFront)
last-modified
Wed, 27 Apr 2022 02:00:40 GMT
server
Tengine
x-amz-cf-pop
BRU50-C1
etag
"9e574c294e74b028d763e893b395906e"
content-type
image/jpeg
access-control-allow-origin
*
expires
Wed, 11 May 2022 06:40:56 GMT
cache-control
max-age=1209600
accept-ranges
bytes
content-length
2689
x-amz-cf-id
B-8YuNiiQ1uJrDWoEBesvIWd5ZIEqP83_11mCKaxwpH1KivRwym3VQ==
x-proxy-cache
HIT
vid62688402dc652071835338_thumb.jpg
video.primis.tech/uploads/cn14/video/users/converted/24485/video1523973537/ Frame 4674 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.primis.tech/uploads/cn14/video/users/converted/24485/video1523973537/vid62688402dc652071835338_thumb.jpg?cbuster=1651016710
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
63.250.60.65 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software
Tengine /
Resource Hash
7592419527acd1138547790e32f40cc96a3c2d49fb14fd6c3648130c81b44c83

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
via
1.1 0e3d5915b30e289999d244786c9a2560.cloudfront.net (CloudFront)
last-modified
Tue, 26 Apr 2022 23:47:11 GMT
server
Tengine
x-amz-cf-pop
BRU50-C1
etag
"d6c0da1a24e8a954866682773f5f0954"
content-type
image/jpeg
access-control-allow-origin
*
expires
Wed, 11 May 2022 06:40:56 GMT
cache-control
max-age=1209600
accept-ranges
bytes
content-length
2670
x-amz-cf-id
yMKWIspkOBxsXZjBHUyrqjyrvMNo7YUA4RSCeNAKDtPNa7sMkogShw==
x-proxy-cache
HIT
liveView.php
live.primis.tech/live/ 		0
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTUjJaNypaZypyRcoWU9MTY1MTA0MTY1NvZ2nWRspGkurWVlVzVlPTMhMS4jJaM9MTA2OTtkJaN0YT0jJat9NmAjJax9NDp2JaZcZF9jYXNmRG9gYWyhPWRunWk5qz9cY2UhY29gJaN1YxyxPWRunWk5qz9cY2UhY29gJzRyYaVaSW5zo3JgYXRco249QUJUJTIjJTJGJTIjYzyxp3qcqGNbJTIjJTJGJTIjMSUlMCUlRvUlMHqcqGuiqXQznXNBpHA9MCZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwMlMxQmMDM0MxQmMwM3NUYmMDM5N0Q3QwpmMmEmNwMlMmpmMmMkMmtmNDqEN0I0MmM1Mmp3RDqCNTM1QTQ3NDY3MDYlNDt2QmMlNwImMwZDNxE1QTUmMmU2QTYlMmImMDNEN0Q3QwYlNwM2ODplNxY2RDY1N0Q3QwpkNwQ2NTpmNxI3NDZGNmA3RDqCNxY3NmY5NxU2NDZGNmp3MmqEN0I1ODM3MmAmMDqEN0I1OTM0MmpmNwqEN0I2NwMkN0Q3QwplNTE1NTRBNTU0OTQmMmt2NmU5NxQ2QmZCNwMmMmY0NmA2NDQ3NEU2RwQ5NDMmODY3NEQ1MmQkNmY0OTQ4NwQ3MDY0NDp2ODp2NwQ1ODUkM0Q3RDqCNEMmMTMjMmxmNDM0N0RGRUZFJzRcYWyxPSZ1p2VlSXBBZGRlPTJuMDIyM0E2ZWEjJTNBYmpkYvUmQTAyM0EkMDElJTNBZzYjNvUmQTI4NDAyM0EkZGJxJaVmZXJVQT1No3ccoGkuJTJGNS4jJTIjJTI4V2yhZG93plUlME5UJTIjMTAhMCUmQvUlMFqcowY0JTNCJTIjrDY0JTI5JTIjQXBjoGVXZWJLnXQyMxY1MmphMmYyMwAyMwuLSFRNTCUlQlUlMGkcn2UyMwBHZWNeolUlOSUlMENbpz9gZSUlRwEjMC4jLwQ4OTYhMTI3JTIjU2FzYXJcJTJGNTM3LwM2JzNmqXVcZD02MwY4ZTU3ODQ0ZwFyJzNioaRyoaRGnWkySWQ9MCZgZWRcYVBfYXyMnXN0SWQ9MCZgZWRcYUkcp3RJZD0jJzqxpHI9MSZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTAzY2NjYT0jJzNwpGFDo25mZW50PSZwYaVmqGVlPTE2NTEjNDE2NTY3NwEzqWyxPVNyn2yhZG9TUGkurWVlNwI2OGU1Nmt1Y2JyNvZjqWJVpzj9nHR0pHMyM0EyMxYyMxZxYWyfrXZinWNyLzNioSUlRz5yql15o3JeJTJGo3JuozqyqG93ovUlRz5yq3MyMxZhrS1xo2N0o3IgY2kunW1yZC1go3JyLXRbYW4gMS1gnWkfnW9hLWyhLWZlYXVxqWkyoaQgqGF4LWRyZHVwqGyioaMgZzVxpl1mYXxyMxY4MwA2NDIyMxYzZzkiYXRTqGF0qXM9ZzFfp2UzZWyxp3A9pHJyYzyx
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
server
nginx
age
0
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
no-store
x-amz-cf-pop
FRA6-C1
content-type
text/html; charset=UTF-8
x-amz-cf-id
BH7zFO7kNm526-O1DsAe8P3yygM6mgFDy8YXOPSClDsaZvQ3IFiiFQ==
sync
x.bidswitch.net/ Frame 9001 		43 B
220 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=sekindo&gdpr=1&gdpr_consent=
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.121.19.101 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-121-19-101.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:40:56 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
liveCS.php
live.primis.tech/live/ Frame 9001
Redirect Chain
  • https://csync.loopme.me/?redirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3D%26advId%3D93%26advUuid%3D%7Bdevice_id%7D
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=6268e57844f1e&pixel=&advId=93&advUuid=72f4b8a9-aa2d-4994-a209-8e347bff1eff
0
332 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.primis.tech/live/liveCS.php?source=external&csuuid=6268e57844f1e&pixel=&advId=93&advUuid=72f4b8a9-aa2d-4994-a209-8e347bff1eff
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
server
nginx
age
0
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control
no-store
x-amz-cf-pop
FRA6-C1
content-type
text/html; charset=utf-8
x-amz-cf-id
rLfdBhDdATauTzezVF8qIdDg7_LckHQyamVcpTnUXwi6qaQF1lW6sw==

Redirect headers

location
https://live.primis.tech/live/liveCS.php?source=external&csuuid=6268e57844f1e&pixel=&advId=93&advUuid=72f4b8a9-aa2d-4994-a209-8e347bff1eff
date
Wed, 27 Apr 2022 06:40:56 GMT
server
_
content-length
0
liveCS.php
live.primis.tech/live/ Frame 9001
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=192962&cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3D%26advId%3D99%26advUuid%3D
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3D%26advId%3D99%26advUuid%3D&s=192962&C=1
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=6268e57844f1e&pixel=&advId=99&advUuid=YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB
0
331 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.primis.tech/live/liveCS.php?source=external&csuuid=6268e57844f1e&pixel=&advId=99&advUuid=YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
server
nginx
age
0
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control
no-store
x-amz-cf-pop
FRA6-C1
content-type
text/html; charset=utf-8
x-amz-cf-id
_7o1NmEk6YFG6Y_gNTvDC-u-dtv7yT1aYap2ze7FgCJcC4bz3G5Dgg==

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:56 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://live.primis.tech/live/liveCS.php?source=external&csuuid=6268e57844f1e&pixel=&advId=99&advUuid=YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
334
Expires
Wed, 27 Apr 2022 06:40:56 GMT
liveCS.php
live.primis.tech/live/ Frame 9001
Redirect Chain
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%252Fprofiles_engine%252FProfilesEngineServl...
  • https://eb2.3lift.com/getuid?ld=1&gdpr=1&cmp_cs=&us_privacy=&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%252Fprofile...
  • https://live.primis.tech/live/liveCS.php?source=external&pixel=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26mi%3D10%26dpi%3D259151345%26pcid%3D4082658486579...
0
332 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.primis.tech/live/liveCS.php?source=external&pixel=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26mi%3D10%26dpi%3D259151345%26pcid%3D4082658486579978729870&advId=121&advUuid=4082658486579978729870
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
server
nginx
age
0
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control
no-store
x-amz-cf-pop
FRA6-C1
content-type
text/html; charset=utf-8
x-amz-cf-id
IE2GzXgZ0C4oBZ7R3u9Mlphf1kVcMuv7QpimUGnV-pkgkCARwBoPzg==

Redirect headers

location
https://live.primis.tech/live/liveCS.php?source=external&pixel=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26mi%3D10%26dpi%3D259151345%26pcid%3D4082658486579978729870&advId=121&advUuid=4082658486579978729870
date
Wed, 27 Apr 2022 06:40:56 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
sync.php
pixel.rubiconproject.com/exchange/ Frame 9001 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/exchange/sync.php?p=primis
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
4b510f0cc5fcbc9800016ef543086418
Content-Type
image/gif
liveCS.php
live.primis.tech/live/ Frame 9001
Redirect Chain
  • https://secure.adnxs.com/getuid?https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3D%26advId%3D105%26advUuid%3D%24UID
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=6268e57844f1e&pixel=&advId=105&advUuid=4382111657419277628
0
331 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.primis.tech/live/liveCS.php?source=external&csuuid=6268e57844f1e&pixel=&advId=105&advUuid=4382111657419277628
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
server
nginx
age
0
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control
no-store
x-amz-cf-pop
FRA6-C1
content-type
text/html; charset=utf-8
x-amz-cf-id
sG47h82EzSvo6b5d-Z-LCj7hfUouWE62aozQkYuD8cDPFOaKebspHg==

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:56 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
8ef20d64-a6a4-4f29-b26a-b84cdf5e0cb2
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://live.primis.tech/live/liveCS.php?source=external&csuuid=6268e57844f1e&pixel=&advId=105&advUuid=4382111657419277628
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
verify
60687.publishers.tremorhub.com/pubsync/ Frame 9001
Redirect Chain
  • https://60687.publishers.tremorhub.com/pubsync?redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%...
  • https://60687.publishers.tremorhub.com/pubsync/verify?redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3Dhttps%253A%252F%252Fsync.intent...
43 B
182 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://60687.publishers.tremorhub.com/pubsync/verify?redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%252Fprofiles_engine%252FProfilesEngineServlet%253Fat%253D20%2526mi%253D10%2526dpi%253D%2B584182936%2526pcid%253D%5Btvid%5D%26advId%3D126%26advUuid%3D%5Btvid%5D
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Server
2600:1f18:612b:4200:5e70:34f8:9284:341c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
server
Apache-Coyote/1.1
p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type
image/gif

Redirect headers

location
pubsync/verify?redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%252Fprofiles_engine%252FProfilesEngineServlet%253Fat%253D20%2526mi%253D10%2526dpi%253D%2B584182936%2526pcid%253D%5Btvid%5D%26advId%3D126%26advUuid%3D%5Btvid%5D
date
Wed, 27 Apr 2022 06:40:57 GMT
server
Apache-Coyote/1.1
content-length
0
p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
vid6268c562a3943650596614.jpg
video.primis.tech/uploads/cn14/video/users/converted/24485/video1523973537/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.primis.tech/uploads/cn14/video/users/converted/24485/video1523973537/vid6268c562a3943650596614.jpg?cbuster=1651033446
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
63.250.60.65 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software
Tengine /
Resource Hash
43015d6d57b5dbb045a694ab7ccbb8b86442afe5c11d153013dd2d17a6adfca1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
via
1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront)
last-modified
Wed, 27 Apr 2022 04:28:45 GMT
server
Tengine
x-amz-cf-pop
FRA60-P3
etag
"d2f666106098b42ee24bdef037f40284"
content-type
image/jpeg
access-control-allow-origin
*
expires
Wed, 11 May 2022 06:40:56 GMT
cache-control
max-age=1209600
accept-ranges
bytes
content-length
17180
x-amz-cf-id
vx3ldcqeiZEFvIZ_B9Xkul8rAvKpUQSHlpsd0xnvF1s-a13nNWClGg==
x-proxy-cache
HIT
liveView.php
live.primis.tech/live/ Frame 9001 		19 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0jJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMTQyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMwQ0ODUyMxZ2nWRyomE1MwM5NmM1MmpyMxZ2nWQ2MwY4YmU2MzEmOTQmNwUjNTx2NwE0Lz1jNCZ2nWRsY29hqGVhqF9cZD0lMTt4MTU5JaZcZF9wo250ZW50X2Ryp2M9Q2y0nSUlN3MeWzFgYW4eo24eTWFln2V0plguozQeU3RlYXRyZ2yyplZ2nWRsY29hqGVhqF90nXRfZT1DnXRcJTI3plgnYW1uovgiovgNYXJeZXRmK2FhZCgTqHJuqGVanWVmJaZcZF9wo250ZW50X2R1pzF0nW9hPTI1MlZxZWJ1Z0yhZz9loWF0nW9hPUFCVCfyMxYeYzyxp3qcqGNbKlUlRvfkKlUlRvg3nXRbo3V0Jat9NDAjJax9MwI1JaB1YyVloD1bqHRjplUmQSUlRvUlRzRunWk5qz9cY2UhY29gJTJGozV3LXyipzfyMxZipzFhZ2V0o3qhJTJGozV3plUlRz55LWRiY3Ripv1woGFcoWVxLW1ipzUgqGuuov0kLW1coGkco24gnW4gZaJuqWR1oGVhqC10YXtgZGVxqWN0nW9hpl1zZWRmLXNurSUlRwtlMDY0MvUlRvZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwMlMxQmMDM0MxQmMwM3NUYmMDM5N0Q3QwpmMmEmNwMlMmpmMmMkMmtmNDqEN0I0MmM1Mmp3RDqCNTM1QTQ3NDY3MDYlNDt2QmMlNwImMwZDNxE1QTUmMmU2QTYlMmImMDNEN0Q3QwYlNwM2ODplNxY2RDY1N0Q3QwpkNwQ2NTpmNxI3NDZGNmA3RDqCNxY3NmY5NxU2NDZGNmp3MmqEN0I1ODM3MmAmMDqEN0I1OTM0MmpmNwqEN0I2NwMkN0Q3QwplNTE1NTRBNTU0OTQmMmt2NmU5NxQ2QmZCNwMmMmY0NmA2NDQ3NEU2RwQ5NDMmODY3NEQ1MmQkNmY0OTQ4NwQ3MDY0NDp2ODp2NwQ1ODUkM0Q3RDqCNEMmMTMjMmxmNDM0N0RGRUZFJzymQXBjPTAzZ2ViTGF0nT01MC4kMTt4Jzqyo0kiozp9OC42ODQmJaVmZXJJpEFxZHI9MzEjMvUmQTZyYTAyM0FwNmFvJTNBMCUmQTEjMTIyM0FzZwA2JTNBMwt0MCUmQTFxYzQzqXNypyVBPU1irzyfoGEyMxY1LwAeJTI4V2yhZG93plgOVCfkMC4jJTNCK1qcowY0JTNCK3t2NCUlOSgBpHBfZVqyYxgcqCUlRwUmNl4mNvfyMwuLSFRNTCUlQlgfnWgyK0qyY2giJTI5K0Nbpz9gZSUlRwEjMC4jLwQ4OTYhMTI3K1NuZzFlnSUlRwUmNl4mNvZmY2uunW49MS4jJTJDMSUlMWZlZWVmqGFlLzNioSUlQmt2NCUlQmEzpGkurWVlQXBcSWQ9ZaJyZXN0YXJQpzygnXNQoGF5ZXIzY3N1qWyxPTYlNwuyNTp4NDRzMWUzY2J1p3Rypw0kNwUkMDQkNwU2ODE4JzqxpHI9MSZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTA=
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30342D32375F30397D7B7331363237333138347D7B4335377D7B535A47467062486C3262326C6A5A53356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583730307D7B593437367D7B66317D7B7251554A5549433867596D6C6B6333647064474E6F494338674D53417649486470644768766458513D7D7B4C31303934347DFEFE&userIpAddr=2a02%3A6ea0%3Ac71b%3A0%3A1012%3Aff06%3A2840%3A1dbd&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F100.0.4896.127+Safari%2F537.36&debugInformation=ABT+%2F+bidswitch+%2F+1+%2F+without&isWePassGdpr=0&schain=1.0%2C1%21freestar.com%2C864%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=6268e57844f1e&debugInfo=16273184_ABT+%2F+bidswitch+%2F+1+%2F+without&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=16273184&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed28c9hxvurpzi&secondaryContent=&x=700&y=476&pubUrl=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=left&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=105&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.1188&geoLong=8.6843&vpTemplate=10944&flowMode=both&isRealPreroll=0&playerApiId=freestarPrimisPlayer&isApp=0&ccpa=0&ccpaConsent=&subId=dailyvoice.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
da9ee7fc0ed74c1e32752a1e09a78c7b991499fd9182767afa72bdc262acb1c7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
server
nginx
age
0
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
https://dailyvoice.com
cache-control
no-store
access-control-allow-credentials
true
x-amz-cf-pop
FRA6-C1
content-type
application/json; charset=utf-8
content-length
4633
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
x-amz-cf-id
u43AztStm5gkfFe9E4h7IrjbDzBXJcpduNdJqjD2GSzGNzt1Psr_6w==
ads
securepubads.g.doubleclick.net/gampad/ 		17 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1067390902724372&correlator=385606515343570&eid=31060890%2C31062930&output=ldjh&gdfp_req=1&vrg=2022042101&ptt=17&impl=fifs&us_privacy=1---&iu_parts=15184186%3A33043040%2Cdailyvoice_adhesion&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1%7C728x90%7C970x90&ifi=2&adks=831946728&sfv=1-0-38&ecs=20220427&fsapi=false&prev_scp=fsrefresh%3D0%26fsrebid%3D0%26floors_id%3Dtimeout%26floors_hour%3D6%26floors_user%3D1%26fs_placementName%3Ddailyvoice_adhesion%26fs_ad_product%3DstickyFooter%26amznbid%3D2%26amznp%3D2%26fspbg%3Dfreestar%26freestar_path%3D%252Fnew-york%252Forangetown%252Fnews%252Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%252F820642%252F%26freestar_domain%3Ddailyvoice.com%26custom_bidder_size%3Dappnexus_728x90%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.08%26hb_adid%3D4001a44f49b50dc%26hb_bidder%3Dappnexus&eri=5&cust_params=user-agent%3DChrome&sc=1&cookie_enabled=1&cdm=dailyvoice.com&abxe=1&dt=1651041656838&dlt=1651041654086&idt=1986&biw=1600&bih=1200&adxs=436&adys=1110&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fdailyvoice.com%2F&loc=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1600x-1&msz=1600x-1&fws=512&ohw=0&ga_vid=2030874453.1651041656&ga_sid=1651041657&ga_hid=1903727552&ga_fc=true&btvi=0&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
116f7935246ff5165fe0318ca0cf95a3c0114de9adf83dd75a406bec2fbd883c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9131
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
baker
sli.dailyvoice.com/ 		0
309 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sli.dailyvoice.com/baker?dtstmp=1651041656870
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:9c00:e:16bc:8080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
via
1.1 120ade321ed0e3697c81eb1eb19b5f62.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA56-C1
x-cache
FunctionGeneratedResponse from cloudfront
content-type
image/gif
content-length
0
x-amz-cf-id
gFDuJDr9VVLX2VcFXaws64FfJbLOOrEvmXFgY1BhyM8mjw61BwJt4w==
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
access-control-allow-credentials
true
vary
Origin
prebid
ib.adnxs.com/ut/v3/ 		13 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
8fd00834c70b3b11f829c118bb66bea7c7593452dbae25debefcefab12d69b1f
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 27 Apr 2022 06:40:57 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
7f54c278-0df7-43d6-96c6-6b44389dc79e
Server
nginx/1.21.3
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://dailyvoice.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
prebid
prebid.media.net/rtb/ 		1 KB
659 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUJ8GUQF
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
33772f987f047ae816d4f0573bbe1a1d5730abea44e57140c95146e895bf2088

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
cygnus
htlb.casalemedia.com/ 		38 B
332 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=640422&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%221507ec7c900fa8ab%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F%22%2C%22name%22%3A%22dailyvoice-com%22%2C%22domain%22%3A%22dailyvoice.com%22%2C%22cat%22%3A%5B%22IAB12%22%5D%2C%22sectioncat%22%3A%5B%22IAB12%22%5D%2C%22pagecat%22%3A%5B%22IAB12%22%5D%2C%22ref%22%3A%22%22%2C%22content%22%3A%7B%22data%22%3A%5B%7B%22name%22%3A%22www.freestar.com%22%2C%22ext%22%3A%7B%22taxonomyname%22%3A%22iab_content_taxonomy%22%7D%2C%22segment%22%3A%5B%7B%22id%22%3A%22379%22%7D%5D%7D%5D%7D%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%225.20.4%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%221513c6e43f3b7b6b%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22640422%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_mrec_btf%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A120%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22640422%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_mrec_btf%22%2C%22sid%22%3A%22120x600%22%7D%7D%2C%7B%22w%22%3A160%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22640422%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_mrec_btf%22%2C%22sid%22%3A%22160x600%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22640422%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_mrec_btf%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_mrec_btf%22%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%22864%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-32-59-34.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
214fa7c2b74dcea00e6be1f471e962a3b170d5eb59d95e3163ac61935f48b700

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[138.199.38.133], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://dailyvoice.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
38
x-ak-client-geo
12
expires
Wed, 27 Apr 2022 06:40:57 GMT
cdb
bidder.criteo.com/ 		18 B
311 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=34&wv=5.20.4&cb=99401026090
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 27 Apr 2022 06:40:55 GMT
content-encoding
gzip
server
Finatra
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
44
bid
ap.lijit.com/rtb/ 		95 B
745 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.20.4
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
f0b4c1ab8f62f3dc63f5c0f4a361e7192f328d729ce7fade50ff01f29252ae97

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 27 Apr 2022 06:40:56 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://dailyvoice.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap7ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
99
hbjson
grid.bidswitch.net/ 		25 B
366 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://grid.bidswitch.net/hbjson
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.211.165.199 North Charleston, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS
199.165.211.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
446c9ce73a9ae2daf640290905f469b196e1a8bec5535afb23ec691b139f696d

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 27 Apr 2022 06:40:57 GMT
Content-Encoding
gzip
Server
nginx
Content-Type
application/json
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
50
auction
c.deployads.com/openrtb2/ 		19 KB
20 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.deployads.com/openrtb2/auction?src=prebid_prebid_5.20.4&host=dailyvoice.com
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.224.74 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-224-74.eu-west-1.compute.amazonaws.com
Software
SortableCactus/1.0 /
Resource Hash
57e51a2a636d1f22b08f8dd5d63a6368ebdd5fda36bdaf4d31fa398c18117290

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
server
SortableCactus/1.0
content-type
application/json
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
19855
prebid
ads.yieldmo.com/exchange/ 		0
223 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/exchange/prebid?pbav=5.20.4&p=%5B%7B%22placement_id%22%3A%22dailyvoice_mrec_btf_3%22%2C%22callback_id%22%3A%22171d171ba8ab34cc%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%2C%5B120%2C600%5D%2C%5B160%2C600%5D%2C%5B300%2C600%5D%5D%2C%22ym_placement_id%22%3A%222662464007037722661%22%2C%22gpid%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_mrec_btf%2Fdailyvoice_mrec_btf_3%22%7D%5D&page_url=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&bust=1651041656902&pr=&scrd=1&dnt=false&description=A%20New%20York%20doctor%20has%20admitted%20to%20tax%20evasion%20after%20federal%20authorities%20say%20he%20claimed%20more%20than%20%241%20million%20in%20fraudulent%20tax%20deductions.Long%20Island%20resident%20Jordan%20Sudberg%20pleaded%20guilty%20on%20Tuesday%2C%20Nov.%2023%20to%20tax%20evasion%20for%20the%20calendar%E2%80%A6&title=NY%20Doctor%20Claimed%20More%20Than%20%241%20Million%20In%20Fraudulent%20Tax%20Deductions%2C%20Feds%20Say%20%7C%20Orangetown%20Daily%20Voice&w=1600&h=1200&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=&pubcid=dce9db50-4dac-44ae-a4f1-659cb8a71eae&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%22864%22%2C%22hp%22%3A1%7D%5D%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22dce9db50-4dac-44ae-a4f1-659cb8a71eae%22%2C%22atype%22%3A1%7D%5D%7D%5D
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.200.109.242 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-200-109-242.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
access-control-allow-credentials
true
x-robots-tag
none,NOINDEX,NOFOLLOW
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
translator
hbopenbid.pubmatic.com/ 		0
59 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
auction
tlx.3lift.com/header/ 		19 B
721 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=5.20.4&referrer=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&tmax=1200
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.156.14.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-14-215.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
accept-ch
sec-ch-ua-mobile,sec-ch-save-data,sec-ch-device-memory,sec-ch-dpr,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-viewport-width,sec-ch-ua-platform,sec-ch-viewport-height,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua,sec-ch-ua-bitness,sec-ch-prefers-color-scheme,sec-ch-width,sec-ch-ect,user-agent,sec-ch-downlink
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		683 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=2002856&size_id=15&alt_size_ids=9%2C8%2C10&rp_schain=1.0,1!freestar.com,864,1,,,&eid_pubcid.org=dce9db50-4dac-44ae-a4f1-659cb8a71eae%5E1&rf=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&tg_i.name=dailyvoice-com&tg_i.domain=dailyvoice.com&tg_i.cat=IAB12&tg_i.sectioncat=IAB12&tg_i.pagecat=IAB12&tg_i.page=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&tg_i.fs_ad_product=banner&tg_i.dfp_ad_unit_code=15184186%2C33043040%2Fdailyvoice_mrec_btf&tg_i.pbadslot=15184186%2C33043040%2Fdailyvoice_mrec_btf%2Fdailyvoice_mrec_btf_3&tk_flint=pbjs_lite_v5.20.4&x_source.tid=60041ee1-6322-452f-a749-42fe569edd99&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.1458878173319993
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
c9cdb84282807a2bb464f3c0e957ac1e5f73ad4b5e1b1becfa590c0b9b03d948

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:57 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://dailyvoice.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
683
Expires
Wed, 17 Sep 1975 21:32:10 GMT
/
hb.emxdgt.com/ 		0
157 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=1200&ts=1651041656906&src=pbjs
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.0.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-0-245.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:56 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
arj
freestar-d.openx.net/w/1.0/ 		73 B
101 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=60041ee1-6322-452f-a749-42fe569edd99&nocache=1651041656907&scsm=www.freestar.com%3A379&pubcid=f43b9d98-f955-406f-8f40-a6342cf7d32b&schain=1.0%2C1!freestar.com%2C864%2C1%2C%2C%2C&aus=300x250%2C120x600%2C160x600%2C300x600&divids=dailyvoice_mrec_btf_3&aucs=%252F15184186%252C33043040%252Fdailyvoice_mrec_btf%252Fdailyvoice_mrec_btf_3&auid=539181725
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
d9b8b871df7975e9ac99e384f239bbdc7625ca62f71c0b8b73f636633f7ce4a8

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://dailyvoice.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a9694120174744413194708f3730a02&cmd=bid&req=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&secure=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
8ecb65a128ee341cc58f4bcfb7682900e31f1be26eb6c169aa2bbe26e468f57e

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
server
ATS/9.1.0.46
age
1
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
94 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a969412017474441319471d039f0b18&cmd=bid&req=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&secure=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
b6074a1f9d6996c9ec01f6a9294f5e966c9768a26e39c7600dddb217fb08e8f6

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
server
ATS/9.1.0.46
age
2
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
117 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a969412017474441319471d01dd0b17&cmd=bid&req=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&secure=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
5a20d2457913a3aa6c2fe7aa0bcf711a7f7dbd81a1dc1c3006a8ae19f9c64a28

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
server
ATS/9.1.0.46
age
1
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
content-length
62
ads
securepubads.g.doubleclick.net/gampad/ 		120 KB
30 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1067390902724372&correlator=4240631525689235&eid=31060890%2C31062930&output=ldjh&gdfp_req=1&vrg=2022042101&ptt=17&impl=fifs&us_privacy=1---&iu_parts=33043040%2Cbtf_rectangle%2Csticky_topright&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=300x250%2C300x250&ifi=3&adks=485156472%2C187786690&sfv=1-0-38&ecs=20220427&fsapi=false&prev_scp=domains%3Dorangetown.dailyvoice.com%26zones%3Dnews%26order_id%3DNONE%26line_item_id%3DNONE%26article_id%3D820642%26pv_count%3D1%26dv_bucket%3D8%7Cdomains%3Dorangetown.dailyvoice.com%26zones%3Dnews%26order_id%3DNONE%26line_item_id%3DNONE%26article_id%3D820642%26pv_count%3D1%26dv_bucket%3D8&eri=5&cust_params=user-agent%3DChrome&sc=1&cookie_enabled=1&cdm=dailyvoice.com&abxe=1&dt=1651041656924&dlt=1651041654086&idt=1986&biw=1600&bih=1200&adxs=256%2C650&adys=1324%2C3778&ucis=3%7C4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fdailyvoice.com%2F&loc=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=300x703%7C1600x3778&msz=300x250%7C1600x0&fws=4%2C4&ohw=300%2C1600&ga_vid=2030874453.1651041656&ga_sid=1651041657&ga_hid=1903727552&ga_fc=true&btvi=1%7C2&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
eaf6aefe98e6c4fa07558a4739694013c88309d2a12cc1766b7804028ae1b1c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31116
x-xss-protection
0
google-lineitem-id
5871250001,-1
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138325158647,-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		19 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1067390902724372&correlator=4240631525689235&eid=31060890%2C31062930&output=ldjh&gdfp_req=1&vrg=2022042101&ptt=17&impl=fifs&us_privacy=1---&iu_parts=15184186%3A33043040%2Cdailyvoice_leaderboard_atf&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x90%7C970x250&ifi=5&adks=1066284786&sfv=1-0-38&ecs=20220427&fsapi=false&prev_scp=fsrefresh%3D0%26fsrebid%3D0%26floors_id%3Dtimeout%26floors_hour%3D6%26floors_user%3D1%26fs_placementName%3Ddailyvoice_leaderboard_atf%26fs_ad_product%3Dbanner%26amznbid%3D2%26amznp%3D2%26fspbg%3Dfreestar%26freestar_path%3D%252Fnew-york%252Forangetown%252Fnews%252Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%252F820642%252F%26freestar_domain%3Ddailyvoice.com%26custom_bidder_size%3Dappnexus_970x90%26hb_format%3Dbanner%26hb_size%3D970x90%26hb_pb%3D0.02%26hb_adid%3D242bd6055fb0fb81%26hb_bidder%3Dappnexus&eri=5&cust_params=user-agent%3DChrome&sc=1&cookie_enabled=1&cdm=dailyvoice.com&abxe=1&dt=1651041656952&dlt=1651041654086&idt=1986&biw=1600&bih=1200&adxs=507&adys=248&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fdailyvoice.com%2F&loc=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1300x284&msz=1302x284&fws=4&ohw=1300&ga_vid=2030874453.1651041656&ga_sid=1651041657&ga_hid=1903727552&ga_fc=true&btvi=0&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
1b89cef3848e760783d29069642f63944d24e51f6de32ba7c772d09beb24bc92
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10245
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v19/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v19/pxiEyp8kv8JHgFVrJJfecg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://dailyvoice.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 19:30:15 GMT
x-content-type-options
nosniff
age
558641
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7884
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 19:17:03 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 20 Apr 2023 19:30:15 GMT
container.html
3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 521A 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 06:40:56 GMT
expires
Thu, 27 Apr 2023 06:40:56 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
/
www.facebook.com/tr/ Frame B9EE 		0
15 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
null
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
null
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 06:40:57 GMT
priority
u=0
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 4674 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://dailyvoice.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Fri, 22 Apr 2022 01:46:21 GMT
x-content-type-options
nosniff
age
449676
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 22 Apr 2023 01:46:21 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=dailyvoice.com
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=dailyvoice.com
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		17 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1067390902724372&correlator=4240631525689235&eid=31060890%2C31062930&output=ldjh&gdfp_req=1&vrg=2022042101&ptt=17&impl=fifs&us_privacy=1---&iu_parts=15184186%3A33043040%2Cdailyvoice_mrec_atf&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C120x600%7C160x600%7C300x600&ifi=6&adks=2073927154&sfv=1-0-38&ecs=20220427&fsapi=false&prev_scp=fsrefresh%3D0%26fsrebid%3D0%26floors_id%3Dtimeout%26floors_hour%3D6%26floors_user%3D1%26fs_placementName%3Ddailyvoice_mrec_atf%26fs_ad_product%3Dsuperflex%26amznbid%3D2%26amznp%3D2%26fspbg%3Dfreestar%26freestar_path%3D%252Fnew-york%252Forangetown%252Fnews%252Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%252F820642%252F%26freestar_domain%3Ddailyvoice.com%26custom_bidder_size%3Dappnexus_300x600%26hb_format%3Dbanner%26hb_size%3D300x600%26hb_pb%3D0.10%26hb_adid%3D246a9e402bf13556%26hb_bidder%3Dappnexus&eri=5&cust_params=user-agent%3DChrome&sc=1&cookie=ID%3Dd1b90674eb6f343d-225e408485cd00b2%3AT%3D1651041656%3AS%3DALNI_MaoFVlVEc92OfIwcQs5DUdynwQN4Q&cdm=dailyvoice.com&abxe=1&dt=1651041657066&dlt=1651041654086&idt=1986&biw=1600&bih=1200&adxs=1196&adys=720&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fdailyvoice.com%2F&loc=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=349x2987&msz=348x649&fws=4&ohw=348&ga_vid=2030874453.1651041656&ga_sid=1651041657&ga_hid=1903727552&ga_fc=true&btvi=0&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
3123fd4cb3416d8d1e92ed1c84f73912119f61de8cc4839ca4601445bda57274
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9709
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubfig.messaging.2.25.0.9843edf0e05467b8fcc058bd038d3ff50171db2479e2.js
a.pub.network/core/pubfig/ 		182 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.pub.network/core/pubfig/pubfig.messaging.2.25.0.9843edf0e05467b8fcc058bd038d3ff50171db2479e2.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
daffdd6f62e491d3b2ab8012fb6c886e904863487f503e76a4fc6281594d533b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-goog-hash
crc32c=g723/Q==, md5=cMEEZ9k/uijR78lkvnZ7nw==
date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
54409
x-guploader-uploadid
ADPycdv58pZ74cxEYSm0I2GGGyPcRxxbi2wWHS339Geq8BhjmMFURtwpoqIc-F87m7tEXqJaSLxa3Bf5l2wOfpsnoFtDGO2rwVIC
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-type
application/javascript
access-control-allow-origin
*
last-modified
Thu, 14 Apr 2022 20:41:58 GMT
server
cloudflare
etag
W/"70c10467d93fba28d1efc964be767b9f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1uvaweKEyrwYI4SFi8wEgquY6ykDeXz0Mg2LVelqiYXw33qRNsFsCJIx8C%2Ftd%2Fg2PKjQWlmFuLtp%2BFGYwFgkzWjplV0nQzg7rIFeT6vi38m8gU%2BzYrCRFih6I8D%2BG1u8jhREKoezWh2r9ts%3D"}],"group":"cf-nel","max_age":604800}
content-language
en
x-goog-generation
1649968918804884
access-control-expose-headers
*
cache-control
public, max-age=3600
x-goog-stored-content-length
186084
cf-ray
702591d4c9116903-FRA
expires
Tue, 26 Apr 2022 16:34:07 GMT
PBJS
c2shb.pubgw.yahoo.com/admax/bid/partners/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/admax/bid/partners/PBJS
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://dailyvoice.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://dailyvoice.com
access-control-max-age
600
age
0
content-length
0
date
Wed, 27 Apr 2022 06:40:57 GMT
server
ATS/9.1.0.46
/
hb.emxdgt.com/ Frame 9001 		0
157 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=3000&ts=1651041657119&src=pbjs
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.6.18.0_1.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.0.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-0-245.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:57 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
auction
prebid-server.rubiconproject.com/openrtb2/ Frame 9001 		173 B
402 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.6.18.0_1.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.69.5 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-69-5.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
9cc352f8e5a6bc41a53aae54efb6ba423d9620049d53e9cb4dd0bef618e0f2af

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
gzip
x-prebid
pbs-java/1.87.1
content-type
application/json
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
168
expires
0
translator
hbopenbid.pubmatic.com/ Frame 9001 		0
59 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.6.18.0_1.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:57 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cygnus
htlb.casalemedia.com/ Frame 9001 		36 B
330 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=491831&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%227d4700881754e5%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.18.0%22%2C%22userIds%22%3A%5B%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2287d128dea9ab74%22%2C%22ext%22%3A%7B%22siteID%22%3A%22491831%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%2C%22gpid%22%3A%22%2F106981%22%7D%2C%22video%22%3A%7B%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%2C%22video%2Fwebm%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A200%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22placement%22%3A1%2C%22startdelay%22%3A0%2C%22skip%22%3A1%2C%22w%22%3A400%2C%22h%22%3A225%7D%2C%22bidfloor%22%3A2.6%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%22864%22%2C%22hp%22%3A1%7D%2C%7B%22asi%22%3A%22primis.tech%22%2C%22sid%22%3A%2227975%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A1%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.6.18.0_1.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-32-59-34.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
50e14c7dc3e3d56e997e61f3d3b0d630a0fb9c9edaa32c6de1cf7206f6dd1e17

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[138.199.38.133], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://dailyvoice.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
36
x-ak-client-geo
12
expires
Wed, 27 Apr 2022 06:40:57 GMT
avjp
primis-d.openx.net/v/1.0/ Frame 9001 		106 B
173 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://primis-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=cb693a49-c410-41d6-b2ea-5822bfaf6892&nocache=1651041657131&gdpr_consent=&gdpr=1&schain=1.0%2C1!freestar.com%2C864%2C1%2C%2C%2C!primis.tech%2C27975%2C1%2C%2C%2C&auid=540289187&vwd=400&vht=225&aucs=adUnit_9&aumfs=2600
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.6.18.0_1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
via
1.1 google
server
OXGW/18.1.0
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://dailyvoice.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
106
expires
Mon, 26 Jul 1997 05:00:00 GMT
PBJS
c2shb.pubgw.yahoo.com/admax/bid/partners/ Frame 9001 		0
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/admax/bid/partners/PBJS
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.6.18.0_1.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
x-openrtb-version
2.5
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:57 GMT
access-control-allow-credentials
true
server
ATS/9.1.0.46
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
v1
prg.smartadserver.com/prebid/ Frame 9001 		171 B
556 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.6.18.0_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
81.17.55.161 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
br
vary
Accept-Encoding, Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache,no-store
transfer-encoding
chunked
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
openrtb
adx.adform.net/adx/ Frame 9001 		0
408 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/openrtb
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.6.18.0_1.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1
swfIndex.php
ads.stickyadstv.com/www/delivery/ Frame 9001 		67 B
578 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.stickyadstv.com/www/delivery/swfIndex.php?reqType=AdsSetup&protocolVersion=2.0&zoneId=14000367&componentId=prebid&componentSubId=mustang&timestamp=1651041657136&pKey=-1374867967&_fw_gdpr_consent=&_fw_gdpr=true&schain=1.0%2C1!freestar.com%2C864%2C1%2C3d8d520d-958e-4e86-9a4d-90e1bb77e6b9%2C%2C!primis.tech%2C27975%2C1%2C%2C%2C&loc=https%3A%2F%2Fdailyvoice.com%2F&playerSize=400x225
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.6.18.0_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-233.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:57 GMT
Server
nginx
Content-Type
application/xml;charset=UTF-8
Access-Control-Allow-Origin
https://dailyvoice.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
67
x-sticky-vk
1651041657087083-555
Expires
Wed, 27 Apr 2022 06:40:57 GMT
openrtb
adx.adform.net/adx/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/openrtb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://dailyvoice.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://dailyvoice.com
access-control-max-age
86400
allow
POST,OPTIONS
cache-control
no-cache, no-store, must-revalidate, no-transform
date
Wed, 27 Apr 2022 06:40:57 GMT
expires
-1
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 9001 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-173.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-amz-version-id
khsXo6Z3HSo5bHNWbmb1eMp88IHhxPc.
content-encoding
gzip
etag
W/"a4d296427fc806b21335359e398c025c"
age
18791
x-cache
Hit from cloudfront
access-control-max-age
3000
access-control-allow-origin
*
last-modified
Thu, 17 Mar 2022 02:21:48 GMT
server
AmazonS3
date
Wed, 27 Apr 2022 01:27:47 GMT
vary
Origin
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 f58d1aa3b3b084adbea41c7523e2047e.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
c6ODYzbPASz5c1qGVrk2s45pjQBU68X6lmkEmwdCTZdwZRRp2WM13A==
cygnus
htlb.casalemedia.com/ 		38 B
332 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=640422&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22189983d02ad580ef%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F%22%2C%22name%22%3A%22dailyvoice-com%22%2C%22domain%22%3A%22dailyvoice.com%22%2C%22cat%22%3A%5B%22IAB12%22%5D%2C%22sectioncat%22%3A%5B%22IAB12%22%5D%2C%22pagecat%22%3A%5B%22IAB12%22%5D%2C%22ref%22%3A%22%22%2C%22content%22%3A%7B%22data%22%3A%5B%7B%22name%22%3A%22www.freestar.com%22%2C%22ext%22%3A%7B%22taxonomyname%22%3A%22iab_content_taxonomy%22%7D%2C%22segment%22%3A%5B%7B%22id%22%3A%22379%22%7D%5D%7D%5D%7D%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%225.20.4%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22190c16f9d3951c9%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22640422%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_mrec_btf%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A120%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22640422%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_mrec_btf%22%2C%22sid%22%3A%22120x600%22%7D%7D%2C%7B%22w%22%3A160%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22640422%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_mrec_btf%22%2C%22sid%22%3A%22160x600%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22640422%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_mrec_btf%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_mrec_btf%22%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%22864%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-32-59-34.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c5559fc86338c82a7b56b591cf08118bade233b634dd2fb242d63404843aceeb

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[138.199.38.133], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://dailyvoice.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
38
x-ak-client-geo
12
expires
Wed, 27 Apr 2022 06:40:57 GMT
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:57 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:57 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:57 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:57 GMT
access-control-allow-credentials
true
vary
Origin
cdb
bidder.criteo.com/ 		18 B
311 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=34&wv=5.20.4&cb=83333289295
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 27 Apr 2022 06:40:56 GMT
content-encoding
gzip
server
Finatra
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
44
auction
tlx.3lift.com/header/ 		19 B
721 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=5.20.4&referrer=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&tmax=1200
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.156.14.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-14-215.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
accept-ch
sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-dpr,sec-ch-device-memory,sec-ch-save-data,sec-ch-ua-mobile,sec-ch-downlink,user-agent,sec-ch-ect,sec-ch-width,sec-ch-prefers-color-scheme,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-arch,sec-ch-rtt,sec-ch-viewport-height,sec-ch-ua-platform,sec-ch-viewport-width
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
bid
ap.lijit.com/rtb/ 		95 B
745 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.20.4
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
d96489e10b60260ccdf894f24037d46b670d706117afb5dd73ed7a5f944d05e8

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 27 Apr 2022 06:40:57 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://dailyvoice.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap7ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
99
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a9694120174744413194708f3730a02&cmd=bid&req=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&secure=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
f813bab93e06a38f21ef91e7f0e3e04db644bd92e509e27d977cd9cf8671ed91

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
server
ATS/9.1.0.46
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a969412017474441319471d039f0b18&cmd=bid&req=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&secure=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
269d04418844c90b2e3843917371c34228a1b080a60e4e6b35b6501c4957963a

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
server
ATS/9.1.0.46
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a969412017474441319471d01dd0b17&cmd=bid&req=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&secure=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
513eac1c9df53dc09a19720d714f7afd58590025d2d57ce16be83bc5f0663f66

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
server
ATS/9.1.0.46
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
content-length
62
prebid
prebid.media.net/rtb/ 		1 KB
658 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUJ8GUQF
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
51cb6b458d4548438ace3dab2118391f6e80eadab708677560f8548abfe46629

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
prebid
ib.adnxs.com/ut/v3/ 		13 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
9fb631e2f7a02408c35a7c38d66b604ce5b3a056cd3e4744f744375bf949d742
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 27 Apr 2022 06:40:57 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
22b7ecaf-b4e8-4bdf-b3de-e48283455f3a
Server
nginx/1.21.3
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://dailyvoice.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
arj
freestar-d.openx.net/w/1.0/ 		73 B
101 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=3981a2a9-9f40-4d90-b920-c89a46f51837&nocache=1651041657192&scsm=www.freestar.com%3A379&pubcid=f43b9d98-f955-406f-8f40-a6342cf7d32b&schain=1.0%2C1!freestar.com%2C864%2C1%2C%2C%2C&aus=300x250%2C120x600%2C160x600%2C300x600&divids=dailyvoice_mrec_btf_4&aucs=%252F15184186%252C33043040%252Fdailyvoice_mrec_btf%252Fdailyvoice_mrec_btf_4&auid=539181725
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
c32c1f1aeb37aa15f1a29d8685d0c47b9ec1a3d910eeae55b378a14c7d47e226

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
gzip
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://dailyvoice.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
prebid
ads.yieldmo.com/exchange/ 		0
223 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/exchange/prebid?pbav=5.20.4&p=%5B%7B%22placement_id%22%3A%22dailyvoice_mrec_btf_4%22%2C%22callback_id%22%3A%22224f40e374a91ce6%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%2C%5B120%2C600%5D%2C%5B160%2C600%5D%2C%5B300%2C600%5D%5D%2C%22ym_placement_id%22%3A%222662464007037722661%22%2C%22gpid%22%3A%22%2F15184186%2C33043040%2Fdailyvoice_mrec_btf%2Fdailyvoice_mrec_btf_4%22%7D%5D&page_url=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&bust=1651041657192&pr=&scrd=1&dnt=false&description=A%20New%20York%20doctor%20has%20admitted%20to%20tax%20evasion%20after%20federal%20authorities%20say%20he%20claimed%20more%20than%20%241%20million%20in%20fraudulent%20tax%20deductions.Long%20Island%20resident%20Jordan%20Sudberg%20pleaded%20guilty%20on%20Tuesday%2C%20Nov.%2023%20to%20tax%20evasion%20for%20the%20calendar%E2%80%A6&title=NY%20Doctor%20Claimed%20More%20Than%20%241%20Million%20In%20Fraudulent%20Tax%20Deductions%2C%20Feds%20Say%20%7C%20Orangetown%20Daily%20Voice&w=1600&h=1200&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=&pubcid=dce9db50-4dac-44ae-a4f1-659cb8a71eae&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%22864%22%2C%22hp%22%3A1%7D%5D%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22dce9db50-4dac-44ae-a4f1-659cb8a71eae%22%2C%22atype%22%3A1%7D%5D%7D%5D
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.200.109.242 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-200-109-242.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
access-control-allow-credentials
true
x-robots-tag
none,NOINDEX,NOFOLLOW
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
/
hb.emxdgt.com/ 		0
157 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=1200&ts=1651041657193&src=pbjs
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.0.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-0-245.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:57 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
hbjson
grid.bidswitch.net/ 		25 B
366 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://grid.bidswitch.net/hbjson
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.211.165.199 North Charleston, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS
199.165.211.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
b99718ab28a7cd0815479f21717f5ff0513b5be0890e7ad441bb631cd26ce6ae

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 27 Apr 2022 06:40:57 GMT
Content-Encoding
gzip
Server
nginx
Content-Type
application/json
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
50
auction
c.deployads.com/openrtb2/ 		19 KB
19 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.deployads.com/openrtb2/auction?src=prebid_prebid_5.20.4&host=dailyvoice.com
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.224.74 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-224-74.eu-west-1.compute.amazonaws.com
Software
SortableCactus/1.0 /
Resource Hash
4538cc4177df7a0c047d9a66622403ff7557e34b1d05fd0f66b3d8544cff880b

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
server
SortableCactus/1.0
content-type
application/json
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
19246
fastlane.json
fastlane.rubiconproject.com/a/api/ 		683 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=2002856&size_id=15&alt_size_ids=9%2C8%2C10&rp_schain=1.0,1!freestar.com,864,1,,,&eid_pubcid.org=dce9db50-4dac-44ae-a4f1-659cb8a71eae%5E1&rf=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&tg_i.name=dailyvoice-com&tg_i.domain=dailyvoice.com&tg_i.cat=IAB12&tg_i.sectioncat=IAB12&tg_i.pagecat=IAB12&tg_i.page=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&tg_i.fs_ad_product=banner&tg_i.dfp_ad_unit_code=15184186%2C33043040%2Fdailyvoice_mrec_btf&tg_i.pbadslot=15184186%2C33043040%2Fdailyvoice_mrec_btf%2Fdailyvoice_mrec_btf_4&tk_flint=pbjs_lite_v5.20.4&x_source.tid=3981a2a9-9f40-4d90-b920-c89a46f51837&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6576793395319716
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
1f1fe3cbc67f1439fde595eb8a23c66a3c601ec24f64b573b2d046bb20692662

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:57 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://dailyvoice.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
683
Expires
Wed, 17 Sep 1975 21:32:10 GMT
translator
hbopenbid.pubmatic.com/ 		0
59 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dailyvoice.com
date
Wed, 27 Apr 2022 06:40:55 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
container.html
3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 389A 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 06:40:56 GMT
expires
Thu, 27 Apr 2023 06:40:56 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
49a121f076f0419fad1d9544f0ab0768
i.liadm.com/s/e/a-00ex/0/ Frame E065
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-00ex%2F0%2F49a121f076f0419fad1d9544f0ab0768%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&13711f39-e3c9-46dc-a55e-205...
  • https://i.liadm.com/s/e/a-00ex/0/49a121f076f0419fad1d9544f0ab0768?mpid=7156&muid=671e6268-e579-4a00-9b31-03aa76d871a7
43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.liadm.com/s/e/a-00ex/0/49a121f076f0419fad1d9544f0ab0768?mpid=7156&muid=671e6268-e579-4a00-9b31-03aa76d871a7
Requested by
Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-00ex?s=&cim=&ps=true&ls=true&duid=6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol
HTTP/1.1
Server
35.172.159.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-172-159-73.compute-1.amazonaws.com
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://i.liadm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:40:57 GMT
Cache-Control
no-store
Connection
keep-alive
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

Date
Wed, 27 Apr 2022 06:40:57 GMT
Server
MT3 4335 2c68c00 master ord-pixel-x52 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://i.liadm.com/s/e/a-00ex/0/49a121f076f0419fad1d9544f0ab0768?mpid=7156&muid=671e6268-e579-4a00-9b31-03aa76d871a7
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 27 Apr 2022 06:40:56 GMT
35759
i6.liadm.com/s/ Frame E065
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=liveintent&ttd_tpi=1
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=liveintent&ttd_tpi=1
  • https://i.liadm.com/s/35759?bidder_id=44489&bidder_uuid=1c450bec-b2fe-4198-a495-f72f24a1217e
  • https://i6.liadm.com/s/35759?bidder_id=44489&bidder_uuid=1c450bec-b2fe-4198-a495-f72f24a1217e
43 B
419 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i6.liadm.com/s/35759?bidder_id=44489&bidder_uuid=1c450bec-b2fe-4198-a495-f72f24a1217e
Requested by
Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-00ex?s=&cim=&ps=true&ls=true&duid=6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol
HTTP/1.1
Server
2600:1f18:444a:4602:2c20:3113:5c28:1366 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://i.liadm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:40:57 GMT
Cache-Control
no-store
Connection
keep-alive
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/35759?bidder_id=44489&bidder_uuid=1c450bec-b2fe-4198-a495-f72f24a1217e
Date
Wed, 27 Apr 2022 06:40:56 GMT
Connection
keep-alive
Content-Length
0
Strict-Transport-Security
max-age=31536000; includeSubDomains
49a121f076f0419fad1d9544f0ab0768
i.liadm.com/s/e/a-00ex/0/ Frame E065
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=127444&dpuuid=13711f39-e3c9-46dc-a55e-2054f1e848d7&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-00ex%2F0%2F49a121f076f0419fad1d9544f0ab0768%3Fmpid%3D82775%26muid%3D%2...
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=127444&dpuuid=13711f39-e3c9-46dc-a55e-2054f1e848d7&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-00ex%2F0%2F49a121f076f0419fad1d9544f0ab0768%3Fmp...
  • https://i.liadm.com/s/e/a-00ex/0/49a121f076f0419fad1d9544f0ab0768?mpid=82775&muid=18111496120938825200621355339970630952
43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.liadm.com/s/e/a-00ex/0/49a121f076f0419fad1d9544f0ab0768?mpid=82775&muid=18111496120938825200621355339970630952
Requested by
Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-00ex?s=&cim=&ps=true&ls=true&duid=6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol
HTTP/1.1
Server
35.172.159.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-172-159-73.compute-1.amazonaws.com
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://i.liadm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:40:57 GMT
Cache-Control
no-store
Connection
keep-alive
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

DCS
dcs-prod-irl1-2-v031-0d4d3d619.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
rxM/976gRBQ=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://i.liadm.com/s/e/a-00ex/0/49a121f076f0419fad1d9544f0ab0768?mpid=82775&muid=18111496120938825200621355339970630952
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
live_intent_sync
x.dlx.addthis.com/e/ Frame E065
Redirect Chain
  • https://x.dlx.addthis.com/e/live_intent_sync?na_exid=13711f39-e3c9-46dc-a55e-2054f1e848d7
  • https://x.dlx.addthis.com/e/live_intent_sync?na_exid=13711f39-e3c9-46dc-a55e-2054f1e848d7&rd=Y
43 B
604 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.dlx.addthis.com/e/live_intent_sync?na_exid=13711f39-e3c9-46dc-a55e-2054f1e848d7&rd=Y
Requested by
Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-00ex?s=&cim=&ps=true&ls=true&duid=6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol
H2
Server
104.111.215.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-215-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=2628000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://i.liadm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
cache-control
max-age=0, no-cache, no-store
expires
Wed, 27 Apr 2022 06:40:57 GMT
content-length
43
strict-transport-security
max-age=2628000
content-type
image/gif

Redirect headers

location
https://x.dlx.addthis.com/e/live_intent_sync?na_exid=13711f39-e3c9-46dc-a55e-2054f1e848d7&rd=Y
pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
cache-control
max-age=0, no-cache, no-store
content-length
0
strict-transport-security
max-age=2628000
expires
Wed, 27 Apr 2022 06:40:57 GMT
52176
i6.liadm.com/s/ Frame E065
Redirect Chain
  • https://x.bidswitch.net/syncd?dsp_id=256&user_group=2&user_id=13711f39-e3c9-46dc-a55e-2054f1e848d7&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D
  • https://x.bidswitch.net/ul_cb/syncd?dsp_id=256&user_group=2&user_id=13711f39-e3c9-46dc-a55e-2054f1e848d7&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D
  • https://i.liadm.com/s/52176?bidder_id=5298&bidder_uuid=2275a37a-a7fe-43bf-85f5-f6d1ffd0e621
  • https://i6.liadm.com/s/52176?bidder_id=5298&bidder_uuid=2275a37a-a7fe-43bf-85f5-f6d1ffd0e621
43 B
419 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i6.liadm.com/s/52176?bidder_id=5298&bidder_uuid=2275a37a-a7fe-43bf-85f5-f6d1ffd0e621
Requested by
Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-00ex?s=&cim=&ps=true&ls=true&duid=6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol
HTTP/1.1
Server
2600:1f18:444a:4602:2c20:3113:5c28:1366 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://i.liadm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:40:57 GMT
Cache-Control
no-store
Connection
keep-alive
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/52176?bidder_id=5298&bidder_uuid=2275a37a-a7fe-43bf-85f5-f6d1ffd0e621
Date
Wed, 27 Apr 2022 06:40:56 GMT
Connection
keep-alive
Content-Length
0
Strict-Transport-Security
max-age=31536000; includeSubDomains
sync
odr.mookie1.com/t/v2/ Frame E065
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=liveintent&user_id=13711f39-e3c9-46dc-a55e-2054f1e848d7
  • https://x.bidswitch.net/ul_cb/sync?ssp=liveintent&user_id=13711f39-e3c9-46dc-a55e-2054f1e848d7
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=2275a37a-a7fe-43bf-85f5-f6d1ffd0e621&ssp=liveintent&gdpr=&gdpr_consent=
43 B
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=2275a37a-a7fe-43bf-85f5-f6d1ffd0e621&ssp=liveintent&gdpr=&gdpr_consent=
Requested by
Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-00ex?s=&cim=&ps=true&ls=true&duid=6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol
H2
Server
34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
61.67.98.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://i.liadm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
via
1.1 google
server
Apache
p3p
CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif;charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-application-context
application
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
//odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=2275a37a-a7fe-43bf-85f5-f6d1ffd0e621&ssp=liveintent&gdpr=&gdpr_consent=
Date
Wed, 27 Apr 2022 06:40:57 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
/
trc.taboola.com/sg/liveintent/1/cm/ Frame E065 		43 B
243 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/liveintent/1/cm/
Requested by
Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-00ex?s=&cim=&ps=true&ls=true&duid=6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://i.liadm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-vcl-time-ms
180
pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
via
1.1 varnish
server
nginx
x-timer
S1651041658.977416,VS0,VE180
x-served-by
cache-icn1450087-ICN
x-cache
MISS
cache-control
no-cache, no-store
accept-ranges
bytes
x-cache-hits
0
css2
fonts.googleapis.com/ Frame 521A 		4 KB
634 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 05:45:45 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 27 Apr 2022 06:40:57 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 27 Apr 2022 06:40:57 GMT
css
fonts.googleapis.com/ Frame 35AB 		8 KB
892 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8393b0f49cbaac879bc0a89a8d6fc918081a21fd4b13e5ae4416d2c1afbcca92
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 05:44:41 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 27 Apr 2022 06:40:57 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 27 Apr 2022 06:40:57 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/ Frame 35AB 		2 KB
984 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:36:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
284
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
877
x-xss-protection
0
server
cafe
etag
13035868154101442325
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:36:13 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/ Frame 35AB 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/abg_lite_fy2019.js
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b83149463619a5f4bbee21909e8a99a085f15713e48d6522d0a3173b94a20e1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:33:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
451
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8007
x-xss-protection
0
server
cafe
etag
8765308293129799388
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:33:26 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/ Frame 35AB 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/window_focus_fy2019.js
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:37:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
230
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:37:07 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 35AB 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef2e3293c1558e5b49e30e1e094cfc3412ec386a68067aee04a92fc913f2c2ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36950
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1650454428054601"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 27 Apr 2022 06:40:57 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/ Frame 35AB 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:02:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2304
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6415
x-xss-protection
0
server
cafe
etag
567849196274905959
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:02:33 GMT
l
www.google.com/ads/measurement/ Frame 35AB 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTOVh25eL2lqS8RMmeuvtOOLB08oQRVWnGJIp87uD380ktGxc4JpcSTsmILc4r9BVkmYTt97NdGCMuwBVIDp6a0JpkRWg
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers
3c09399fce195357915a25abcce0a496.js
www.gstatic.com/mysidia/ Frame 35AB 		30 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/3c09399fce195357915a25abcce0a496.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fd5dc39e7e8c3e52dd51f848aa140401de17ec1f545e4595b03923b1f836021a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Fri, 22 Apr 2022 07:48:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
427932
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12188
x-xss-protection
0
last-modified
Wed, 20 Apr 2022 08:44:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Thu, 21 Jul 2022 07:48:45 GMT
interstitial_ad_frame_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/elements/html/ Frame 521A 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/elements/html/interstitial_ad_frame_fy2019.js
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
01284adf0039080c4d89732ef83440fd31b310a7bf3867b83b030f99ffd1f1c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:33:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
472
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8280
x-xss-protection
0
server
cafe
etag
1405619832300133377
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:33:05 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 521A 		205 B
518 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 04:23:51 GMT
x-content-type-options
nosniff
age
8226
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
205
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 27 Apr 2023 04:23:51 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 521A 		604 B
695 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 02:39:47 GMT
x-content-type-options
nosniff
age
14470
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
604
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 27 Apr 2023 02:39:47 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame 633E 		0
42 B 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=93304739&p=159196&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=1---
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6268e57844f1e%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
content-length
0
csync
sync.console.adtarget.com.tr/ Frame AD8F 		0
397 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=550070&extuid=${USER_ID}
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://s.console.adtarget.com.tr/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Content-Length
0
Date
Wed, 27 Apr 2022 06:40:56 GMT
Etag
812f2c972e2a6dc9
Server
VertaMedia 1.0
csync
sync.console.adtarget.com.tr/ Frame 6669
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=admatic
  • https://creativecdn.com/cm-notify?pi=admatic&tc=1
  • https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=QuO7j6tCXszybLZpKdGp&pi=admatic&tc=1
0
407 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=QuO7j6tCXszybLZpKdGp&pi=admatic&tc=1
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://s.console.adtarget.com.tr/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Content-Length
0
Date
Wed, 27 Apr 2022 06:40:56 GMT
Etag
812f2c972e2a6dc9
Server
VertaMedia 1.0

Redirect headers

cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
date
Wed, 27 Apr 2022 06:40:57 GMT Wed, 27 Apr 2022 06:40:57 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=QuO7j6tCXszybLZpKdGp&pi=admatic&tc=1
pragma
no-cache
pbsync.html
js.adscale.de/ Frame 1D6F 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:c200:f:4f64:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c82fab08e93db8934a27f5b26ddf48c8a013a92a21ea15b7fa8b675b0d866040

Request headers

Referer
https://s.console.adtarget.com.tr/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
7148
cache-control
max-age=7200
content-encoding
gzip
content-type
text/html
date
Wed, 27 Apr 2022 04:41:50 GMT
etag
W/"9f4e83cc82a56a2a6e9851eeee2f9f34"
last-modified
Thu, 21 Apr 2022 22:53:02 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 4874e0c922f34c928345f4c183ea11b4.cloudfront.net (CloudFront)
x-amz-cf-id
XnM5ONlTKOD7YXPBaTNBXS9vrzRX1M9aWxZSN6SQ26poKjtnrNWJ6Q==
x-amz-cf-pop
FRA56-C1
x-amz-version-id
_mTv.oFG9sClPrAh3Tn_XOme81BPrW4o
x-cache
Hit from cloudfront
cookie
cm.adform.net/ Frame 9D7A 		43 B
106 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://s.console.adtarget.com.tr/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
43
content-type
image/gif
date
Wed, 27 Apr 2022 06:40:57 GMT
server
nginx
csync
sync.console.adtarget.com.tr/ Frame E5C4 		0
397 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=502624&extuid=${USER_ID}
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://s.console.adtarget.com.tr/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Content-Length
0
Date
Wed, 27 Apr 2022 06:40:56 GMT
Etag
812f2c972e2a6dc9
Server
VertaMedia 1.0
csync
sync.console.adtarget.com.tr/ Frame 8369 		0
397 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=544989&extuid=${USER_ID}
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://s.console.adtarget.com.tr/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Content-Length
0
Date
Wed, 27 Apr 2022 06:40:56 GMT
Etag
812f2c972e2a6dc9
Server
VertaMedia 1.0
csync
sync.console.adtarget.com.tr/ Frame 79D3 		0
397 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=550214&extuid=${USER_ID}
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.console.adtarget.com.tr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:40:56 GMT
Server
VertaMedia 1.0
Etag
812f2c972e2a6dc9
Content-Length
0
csync
sync.console.adtarget.com.tr/ Frame 79D3 		0
397 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=306708&extuid=${USER_ID}
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.console.adtarget.com.tr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:40:56 GMT
Server
VertaMedia 1.0
Etag
812f2c972e2a6dc9
Content-Length
0
csync
sync.console.adtarget.com.tr/ Frame 79D3 		43 B
331 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.console.adtarget.com.tr/csync?redir=
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.console.adtarget.com.tr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:40:57 GMT
Server
VertaMedia 1.0
Etag
812f2c972e2a6dc9
Content-Length
43
Content-Type
image/gif
container.html
3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B996 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 06:40:56 GMT
expires
Thu, 27 Apr 2023 06:40:56 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
grumi.js
rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/ Frame 5E46 		396 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:3800:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8516f3bacba504d2453300a736341c9414df397c954ff91af67a5f013d427e01

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:29:52 GMT
content-encoding
br
last-modified
Wed, 27 Apr 2022 04:54:23 GMT
server
AmazonS3
age
666
etag
W/"57938d65da62154855cce311969c8bcb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
cObTKsYjixhVnwv_BH1tmaOp_Df79_eF
via
1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control
public,max-age=1800,stale-while-revalidate=3600,immutable,must-revalidate
x-amz-cf-pop
FRA56-C1
content-type
text/javascript
x-amz-cf-id
GmTj3NUl92xeM_pXpAiLAn0WngnjaqvBhZ3Ng_P6UgttdQm39LiR9A==
container.html
3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D536 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 06:40:56 GMT
expires
Thu, 27 Apr 2023 06:40:56 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
grumi.js
rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/ Frame 389A 		396 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:3800:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8516f3bacba504d2453300a736341c9414df397c954ff91af67a5f013d427e01

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:29:52 GMT
content-encoding
br
last-modified
Wed, 27 Apr 2022 04:54:23 GMT
server
AmazonS3
age
666
etag
W/"57938d65da62154855cce311969c8bcb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
cObTKsYjixhVnwv_BH1tmaOp_Df79_eF
via
1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control
public,max-age=1800,stale-while-revalidate=3600,immutable,must-revalidate
x-amz-cf-pop
FRA56-C1
content-type
text/javascript
x-amz-cf-id
rthff1Klo45HBAoucOYev47cY6elvf2WhVyW0cEdlBNdYJ3HTR3YVw==
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 9001 		376 KB
126 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30342D32375F30397D7B7331363237333138347D7B4335377D7B535A47467062486C3262326C6A5A53356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583730307D7B593437367D7B66317D7B7251554A5549433867596D6C6B6333647064474E6F494338674D53417649486470644768766458513D7D7B4C31303934347DFEFE&userIpAddr=2a02%3A6ea0%3Ac71b%3A0%3A1012%3Aff06%3A2840%3A1dbd&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F100.0.4896.127+Safari%2F537.36&debugInformation=ABT+%2F+bidswitch+%2F+1+%2F+without&isWePassGdpr=0&schain=1.0%2C1%21freestar.com%2C864%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=6268e57844f1e&debugInfo=16273184_ABT+%2F+bidswitch+%2F+1+%2F+without&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=16273184&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed28c9hxvurpzi&secondaryContent=&x=700&y=476&pubUrl=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=left&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=105&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.1188&geoLong=8.6843&vpTemplate=10944&flowMode=both&isRealPreroll=0&playerApiId=freestarPrimisPlayer&isApp=0&ccpa=0&ccpaConsent=&subId=dailyvoice.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61b2100a8748346132ab227b5cbb6710c66aa8ed5c6caf241e1d85e7bcc049bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
128368
x-xss-protection
0
expires
Wed, 27 Apr 2022 06:40:57 GMT
c
c.pub.network/ 		36 B
354 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.pub.network/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.messaging.2.25.0.9843edf0e05467b8fcc058bd038d3ff50171db2479e2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.71.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
192.71.201.35.bc.googleusercontent.com
Software
/
Resource Hash
446043a7ceb4b6eb563bebdd3ed0510fd5280567a053939591c0ca57dc5f7a80

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
via
1.1 google
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/plain;charset=utf-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
36
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=dailyvoice.com
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=dailyvoice.com
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		17 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1067390902724372&correlator=4240631525689235&eid=31060890%2C31062930&output=ldjh&gdfp_req=1&vrg=2022042101&ptt=17&impl=fifs&us_privacy=1---&iu_parts=15184186%3A33043040%2Cdailyvoice_mrec_btf&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C120x600%7C160x600%7C300x600&ifi=7&adks=3195156888&sfv=1-0-38&ecs=20220427&fsapi=false&prev_scp=fsrefresh%3D0%26fsrebid%3D0%26floors_id%3Dtimeout%26floors_hour%3D6%26floors_user%3D1%26fs_placementName%3Ddailyvoice_mrec_btf%26fs_ad_product%3Dbanner%26amznbid%3D2%26amznp%3D2%26fsbid%3Dtimeout%26fspbg%3Dfreestar%26freestar_path%3D%252Fnew-york%252Forangetown%252Fnews%252Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%252F820642%252F%26freestar_domain%3Ddailyvoice.com%26custom_bidder_size%3Dappnexus_300x600%26hb_format%3Dbanner%26hb_size%3D300x600%26hb_pb%3D0.10%26hb_adid%3D252f0dbb96995d07%26hb_bidder%3Dappnexus&eri=5&cust_params=user-agent%3DChrome&sc=1&cookie=ID%3Da29ddb64e29894cf%3AT%3D1651041656%3AS%3DALNI_MbleW5TOmellCfvNHx3KjTcGeBoVg&cdm=dailyvoice.com&abxe=1&dt=1651041657501&dlt=1651041654086&idt=1986&biw=1600&bih=1200&adxs=1196&adys=3064&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fdailyvoice.com%2F&loc=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=349x2981&msz=348x649&fws=4&ohw=348&ga_vid=2030874453.1651041656&ga_sid=1651041657&ga_hid=1903727552&ga_fc=true&btvi=3&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
52a97fe62f9427bf1a41f8837215605126c58f4f144a8c39655c317464c9c29a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9550
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
grumi.js
rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/ Frame B996 		396 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:3800:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8516f3bacba504d2453300a736341c9414df397c954ff91af67a5f013d427e01

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:29:52 GMT
content-encoding
br
last-modified
Wed, 27 Apr 2022 04:54:23 GMT
server
AmazonS3
age
666
etag
W/"57938d65da62154855cce311969c8bcb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
cObTKsYjixhVnwv_BH1tmaOp_Df79_eF
via
1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control
public,max-age=1800,stale-while-revalidate=3600,immutable,must-revalidate
x-amz-cf-pop
FRA56-C1
content-type
text/javascript
x-amz-cf-id
HBfoQ4QMPUbDwpFMKk7cjEe3wYC83zybQUg4tKBW7y6jZb0NjUC9Bw==
init
gw.geoedge.be/api/ Frame 5E46 		0
95 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://gw.geoedge.be/api/init
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.158.72.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-158-72-110.compute-1.amazonaws.com
Software
nginx/1.20.1 / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:40:57 GMT
server
nginx/1.20.1
x-powered-by
Express
content-length
0
view
securepubads.g.doubleclick.net/pcs/ Frame 5E46 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssPrb9hx-jSWRRHtJxDzZThjDlGIO1pkZBX4-TB5UAaW_3I2ZuXqG38owOhCO56xEAs5rs6iTn3ZzNGVw66iawAWh4-woTWiM58RzqVB0sTz9w_8JXcGiP6C6All976PpHI64UIQQ_1AtzQmlDYyRXxU0lMubpBypXnYf03LXZJjtqVooooh0ByrGEWAFxE_LXkFvfgTqjAj0mhQnjEcJ7Kv6epNxvfKsT6j6T3tLE5318ddJ7-5fyjOc9nJeoGWzJ9naO3QWSlhYObs9YyUXkqo7nLvD-HuoXZX-N59QkpV-2Pa28gzW6uNqHakA&sig=Cg0ArKJSzEB6S7LoT6ehEAE&uach_m=[UACH]&adurl=
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 27 Apr 2022 06:40:57 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/ Frame 5E46 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/abg_lite_fy2019.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b83149463619a5f4bbee21909e8a99a085f15713e48d6522d0a3173b94a20e1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:19:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1291
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8007
x-xss-protection
0
server
cafe
etag
8765308293129799388
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:19:26 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/ Frame 5E46 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/window_focus_fy2019.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:32:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
510
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:32:27 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 5E46 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef2e3293c1558e5b49e30e1e094cfc3412ec386a68067aee04a92fc913f2c2ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36950
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1650454428054601"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 27 Apr 2022 06:40:57 GMT
l
www.google.com/ads/measurement/ Frame 5E46 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaSOsVH2dE3-e9vrLMATSS9Ed3uDqiFQS6K8OOWkmpuN5xfjWGtDwcTblkfEcuyYKD7HybtDpAeJonUOQhV00OyRICbP6w
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers
1818305543963151539
tpc.googlesyndication.com/simgad/ Frame 5E46 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/1818305543963151539
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1861be112f102bad82665111ac62b8cf330941573f9005b3d309c9ac4735a63b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Sun, 24 Apr 2022 13:12:23 GMT
x-content-type-options
nosniff
age
235714
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23330
x-xss-protection
0
last-modified
Thu, 01 Oct 2020 12:11:22 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Mon, 24 Apr 2023 13:12:23 GMT
uu
ih.adscale.de/ Frame 1D6F
Redirect Chain
  • https://ih.adscale.de/uu?cbfn=receive&t=1651041657
  • https://ih.adscale.de/uu?cbfn=receive&t=1651041657&nut&uu=63b73b1226f445519ec494ffac245040
44 B
213 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ih.adscale.de/uu?cbfn=receive&t=1651041657&nut&uu=63b73b1226f445519ec494ffac245040
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol
H2
Server
18.158.238.206 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-238-206.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
08a00ccb9b5f769641458349396bbd89d0d0b3248f0e1a2babb47ff0b25a78e5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
content-length
44
content-type
text/javascript;charset=ISO-8859-1

Redirect headers

location
https://ih.adscale.de/uu?cbfn=receive&t=1651041657&nut&uu=63b73b1226f445519ec494ffac245040
date
Wed, 27 Apr 2022 06:40:57 GMT
content-length
0
s
googleads.g.doubleclick.net/pagead/drt/ Frame DF29 		143 B
426 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1900
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
date
Wed, 27 Apr 2022 06:09:17 GMT
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
grumi.js
rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/ Frame D536 		396 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:3800:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8516f3bacba504d2453300a736341c9414df397c954ff91af67a5f013d427e01

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:29:52 GMT
content-encoding
br
last-modified
Wed, 27 Apr 2022 04:54:23 GMT
server
AmazonS3
age
666
etag
W/"57938d65da62154855cce311969c8bcb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
cObTKsYjixhVnwv_BH1tmaOp_Df79_eF
via
1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control
public,max-age=1800,stale-while-revalidate=3600,immutable,must-revalidate
x-amz-cf-pop
FRA56-C1
content-type
text/javascript
x-amz-cf-id
6OPX8b7CY9CN6-tWSV3yuqlrmHpRrRXEjp7RR0pEtpwUedYVDs6v4A==
container.html
3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9F24 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 06:40:56 GMT
expires
Thu, 27 Apr 2023 06:40:56 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
init
gw.geoedge.be/api/ Frame 389A 		0
96 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://gw.geoedge.be/api/init
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.158.72.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-158-72-110.compute-1.amazonaws.com
Software
nginx/1.20.1 / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:40:57 GMT
server
nginx/1.20.1
x-powered-by
Express
content-length
0
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=dailyvoice.com
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=dailyvoice.com
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		20 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1067390902724372&correlator=4240631525689235&eid=31060890%2C31062930&output=ldjh&gdfp_req=1&vrg=2022042101&ptt=17&impl=fifs&us_privacy=1---&iu_parts=15184186%3A33043040%2Cdailyvoice_mrec_btf&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C120x600%7C160x600%7C300x600&ifi=8&adks=3195156889&sfv=1-0-38&ecs=20220427&fsapi=false&prev_scp=fsrefresh%3D0%26fsrebid%3D0%26floors_id%3Dtimeout%26floors_hour%3D6%26floors_user%3D1%26fs_placementName%3Ddailyvoice_mrec_btf%26fs_ad_product%3Dbanner%26amznbid%3D2%26amznp%3D2%26fsbid%3Dtimeout&eri=5&cust_params=user-agent%3DChrome&sc=1&cookie=ID%3Dd1b90674eb6f343d%3AT%3D1651041656%3AS%3DALNI_MasAy7uMikH1nBVuctsoiFP5EglYA&cdm=dailyvoice.com&abxe=1&dt=1651041657660&dlt=1651041654086&idt=1986&biw=1600&bih=1200&adxs=1196&adys=1761&ucis=8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fdailyvoice.com%2F&loc=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=349x2975&msz=348x649&fws=4&ohw=348&ga_vid=2030874453.1651041656&ga_sid=1651041657&ga_hid=1903727552&ga_fc=true&btvi=4&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
67777c185d8f2f8ec9f2e8b400852aea4e7b482d4cea0fa8b0169787144c65e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10648
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame B4A2 		624 B
297 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-p_psDEOa-zKMDGJju28cBMAE&v=APEucNUnsrlQuD0dNflgQnvk78Rd2QqWPiNDXpq6FJRN51C4-e1LtBLiPvr2FIj7_qeyczeZhIGukLEbjSCBf3w3t2G1CQtukJ1xEavGr4nTfka-7p78Xht1pND7F2T5EsvztkDNOIaat6t-PKvvLsqK9AK8En46njZT7AO__WIrZDv_TamFzCo
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
276
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 06:40:57 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 389A 		14 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Afihtjckm4esVwRKL1Dis9JKyIiLfW-AmwTGCRd7a9Swr_-Ce59tYGVMLZbZZrNViLiYVNwPhEgAKEx7h8DSz3s6leMRvvkMFYtH6M-CeuOlA6fwV2XTho6Jcfr0hKmgeh_MUkHqBod0MrqpzdPkpkRXg7TQ&cry=1&dbm_d=AKAmf-BCpEqqC9Zdjon9R7IRUZcnRhBvu4q5h2hyZrdU_Jsn1dd1909GHp2lalvQtKoCbYIWNVcxz849wXTAzbJCJ6p0MuTTeLBPl3metVsiVASjfIOUJHTjyoOJYrNHRHUAQpMLNQN_vx_FTeYWZZmvJ8WVe80kWNwf7pn57hc4IqlxfuK4E_BDHb7JahXqYWDk7KDEy5bd035ud3NZ5qt173gqi0rD1NmzWgDklE2i9MgIHAQRkAlLs7Vm9Ju3ep0adHOMOlNynyAjLJtOrmXBLetHiIw6pNWC72k9UPE3zVD8l0Kby5eENZAaWnG1XtcKWtJnSG03rPo-P-H-ItlKRys07WGTRV_m3JetSM5dEB6q4qfuRXpnyxWmxMmrnMWGVuG1wqMOHUCXc8c28OwUwEmUADlPmLCWfk1PCPhZak8AgqgX6yVz7lhD8S73VDTBqQfLaoY4yyhU46O_JouN6IeBebpjTjuw6_50VSPKafZOyaefOVsxP1Kf-duAffB3f5dor4-TkUInUAgyb_XlZe3MbRmEt1RshhjXWYXEREaK2Q9oEweqVT3RGI4kzbLfnmtL5we-_6tmVrHWyvuVuk1MfLoFc5JELzo0OxU6mOAFZyXRbyEhOezQUugr2c7WR1bIrEGCPQZBBslppE15icGft9witSiWR03QNWSxRPOkEWpKLWhY9EWdL8-qvKCqeHdsLZ5TMNepDihSCHeekcHOzZr-lLmtp1zL6k8-zZ3mGMKGjnfUPCXL5NhkLx5S4ZwvUjn6lyeZs4IQURGXTCoQaM6-pC0BRvaaW-oyioNZp8KZTIyPHH6OCLqDBpjKprArx8JLH4TDhTJCV8nBBP5EFbcf1JVWG3jh93PVujt2FluizbWS_1wQCnmVdij5u0Atu_FTUl7VHh7udRAe48cRqeAyl2Kgq56kdLbddMk1HcmLf90XGYginZEXvgbs6wDP-MNuf0n001Nc1xVGcbuq7Z4vJ2cefO-YXa9VOm0doeAPRbF0bWLHz77CLNTVjR0M1mkYiTo_6VUzVn0g7lhJTxjHGPWTG4ZfyrEKtR9Wv3mz2lY-yI5S2vPakz8svn82VxPy4Ct_eB0CSnQU-ALlVtgAuJaPY_xAsEUhDlYq7Hu8j9zxqCudbEEHMvv-k5DRvPU8faisTfFksfMZMHHQrGsdoJhnVaETY6876Hedg1UMObpyniR1HSBf9VMjM6HuEfkGM3JStyBfTqdbDit5WTADntxkuEFhwY0cozH_V7vJ-_0_qbjQ381GLp1XXAmSKIvqIbmviFpLZihY8XRMvXtsR1QNNwZkIiphtqWKObn7KjRnJp10EL2aa0xo4yutnZOfoPvaAjkZKQJLUIV1xUd5C151wfzeq8iytop_pZqY0hwJG89MF8Pn4TkRba7lSTHMTFdOR6p5Ht5Hg6-RKClX8X9XhTqE7yGzClLSDz2ERqkbYadzPI-hnd6fcXioNHZWRUPNW0Tv29h8onn-NhpD7KJdUoXVWBY48H4wKGL8Weed07gYHMPU42DSQt2lfwal6J5tOCtEBW_P3G2L2bHMP9k-cqvtqQ1m-EGrDnUIqA93LGmxpTRQ4p0STOlEb4LbrIwm35rsGcCzrOdWbSBhF9SZ-NHXq45S2wK-Oe0RUGAHB8UjXivo6j1ssbeoHuudRVPhaxDgyUg_lgI0pW2vb5nTYC2021zC-xa6eDc1aSh_cvefgxdoNFixXWvQ41hCJ1iYKV2iqblHdTNwL_8tls3RC-DmTXB3q_A39dwyc86p4uAWLMDBEeVxkupiunF9pdsMvWABG8FmTMQSL-OPrhflLwiBsHMMLLhdIWGZV6ZSE0zcA08OIr4WS-9SMzHe1VLoljhOYBwxh3SF_3M6MVIgMJKT9niPN8NIEThbj79NvBYdHgnFnSpTX90bW8hCbY21Vk636z8CwAI3xlu4lYHzbA58oxtIvVZkhj-PfrpEbhh7BsSOWw86HLuxeRjd_JxU1gq3haWZIUiMFHsm3mSn8Zx3_sniJ9w2PUa9LdlbP7jdStcaQzwiY5-tUaHjqAYIA3nwkFgRDVQBvlRxqR9hbQ2evR91dynka8iZ7n_LHYpHv4_zKB-29y-BKjumZ4phUWhqyPE6RwbTwWBPeadpAQ0rgYsooylRl_kGzsl-M2FgVSYj0ea3SBzllYJ2ay8BL1gWHEA-gBYfi0UQKiDGNk1FI_v7jL9Hr2xm2xomnbDKiArmgJq3_BHb6cVxGNy2tkrJvaPypwyqA7vOxz67uSTZOcJiTv44jP_VDlclr6nRVZfaVt_cvP6UpuaRx1bz2sqxBuQvL6DVwCziJHLq4zakcBLsYucoIH519PHSxBJUgzokCsiUX1xgP1jPbvE1K_4ISK2_ER6HeLb7qWRvnBblkJSPDmO7Ns-EMYOwqAnut9hCmI4FMk1gLdZRdLEin-l0EtlqIRVwo7MfS3aQ10taJh_PTkX92asWdxeNjdCcr3w_FEKHiHDNeI_3_ng67JkqHR2DZ8uZpGKYB-zL4h0K8Ocz0CdlzqbaIF_wVlE1vcXOtpktwgqhMhYoGbNsNTg8nsu0hSiFRYY2XtBZo6Wa7e2ZfkUEXOD0s51nNrkGpMywtY4pus6ldL0lrfmW6kDgEL3kDjGapZBPuRHUhahbkHzl9vXG8qFhdIFC6J9kszpGxabt5JnqLSt_pD8eB-nvqFVfzBFSBLgz941fXfcpJTDURhtBQaYCjYXP3B1HlLEoVl8cvvWfLqb8DOPX8gLczoCIWWtgD4Tb7Qz-QYOYzjjnXpvNkg1v1kOO7POyLF1d0M_ewLywweeS1-aLyoO02YDKQiE0ybUV0-OamaLAfoHh5OTNFYHHsq921Qaby5alaJcufRQijgmjtCdBT1KR8WwhdKUCbRR4k2USO9aWx0LzQluS4XVTOI2sykrjOHctHT2j4VrZeVqGW0aM3XvCQsEJRGAtrJRBcQoEBHQIAoUatTnBy7LNwmcA99kbnmf-yPBafinW_cvqI6JPB3L2xnUDHiOvkzeXQg_Px51FU94E6N5zVmZgkWc1_AmR-3OhcZ2YBJiH2QChaLFXL31KZWt4MhtECLVCWxLWcnpk3XnQX87D2Okx0iaehOLkGlhh-fkMZvCsxCk1b7c8U2MkBLslfXzsIPcCrE6wE5l_tlzLZFIeNITJYwR1rJgZJrDX7YuOBuNyxcYMI9yDPdMr8G9r44WW1dd3owtfP8r3tNUq2KoGpg9hxF3eRI4HrUCXF4rMVR0F3t3YYlxZHFW6BqtimoBTp4flWQVnHQ6vBU1C_7MqlLo85610NJJccYxG_8t2Alv_gLFEJfSGb-mj3z2yWCbj_9sUOgf2MQkh3lRZPwRnSmj0oBbSyEH9n2S5PXYThaylbzsq7MeNvmR_bkqDu9CCQYWvRsYvBIU5d1KIsjAPBDaO6xsihN-ith_EEapEnmmKDEcS&cid=CAASJ-Roob-_3AXJ0ObXClMJ6w9z1VIrGPS1ZD-jcrWvj-arIKAe5jqhfg&rfl=1%2Chttps%253A%252F%252Fdailyvoice.com%242%2Chttps%253A%252F%252F3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%240
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
78296ffe65e27692e7b1cc854a582f3e96967045c68276297c243acdaa990005
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10651
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
mraid.js
3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 389A 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/mraid.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
x-content-type-options
nosniff
server
sffe
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1591
x-xss-protection
0
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/ Frame 389A 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/window_focus_fy2019.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:32:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
510
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:32:27 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 389A 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef2e3293c1558e5b49e30e1e094cfc3412ec386a68067aee04a92fc913f2c2ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36950
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1650454428054601"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 27 Apr 2022 06:40:57 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/ Frame 389A 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:13:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1677
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6415
x-xss-protection
0
server
cafe
etag
567849196274905959
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:13:00 GMT
l
www.google.com/ads/measurement/ Frame 389A 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaT6RRl33QTcuKna605WkdDY9h8I7LNjmTDVNWgwmWqthnhzUMk31MOURXxz0zjH5_V8TLxKf2xchWTxZZ0daUIaDTWFvQ
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers
gen_204
pagead2.googlesyndication.com/pagead/ Frame 389A 		42 B
269 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D6TjBK5iHB-C_O7IvpMbPlsbieO_Wr7rBrxr41Od0bo5M6adEzZGLrgg8pMyNpxmd1-clMk2cX4KiRQ8VUo1_k3QkSnloawmDn9nHy_Y9y9OYPryw
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
init
gw.geoedge.be/api/ Frame B996 		0
95 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://gw.geoedge.be/api/init
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.158.72.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-158-72-110.compute-1.amazonaws.com
Software
nginx/1.20.1 / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:40:57 GMT
server
nginx/1.20.1
x-powered-by
Express
content-length
0
bridge3.512.0_en.html
imasdk.googleapis.com/js/core/ Frame C44B 		630 KB
205 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.512.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
19ede6d9e804c8651d1a03850401c29716427827ad0aa2308ce140c076d2c566
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
417994
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
209474
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Fri, 22 Apr 2022 10:34:23 GMT
expires
Sat, 22 Apr 2023 10:34:23 GMT
last-modified
Thu, 21 Apr 2022 16:19:01 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
client.js
s0.2mdn.net/instream/video/ Frame 9001 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 27 Apr 2022 06:40:57 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 5E46 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssdHa-PchZ8UpOzR7ow6CmLDWWnYydvl-61pPxTuhcA1LfUxTdJPhbLNzU2UW0a5jM0nrnp6ref0xF9S5ypFgUTDiyjpv3vOUhlml70qTsb2TvsDWOtLn1iEAfMAV9EpLtKKimb0U8Np9se7-Mhk1KvMk86MN7GDSyVGoOUl-DbpapLXUfa4I_fJhltKeNVfPoPep03QKRJ8JL4-EocNDVoN5WpCU2TMmehmVQ2b8vPwuFjj6P0Q5RXG8U2YEmr-H5r9-xVpLCCfTyOSjI6G85l5HiVTzjPdjpIxLxbnMWypcnHchxNh5oTi5-0cH-I&sig=Cg0ArKJSzIMx4-ow_26CEAE&uach_m=[UACH]&adurl=
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 27 Apr 2022 06:40:57 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Wed, 27 Apr 2022 06:40:57 GMT
truncated
/ Frame 5E46 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0a1bc6b6090092688fb1c545eb68496d8b4831b03185b348c05143a69d22557a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type
image/png
pixel
googleads.g.doubleclick.net/xbbe/ Frame 0557 		640 B
316 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CNu5KRCFnZQBGJLKmMgBMAE&v=APEucNU5fJYZ_9adui4Mtdk8ey25FOSxX8DSc83g7c3UX2IZV7xCB28prJK5dsBuyN1nMOUk2xQU-Zx_LzHM9fxEe_yuzggoFneW_z3XnIdo4q6KnN0PHZV9HuT7q0bQIznvp57mYHEnbR5gjbFaVql4w3tbumFT7JRdkN9-BsXP0KpVONy7BDo
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
295
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 06:40:57 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame B996 		27 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bnwfsh-_fmM2XjN-meJq_Sd3RHgOrwdhembFbgPK9-_06ZLmeu2Zxg4aJpFBSz_JeBDoFHdKFAWsveYwxz2cgCDhqwn4K7zkP4k7TE6EHximoU454dTbS_jnIGbrbbUAajthQ_3PShy1T9DjsFskEDL-YtlQ&cry=1&dbm_d=AKAmf-BVm_pev5mXNC5k5ylPB6X4gMY1QCODXlpAO_RlOprZJZmx0kuXGDWl8a1u8_wXw5ioeOQK4xM-AdrjN_5x2z0A7ADowSZ4FyN5Dz_2LC0kwQfHAzXXGl5EXd8bd4TAOJ4tZXY7CjxmjZdUJCOCHZfpcVkKH9XZ-70ukToLEIOG5l3JhL0YwmHIT-5FzNXzV2FZK_sRupCpEh3UDocrPzUY1op_vWPVbl3iLvmPPjHBTkFOS1LfoM4iIh7p9L9MxcTohaF2B9vENiq5p3R-IGgw13TvUsHx4l_UncAuh_-1Da_Rnq7-6IC9tzZJLE6QfDGMWH7eghanM8EY0Vp1e_aX1sDdAix06bpZAKCpuPo5Jzrd-l4FLZSS3CBtoC5XRZtPm4FAZjiiaE1FYB2ox2bFDsshsYHmZ8DR6INWyf9_7379FekaWCShglU9WDPK3XZ4OHU2V9SCx4HJaS4TqStyUt_P03ogQkUuH03WeEr6nQxbhR53mZeqY2P2c4y9JcPF5aR5lPVvDG697Orhfm_Pm-l39jbmMArNMz8gH_IedOA-Oy5ebqKa8VHn65K7lsWMGhPHxh6sc4ltqaayJ8_YG8qmk9VGb6WpwvOmNMjWpM89Gohvediwu3bE6qgl68JRKtmEYnTa2WmY1uH859L0kOMvbiSSIy8xBBtNaySdbdgSsPVntigwPrpaCR7ZVg1TW7ybwReGGBC5DjPLnn6IF8KZ5FXfNEvAtdnH1I5tTGLnbELz0UM0I7azPkBFaTJXqPyeqi1d5AIuURfKVIDlXFgJ2BZomEX9685tbFiutdxzZfHCLrJNV-pGOkik_a1w9umFfF7weLmiIvZWVZa7wYZypAO8OR1ntKmTKyRebYj8tYq9EZrqFEZsMydo5fdFxS5Kej69Dip6eAxUVeqOyz9fU11OnZKZQF4hEbYlOR0p_I1EY7zEi_1sHyujsjZ2hkRbd_GI4YPszQpzeY8_E9J7ZQByTyju_rClp526OisEpWGZtnoYZjOkdXT87bGvkaJNDrQw7437A0n6TTe968u8SgUaz9rVHY0qW1iA5HlZkjfTLPNDHnffRdLCp6z7Tzv8sEHHHpfhz7WXjDG7EitEeX2OKB62SdONLNFSkaE7os9EHRzWJg4SUxs3_Qqxqv1bjVpnciOhHqiIiAqpWHK2Zm10z18XBbX3cxtRWIgGMyi8N3rk5_rRne_2R1bGXLRwkxefzeMwhcn9PpFVbfMXSXsvCqvhJtuJf9oU1YhRP0DDDLPk5xu3PAJUQLIfXtJk0ZqwAV6Aef74eYrJyqLwN5BXT4RR8VE2I0dOe-NtGh0TDFgZlf5wXqy4kjUrx50a-BqLSpth7If6iyjI4NlsZi6PUyVHoPatNkN5GIOVaXSNsoSFZ54huGo3iGvIo1TpRvYV84YSq7zghe6FxP6xHkujS5xauGkcKhcUOHQ8Fda4Y6VUTHeptuP7wgcImZYyff9EKwZuVNNawJ3d2-yWxQ41g0r6J2RfauhkyhcGPpTQzBTsp3Cb361-Sz5GyMmsFXMbuAXkkiFO_2-5Xy498ji21jLR-IqItnjGRHw52taAV4rnktVKwkQhJEFiBOtqmqMgD4FDWg7_G5UF5QIeSVXHPt_mvOpPeNRjz7f5qyxcehEri3aQtUTVq0wTMVuFmy4LGNHgQfaKWEp6Cc4p39A8bMX8--CZLVmBbeYx5-fvYcMbKiD2a32y2M0V_bMeTUk6DbRUeZR8cdUObyGQyEKuLh6KV5-FjbstA1dJ1gki0AlCVRITxjXtyqqyFxPf47sJkQqlXlg0ZlvH60RrQQuk3tvBjCIfDHhS1mf1gCJe4iZLHYWylktR72UIPOIDIrPzjSHjjFQIjQY2OLrDN7DmwH8VliKlRdQzZJqdAB6UBtnJHb_mKMzy0xXmtiZjG52oUqHCTcutDxSmN6vj1hsDEH3TlNfxn2IaGGR3zxVcDL88UgFHhZZtUTOFOvBywwg9NNEILMOXW85_cuEGxBS9EqPtQ3KPe3FBUI5ojHXS4m4UQp4MfR2JcC6Py_uLBRP59Qd97cvNYxyeyVZlOc9L9wkuMFS4u_mhgIivnUVw4QFMOBf77suQ0Y6U_4GyW7hx7peaky4nJybPYYKfT_x4DnfoOwHUnVcW1P7Pq57_Ti_yTV15g6n6hJ04q7pFncy9XrrsXPK83psSwOWewcaVgv_lsd17qnPBn7d6TkyhtcIq1Ctk1qI1qDrpKkM4VnTusyaThESzAGVwxm9vrrpOehE7mJrmwHwwAj4EKrVi_tlZcgFO4WZcihebl4nRtNeE3A79JCBOiCoZ2aLOcUl9ipNj3sBcm4_FGHWVEPS1iMDMPUMO5fFfbocF3rIvuKHaWkWxwpG8OIzaCmXq8K0_NmX-dNTAGPx_VYW-zCZ8kzwe1HZ5L-PeyAAyY2OlRz8Mcm613thnwviNCWM8P1vuIGncmcU2ZnY_M2T5UcQ-2ZO468Znn3OKZd8mhQ3YSNMBsJvS9eYwuxdV-o0pYNW17p8-kfW0fnHAqKgeWlPkrLdg45aPCPhfFEEcO2xkWr2K8n3ah21akGu3oiTPCBBuYs-KjYTjjjcS2SW9ySs-dIQJC0eyETUprhAB8FQzuSQppEbe-uzTaUpM58xLP8p0YK1ubHJhVEyLxwZjudD9aNacgo1CbcOBBvmHuc6aBsOWHmUbxWqyPI0Xo--tTbxlQ7TWzf_hS2-b6-TyNRlk50L2enhyEla6Nq0pI2TwFAXSDT2JGRZh1v-txkF3W26fKajsdJNRZ-ld6j_0_QGRYMpFt1lUVI8h1RTiUMWNavdQXASe5pGw-kNqOhmDYKnDoiMqTKuJjyT6BvvtXqdGmazqwF2WRnpmieZOSpMR95Lm9kOmzxlF61-EfCBGt6jH2Mwd09JQKa7eglpeby12K2vH9keclz-B2XCibis01oe3nu0TkP83c-5puwpZpwY905ovhoEXHw-Zq_jasXj4Japdyb4c3iF7j5sgKOipHno2c5WR3aZpeh3xK6Ny2c5d2a1ulEAQddFos6bPkxb7WeKEoDAtBpPYTeOMOcCzoXjky03lQPwn17sBHFLh6mlkzjuZmKj9U2E7nMC1xj_WuvfBb5CucuGbW02Ok1PgbqqKM5RLURpbeS0a_BQljrUjw8kVWHKElcywVBwXX20x0IrnyYlBD2BBsQckhAyjfDs_B5AInKrY9elJAVPBuIxP0Gj4xTP359IrEKOCz1HotETR43e5N2bERntc6h3z0FSquQBVWeALGgpW6z7LtrQgOfnJE7ahqutwfu4xA8GUI6j1hwZ6P5Xkl6YwK3DwePYoxNhszGwwvC41ShdUFmsIrraxJKmFqqZxrYoedpwwd0mnsxGB5Kyehc1bUt6q3UmMuJeqOKLZgjHbekzFC0vuDeGQbFOhkTVaXe1akd5hHpVw55A_LNSOv_VKkW_HXcuf5S05SPeoSUUSBvF-nw&cid=CAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA&rfl=1%2Chttps%253A%252F%252Fdailyvoice.com%242%2Chttps%253A%252F%252F3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%240
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
92252f56b2f1ed83e4e4ada222d0074846d5efc9ae54d93a0de1100329e528a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16154
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/ Frame B996 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/window_focus_fy2019.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:32:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
510
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:32:27 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame B996 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef2e3293c1558e5b49e30e1e094cfc3412ec386a68067aee04a92fc913f2c2ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36950
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1650454428054601"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 27 Apr 2022 06:40:57 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/ Frame B996 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:13:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1677
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6415
x-xss-protection
0
server
cafe
etag
567849196274905959
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:13:00 GMT
l
www.google.com/ads/measurement/ Frame B996 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQtrBxAD18QRdpq7b_60BvpbBP9whCoaIKIq7aRJbsGhIpqt1RnkvW0djtRazyL4MZMrXo1jRVfLCywQlzCz8Vl6-_Tig
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers
gen_204
pagead2.googlesyndication.com/pagead/ Frame B996 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Ai6mUE-4bAa4ayat53rMH2op6UGO243Q8kgmWaCNzYVLoPZSq772EdzgUav1ihUiS-fHqHqCJFPh0-dg2S6oir45CI1Fq9GcjI7goenEP3dI9NtYE
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame BE3F 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:36:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
287
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Wed, 27 Apr 2022 07:36:10 GMT
init
gw.geoedge.be/api/ Frame D536 		0
95 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://gw.geoedge.be/api/init
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.158.72.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-158-72-110.compute-1.amazonaws.com
Software
nginx/1.20.1 / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:40:57 GMT
server
nginx/1.20.1
x-powered-by
Express
content-length
0
grumi.js
rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/ Frame 9F24 		396 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:3800:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8516f3bacba504d2453300a736341c9414df397c954ff91af67a5f013d427e01

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:29:52 GMT
content-encoding
br
last-modified
Wed, 27 Apr 2022 04:54:23 GMT
server
AmazonS3
age
666
etag
W/"57938d65da62154855cce311969c8bcb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
cObTKsYjixhVnwv_BH1tmaOp_Df79_eF
via
1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control
public,max-age=1800,stale-while-revalidate=3600,immutable,must-revalidate
x-amz-cf-pop
FRA56-C1
content-type
text/javascript
x-amz-cf-id
GweSuvj-CEd8cJZez9dQ_vHWE5JN4hNJ3VhjMJKJlb4uARlF2Z_fAA==
userconnect.js
js.adscale.de/ Frame 1D6F 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.adscale.de/userconnect.js
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:c200:f:4f64:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ca38ab561201a1a68867f61d4fb3df9682756c8927fe80f047624e7ef662f0f3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-amz-version-id
3fDjM9RDZQajL5QPk.sqArdzSdBmEet.
content-encoding
br
last-modified
Thu, 21 Apr 2022 22:53:02 GMT
server
AmazonS3
age
5438
etag
W/"988fbfb6c270a6080f89deb043243858"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 4874e0c922f34c928345f4c183ea11b4.cloudfront.net (CloudFront)
cache-control
max-age=7200
date
Wed, 27 Apr 2022 05:10:21 GMT
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
wyw5EoUBzMNOqFp-JEU44uJL7D2Fq-Vqdv-RLHK1ru9ROWNy_aNMQg==
csync
sync.console.adtarget.com.tr/ Frame 1D6F 		0
419 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=307565&extuid=63b73b1226f445519ec494ffac245040
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:40:57 GMT
Server
VertaMedia 1.0
Etag
812f2c972e2a6dc9
Content-Length
0
rum
dsum-sec.casalemedia.com/ Frame B4A2
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIKti-wuA3zjx961IRuf9kE&google_cver=1
43 B
894 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIKti-wuA3zjx961IRuf9kE&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-p_psDEOa-zKMDGJju28cBMAE&v=APEucNUnsrlQuD0dNflgQnvk78Rd2QqWPiNDXpq6FJRN51C4-e1LtBLiPvr2FIj7_qeyczeZhIGukLEbjSCBf3w3t2G1CQtukJ1xEavGr4nTfka-7p78Xht1pND7F2T5EsvztkDNOIaat6t-PKvvLsqK9AK8En46njZT7AO__WIrZDv_TamFzCo
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:57 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:40:57 GMT

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIKti-wuA3zjx961IRuf9kE&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame B4A2
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YmjleKUCRbN6zLlXA4o4fwAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIKti-wuA3zjx961IRuf9kE&google_cver=1
43 B
1014 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIKti-wuA3zjx961IRuf9kE&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-p_psDEOa-zKMDGJju28cBMAE&v=APEucNUnsrlQuD0dNflgQnvk78Rd2QqWPiNDXpq6FJRN51C4-e1LtBLiPvr2FIj7_qeyczeZhIGukLEbjSCBf3w3t2G1CQtukJ1xEavGr4nTfka-7p78Xht1pND7F2T5EsvztkDNOIaat6t-PKvvLsqK9AK8En46njZT7AO__WIrZDv_TamFzCo
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:58 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:40:58 GMT

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIKti-wuA3zjx961IRuf9kE&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame B4A2
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESECmxUzNxgbJfXIa8kKxEeZc&google_cver=1
43 B
1018 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESECmxUzNxgbJfXIa8kKxEeZc&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-p_psDEOa-zKMDGJju28cBMAE&v=APEucNUnsrlQuD0dNflgQnvk78Rd2QqWPiNDXpq6FJRN51C4-e1LtBLiPvr2FIj7_qeyczeZhIGukLEbjSCBf3w3t2G1CQtukJ1xEavGr4nTfka-7p78Xht1pND7F2T5EsvztkDNOIaat6t-PKvvLsqK9AK8En46njZT7AO__WIrZDv_TamFzCo
Protocol
HTTP/1.1
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:58 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
6f6e2600-cbb2-4faf-b984-bd054f0e30d8
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESECmxUzNxgbJfXIa8kKxEeZc&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame B4A2
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDM4MjExMTY1NzQxOTI3NzYyOA%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDM4MjExMTY1NzQxOTI3NzYyOA%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-p_psDEOa-zKMDGJju28cBMAE&v=APEucNUnsrlQuD0dNflgQnvk78Rd2QqWPiNDXpq6FJRN51C4-e1LtBLiPvr2FIj7_qeyczeZhIGukLEbjSCBf3w3t2G1CQtukJ1xEavGr4nTfka-7p78Xht1pND7F2T5EsvztkDNOIaat6t-PKvvLsqK9AK8En46njZT7AO__WIrZDv_TamFzCo
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:57 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
b7c6e910-f144-4efd-b2f0-3e72941d44ba
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDM4MjExMTY1NzQxOTI3NzYyOA%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
integrator.js
adservice.google.com/adsid/ Frame 9001 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=dailyvoice.com
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/ Frame D536 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/abg_lite_fy2019.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b83149463619a5f4bbee21909e8a99a085f15713e48d6522d0a3173b94a20e1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:19:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1291
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8007
x-xss-protection
0
server
cafe
etag
8765308293129799388
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:19:26 GMT
css
fonts.googleapis.com/ Frame D536 		8 KB
714 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:700,500,400,300
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 05:44:40 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 27 Apr 2022 06:40:57 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 27 Apr 2022 06:40:57 GMT
outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220418_RC00/ Frame D536 		14 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220418_RC00/outstream.min.css
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Fri, 22 Apr 2022 07:48:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
427932
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2798
x-xss-protection
0
last-modified
Mon, 18 Apr 2022 10:38:44 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 22 Apr 2023 07:48:45 GMT
outstream.min.js
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220418_RC00/ Frame D536 		347 KB
119 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220418_RC00/outstream.min.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6ee816398ac59bd1a1fddcb80037e7fd618f481fe467ad65e73afb4daff29095
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Fri, 22 Apr 2022 07:48:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
427932
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122225
x-xss-protection
0
last-modified
Mon, 18 Apr 2022 10:38:44 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 22 Apr 2023 07:48:45 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/ Frame D536 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:13:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1677
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6415
x-xss-protection
0
server
cafe
etag
567849196274905959
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:13:00 GMT
l
www.google.com/ads/measurement/ Frame D536 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRhyCrbGQOijo1CvbeylUME4AjTOQITiMdv22KchIWirf2vPGnEHagtNzq71lHR5cl5VzHkyCLVG7KHIYpZpkuwqiSQ0g
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 389A 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 16:41:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
50391
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 26 Apr 2023 16:41:06 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame DF29
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 27 Apr 2022 06:40:58 GMT
expires
Wed, 27 Apr 2022 06:40:58 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 27 Apr 2022 06:40:57 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
adperf_launch_1.0.0_scrambled.js
cstatic.weborama.fr/js/advertiserv2/ Frame 389A 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cstatic.weborama.fr/js/advertiserv2/adperf_launch_1.0.0_scrambled.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8E93) /
Resource Hash
ca45cdd891a26581651763d6204ba40be430bd94abe31e9e832822674bb3c4b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
gzip
last-modified
Mon, 07 Jun 2021 11:12:10 GMT
server
ECAcc (frc/8E93)
age
494670
etag
"3541355641"
vary
Accept-Encoding
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-type
text/javascript
content-length
7530
expires
Wed, 04 May 2022 06:40:57 GMT
publishertag.prebid.113.js
static.criteo.net/js/ld/ 		85 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.113.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
e6969b69570c743952ab51b9fba22410be503db91b0566753d6da10894e76dad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
gzip
last-modified
Wed, 08 Sep 2021 12:50:31 GMT
server
nginx
etag
W/"6138b197-1532d"
strict-transport-security
max-age=31536000; preload;
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Thu, 28 Apr 2022 06:40:57 GMT
sd
us-u.openx.net/w/1.0/ Frame 0557
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKmsuNmVX5IfUNUxLAdBx7M&google_cver=1
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKmsuNmVX5IfUNUxLAdBx7M&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNu5KRCFnZQBGJLKmMgBMAE&v=APEucNU5fJYZ_9adui4Mtdk8ey25FOSxX8DSc83g7c3UX2IZV7xCB28prJK5dsBuyN1nMOUk2xQU-Zx_LzHM9fxEe_yuzggoFneW_z3XnIdo4q6KnN0PHZV9HuT7q0bQIznvp57mYHEnbR5gjbFaVql4w3tbumFT7JRdkN9-BsXP0KpVONy7BDo
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
via
1.1 google
server
OXGW/18.1.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKmsuNmVX5IfUNUxLAdBx7M&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cm
us-u.openx.net/w/1.0/ Frame 0557 		43 B
128 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNu5KRCFnZQBGJLKmMgBMAE&v=APEucNU5fJYZ_9adui4Mtdk8ey25FOSxX8DSc83g7c3UX2IZV7xCB28prJK5dsBuyN1nMOUk2xQU-Zx_LzHM9fxEe_yuzggoFneW_z3XnIdo4q6KnN0PHZV9HuT7q0bQIznvp57mYHEnbR5gjbFaVql4w3tbumFT7JRdkN9-BsXP0KpVONy7BDo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
content-encoding
gzip
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
via
1.1 google
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT
um
sync.teads.tv/ Frame 0557
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
  • https://sync.teads.tv/um?eid=3&uid=CAESEKSYo-RxU6v5O-ksaazQ3Bo&google_cver=1
23 B
172 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/um?eid=3&uid=CAESEKSYo-RxU6v5O-ksaazQ3Bo&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNu5KRCFnZQBGJLKmMgBMAE&v=APEucNU5fJYZ_9adui4Mtdk8ey25FOSxX8DSc83g7c3UX2IZV7xCB28prJK5dsBuyN1nMOUk2xQU-Zx_LzHM9fxEe_yuzggoFneW_z3XnIdo4q6KnN0PHZV9HuT7q0bQIznvp57mYHEnbR5gjbFaVql4w3tbumFT7JRdkN9-BsXP0KpVONy7BDo
Protocol
H2
Server
104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-242-245.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.7 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
cache-control
max-age=0, no-cache, no-store
expires
Wed, 27 Apr 2022 06:40:58 GMT
server
akka-http/10.2.7
content-length
23
content-type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:57 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://sync.teads.tv/um?eid=3&uid=CAESEKSYo-RxU6v5O-ksaazQ3Bo&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
281
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
um
sync.teads.tv/ Frame 0557 		23 B
172 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNu5KRCFnZQBGJLKmMgBMAE&v=APEucNU5fJYZ_9adui4Mtdk8ey25FOSxX8DSc83g7c3UX2IZV7xCB28prJK5dsBuyN1nMOUk2xQU-Zx_LzHM9fxEe_yuzggoFneW_z3XnIdo4q6KnN0PHZV9HuT7q0bQIznvp57mYHEnbR5gjbFaVql4w3tbumFT7JRdkN9-BsXP0KpVONy7BDo
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-242-245.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.7 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
cache-control
max-age=0, no-cache, no-store
expires
Wed, 27 Apr 2022 06:40:58 GMT
server
akka-http/10.2.7
content-length
23
content-type
image/gif
prebid
ib.adnxs.com/ut/v3/ Frame D749 		137 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: prebid.s-onetag.com
URL: https://prebid.s-onetag.com/21151f2e-6fc8-4e5d-881a-18a0f86778a8/prebid.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
f29f2c00439d44a6c50b87d60997fcbd9f6357eee149698f47f9d8c7671ccf8b
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:57 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
fb44206d-c6ea-45c9-a4ee-d5e5efac5840
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://dailyvoice.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
137
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220425/r20110914/ Frame B996 		25 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220425/r20110914/abg_lite.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36998456859e35cf76812894575b0203d48ad8ac11d3165c5449d1fa73f19800
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:37:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
216
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9783
x-xss-protection
0
server
cafe
etag
9821519945299111448
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:37:21 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame B996 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 16:41:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
50391
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 26 Apr 2023 16:41:06 GMT
container.html
3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2DCF 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 06:40:56 GMT
expires
Thu, 27 Apr 2023 06:40:56 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
userconnect
ih.adscale.de/ Frame 1D6F 		149 B
224 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ih.adscale.de/userconnect?ssl=1&sid=0&cbfn=stroeerCoreConnect&ts=1651041657990&umd=false&gdpr=0&gdpr_version=2&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.238.206 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-238-206.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
3516496d97f72bf509cf5d6902b5deebf53355ccb21127dc777d265cd96ca2d8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:57 GMT
content-length
149
content-type
application/javascript
init
gw.geoedge.be/api/ Frame 9F24 		0
95 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://gw.geoedge.be/api/init
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.158.72.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-158-72-110.compute-1.amazonaws.com
Software
nginx/1.20.1 / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:40:58 GMT
server
nginx/1.20.1
x-powered-by
Express
content-length
0
c
c.pub.network/ 		36 B
53 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.pub.network/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.messaging.2.25.0.9843edf0e05467b8fcc058bd038d3ff50171db2479e2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.71.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
192.71.201.35.bc.googleusercontent.com
Software
/
Resource Hash
446043a7ceb4b6eb563bebdd3ed0510fd5280567a053939591c0ca57dc5f7a80

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
via
1.1 google
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/plain;charset=utf-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
36
analytics
pba.aws.lijit.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pba.aws.lijit.com/analytics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.224.78.125 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-224-78-125.us-east-2.compute.amazonaws.com
Software
nginx/1.14.1 / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://dailyvoice.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:40:58 GMT
server
nginx/1.14.1
vary
Access-Control-Request-Headers
x-powered-by
Express
analytics
pba.aws.lijit.com/ Frame D749 		0
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pba.aws.lijit.com/analytics
Requested by
Host: prebid.s-onetag.com
URL: https://prebid.s-onetag.com/21151f2e-6fc8-4e5d-881a-18a0f86778a8/prebid.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.224.78.125 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-224-78-125.us-east-2.compute.amazonaws.com
Software
nginx/1.14.1 / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:40:58 GMT
server
nginx/1.14.1
x-powered-by
Express
pixel
googleads.g.doubleclick.net/xbbe/ Frame 3A8E 		586 B
315 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CNupDBD70OkBGJn9wLkBMAE&v=APEucNUtvBA_5fGKrkK8ZMitxPPGbIsN0yFxHI27VY9f4SMDxwFrBypCMvdLwsCPcDHdXL48W72i1gFK2vCkgIeuGp3a7aKUR3OEnXKi3P1wod0sVh7B1tXw62NvQjwNhuOBdP4EsV2f31tErdPQWWuIkC1OKilulWyfmfXi7Mt37rj9hSMARxA
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f12c6133a12eead81c368fe146cb489bdb7331b5e3b5ceb9ea52eac1e3feb815
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
294
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 06:40:58 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 9F24 		76 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dg7sAiWpTyF2r3b7Uaywadfyebh3VU8BlMosoGO_NT4vO-nD-JGf3cH91gnBC5HshI-qeVl7RaBjsLAt232YifxlINBFiMcxvCeIwi3iYF7lhLqxtcOoaG_y102oahCQTobwZ60mUzXIytnIdzXdALbMx3XA&dbm_d=AKAmf-DhSvxUD-ENgMRCleCsvDBAQ7ncFY3Qx1fpB0fZdle82vFli3iSL82siTiPbv-e7p9lM0BI7RGA8w65M4_Gnta5gBKXlHuOSDQLeCMzescveI6piU0VHildgRWbevLokxNrsCaurSMhmTyRs3RrJ0OF0jZNAXc3cgNGaJKtT_nHQ6NEd0H1c--BZqHY9YQH_A5ZrSR69HXMKh1fMHkRaHppye7l5-a_g0TVj-9nCLmKXpYlKFAK-h-C7kzbBPp6vbtgg0BmHBlqckFCNrSOfcF7z-wEkENaUGu9JQhslN9uBeL0Ir__KnGDrtuOrj2cvNZJ0WBzk4WUH0YrJYU9WYEa8nZ8OhTqN9zaBH4i1OhEXvJ7LO1KqTKzMF3riMnZFVZpq2rVv2FbhR9zctqjRKRePF5Ef8sawN5vRL-4XXPuPpvr78bmcHezZDiQm1AjcoFrqjZksM5QsI3QHwVEIJfb41juOuGlNCCa0DNep-o7xK47igxPoU5Q9AxY3Fx3M6dHNM1_hortHC6RIi6XDxdADJ_glbw1y9RN90pMRs2GUA6r1xfJslrqwTDkfoy7Q81Pp-krpJLZm6tGIKpuwZnP4g_uhbleaZObjUDKN9o4Rz25tzyi4Rh6cfdHSuZvht0Fi5EUkZ8EyKKc2-HnGcYrL-XPXKKHivO_qRRLDwdoYjfnOKkOwQ-fX5OGzzxrL8rJssIXQDwU6tBJYEIWxwlS730lOKT2c7cRmAKkzEYb2D5qcbhWOXAdMW0Tf6AzsIRMzcnWLcgtHqgQwx55nFwdQs05vsEJPAilSV7q9pgasOp6JW0xO3B9Q1oQhHL4mx5hs1wTB-LPiGI6lRAD2Z2aiOtywZhOmuElNfQdv1ciEo7AKXmFaaXjM3SGmXyQTXJbdf3yhEsc2FV2pbYuJ7thyu22QZcpZxw5hXNfGjPirBNMgVarjMI0QcARiCYWUD6jp_-ytiPKqUyDe-_hX4EfGmCLW7BrFT0Hcf-DPQDsYCuhmFCJ--a0YeRy1ufCM3B8p7JjDQjB6uy2IYJ1dLz4X7ms8ipC4G1AwO0U2NDH7l6X4vURk7GsdNebDZgKh4tJjLYn0wcmX65z8tdN4Tc0-YLL1RLjeuzW9VwMAa1g-iifZ9yf1soI40RO2eVsDPhtQKzIS_aerDLhD2irwmn0LKFukNoj0snIYoWW292ouGNhROrvnWt0o-hj7x5Wt9QvqthTLaUYBydav-tLMa5MrQqn8Kz0R_wTk5uWfeY6_edIw8LjokP0q1VGCluSOP_0ZrOVFSAapx_poab8NqszB2upuAGC-ZIBtdokYC8paMVZh2-6uqKgi24Pnr0hvN6FC_NY_WkFJDTLooElYe8vCyEVbx7EQ68F-w2amOIVu0XtXXUUunJ9KbbMgyKQDTS9D2oLi21EV6Xnf_9X1oj0GksBDg4B2shMkg9pLakMVAoK456aOS5yOxG7Lg_MWFnmqWIQfBNvL_m-e8qnhIONlKBWdOU4hmaaHDm7B-q577IjjffI-WV4oqeUAl_1sKXirbAZKkkbFjyaP4-HvSqgXqOV4wCSSzhCgrSeJuSrNALj4RJ36hoNZ_NFfEP-WJ4Hyy-LxCsW_lnDyw5x-hpilUkcKriDpo5zEXBP8TGD9Ktqq0DSnla3xv4BiOoOOznMH71YsCSRW49WoprlsCvfzJ6UjdRcJSToUOhMOuPFSwRXJatji1STr9Fef2vE3VoZfqlw6ouD8cnM8oWjJPPjZy9oTigz4Bkua3B-SE6GaaMdxB2Vp-uqHCRcpZEir_6FpnptiJ6PJbUgFTavs8zLESWUc1uTfsG2hT44izpGO_C8uuoUu8t_qNeUOAfg5YPxPl1eN1wO1UEyP6p1aZEXFmp7Xnx_7S50q3vPPYHbbCNKNT65GZOd5fxQias6O6iIwhiMGqvktwxc_kT-Q5hjdrT32IDXL4Bj4hfo7Gr67XzGpNNDZLoyUnXJqvXHWal7-HkYGtsN2OvcYBOrXJ-aXygPrlKe7jtiSwwM94s3a8vm81LfEIcLszGFor6DIgZpJjWrQGJuOft-47xEGzMWSsoNzejTWYhIGhFAo--7xe6vwJC6rtnNj1mu3XeL8GAiCd-IYg2XLCTLT72lFvvTSLYBS0B-bFC-BJp4ioc-LCSQ3aOMF3Xnmm19I7s1V9AlVVBsFelIYY0mxyki_CLV1HJOtqb6YUTYkLGoMTNfT7ZQWmIG6la1PwG9H5WpKa_GcGohLHcm-3MLviMgrkUXznQJgWars2uU7uTiHXBhy4Wac0ZwWJTNCLpaxHhI66InPEUqjy-EcZWdJ8L3mwBw0D7EXI8g-yjV90aEMCD3GnW8TFOJmP68zXfDxI8qXXKETFX4LVtxxIN1PTW3h8spjtOArREiVqxhQLDxdPy0CgPf2zuHCFCQwP_t7B1mIDEQc39dTLCmA5FXZ0sP9LyY6nDAT9ri4fZYg3O-0MggmPNCwFuWos2wSh10-4ZnGHeUB0X2MWlXHeJw1e6hycrjqFIJYCbUboo52kdK8v8cjf9blNMqm5C9gpV9g7aT8xxYL9nEGi_LeWm593o_PHqmPV739stM-B24cuCQBvF6ThQlKtNzg37Rv-rocCnND1omnD1JVfFZl6h6-q2vEbScyCJ4pATLXJXtirxpbKc7LZ1NyNz_1UY6Y0lobyUhVJ6TKPbZXjx_JpdSI2kFT_TZIb2odnjh59dkYlFD-hnIoSam-7rGJEVmmadvTUgTUcrqag5AVYVoFWbSzMhW0ArnsnTW5YROFHK00Ecb46qD7cwInjGX11h0qz_MpCODLcLIQD-3WYfRnZ6RD7fhuS0lX9xgx1uXKjF4VaYs4HOJGJ0_YUjJ0Zs4KvsW44IVLkryoy9wkWWjEHcYjrFVhMcX1Oy51NMRMLI5AtkwP61xOmjRGdtCgHmXLxDPzH3IfkQc6thRLTTSHIPpUTa9vfowq8z2QHl_me5aMv1hYiRFFYD1bb19Ejm4WxaibNcMGSS_77W7-N87rlqo_JvgcnTnE39CeSh66s6igKAL7oJVfT-i-VqpbvKNWM81RRSieo1FCksETkfPzyOImsQUxuAAydePGqD_gHBnFO5LjvnOKBHLVfK2Hj4-2lA25a3JwGWT_n1xS8prCMazMaXiWc30SluUnE3e2p37_9GssgFXG_gyvA86htHVG_b44fd4gP11PE-O_kpTzy03CMQMCjl3Qodt3e1JSozhfuJgE4-5WWpTsl3vQMuG_VJcWYf8PcCPPo1DnC97TTawDt7m4BlqEw30HaqZS_ictcfKcq1OT56SI0qyCE8V66VEI9qOU4W8n0Qe7gpdfAgNG2aUI9dw8wPN1M6reflBhyKomaa5IX4xs2c&cid=CAASJeRoxQNdehpFfTwDRNJnR3gI24tKJPMVJWgwLq5QfihA3nno5d4&rfl=1%2Chttps%253A%252F%252Fdailyvoice.com%242%2Chttps%253A%252F%252F3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%240
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9741ec0d2cd44e302898427aa2a5c57d85d29d9a246014bb3f0894713c27f5fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32832
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/ Frame 9F24 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/window_focus_fy2019.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:32:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
511
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:32:27 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 9F24 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef2e3293c1558e5b49e30e1e094cfc3412ec386a68067aee04a92fc913f2c2ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36950
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1650454428054601"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 27 Apr 2022 06:40:58 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/ Frame 9F24 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:13:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1678
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6415
x-xss-protection
0
server
cafe
etag
567849196274905959
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:13:00 GMT
l
www.google.com/ads/measurement/ Frame 9F24 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaT-pEw3EVPTIb3jBtDhHH48ryyMPv-OFHuV-AxufdXjjPyZxQMcNyHhuYe_FtR31St9rco9ca9VgJCBtFEcJzsqDija2A
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers
gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F24 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BN_1YePO0Dwooo2f6J_i3v0H14HHGBUvA9DV1gDM2QDR3Chcc9zwNg3aCI8XrkOC8BTvHBlJPjRli6KS1h9wJgeIJHD_YT3rpUytJAZ6rCI_t_XOg
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 6C11 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
50392
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 26 Apr 2022 16:41:06 GMT
expires
Wed, 26 Apr 2023 16:41:06 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
banner
ad1.adfarm1.adition.com/ Frame 28B6 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad1.adfarm1.adition.com/banner?sid=4483354&gdpr=&gdpr_consent=&kid=5191607&wpt=H&clickurl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD_AuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E-qAMBqgT3AU_QuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo_n9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr-m01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh_CUYKE3aU4ApAZa_DA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn-lTAnJ9x72IBUBGTPIyAGhlREHwTLN_jBIgGPLb9iIrKXqjv3JJ2FXahzABN_i2aOFBOAEA5AGAaAGTYAH-cT0eqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64_0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca-pub-3605257360853185%26dbm_c%3DAKAmf-DiIl05kEah8IsX3lgrmvo-UhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG_2wU3m94T_r3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu-iON5_GA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm_d%3DAKAmf-CV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS-z-Z8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ-Al9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw_eMXh_Lp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK_W13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6-9h42QvTVeVlo-Flt5AQFU--ZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1-qqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO-BrRhgVDuuJlTNOg39jS9f%26adurl%3D
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.79.188.2 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
ad1.adfarm1.adition.com
Software
ADITIONSERVER v1.0 /
Resource Hash
83b2d381acf4605fabb7303a687ad0f02335c3f0adcb7d43f13a5b4c75c9c271

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache
content-encoding
gzip
content-type
text/html
date
Wed, 27 Apr 2022 08:40:58 +0200
expires
Sat, 01 Jan 2000 00:00:00 GMT
p3p
policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
pragma
no-cache
server
ADITIONSERVER v1.0
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame C62D 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2834
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 05:53:44 GMT
etag
48472445140208031
expires
Thu, 28 Apr 2022 05:53:44 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame B996 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
87e7fd5a829817f60378560aef0672a0c075913759721eb51042c6a08763d588

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type
image/png
dispatch.fcgi
deptagencynl1.solution.weborama.fr/fcgi-bin/ Frame 389A
Redirect Chain
  • https://deptagencynl1.solution.weborama.fr/fcgi-bin/dispatch.fcgi?a.A=im&a.si=6709&a.te=518&a.ra=1651041656887405&a.agi=199&g.de=0&ca=46563887000&a.hr=js&a.wi=970&a.he=90&a.sh=1200&a.sw=1600&a.ycp=...
  • https://deptagencynl1.solution.weborama.fr/fcgi-bin/dispatch.fcgi?g.bo=OK&g.rn=228168&a.A=im&a.si=6709&a.te=518&a.ra=1651041656887405&a.agi=199&g.de=0&ca=46563887000&a.hr=js&a.wi=970&a.he=90&a.sh=1...
3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://deptagencynl1.solution.weborama.fr/fcgi-bin/dispatch.fcgi?g.bo=OK&g.rn=228168&a.A=im&a.si=6709&a.te=518&a.ra=1651041656887405&a.agi=199&g.de=0&ca=46563887000&a.hr=js&a.wi=970&a.he=90&a.sh=1200&a.sw=1600&a.ycp=&g.ism=0&gdpr_cmp_failure=1&g.did=&a.we=1&a.pc=https%3A//googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCdgkEeOVoYu2UNq6k9u8P4saPiAG08eiraf3o5-jOD4fRor3AARABINrXxTlgleq3gsgHoAHD7pDBKMgBCakC2I91ZFTasT6oAwGqBPIBT9AvpgicXL4a4fn3RvF0c8Z2lEhKZAlS7INGYK3iJug_FiDQDNLnXJ9aobexlLAam1bApJHPt6XFoYyUO28oFWTmtape9_GF_YQE9NbTguMIc49RtCTGbmrdtNlJ0XMXrGK7bC_IIV-GDdooUi8fJixVSb_Q0_FLLeZSa4LoazUD675sip8Mpqv0iN2y_mjLfbTJrJgZw5OIi9q3bz5ZWs7MvOyxYLbjRto60WTQMYpDUJL6clGHfWjvrYgr9k8RNIXwu4s3s1HtQXtrxCwVhpUJi8v5-AnfeopuPGvQyeV8QP6Qmtr6rRqr7w0zhTjDSpzABLfHmJX4A-AEA5AGAaAGTYAHw6bhoAOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB3yCBthZHgtc3Vic3luLTkwMTIxODg0NTE2Mjk5MzSACgOYCwHICwGADAGwE66Qgg_IE6-v498D0BMA2BMK2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJ-Roob-_3AXJ0ObXClMJ6w9z1VIrGPS1ZD-jcrWvj-arIKAe5jqhfg%26sig%3DAOD64_0uU6QrAy8KSTo_EGXc1JmerOUdIA%26client%3Dca-pub-3605257360853185%26dbm_c%3DAKAmf-DTYd7Vel-3HXMajE9XUzDZSbL7erJETZr287IK1MOmS6gXP6YkjJwaxH9EH7EQUwDqk_jcjpI_KVbgI1GAoZCu1bVSLfq-BD-RJQN4CSKr0Tpm1d8g36NTv7yEM1y3wsR5Lsli6VRruKo4wa7ghdlhz9eEjA%26cry%3D1%26dbm_d%3DAKAmf-AYOk1q471aAcP_-_TFAx3PlCPWkj4OH983Nj-aPpA8dMAhbC8farq9R-teL44IiC6W5urjoyjHf8epgxrWTFG37VqjFRimoc-ILCdzgqng1B_O4-P2hdr6l2KeDGFMhC0zC62DY8NWFsgD6SC1m3S9hmhKEM6VGB0Uv-Qebv6sJ5qtA26DgTk4K8vvItZG6dlHEZ06y8uch4d_lggcp2UN3DQBiDP9u1cTywD79ibdgq_d-iea8oUstGlwZfcyL07DV1qrPzg8mnQmyJUdn2b_Gt-Aizt4XB3NWBWHVs32Zeuw7LjGV7aDbsptyipijfShOim5xQhCHNEiYThK2WinulFTya9HypDZG-dVDAPkTbzU37Kqte4fRdR6ivtFagE8vMgJ2pczZx1RttqpeegHBhsj4-E9Fr36R_8TO6HPUoxsUQVDF2QfmRHisELpb73ybwpHk7OSUHuw2OADXMkFHJEP6g%26adurl%3D&g.pu=&g.ru=
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Server
91.216.195.18 , France, ASN12516 (WEBORAMA Weborama provides Internet Services, FR),
Reverse DNS
std-collect-lb-c03-01-vip.weborama.fr
Software
Apache /
Resource Hash
9f5a0ed852a4e79d94e048b758b49a22c55f7a1efe66654c24a9eacc66a29f28

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
gzip
last-modified
Wed, 27 Apr 2022 06:40:58 GMT
server
Apache
vary
Accept-Encoding
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-cache
transfer-encoding
chunked
content-type
application/x-javascript
expires
Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
last-modified
Wed, 27 Apr 2022 06:40:58 GMT
server
Apache
access-control-allow-origin
*
transfer-encoding
chunked
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
location
https://deptagencynl1.solution.weborama.fr/fcgi-bin/dispatch.fcgi?g.bo=OK&g.rn=228168&a.A=im&a.si=6709&a.te=518&a.ra=1651041656887405&a.agi=199&g.de=0&ca=46563887000&a.hr=js&a.wi=970&a.he=90&a.sh=1200&a.sw=1600&a.ycp=&g.ism=0&gdpr_cmp_failure=1&g.did=&a.we=1&a.pc=https%3A//googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCdgkEeOVoYu2UNq6k9u8P4saPiAG08eiraf3o5-jOD4fRor3AARABINrXxTlgleq3gsgHoAHD7pDBKMgBCakC2I91ZFTasT6oAwGqBPIBT9AvpgicXL4a4fn3RvF0c8Z2lEhKZAlS7INGYK3iJug_FiDQDNLnXJ9aobexlLAam1bApJHPt6XFoYyUO28oFWTmtape9_GF_YQE9NbTguMIc49RtCTGbmrdtNlJ0XMXrGK7bC_IIV-GDdooUi8fJixVSb_Q0_FLLeZSa4LoazUD675sip8Mpqv0iN2y_mjLfbTJrJgZw5OIi9q3bz5ZWs7MvOyxYLbjRto60WTQMYpDUJL6clGHfWjvrYgr9k8RNIXwu4s3s1HtQXtrxCwVhpUJi8v5-AnfeopuPGvQyeV8QP6Qmtr6rRqr7w0zhTjDSpzABLfHmJX4A-AEA5AGAaAGTYAHw6bhoAOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB3yCBthZHgtc3Vic3luLTkwMTIxODg0NTE2Mjk5MzSACgOYCwHICwGADAGwE66Qgg_IE6-v498D0BMA2BMK2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJ-Roob-_3AXJ0ObXClMJ6w9z1VIrGPS1ZD-jcrWvj-arIKAe5jqhfg%26sig%3DAOD64_0uU6QrAy8KSTo_EGXc1JmerOUdIA%26client%3Dca-pub-3605257360853185%26dbm_c%3DAKAmf-DTYd7Vel-3HXMajE9XUzDZSbL7erJETZr287IK1MOmS6gXP6YkjJwaxH9EH7EQUwDqk_jcjpI_KVbgI1GAoZCu1bVSLfq-BD-RJQN4CSKr0Tpm1d8g36NTv7yEM1y3wsR5Lsli6VRruKo4wa7ghdlhz9eEjA%26cry%3D1%26dbm_d%3DAKAmf-AYOk1q471aAcP_-_TFAx3PlCPWkj4OH983Nj-aPpA8dMAhbC8farq9R-teL44IiC6W5urjoyjHf8epgxrWTFG37VqjFRimoc-ILCdzgqng1B_O4-P2hdr6l2KeDGFMhC0zC62DY8NWFsgD6SC1m3S9hmhKEM6VGB0Uv-Qebv6sJ5qtA26DgTk4K8vvItZG6dlHEZ06y8uch4d_lggcp2UN3DQBiDP9u1cTywD79ibdgq_d-iea8oUstGlwZfcyL07DV1qrPzg8mnQmyJUdn2b_Gt-Aizt4XB3NWBWHVs32Zeuw7LjGV7aDbsptyipijfShOim5xQhCHNEiYThK2WinulFTya9HypDZG-dVDAPkTbzU37Kqte4fRdR6ivtFagE8vMgJ2pczZx1RttqpeegHBhsj4-E9Fr36R_8TO6HPUoxsUQVDF2QfmRHisELpb73ybwpHk7OSUHuw2OADXMkFHJEP6g%26adurl%3D&g.pu=&g.ru=
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
expires
Tue, 03 Jul 2001 06:00:00 GMT
truncated
/ Frame 389A 		210 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
be5280cb8d1127f788590d8729622d7b91e4eac3f21981a6878011a24565bbac

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type
image/png
csi
csi.gstatic.com/ Frame D536 		0
327 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~l2h7kooz&c=3013544730103&slotId=1506772365051.5&qqid=CMGo5LvRs_cCFcrKuwgdjIwPqQ&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220418_RC00/outstream.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4023:1009::5e Fort Worth, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame D536 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 17:56:19 GMT
x-content-type-options
nosniff
age
564279
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 20 Apr 2023 17:56:19 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame D536 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Fri, 22 Apr 2022 01:46:21 GMT
x-content-type-options
nosniff
age
449677
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 22 Apr 2023 01:46:21 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame D536 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CZcWFeOVoYsGMO8qV7_UPjJm-yArMrN68afTAkJSmEOSCu_uaAhABIOidmyZgleq3gsgHoAGX_pvwAsgBBakCPJNFBMrbsT6oAwHIA5sEqgSjAk_QLUvPXip7PIKM4dFv1RuZSCLY_hQFg8zenjHjBSqpY2_9TGMuQ-WamuBbA5doDP1xUufamGIzMqL_hspMMPqr3ZFN5tqCQjohcmR89_4Xy2FjxmADulJXuKggshY1ryug0VgHlsBy8c0Xz2S_lCqjvFctonuq1ViIU4yZF70gtRydEV_nvG1ZYHSuoFZTJ7UwIUz0Xm0wRsvL12bTfFPTfNUiWP4lFGq3QONoEQx6Uz7TREN3FCYYIJbkbh08AMi4azdMX89PV9Mih8cOiKtzzHbIdchSUe2Uxxs-DDdf2Eh7FKnnpz8vPGLNdeuwEXRG5FBVPRzakoYHl34Kw8mZYyMCLE5-slzHyjeDB8KhOWtnK4snQKry9l40EJ2jMOOH3MAEjPLAr_oD4AQDkAYBoAZ2gAfRgeSPAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA8gLAeALAYAMAbATgf_6DsgT9fji3wPYEwqIFALYFAHQFQH4FgGAFwE&eventType=clickstring&clientTime=1651041658121&ai=CZcWFeOVoYsGMO8qV7_UPjJm-yArMrN68afTAkJSmEOSCu_uaAhABIOidmyZgleq3gsgHoAGX_pvwAsgBBakCPJNFBMrbsT6oAwHIA5sEqgSjAk_QLUvPXip7PIKM4dFv1RuZSCLY_hQFg8zenjHjBSqpY2_9TGMuQ-WamuBbA5doDP1xUufamGIzMqL_hspMMPqr3ZFN5tqCQjohcmR89_4Xy2FjxmADulJXuKggshY1ryug0VgHlsBy8c0Xz2S_lCqjvFctonuq1ViIU4yZF70gtRydEV_nvG1ZYHSuoFZTJ7UwIUz0Xm0wRsvL12bTfFPTfNUiWP4lFGq3QONoEQx6Uz7TREN3FCYYIJbkbh08AMi4azdMX89PV9Mih8cOiKtzzHbIdchSUe2Uxxs-DDdf2Eh7FKnnpz8vPGLNdeuwEXRG5FBVPRzakoYHl34Kw8mZYyMCLE5-slzHyjeDB8KhOWtnK4snQKry9l40EJ2jMOOH3MAEjPLAr_oD4AQDkAYBoAZ2gAfRgeSPAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA8gLAeALAYAMAbATgf_6DsgT9fji3wPYEwqIFALYFAHQFQH4FgGAFwE
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
vast
bid.g.doubleclick.net/dbm/ Frame D536 		29 KB
16 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-Bypp6hjL_S9abiG9l6E2dkv0RJ2SlazWFnZfQ1jrr6_d7BkOojAFcN5PTGpcI5SHhc9MwCbl1kB6IuVwmaAzntOSW-Zw&cry=1&dbm_d=AKAmf-CLcaJvB6yGNBFJNPe0PWMKdOSwHgzUtOYe9HPuckQdw_Efg2PiKYqFeUyXWhzijCkfhYP08ckoeZRaYl9Z0JkH1T9pII4-R5kGXPuXCHSoVGYOGzhsixJBdDQaGJSTv2QotZZg0aYghRDaqL3_T8eTYcoXOAhOOiOlXi-iWaHMfbwAEVo_nfL_U2XnhKoSIj7DH73qJXWhuQEDekLjlyg1HWZcXsOtg9XMpFhht9MJtj_7Xl6fBoLu8kYQ8z3yUaMPze-l5GmlQtZVl68mvgFurwcFE2QEiEka8ErGimPcxradxGq6Kfd0wex5Yp4u2u8pd0ddbmdlqS4UEt8uTqyCtHQdEidZwwbIzJa035QsKLhRAzln3JfeCrlcY5dEa_IsB_YC8kb1zqe-U9D-UG6L8Ls5psF8u5mJZDdvhr8c66Z9GwppeS56ul9sqrP0QSUubLRBo5XsxsYOw9VGIbH0IsmbGVLfE-YyjJQeL4ASBpYW91p50qMvzPbV--vFmfzQi0J-aSNGRX55cHW3GasXEpXm1T6KAaTdErRZ8LDqLtrRY5cYWfRwvtU6xndWtlZpm0bSAzgNFWdg8P7jaJTuv1y5lnF4iaOLKDUuWnArbHm-Knoih13rsuXSL14fYZZbeFGRU_81ouMm91OeQUCBQyaF-uTHQ__pFyU4A6ToiqFPUTcMDODVGQhSAptnefF6kxWMq7AKLfiF2747XA3Wm_jhhLkuBidHTtUaCJfI7wXz1xLAknyWQKjQnDRqdZCjLmhyZov-DlVdc_1w3ztTOVRXe-L07AheSjN18wsSwjzKwALsiqjJaqEMv2pw84Te-iZUb2-AXADQl2hzAbsonq5o7GGKd9nR3NLZyxe6QWlyww_V3dDqUrxJeBXe7pmz2cTX0nEDLEesphwL2YlrrV0JrRfHd6DsxcuhQ5DnKIXJuj5C2h5C9jAfA6C2g3OZv4JEdv3yf3G1zjUycZXfTd4YDC2Sf1AIjRgd6sELwHEMFCSvDez3C11-7iLARvblIVpGN56rODo82KSYCGyf_cED8Q1t_2v_OyOQ3nn4PwDbIxAq_8VCLClbIAE3dcgv-9o9vMY1cmHs3W8Ptk_JNGIU720wBJ16e4Hk4YVTSUYAQJII2D0thrFJIkuBPi6cr4BVo90auKnHKNHwh8K7rNUQFpTl1ul3pieHbbLKSByjTclFZK3Zlfb0HPSsWi6u5D46saaYm_DQbSCg6zwXDgLairadLUromrsQchoefmkgr3SbdeH2ylFDjoCwId9ayjtjXHym4yJNVdy-uTNbSs429ZIZa6gmBSs_DG5JtSfh5RJZO8HGO75ZObxTQXklpk8DlbCD86AZqqDu5DJ1tQqKQ4YGrD2obOSmufpIUwEmPzU8LhUUYcMKX6-OFac_BFeW1Gfr7LEDee3eKM3BL6Xah-hdxThcUcYDQQAlzeOqw_bCPLod0iQTQ7ry3UFLS1hPZrfw-3M5YmZWDOQdOvSk7JswwdUKZh2FwPdxDxU6ooikhVLS9zf7JpFQAszevkGVHk2EwEu6qvsov50Jyekr4hojGOmjSNeM_ZKThxkVMZ9y6HruEAXFQyjJZr8lka26PAkhXS6XIf9gIg0rCwBWHBvDIjrHk2EqNU0PFfXdjxi4LBI6ZKFRGuoMRvZshwYjqcCuUmg-5KryU_-O6gzlSR4GX5YdKWH4p_UPc7OT6qRi7r2gmVa3YEGKfer4ClKhenKaqGz69KX69cl3D3rIBtwPBZ1Hadt_JCedlyW2tDUfR2aQaQuGCixtbRlJVpOf-sNAqnGwXfOd_KCiXxt-KATDWLHdNZmUYmtUb6NtQHNF3uFwvMk02RdQwAve11MxVdFk4aehE0-JELEjA7Ty-qCsgPb-M3lspuBo2AcuNIMu48J5GdGZdsa5t0EnrUNq-tJrvjcAcfij1q_1ySKoUsuae1G3QZEC5QLff4u-DtaI92SpdPRNtMQYOOVVcgC5L1i_kUkWceEnYobmMJ-yWP3FFaivJRVFMJcjuDPyhhsENrJjQzLzHZBlabx1xdXywPDTQPXVzuF7s1KXyYdE1MSCvu3T4oBpN4Iv0upEzN0oolUZ0Zbk6uKq-zV7-h8d1eSnPwUi7nSLeF_CnaC8ip7L5j0CrUGIeixJtrfEu8byYqFVCeLIq0ggE3rLWgypt_7BF_ZKsS9-hObitR_SGl4LxQ-UY2063LsdlvGiVzaRgQ_RtEWbzm87Wfd9Z0oh05jT8OJt3P5XWjhQ2XuwAkSJ723ZJ8twfhbmM34uurfROUn7mnlDvfM0iBLdgZ-5uw-vNsTPD0dBwSOThPg2gIQ_YP3TDO6hfxH_VFLJNZi0K3rw_jrvRef-ssHJcg7avI-6ho1K6sJDtHEEbv3GEEef5MH0_erFOPDopqKO5B4mXQOVAtK-U4IbGcbLx4Aet9bhnei6QBcPv4Rc4z1P0pxon40wbEdOdjzbkI4ay941LSGAy0iC1e6jiaWNBoonduPW9TVbOWLQn62BvzNLj2ighQDIKWSkh4OzhRbb-nyQFPJGN-btA1iwTc-EakciI5VNC16bWwYc-J7QRzluA5TmNok-DWY4VgtDenPnlmfim27cSAeNTpEceJR5A6kBrP8humNfzkPmFW3YpS0HRIL9MIUxsExUE3YVSGrgZORlouXIjLD1HjBHs5LA9uDK9PP-NXJpg989D8MiXONkAh4jjLViXPZO1rKF1Lxjs52q63_vjWwF0e668ZOf4TezhI2qAbbGwFOkZDm9pXLIZrTPloFsPv6xyzNyEwWKmkEVGnD6YXZ5Gs-m3ouRnBEMbbb2i00g28BYDj-G_owTx-Wo9yccVv-_Mk0z65IR2athWWTykkqsMyzhxvBu9LzX_Ccdd9Biq9O-144WxAEnK1x1U6YK1yapcMJsq-Hv1WzLB4UGTF-6veE5Zm8WVTS0d0s3OmLA_7L_PYu6vNTWQdUUrUtcnLnMdtboD_pX_hEiP0JqjXWGjUpN_hpWyeRGKzJ2t22O99mOvS4LJyxsCevFz5eX1rWet8lrJ8eCDGps6XzqT_i854r3pVTgTp-DGDK1QVWrzpoubh2mPCYfotAxLd51HaUAQ7fX1rl-fsFbt5PrW20cRH_BMfVb7j55cs4OIcxbTDLfxtr6sBmj4EuUlwNLsUKMBLlQB_yzTvpxtG1tctkZjUmVzy9APqUHTrWYU-x7m5HfyA-tbaWVmP8u4XP1m5konCkJlYbPPYC4mrkBAXCQllAvQU7UQNF8oUi_iESP2-B6NPEW3oxeYKUtiy54vTLxPJClDu54Tz66BBpJaEBpwqdEPhL31ZkBVRhZuIgEP7TdPqh9HpDmoDCPYUVezaNR6DiDCkzPKIIgLwf7qZuPP78qWcJD152bN4v3WpiKvio5t1BM5nML2vsee0BjrUj-REGls2pMeQLmWX8zQ5q7NEFuD0IXDlhYlS_CGYWEkJDJHZgFIJLnWNZD_TJ_zrXu5YXFcf3mrvObx-AzEzgWH5WAS37PHomkgbwUbf41RfvoxV0zuid8WhPP_MwYWkNOQCXK30-eEJlevCjIw9ZRksKMnEmjKvo3v_Zeg6uu5xFZjlF8QiWuUQA0vq71-ds1cYVWciCvf1l0aCJVP1DXwgKi4-MGZ3jd0PLSTaj97W7ret3qWSKN-lPBORS9MF7J_oMBULl04wH2Q2COCI0osBJDunTYzJeCL2VamFb_EvBHDefXKMTBf58xyUOgd4Hg8eHD8ZWD_oy1Z8L_Xov7SAdDlU5f2vUevbBaQAwZ277R670KncnyQ68Axq8oZvNLE6Csl3nHD9g&cid=CAASJeRo7dZzT8nG8lg03JZfsUw6tXyFdgOVyfcnJLRemuJTFwMly54&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220418_RC00/outstream.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.177.15.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wr-in-f156.1e100.net
Software
cafe /
Resource Hash
f674914b32582ab3d73cf53b262be3379116ac9a744c1b707e51f4a2f55144a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15753
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame D536 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=Cpf3XeOVoYsGMO8qV7_UPjJm-yArMrN68afTAkJSmEOSCu_uaAhABIOidmyZgleq3gsgHoAGX_pvwAsgBBakCPJNFBMrbsT6oAwGqBKQCT9AtS89eKns8gozh0W_VG5lIItj-FAWDzN6eMeMFKqljb_1MYy5D5Zqa4FsDl2gM_XFS59qYYjMyov-Gykww-qvdkU3m-oKa-Jt2oL4RTTgkhD4iIii6UkSWqCCWETWvo0s6rRCLwIT2OFA6Zx_Q36DpVC1ihqkgm4BTe5riviK16Z7kXOe8mFqVd66go1LStjAjuferbjFGPsgeYtKOnvlNt2k0yb1aOLNgY2Fv_svPfIl0qsCV83YwllzMhDjBablu7nPvzpVw3iIp3jO2S3XXk6rjUmjU1SOjFluys1UVAKMcqyculhOh-V1N0WxcOjNVS99eOaAykKqee3QK96NTAQInXcu7WbkDA6EHzrWrCEJRKxNiqvzgmnle6BKreEYNd8AEjPLAr_oD4AQDiAXtsPS7PpIFBggDEAEYAZIFBggbEAIYAZIFDQgiEAMYAUiN0rcBUAGSBQYIHRAEGAGSBQYIHRABGAGSBQYIHhABGAGQBgGgBnaAB9GB5I8BqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwoQ7NoRGNqZ7sgB0ggJCIDhgBAQARgdgAoDyAsBsBOB__oOyBP1-OLfA9gTCogUAtgUAdAVAYAXAbIXHgocCAASFHB1Yi0xNjIxNzQ0NjYyNzk0NTI3GNCZHg&sigh=123BacKJ8gg&uach_m=[UACH]&cid=CAQSPACNIrLMAMxzXWT063s3cN8mgsIoNWJzRKTyuRH5vqgU1RQpnZBhM6jdO8UsCofKmsgheiHDY6CqKJIyvQ&vt=10
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame B631 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2834
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 05:53:44 GMT
etag
48472445140208031
expires
Thu, 28 Apr 2022 05:53:44 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame D536 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
15ff5575a368e8c6c54e5efefbd6d9b60929a48d153ecfbcb04d9c631ba421b5

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type
image/png
grumi.js
rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/ Frame 2DCF 		396 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:3800:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8516f3bacba504d2453300a736341c9414df397c954ff91af67a5f013d427e01

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:29:52 GMT
content-encoding
br
last-modified
Wed, 27 Apr 2022 04:54:23 GMT
server
AmazonS3
age
667
etag
W/"57938d65da62154855cce311969c8bcb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
cObTKsYjixhVnwv_BH1tmaOp_Df79_eF
via
1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control
public,max-age=1800,stale-while-revalidate=3600,immutable,must-revalidate
x-amz-cf-pop
FRA56-C1
content-type
text/javascript
x-amz-cf-id
blhG7hK1aHWNLaSoua2HvWTa9D9JEC8HvLCAwTh-LJlNMlEhMxQx-A==
publishertag.prebid.js
static.criteo.net/js/ld/ 		95 KB
31 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.113.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8fb8fc201a6f570ebfce0b3504f6da40f0976cd36c20e2983b6e5b172ebf56a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
gzip
last-modified
Tue, 05 Apr 2022 12:58:03 GMT
server
nginx
etag
W/"624c3cdb-17cf9"
strict-transport-security
max-age=31536000; preload;
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Thu, 28 Apr 2022 06:40:58 GMT
map
ih.adscale.de/ Frame 6864 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.238.206 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-238-206.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
796b862c4ecfa4c43c22c9b6995818d5524f58feccaed3d467222f7d287fb6a4

Request headers

Referer
https://js.adscale.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
2792
content-type
text/html;charset=ISO-8859-1
date
Wed, 27 Apr 2022 06:40:58 GMT
partner
sync.search.spotxchange.com/ Frame 3A8E
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
  • https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEBCZUG4MiXs5bGCslvfQPGk&google_cver=1
43 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEBCZUG4MiXs5bGCslvfQPGk&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNupDBD70OkBGJn9wLkBMAE&v=APEucNUtvBA_5fGKrkK8ZMitxPPGbIsN0yFxHI27VY9f4SMDxwFrBypCMvdLwsCPcDHdXL48W72i1gFK2vCkgIeuGp3a7aKUR3OEnXKi3P1wod0sVh7B1tXw62NvQjwNhuOBdP4EsV2f31tErdPQWWuIkC1OKilulWyfmfXi7Mt37rj9hSMARxA
Protocol
HTTP/1.1
Server
185.94.180.125 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software
nginx /
Resource Hash
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:40:58 GMT
Server
nginx
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
66
Connection
keep-alive
Content-Length
43

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEBCZUG4MiXs5bGCslvfQPGk&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
306
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 3A8E
Redirect Chain
  • https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
  • https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZmUyYTg2MGItYzVmNC0xMWVjLTlhYTktMTAyYWQwM2MwMTA2
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZmUyYTg2MGItYzVmNC0xMWVjLTlhYTktMTAyYWQwM2MwMTA2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNupDBD70OkBGJn9wLkBMAE&v=APEucNUtvBA_5fGKrkK8ZMitxPPGbIsN0yFxHI27VY9f4SMDxwFrBypCMvdLwsCPcDHdXL48W72i1gFK2vCkgIeuGp3a7aKUR3OEnXKi3P1wod0sVh7B1tXw62NvQjwNhuOBdP4EsV2f31tErdPQWWuIkC1OKilulWyfmfXi7Mt37rj9hSMARxA
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Wed, 27 Apr 2022 06:40:58 GMT
Server
nginx
Location
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZmUyYTg2MGItYzVmNC0xMWVjLTlhYTktMTAyYWQwM2MwMTA2
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
13
Connection
keep-alive
Content-Length
0
sync
ups.analytics.yahoo.com/ups/55946/ Frame 3A8E
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_dbm&_origin=1
  • https://pixel.advertising.com/ups/55946/sync?uid=CAESEKEvmEfsmGXJ1r7fxpbRts8&_origin=1&google_cver=1
  • https://pixel.advertising.com/ups/55946/sync?uid=CAESEKEvmEfsmGXJ1r7fxpbRts8&_origin=1&google_cver=1&verify=true
  • https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEKEvmEfsmGXJ1r7fxpbRts8&_origin=1&google_cver=1&apid=UPff0ac2f5-c5f4-11ec-8f58-06867cf268a4
  • https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEKEvmEfsmGXJ1r7fxpbRts8&_origin=1&google_cver=1&apid=UPff0ac2f5-c5f4-11ec-8f58-06867cf268a4&verify=true
0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEKEvmEfsmGXJ1r7fxpbRts8&_origin=1&google_cver=1&apid=UPff0ac2f5-c5f4-11ec-8f58-06867cf268a4&verify=true
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNupDBD70OkBGJn9wLkBMAE&v=APEucNUtvBA_5fGKrkK8ZMitxPPGbIsN0yFxHI27VY9f4SMDxwFrBypCMvdLwsCPcDHdXL48W72i1gFK2vCkgIeuGp3a7aKUR3OEnXKi3P1wod0sVh7B1tXw62NvQjwNhuOBdP4EsV2f31tErdPQWWuIkC1OKilulWyfmfXi7Mt37rj9hSMARxA
Protocol
H2
Server
18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
server
ATS/9.1.0.46
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEKEvmEfsmGXJ1r7fxpbRts8&_origin=1&google_cver=1&apid=UPff0ac2f5-c5f4-11ec-8f58-06867cf268a4&verify=true
date
Wed, 27 Apr 2022 06:40:58 GMT
server
ATS/9.1.0.46
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
pixel
cm.g.doubleclick.net/ Frame 3A8E
Redirect Chain
  • https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true
  • https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true&verify=true
  • https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&redir=true&apid=UPff0ac2f5-c5f4-11ec-8f58-06867cf268a4
  • https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&redir=true&apid=UPff0ac2f5-c5f4-11ec-8f58-06867cf268a4&verify=true
  • https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVBmZjBhYzJmNS1jNWY0LTExZWMtOGY1OC0wNjg2N2NmMjY4YTQ%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVBmZjBhYzJmNS1jNWY0LTExZWMtOGY1OC0wNjg2N2NmMjY4YTQ%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNupDBD70OkBGJn9wLkBMAE&v=APEucNUtvBA_5fGKrkK8ZMitxPPGbIsN0yFxHI27VY9f4SMDxwFrBypCMvdLwsCPcDHdXL48W72i1gFK2vCkgIeuGp3a7aKUR3OEnXKi3P1wod0sVh7B1tXw62NvQjwNhuOBdP4EsV2f31tErdPQWWuIkC1OKilulWyfmfXi7Mt37rj9hSMARxA
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVBmZjBhYzJmNS1jNWY0LTExZWMtOGY1OC0wNjg2N2NmMjY4YTQ%3D
date
Wed, 27 Apr 2022 06:40:58 GMT
server
ATS/9.1.0.46
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
express_html_inpage_rendering_lib_200_275.js
s0.2mdn.net/879366/ Frame 9F24 		106 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Origin
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 11:28:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
69159
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37892
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:44:52 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 27 Apr 2022 11:28:19 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220425/r20110914/elements/html/ Frame 9F24 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220425/r20110914/elements/html/omrhp.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:27:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
830
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:27:08 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220425/r20110914/ Frame 9F24 		25 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220425/r20110914/abg_lite.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36998456859e35cf76812894575b0203d48ad8ac11d3165c5449d1fa73f19800
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:37:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
217
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9783
x-xss-protection
0
server
cafe
etag
9821519945299111448
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:37:21 GMT
container.html
3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CFBD 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 06:40:56 GMT
expires
Thu, 27 Apr 2023 06:40:56 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 414E 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
50392
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 26 Apr 2022 16:41:06 GMT
expires
Wed, 26 Apr 2023 16:41:06 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ Frame C44B 		156 B
142 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F21734706084%2C22604498342%2Ffreestario&description_url=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&env=vp&correlator=3603666700719473&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=1x1%7C213x120&unviewed_position_start=1&cust_params=prmsig%3Dryetde&sdkv=h.3.512.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=4074094401&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.512.0&sid=856B888F-23E7-4758-9A5E-17B53252CF57&nel=0&eid=44750824%2C44757675%2C44761692&url=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&dlt=1651041656261&idt=1759&dt=1651041658243&cookie=ID%3Dd1b90674eb6f343d%3AT%3D1651041656%3AS%3DALNI_MasAy7uMikH1nBVuctsoiFP5EglYA&scor=2262583026123078&ged=ve4_td2_tt0_pd2_la2000_er758.-1810.911.-1510_vi0.0.1200.1600_vp0_eb16491
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.512.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
HdsydzJK.js
tpc.googlesyndication.com/sodar/ Frame D536 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/HdsydzJK.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 08:37:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
597817
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15407
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 20 Apr 2023 08:37:21 GMT
file.mp4
r3---sn-4g5e6nsk.c.2mdn.net/videoplayback/id/8c41f3bdf2567a85/itag/344/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1682577658/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame D536
Redirect Chain
  • https://gcdn.2mdn.net/videoplayback/id/8c41f3bdf2567a85/itag/344/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1682577658/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signa...
  • https://r3---sn-4g5e6nsk.c.2mdn.net/videoplayback/id/8c41f3bdf2567a85/itag/344/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1682577658/sparams/acao,ctier,expire,id,ip,ipbits,ita...
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r3---sn-4g5e6nsk.c.2mdn.net/videoplayback/id/8c41f3bdf2567a85/itag/344/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1682577658/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/6FBFC8C1E704BB7DD7A1A0CD3467CD1FD14B798D.2DA27368F84201D835CF13E919D0A635B75A7831/key/cms1/cms_redirect/yes/mh/bu/mip/2a02:6ea0:c71b:0:1012:ff06:2840:1dbd/mm/42/mn/sn-4g5e6nsk/ms/onc/mt/1651041037/mv/u/mvi/3/pl/43/file/file.mp4
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Server
2a00:1450:4001:62::8 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gvs 1.0 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:40:58 GMT
X-Content-Type-Options
nosniff
Connection
close
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length
2362611
Last-Modified
Mon, 25 Apr 2022 11:19:43 GMT
Server
gvs 1.0
Vary
Origin
Content-Type
video/mp4
Access-Control-Allow-Origin
null
Access-Control-Expose-Headers
Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control
private, max-age=86400
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Timing-Allow-Origin
null
Expires
Wed, 27 Apr 2022 06:40:58 GMT

Redirect headers

date
Wed, 27 Apr 2022 06:40:58 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
666
x-xss-protection
0
pragma
no-cache
server
ClientMapServer
location
https://r3---sn-4g5e6nsk.c.2mdn.net/videoplayback/id/8c41f3bdf2567a85/itag/344/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1682577658/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/6FBFC8C1E704BB7DD7A1A0CD3467CD1FD14B798D.2DA27368F84201D835CF13E919D0A635B75A7831/key/cms1/cms_redirect/yes/mh/bu/mip/2a02:6ea0:c71b:0:1012:ff06:2840:1dbd/mm/42/mn/sn-4g5e6nsk/ms/onc/mt/1651041037/mv/u/mvi/3/pl/43/file/file.mp4
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
access-control-expose-headers
Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
expires
Fri, 01 Jan 1990 00:00:00 GMT
index.html
imagesrv.adition.com/banners/3447/15850758/ Frame 4E2B 		5 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
Requested by
Host: ad1.adfarm1.adition.com
URL: https://ad1.adfarm1.adition.com/banner?sid=4483354&gdpr=&gdpr_consent=&kid=5191607&wpt=H&clickurl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD_AuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E-qAMBqgT3AU_QuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo_n9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr-m01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh_CUYKE3aU4ApAZa_DA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn-lTAnJ9x72IBUBGTPIyAGhlREHwTLN_jBIgGPLb9iIrKXqjv3JJ2FXahzABN_i2aOFBOAEA5AGAaAGTYAH-cT0eqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64_0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca-pub-3605257360853185%26dbm_c%3DAKAmf-DiIl05kEah8IsX3lgrmvo-UhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG_2wU3m94T_r3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu-iON5_GA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm_d%3DAKAmf-CV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS-z-Z8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ-Al9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw_eMXh_Lp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK_W13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6-9h42QvTVeVlo-Flt5AQFU--ZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1-qqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO-BrRhgVDuuJlTNOg39jS9f%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
217.79.188.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
imagesrv.adition.com
Software
/
Resource Hash
cf1c40fd82d4383416e5ca553fa435b17f478b17f6f111aca96aa9141e8aea12

Request headers

Referer
https://ad1.adfarm1.adition.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
content-encoding
br
content-length
990
content-type
text/html
date
Wed, 27 Apr 2022 06:40:58 GMT
etag
"4210498363-br"
last-modified
Wed, 13 Apr 2022 10:04:54 GMT
vary
Accept-Encoding
pixel
cm.g.doubleclick.net/ Frame C62D
Redirect Chain
  • https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEGPP8W7bzRC6-mkR5ce23Uo&google_cver=1&google_push=AYg5qPJ1ohtc08g3XB07cyxgf0tUm_KEj4mau1XpQ9l9aBkg751ips_m5etDLC_pgo5rEtOfgXCJuczR0XU...
  • https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJ1ohtc08g3XB07cyxgf0tUm_KEj4mau1XpQ9l9aBkg751ips_m5etDLC_pgo5rEtOfgXCJuczR0XUF8pi8XqNKRyrZYRK9Hw&google_hm=B0MP1cfKT6WGRfy7ui...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJ1ohtc08g3XB07cyxgf0tUm_KEj4mau1XpQ9l9aBkg751ips_m5etDLC_pgo5rEtOfgXCJuczR0XUF8pi8XqNKRyrZYRK9Hw&google_hm=B0MP1cfKT6WGRfy7ui1BBIU
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
via
1.1 google
server
Apache-Coyote/1.1
status
302
p3p
CP="NOI DSP COR NID CUR OUR NOR"
location
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJ1ohtc08g3XB07cyxgf0tUm_KEj4mau1XpQ9l9aBkg751ips_m5etDLC_pgo5rEtOfgXCJuczR0XUF8pi8XqNKRyrZYRK9Hw&google_hm=B0MP1cfKT6WGRfy7ui1BBIU
cache-control
no-cache, must-revalidate
content-type
text/html;charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame C62D
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESELSEGB6nGNDKj4RGDni90jw&google_cver=1&google_push=AYg5qPI6Df5E6_WEvMp49rnk33YS41yeGqfy9G036JwDyJOEGdTNblGiSlYVy2xcUQXkkNXB1CU_z3luDT9Un6...
  • https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA5MTE2OTkyNTQ0NTQ1MzAxMA%3D%3D&google_push=AYg5qPI6Df5E6_WEvMp49rnk33YS41yeGqfy9G036JwDyJOEGdTNblGiSlYVy2xcUQXkkNXB1CU_z3luDT9Un6JS5i...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA5MTE2OTkyNTQ0NTQ1MzAxMA%3D%3D&google_push=AYg5qPI6Df5E6_WEvMp49rnk33YS41yeGqfy9G036JwDyJOEGdTNblGiSlYVy2xcUQXkkNXB1CU_z3luDT9Un6JS5iUhhBUtyhuBSw
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA5MTE2OTkyNTQ0NTQ1MzAxMA%3D%3D&google_push=AYg5qPI6Df5E6_WEvMp49rnk33YS41yeGqfy9G036JwDyJOEGdTNblGiSlYVy2xcUQXkkNXB1CU_z3luDT9Un6JS5iUhhBUtyhuBSw
Date
Wed, 27 Apr 2022 06:40:58 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
sync
odr.mookie1.com/t/v2/ Frame C62D
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDvHrMpt5YLnXxe_1hRhzow&google_cver=1&google_push=AYg5qPK7S8_rQxX9hnoLXIRwNURnP8QEXbLxN3cDyV5soC_jIjkgJwYxkatB6LJuPNHLv8tXM6_Hhj_fVfiiHfhH2MZ-...
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=2275a37a-a7fe-43bf-85f5-f6d1ffd0e621&ssp=google&gdpr=&gdpr_consent=
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=2275a37a-a7fe-43bf-85f5-f6d1ffd0e621&ssp=google&gdpr=&gdpr_consent=
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
61.67.98.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
via
1.1 google
server
Apache
p3p
CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif;charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-application-context
application
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
//odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=2275a37a-a7fe-43bf-85f5-f6d1ffd0e621&ssp=google&gdpr=&gdpr_consent=
Date
Wed, 27 Apr 2022 06:40:58 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
dds
rtb.openx.net/sync/ Frame C62D 		43 B
350 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.openx.net/sync/dds?google_gid=CAESEBFP2IHNpEb4Qfh8lSIDpLs&google_cver=1&google_push=AYg5qPKpuGbNTjT-1IJRsyecuLOqQyrxVFkL_7HjF7McA1TG3bIS8r0GJTdAEqEj1b__FMSvh00EAOf_dOCUcdk3AQCEiAe1L9hm
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
Cowboy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-request-id
r4ti49iakpq2v0202aaih97olmj4d3q0
pixel
cm.g.doubleclick.net/ Frame C62D
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDeuYSRBBs4AWHQJle7BJ-I&google_cver=1&google_push=AYg5qPLOO2KL0Q5BC2lQvbcoSndmzsPpOHgTQvvMJb4N5AyUlVteA0gyU4HePWnPNLtnwwpwP5d...
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDJIN0tOOTctMVMtSlNITw==&google_push=AYg5qPLOO2KL0Q5BC2lQvbcoSndmzsPpOHgTQvvMJb4N5AyUlVteA0gyU4HePWnPNLtnwwpwP5dUtIG6Q0zgQEMPbxUC61JjHlYg
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDJIN0tOOTctMVMtSlNITw==&google_push=AYg5qPLOO2KL0Q5BC2lQvbcoSndmzsPpOHgTQvvMJb4N5AyUlVteA0gyU4HePWnPNLtnwwpwP5dUtIG6Q0zgQEMPbxUC61JjHlYg
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDJIN0tOOTctMVMtSlNITw==&google_push=AYg5qPLOO2KL0Q5BC2lQvbcoSndmzsPpOHgTQvvMJb4N5AyUlVteA0gyU4HePWnPNLtnwwpwP5dUtIG6Q0zgQEMPbxUC61JjHlYg
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
4b510f0cc5fcbc9800016ef543086418
Expires
0
/
onetag-sys.com/sync/i,19/ Frame C62D
Redirect Chain
  • https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEIrgbN8GcHdBG52AUjmdqRw&google_cver=1&google_push=AYg5qPKYOwX_yPQUMk2HxvEMTteOuGnWgMDDuuuuj1rzgpuO2T4uazyq2kuaXGPY0ZPGcFlXlZS8U6R_5Yu...
  • https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABgGnAZct-kgnQfVdjdqOrT_gy4F3XBHMmgA&google_push=AYg5qPKYOwX_yPQUMk2HxvEMTteOuGnWgMDDuuuuj1rzgpuO2T4uazyq2kuaXGPY0ZPGcFlXlZS8U6R_5Y...
  • https://onetag-sys.com/sync/i,19/?google_error=5
0
287 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onetag-sys.com/sync/i,19/?google_error=5
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Server
51.75.86.98 , France, ASN16276 (OVH, FR),
Reverse DNS
ip98.ip-51-75-86.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-cache, no-transform
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://onetag-sys.com/sync/i,19/?google_error=5
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
245
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
attr
cm.g.doubleclick.net/pixel/ Frame C62D 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I-qENm6okGNlYs27NSOXXry-ALi402bOXSsdHFtCPH5x5nsJLwYHUgoELQMRnJDf8
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
match.js
js.adscale.de/ Frame 6864 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.adscale.de/match.js
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:c200:f:4f64:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
45767d3452a56be0180eed18ff44acd5e688dc5bbde2b77e1da29b326a180416

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-amz-version-id
W2YuBTkxqkHul7eQyDK2MN9ValvlgOT6
content-encoding
gzip
last-modified
Thu, 21 Apr 2022 22:53:02 GMT
server
AmazonS3
age
6474
etag
W/"ff7cce9128150bd82f1a709c03692e3d"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 4874e0c922f34c928345f4c183ea11b4.cloudfront.net (CloudFront)
cache-control
max-age=7200
date
Wed, 27 Apr 2022 04:53:19 GMT
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
iLwgkFJ_sM3xmXI7x4iE7NHMpfeXhqvnd2Yp0Cj8uMvs4Ve1v_lRkQ==
init
gw.geoedge.be/api/ Frame 2DCF 		0
95 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://gw.geoedge.be/api/init
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.158.72.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-158-72-110.compute-1.amazonaws.com
Software
nginx/1.20.1 / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:40:58 GMT
server
nginx/1.20.1
x-powered-by
Express
content-length
0
dpixel
cms.quantserve.com/ Frame B631 		35 B
362 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECsVNueq8hKvyIx6E8H8YhU&google_cver=1&google_push=AYg5qPLAq4UpI9c_ydhKL0xcTYRfZxnog7MVuSHZM8oWFibB_nvINzr58icT5FiOd-miUbLjDKvUsWh19SJ060z7Pzr1pg1iWze2Aw
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
google
match.adsrvr.org/track/cmf/ Frame B631 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/google?google_gid=CAESEEY4RBWWEvJPxW2D2C3Vi4Q&google_cver=1&google_push=AYg5qPLL3vFRRszvpUgzF7rIndKg_FLPuvxHJaJOAa2sSgDCHkwFH9EK7d_v0mLKMdNJUfLzYZn8WRb3RJz74bAR7H7T7Wn62d8uAQ
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame B631
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEOv1g2wNRg3Lam8VAnnJhOY&google_cver=1&google_push=AYg5qPKn-iPTBhfitysXM_XTkpZh2s_Xu3iUODSW-Xsu7EgT4JhY8VrWr0wUTgOUryIwGr24bRS0PXd...
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=8&google_gid=CAESEOv1g2wNRg3Lam8VAnnJhOY&google_cver=1&google_push=AYg5qPKn-iPTBhfitysXM_XTkpZh2s_Xu3iUODSW-Xsu7EgT4JhY8VrWr0wUTgOUryIwG...
  • https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=BNDTPTA1S5uw_VZYhMPEimJo5Xo
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=BNDTPTA1S5uw_VZYhMPEimJo5Xo
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=BNDTPTA1S5uw_VZYhMPEimJo5Xo
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
pixel
cm.g.doubleclick.net/ Frame B631
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESENlmtWyiEzsParyAh-l2TZ4&google_cver=1&google_push=AYg5qPKrbchAP_UqVasdXElOHXOB_C2c2vNQ7ACdVF7_WKRJSumo-ltuuiB9VA03v9xAqu9F8UgFVbaWYWESQp...
  • https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA5MTE2OTkyNTQ0NTQ1MzAxMA%3D%3D&google_push=AYg5qPKrbchAP_UqVasdXElOHXOB_C2c2vNQ7ACdVF7_WKRJSumo-ltuuiB9VA03v9xAqu9F8UgFVbaWYWESQp4TAc...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA5MTE2OTkyNTQ0NTQ1MzAxMA%3D%3D&google_push=AYg5qPKrbchAP_UqVasdXElOHXOB_C2c2vNQ7ACdVF7_WKRJSumo-ltuuiB9VA03v9xAqu9F8UgFVbaWYWESQp4TAcLBf7xAj9M0kQ
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA5MTE2OTkyNTQ0NTQ1MzAxMA%3D%3D&google_push=AYg5qPKrbchAP_UqVasdXElOHXOB_C2c2vNQ7ACdVF7_WKRJSumo-ltuuiB9VA03v9xAqu9F8UgFVbaWYWESQp4TAcLBf7xAj9M0kQ
Date
Wed, 27 Apr 2022 06:40:58 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
pixel
cm.g.doubleclick.net/ Frame B631
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=RzpwsZe8TR-0AUUBecE-GQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=RzpwsZe8TR-0AUUBecE-GQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI4kCjxjEjsjR4YzWqcCNm5sXC7xs0Yi58PP520FFZOCy8jfx6aWekq4BrR8FgdDK1zCiRXtNRR8DnFa5ja94n_7NFL5Dbuaw
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=RzpwsZe8TR-0AUUBecE-GQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI4kCjxjEjsjR4YzWqcCNm5sXC7xs0Yi58PP520FFZOCy8jfx6aWekq4BrR8FgdDK1zCiRXtNRR8DnFa5ja94n_7NFL5Dbuaw
date
Wed, 27 Apr 2022 06:40:57 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
pixel
cm.g.doubleclick.net/ Frame B631
Redirect Chain
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESENbwiumUhwBwSnfmCZBG2MA&google_cver=1&google_push=AYg5qPL4sfxMLsk0lu0ld9U7VW0xisK-sLhYmqgND0WOE3bLVEXB6AbnhuxigF54RDA5_tn7la7yqEysAjGT-6_7q...
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESENbwiumUhwBwSnfmCZBG2MA&google_cver=1&google_push=AYg5qPL4sfxMLsk0lu0ld9U7VW0xisK-sLhYmqgND0WOE3bLVEXB6AbnhuxigF54RDA5_tn7la7yqEysAjGT-6_7q...
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPL4sfxMLsk0lu0ld9U7VW0xisK-sLhYmqgND0WOE3bLVEXB6AbnhuxigF54RDA5_tn7la7yqEysAjGT-6_7q7Sak2H3YQeaHw&google_hm=d89d8fb3624ba299d31d...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPL4sfxMLsk0lu0ld9U7VW0xisK-sLhYmqgND0WOE3bLVEXB6AbnhuxigF54RDA5_tn7la7yqEysAjGT-6_7q7Sak2H3YQeaHw&google_hm=d89d8fb3624ba299d31d58b0
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Wed, 27 Apr 2022 06:40:58 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPL4sfxMLsk0lu0ld9U7VW0xisK-sLhYmqgND0WOE3bLVEXB6AbnhuxigF54RDA5_tn7la7yqEysAjGT-6_7q7Sak2H3YQeaHw&google_hm=d89d8fb3624ba299d31d58b0
Access-Control-Allow-Credentials
true
Connection
close
X-Sovrn-Pod
ad_ap7ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
pixel
cm.g.doubleclick.net/ Frame B631
Redirect Chain
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEDWj2IVRnuX6keiWh8k_MXY&google_cver=1&google_push=AYg5qPI5LhjfIerq_2iS4DKCir_DCtQc28TNhDGTa9S9yrVO01ciBfRhBys2wbL-GeBjwyNKI1ZidrWvo9C2UfNipJrNVLtQ8a...
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA4MjY1ODQ4NjU3OTk3ODcyOTg3MA%3D%3D&google_push=AYg5qPI5LhjfIerq_2iS4DKCir_DCtQc28TNhDGTa9S9yrVO01ciBfRh...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA4MjY1ODQ4NjU3OTk3ODcyOTg3MA%3D%3D&google_push=AYg5qPI5LhjfIerq_2iS4DKCir_DCtQc28TNhDGTa9S9yrVO01ciBfRhBys2wbL-GeBjwyNKI1ZidrWvo9C2UfNipJrNVLtQ8ax2uQ
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA4MjY1ODQ4NjU3OTk3ODcyOTg3MA%3D%3D&google_push=AYg5qPI5LhjfIerq_2iS4DKCir_DCtQc28TNhDGTa9S9yrVO01ciBfRhBys2wbL-GeBjwyNKI1ZidrWvo9C2UfNipJrNVLtQ8ax2uQ
date
Wed, 27 Apr 2022 06:40:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
attr
cm.g.doubleclick.net/pixel/ Frame B631 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JIHc5wTtJBA8alCvorbNhxUHwqp5k0jdI6Pr2vtTolmAwInAaGO1zSwDL0WIun0QSSpUyr
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
LOnNfct_OK6AKwq7GByGz0_K8O7BrCXN6Fs6Py5gnPc.js
pagead2.googlesyndication.com/bg/ Frame 6C11 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/LOnNfct_OK6AKwq7GByGz0_K8O7BrCXN6Fs6Py5gnPc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2ce9cd7dcb7f38ae802b0abb181c86cf4fcaf0eec1ac25cde85b3a3f2e609cf7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 19:41:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
39570
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13636
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 26 Apr 2023 19:41:28 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame EA5E 		500 B
320 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiA_aO-ATAB&v=APEucNWRhvbIPcplkHLRcsjPJ8_HbPy47Pt9V5r-qo9Zjs5L6jopnaaudzzNtYmLuc3WXk0XRTdhqHw1l9J4bleqph4WthEY9xofq0zI77m1XqzW_huXHg-aL1yzIH2eGO8QbfFeKJdfk6CIvCmoH0O1yo-A3LBJMR5r0sKxAhWObEXYRCOM314
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
aedf3dff6e3596bea2ed1f9bb489aca220ac62eb0f0eb2ec34306f215388a1c7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
299
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 06:40:58 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 2DCF 		81 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CC-rRiVnoCG0-PRtIEg7gaedbNNx2T2E1W_KhYN98snHw5C4G9bKpA2lzoT8QCGBibKto6miNJBCi2EB-2t-0FTTAUwVyk9RsDrkZ_HxwDyRK0L8u3FpI1ycxPM12ykWIEJYc2WKp5dmoDK7fo-Pa_GX2V9Q&dbm_d=AKAmf-COsB1aMIP-aicXejvGQvl0dWBhwy_CZRD4SthTTxxKMbz52Y6DAYaWXww_g8oV8-eouE5GWhbwBvo1iJXCVTGjOl6Gid9YYbzEhLhwfFrB2yiea-mhG_apdqCYzFK2Yt2kKTQDPoOjcsUaoeoH0Tv8STwAz480vOjx0lU4Qa-iPGAZ12lkXxonceIod1VXCHC_26-SCLhLU4wDwfqx4wgp5wSw8OxeH8GphrWybw0zpwzTIOM2oW6kMRLyNUNT1Dp7Lb7Fdb9oKpZACMqH_gnBlnKipXDFrKclRUjIy-BBgNx-21Nw5PmkdfnzdhTdfJqgwTipT4RCSrbtvsIFWwD1glNdRNGBCxoIs54zKAqUsVxhOT_oSPPpiLijYIYKbYUV6sHE4KvKfHWMlpMHlco5ZpeuIr66aWJr-5U5GVbkwpJQDLkZCn5aFBmFVZinjUa3yOsebArJk2JvDj8CeKd-z3JyJJZ5kRzblrCJMf2Z0f-RSXhNLWq3pWG2incMYNUj6YYYFwEl1j_QQ5OpHpfi-ur2YWg1xMKtjpgmeasp90zSVmz75i9hBIZDtUb3rL9jIemHBjJ8HuRNP92E9TQnm41V8VB29AcXswzA-rlCVyXVzOFVnFj8HiBvWldBaIRLJATtBKBm7pvGvtn6Luhc-Yyt25VnwkfsJKGX39bsQeKWo5-h_ByHWBJd-EykzxodUpSW3hJtxwgRYkyjgsJCOcUdV128HJNIvvuH-tX9Ro6u0sP479VFUScvowMHsxAlnZkiWCOC4gmrmvH-yfBUM83JJQtySUQtpj59_IzK9br8NNZL0mRUdltHt_dhDuYN5Rwa4B7tKn5uatwSIY2mHC3ESViiG86KLWhvnVc9zwa92vrFIjIVF0bes5q8MG1p3pSzssDbv5eiJkYVGvXqYkNOAsK3qm_CZZWJdvYmzZUzgdhcnOy0PZGYEePayHLKoT_8ntot0gdszwT4ABUPy0owyH8E9a3ij3XeoHTmNBG_d6SwXnTnwVMR_Xutl21Rpvr31eW8iWvVml_vdEy6Ul7zCeUTniLjbH02yfH6BQ-642HwQRm6evyNtm2hc0JwZYcitRXqSRGfcd4d6CzPyJZh4MsItuhbL7EMuQ58eNJNG2wo7n--uJlGjie8yLcSrmzr2NKOo165aHhZj16zJtPRSIIKFqOh6PSI0WMpQ8zOc8PgMVD9VNWz4SB96FgJMh4ZRMw0VnORvFi3fOY39TecrYMgbJ4_BzEwVNoRfqzxNNu4agUVUW9uQl-EDtZcsG5tmJyBGtSNnxi62mT9zJrfpKV7E1qnjq8CjKnltwZ0y0cpDu4kIfc91wDM9TlvPX7CawfnhBrcvaoaFBoSNQF4vilvVIEqFdWOfH0fpuijn_RXpIxrONUPDDlN8NIpnXVguJJ7UvkNz2a9cBs4-fVPGNOyE-ha2UdOUliueGGQlpWoNnIFsjwVKxzLxlhvY5stiR_yyv1sFFRaZ7PEBN7U6I7u9b-4kGpV7SwOE9s9KVNu52fFXz0mJG8dn2ZKkppOb0YyB6CzR5AnxNOTtjCg0C7UhRLlOM1l5YxtOaTGH1mMFqrlDeIbF67dF1uitZpmbxWxr-xJxlfGzX0C2N-ZNWWa_Qwf0kJejtHhJxfld2O8S2FaVchX_s2K-jXjwq2t_GhB0_P-a7QQI47_HnCLL-N0bq2zz1kQO4vjiBbsLH5VOjGwwvrITUUmICOkFliEN5uX3eQS285V3VJ71xLfYC2fnYLmSMkHOxaQIB0WXGMiZdLLe62qJ8xuHm7iAF3rAY3oJvHbbmt6f7n9tlXml3qpAtx8kXGg-ND0Nc4M7Fdo-v1CSANoYmBYGl9HCyU5fuGit0Il6SbazM2UmZh7kNSX-X2AW8Ix59cWbTqf2oB7uaLTlZ6job_lOmQkJOD2exgpCMy2SabhngTAmyuMkUX1SrnH47xxcWbw8jxcWpUI9p4vfmad5TV0XbffvCgWqpTWnA0t7vH7Yjy5P_acFkVGb8Uur_qarCNxXCkxFt9TD2qMkHYUlCAxxMdqh3t0Sh01HZWvdfvj9aB-Slvf6KzKBf7twk0qd3AA6DgtxQSjkoQhhU4D_jI2sxrPWn_1AAgT4a0X6eYx0gvhS9RC-5BARBCRRIPJnTPnCh-KgsbZ4zgBdgoHtSxQZQczjK4O62FwPekYwvSybyjZ0dUzh-zU4ZaxdJLh4dYLi-rExSL7ymanJPZ8Xfyew6zhB3IjlVRPXPbdlGYBulHS20sQU_frTiPTUxINF5Pv_85rAhQakHIUK4gu2hmIptKreAFfxeyKzLfub0kccMSh6Q7jv-vcyCerc-b9hWCInh_PCDazr5iMJ7EOA5gq8Bd_15ykCOH0PGqSBhFL5f1J5DHpQitlsqCrBgRMsorCY3KlPdYIGlFe3yNs0XGVyGr5jcTmSby2w5VrV6hU8FY_i5hIteYsyi7umSxAvTE4HEFJGQGOv5Zn_Cwz7LSvRBdYVFgI0EU6UvZ66KJxg3qSEkg3iHEXIrbTy24bqbPnV61GpsOSKrdv5C7_GVlU6Jbh3dExIXnoCjATXU9oesXmsx3-FL6OrrKHspF7qjAjg3oxl3yk_CiRGQOzeaTOJrlLufeJY5kPV06QWRFCjhDYYkqKKD-9tQKvgvhRJ7FyJi8HmiNCatO49hmLlKZFxvSIeWn99aYgBX_VOEWy4J_DA_aRqfZjjCnWX0ElrkCOQ1iedNo-g0WssP4JWuj2KEREFTX1p5iuhRhhp17EpqZMTbdZIgflzhan0g6ErjlpyaWS-RCNszyVVLHd9FqJ4lP9BjxlymC1d--iLnJ0ogC8VOg_zxMfV0wYYPysX1DRPIR575QwtdjEp1J7-hZRh33s0fAEjDX74yOCqUYifenS6OzSXxaSriSICSqBdoP6LGZaNc_aOYa6Nowk_ok8nQxjTPt7iK0DtULjlq8z5SJvQoDwd7uq-_wQBMmjY7zo4ez7rwdKhk_Njm9uVPaO7KCmy5EsJ34wp1UFkJ8ijdKpEBE3SPjTDNfVUqr9-JGs-hs803ByUG_N2QZ-SCogEZHSthuTyw2zodit1wZd6ouch7lm7sDJMJgg0r07WRRkWHZY2-9dSSjggTy70GZBmQ_2vVHwULpdAQXw84Flax5B1En5jRu4YhkA4kE_wPfCEwtBBoQcKrswcSpsdVdUoHEnRDKl&cid=CAASJeRo2sL-NZKmTl3wooljL2V44Tjf_-RqCybOD7u-lSvgXkm10YI&rfl=1%2Chttps%253A%252F%252Fdailyvoice.com%242%2Chttps%253A%252F%252F3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%240
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2bbaa677bc99423ca91d12e93b66a8e96defc6e9a5a2510e0a3963bf3c71a45e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33899
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/ Frame 2DCF 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/window_focus_fy2019.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:32:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
511
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:32:27 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 2DCF 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef2e3293c1558e5b49e30e1e094cfc3412ec386a68067aee04a92fc913f2c2ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36950
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1650454428054601"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 27 Apr 2022 06:40:58 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/ Frame 2DCF 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:13:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1678
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6415
x-xss-protection
0
server
cafe
etag
567849196274905959
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:13:00 GMT
l
www.google.com/ads/measurement/ Frame 2DCF 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTpoBGAsD7uRjZMK5Iq7_RUG6DyQoZsnJXD3sxp0lDwmDcuIRM-sr8Y0u5_oRkdKtFrJ7iYoD2_4RYPFFnkg3BajPJb6A
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers
gen_204
pagead2.googlesyndication.com/pagead/ Frame 2DCF 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BgDRo3TgrMC3OqD4h0xzCr1UhT0G7WH0JU8uo9rfklHhbpmleEK_cwdxkS2xlT87Mw8nFiBJpPF54Rd4he9GPOnMBFrU-jnfqeal68fq1-VYvc0WI
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adperf_core_1.0.0_scrambled.js
cstatic.weborama.fr/js/advertiserv2/ Frame 389A 		104 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cstatic.weborama.fr/js/advertiserv2/adperf_core_1.0.0_scrambled.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FF7) /
Resource Hash
57d26dc350cc8c10af56460f5a6b067565c2cf5bea3eac710944814cc9ee4fa3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
gzip
last-modified
Mon, 07 Jun 2021 11:12:11 GMT
server
ECAcc (frc/8FF7)
age
494681
etag
"3365237273"
vary
Accept-Encoding
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-type
text/javascript
content-length
31873
expires
Wed, 04 May 2022 06:40:58 GMT
index.html
s0.2mdn.net/5524229/1637932082541/160x600/ Frame 4BF6 		4 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/5524229/1637932082541/160x600/index.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a0cd05b114ec7828635e6c8954512f94927c3445564b1d6ecbfc43a94bbcfa85
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
37493
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
1448
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Tue, 26 Apr 2022 20:16:05 GMT
expires
Wed, 27 Apr 2022 20:16:05 GMT
last-modified
Fri, 26 Nov 2021 13:08:02 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 9F24 		0
622 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvj-vEXNfdaiWh-JFE4s3b3EAASpOpl_ZlY-Qt9xNJk5o9lGy6Epbye12Wgb4XHn4dKOx0as0zSMDscWiDquDdIfuXBPwK7Vr6vFjG54h81XMsEXlszxxu7MmMiFfzJWD2dIp_78flQS8ye1kQspY8GjLZWSgD0kI1nvd4t_fJdOYTZcHK2J7i5Uqv12BIWFo7VAdEjUtVS2gOErgXFbv86jKjzeKcOz3Uf4T-62T7M_x7B2d8Awkjlm5XCA0qWVd83Bu87cfDdcyuphijfL5y9W8Ode9i_s22c2dueRctnw1IBJRIOPPV3HKtppDdcjiutwNgvSvj9aq4n_SLFEOKD2ULBfLRg5BL30i28ryIpC2t9CMiII_JwRUTFNigXrn_AAdrsJjE6l_rG_N_2EPXKv2x_fFjc3W7cLWkyNfWKnj0m3ynwD0OwQJqywL2DCsd-7brGWoKPZPD7YkN24LuSptDLzEW_gn6_kV880Wx-AiMx6GISicbPrHHonovv-z3Uc0HMEBszN_PiMuzXyOrfiXAVpMh2t2ZOMBMgkkTLv6RCjQqQwn4xuhOAf8bzaWf_uqXN6pp7tzD5viB_9XTWzGKYwtblh5adFx7X5S1MyTzMpOed51Ixu7d9DEYAUrQzzhqp1M1AqbXD3gIQjHii9wlhJf77iFcqWjgWlOn_TdWcIgh4whd8L1KuyM_O0WQ-pM3sBh79I2y-zqa9_fNDFt_VbliuMGkatkdfhpp8QDwptJmc-hboCzvoNnWbolb3SDJhRNuI7o3wtOeA2qIx5Gb83qCyTJCb9u3xTaK2Tz-RuuyCFL095tzgrdUmqMGn0njRKt2VC-4tlscl38pDYwZH2rloHG2csRCwu7o1eUR70j7eTkoG-gsQVN8rPj_HixdXRsMoNpaEFdJCYz0GEORMT1JjdyA1u6btu56PZ-W5lbl1RCVtXykO0IHhf0ju4bc_nIf45AD3SIb-SF083x1sNpnKLTjxdw1PFSVhoUmUPVY7mqFNbFsOpBeQ4Osqph_nUX4JK4zmYNWEFiZQ9D076-_M2YcIof2MfYjuLu7tMHGStg9dOmRx1XqPNPv_6RQqGPxU02-TJPp1yor6V1PB2IZR9KRKt75LJP1jPdSsLMAwkt7FBp0YrU3oOzOAQwdI1Ov1FFlbhqgtmKmdmjiKrhQjXfKyFdaeMQCKXXgd2JQZh5QMkF86edO6oz2g7p-3s2FHqqTBDUxLcKUIXmgrqx4LCeiKf6gLll1fxZ5lFZktZzuHV0kAONB-8KsoPYk067zc29eDFpmZrIw&sai=AMfl-YTZGBmfafNlj6nmMv1kO5kxltUeJVmI5IEvQ6dvnlPnTXDt3xDfFmEnPuDx0fQfJPyz8eZtZove9DbQH4w0CqYic24QP9WCTe76ngk83T9_kwsNMykpFHtLDo61yVi_D6lE4YEv-gXC6BLNyOqo3914eFfaWqE7gpVjELPcTM7ieE6A0oTaPeqwmrgGwhO--ObAEtz9_KOfjhhfq-gUkXDr&sig=Cg0ArKJSzKzQVNiaAFz5EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=125&cbvp=1&cstd=122&cisv=r20220425.42112&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date
Wed, 27 Apr 2022 06:40:58 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
grumi.js
rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/ Frame CFBD 		396 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:3800:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8516f3bacba504d2453300a736341c9414df397c954ff91af67a5f013d427e01

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:29:52 GMT
content-encoding
br
last-modified
Wed, 27 Apr 2022 04:54:23 GMT
server
AmazonS3
age
667
etag
W/"57938d65da62154855cce311969c8bcb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
cObTKsYjixhVnwv_BH1tmaOp_Df79_eF
via
1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control
public,max-age=1800,stale-while-revalidate=3600,immutable,must-revalidate
x-amz-cf-pop
FRA56-C1
content-type
text/javascript
x-amz-cf-id
6IveW9ttOTliKkfOLecmwTNfCfXY4cTALCZerWUnOwZuLO3YUngxeQ==
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 9F24 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 16:41:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
50392
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 26 Apr 2023 16:41:06 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame EDE8 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2834
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 05:53:44 GMT
etag
48472445140208031
expires
Thu, 28 Apr 2022 05:53:44 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 9F24 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dbe8bf249a4d3f250af2b680ab12bf6b3bffb97d763a431ca32d524795f61489

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type
image/png
H0ZEmIz7.html
tpc.googlesyndication.com/sodar/ Frame 33D7 		23 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
597807
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8727
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 08:37:31 GMT
expires
Thu, 20 Apr 2023 08:37:31 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
img
ih.adscale.de/sium/6de2f23660ee4ae997dfec95845e2fc6/1651041658215/0/ Frame 6864
Redirect Chain
  • https://bbnaut.ibillboard.com/match/AdScale?partneruid=63b73b1226f445519ec494ffac245040&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F6de2f23660ee4ae997dfec95845e2fc6%2F1651041658215%2F0%2Fimg%3Ftpid%...
  • https://ih.adscale.de/sium/6de2f23660ee4ae997dfec95845e2fc6/1651041658215/0/img?tpid=101&tpuid=BBID-01-03257556584655875-16587864
49 B
464 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ih.adscale.de/sium/6de2f23660ee4ae997dfec95845e2fc6/1651041658215/0/img?tpid=101&tpuid=BBID-01-03257556584655875-16587864
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.158.238.206 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-238-206.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

Date
Wed, 27 Apr 2022 06:40:58 GMT
Server
nginx
Transfer-Encoding
chunked
p3p
CP="CUR ADM DEV OUR STP PRE DSP NOI COR NID"
Location
https://ih.adscale.de/sium/6de2f23660ee4ae997dfec95845e2fc6/1651041658215/0/img?tpid=101&tpuid=BBID-01-03257556584655875-16587864
Cache-Control
private, max-age=3600
Access-Control-Allow-Credentials
true
Connection
close
AditionH5_ClickTags.js
imagesrv.adition.com/js/ Frame 4E2B 		753 B
424 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imagesrv.adition.com/js/AditionH5_ClickTags.js
Requested by
Host: imagesrv.adition.com
URL: https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
217.79.188.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
imagesrv.adition.com
Software
/
Resource Hash
5a0cecf509251de7b796c7c34ca1374bbb3fabe582e9e9394f1a1ebd9d421997

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
br
last-modified
Thu, 20 Aug 2020 14:03:40 GMT
etag
"1134380014-br"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
accept-ranges
bytes
content-length
330
tinyanimatemin.js
imagesrv.adition.com/banners/3447/15850758/ Frame 4E2B 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imagesrv.adition.com/banners/3447/15850758/tinyanimatemin.js
Requested by
Host: imagesrv.adition.com
URL: https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
217.79.188.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
imagesrv.adition.com
Software
/
Resource Hash
932376e026d5cf24ae61b65e0e0598e52fc850214a030a5327e7bd1eebad99b5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
br
last-modified
Thu, 18 Jul 2019 12:09:07 GMT
etag
"2477310091-br"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
accept-ranges
bytes
content-length
1019
tinyanimatefix.js
imagesrv.adition.com/banners/3447/15850758/ Frame 4E2B 		882 B
360 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imagesrv.adition.com/banners/3447/15850758/tinyanimatefix.js
Requested by
Host: imagesrv.adition.com
URL: https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
217.79.188.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
imagesrv.adition.com
Software
/
Resource Hash
1183307783cf23654d3a290fdd33a2387be5d4651145b67f5527da2729bec0bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
br
last-modified
Thu, 18 Jul 2019 12:09:07 GMT
etag
"956548205-br"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
accept-ranges
bytes
content-length
306
style.css
imagesrv.adition.com/banners/3447/15850758/ Frame 4E2B 		884 B
361 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://imagesrv.adition.com/banners/3447/15850758/style.css
Requested by
Host: imagesrv.adition.com
URL: https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
217.79.188.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
imagesrv.adition.com
Software
/
Resource Hash
f9a97ced4016a990957c372e591a614d374d5c168e0af576c8922bcb0877e855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
br
last-modified
Wed, 13 Apr 2022 10:04:37 GMT
etag
"2981184519-br"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
accept-ranges
bytes
content-length
273
motiv.jpg
imagesrv.adition.com/banners/3447/15850758/ Frame 4E2B 		64 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagesrv.adition.com/banners/3447/15850758/motiv.jpg
Requested by
Host: imagesrv.adition.com
URL: https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
217.79.188.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
imagesrv.adition.com
Software
/
Resource Hash
68090e7137958f12beb2351e31aca4989722b3da9d7ce0b7ef6f42cbcf4f7555

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:40:58 GMT
last-modified
Wed, 13 Apr 2022 10:04:37 GMT
accept-ranges
bytes
etag
"1318453783"
content-length
65237
content-type
image/jpeg
claim.png
imagesrv.adition.com/banners/3447/15850758/ Frame 4E2B 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagesrv.adition.com/banners/3447/15850758/claim.png
Requested by
Host: imagesrv.adition.com
URL: https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
217.79.188.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
imagesrv.adition.com
Software
/
Resource Hash
9e2a25989e4acd3937afeafe7a29b788137effe9b86bea663c7ce3010d673521

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:40:58 GMT
last-modified
Wed, 13 Apr 2022 10:04:37 GMT
accept-ranges
bytes
etag
"4128162326"
content-length
7615
content-type
image/png
head.png
imagesrv.adition.com/banners/3447/15850758/ Frame 4E2B 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagesrv.adition.com/banners/3447/15850758/head.png
Requested by
Host: imagesrv.adition.com
URL: https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
217.79.188.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
imagesrv.adition.com
Software
/
Resource Hash
30d8b2e4c2684715253541f07e7bfb48918ecb745c20753ad5ca400b4919291b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:40:58 GMT
last-modified
Wed, 13 Apr 2022 10:04:37 GMT
accept-ranges
bytes
etag
"1158070474"
content-length
7524
content-type
image/png
txt1.png
imagesrv.adition.com/banners/3447/15850758/ Frame 4E2B 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagesrv.adition.com/banners/3447/15850758/txt1.png
Requested by
Host: imagesrv.adition.com
URL: https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
217.79.188.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
imagesrv.adition.com
Software
/
Resource Hash
fa3472e85ca86bf36849fee11b26eab7d335a70c38c81bfbefb2f8c0dfb3c0c8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:40:58 GMT
last-modified
Wed, 13 Apr 2022 10:04:37 GMT
accept-ranges
bytes
etag
"3967992018"
content-length
3410
content-type
image/png
stern.png
imagesrv.adition.com/banners/3447/15850758/ Frame 4E2B 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagesrv.adition.com/banners/3447/15850758/stern.png
Requested by
Host: imagesrv.adition.com
URL: https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
217.79.188.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
imagesrv.adition.com
Software
/
Resource Hash
7a7613de51bf713b2eb2780e8a79c101d887560f1b6ee0a655300bd3ad2bc412

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:40:58 GMT
last-modified
Wed, 13 Apr 2022 10:04:37 GMT
accept-ranges
bytes
etag
"1854064356"
content-length
3372
content-type
image/png
button.png
imagesrv.adition.com/banners/3447/15850758/ Frame 4E2B 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagesrv.adition.com/banners/3447/15850758/button.png
Requested by
Host: imagesrv.adition.com
URL: https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
217.79.188.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
imagesrv.adition.com
Software
/
Resource Hash
8edd630d5170e53043d226f5d53fe4e01d29039339ff31533183e385be7b2eb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:40:58 GMT
last-modified
Wed, 13 Apr 2022 10:04:37 GMT
accept-ranges
bytes
etag
"2443396844"
content-length
3022
content-type
image/png
logo.png
imagesrv.adition.com/banners/3447/15850758/ Frame 4E2B 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagesrv.adition.com/banners/3447/15850758/logo.png
Requested by
Host: imagesrv.adition.com
URL: https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
217.79.188.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
imagesrv.adition.com
Software
/
Resource Hash
61491b6097e87e569b67268b405e9f7a1fdc36750e39c684fa505e8e10ec8db4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imagesrv.adition.com/banners/3447/15850758/index.html?clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJfsxeOVoYoX2PKaI9u8P0aqIwAWPt4C9adOr5pHZD%5FAuEAEg2tfFOWCV6reCyAfIAQmpAjyTRQTK27E%2DqAMBqgT3AU%5FQuTR6D19JIisSN0qAnccD6xx8FKrkGEjxReheQz5hoT268j0O9LeRTUCnGRKxoFK0dcEo%5Fn9wuT5631DSoL5wLEmh7ON1FfIRW0OIFOMme5S6Z9I7ALRr%2Dm01RKFdo1vhIhiZZjlNHN342HKbuquv20NXzNBEAxEbi65LotZNh%5FCUYKE3aU4ApAZa%5FDA6rYsUrfB7aegL7uq5Cy4C1BTJbCQZuWypyNjzukLdPpRVJovrPDengV0KVsawzzugRcmZg3yFv21GUKo5Kn%2DlTAnJ9x72IBUBGTPIyAGhlREHwTLN%5FjBIgGPLb9iIrKXqjv3JJ2FXahzABN%5Fi2aOFBOAEA5AGAaAGTYAH%2DcT0eqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35%2DxAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA5gLAcgLAYAMAbATku2XDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA%26sig%3DAOD64%5F0eDrRxqUpj7c2E1Nf76GxGSzCUHQ%26client%3Dca%2Dpub%2D3605257360853185%26dbm%5Fc%3DAKAmf%2DDiIl05kEah8IsX3lgrmvo%2DUhEge6xxIBB7DznPIJHU1eZVpRUSiyebSBfS766QQlOUqyfW6NUuDFG%5F2wU3m94T%5Fr3zkinGpeZAyk1zSA8Nfux8CNMPk4Ju1fVdoUNebu%2DiON5%5FGA8sYYG3QFvN54nFBGd1fA%26cry%3D1%26dbm%5Fd%3DAKAmf%2DCV44IlDFNA4N2u3cEw2ezVuJkktRJZfxeFP1WJGVcB5wDJQDsvQznxe8XnwySFjwUmxv3LxRcaxPXEExNoI5OS%2Dz%2DZ8tTn8IAVVJjfV2xQEIB3JMpxTB3HVOQyEEqcl1AszgXZojfteVoz0PjKMZvIewYrPziJtX6cGpu0RggZ%2DAl9uVnCSPTiPqIxMoJhWhSzUSsK82bM3yEZeWbeScREw%5FeMXh%5FLp4P2FEmi4GbsAh4QxrXEqDDqp0JSmK%5FW13oTWoetTNY0d46eaFwvIhpkL6CBYmrfaWswBc1n5nJ3RZPTxk3t9ZuaP2zNcUP5axbU0ffKHKzlwnYy6%2D9h42QvTVeVlo%2DFlt5AQFU%2D%2DZxwV5ui0RZsELRttM94tHdkwjUlc7ZXqz1P1%2Dqqg2nThuHVeI3KJUfU7lKq2DGVycGyKJeuqO%2DBrRhgVDuuJlTNOg39jS9f%26adurl%3Dhttps%253A%252F%252Fad1.adfarm1.adition.com%252Fredi%253Flid%253D7091169925445518546%2526gdpr%253D0%2526gdpr%255Fconsent%253D%2526gdpr%255Fpd%253D0%2526userid%253D7091169925445453010%2526sid%253D4483354%2526kid%253D5191607%2526bid%253D15850758%2526c%253D9472%2526keyword%253D%2526sr%253D0%2526gk%253D0%2526mdev%253D0%2526clickurl%253D&gdpr=0&gdpr_consent=&h5Params=%7B%7D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:40:58 GMT
last-modified
Wed, 13 Apr 2022 10:04:37 GMT
accept-ranges
bytes
etag
"3171926237"
content-length
6431
content-type
image/png
pixel
cm.g.doubleclick.net/ Frame EA5E
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
  • https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true
  • https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1IN3ROaU5kRTJ1RzY5NHhkMUlNRExURDJwRjB5a3pPRX5B
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1IN3ROaU5kRTJ1RzY5NHhkMUlNRExURDJwRjB5a3pPRX5B
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiA_aO-ATAB&v=APEucNWRhvbIPcplkHLRcsjPJ8_HbPy47Pt9V5r-qo9Zjs5L6jopnaaudzzNtYmLuc3WXk0XRTdhqHw1l9J4bleqph4WthEY9xofq0zI77m1XqzW_huXHg-aL1yzIH2eGO8QbfFeKJdfk6CIvCmoH0O1yo-A3LBJMR5r0sKxAhWObEXYRCOM314
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1IN3ROaU5kRTJ1RzY5NHhkMUlNRExURDJwRjB5a3pPRX5B
date
Wed, 27 Apr 2022 06:40:58 GMT
server
ATS/9.1.0.46
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
/
rtb-csync.smartadserver.com/redir/ Frame EA5E
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_dbm
  • https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEEVBiVXupGwcoJEjhn2BZ4M&google_cver=1
43 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEEVBiVXupGwcoJEjhn2BZ4M&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiA_aO-ATAB&v=APEucNWRhvbIPcplkHLRcsjPJ8_HbPy47Pt9V5r-qo9Zjs5L6jopnaaudzzNtYmLuc3WXk0XRTdhqHw1l9J4bleqph4WthEY9xofq0zI77m1XqzW_huXHg-aL1yzIH2eGO8QbfFeKJdfk6CIvCmoH0O1yo-A3LBJMR5r0sKxAhWObEXYRCOM314
Protocol
HTTP/1.1
Server
185.86.139.89 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
transfer-encoding
chunked
content-type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEEVBiVXupGwcoJEjhn2BZ4M&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
316
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
rtb-csync.smartadserver.com/redir/ Frame EA5E 		43 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=GOOGLE_HOSTED_PI&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_hm%3DSMART_USER_ID_B64
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiA_aO-ATAB&v=APEucNWRhvbIPcplkHLRcsjPJ8_HbPy47Pt9V5r-qo9Zjs5L6jopnaaudzzNtYmLuc3WXk0XRTdhqHw1l9J4bleqph4WthEY9xofq0zI77m1XqzW_huXHg-aL1yzIH2eGO8QbfFeKJdfk6CIvCmoH0O1yo-A3LBJMR5r0sKxAhWObEXYRCOM314
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.89 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
transfer-encoding
chunked
content-type
image/gif
LOnNfct_OK6AKwq7GByGz0_K8O7BrCXN6Fs6Py5gnPc.js
pagead2.googlesyndication.com/bg/ Frame 414E 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/LOnNfct_OK6AKwq7GByGz0_K8O7BrCXN6Fs6Py5gnPc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2ce9cd7dcb7f38ae802b0abb181c86cf4fcaf0eec1ac25cde85b3a3f2e609cf7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 19:41:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
39570
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13636
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 26 Apr 2023 19:41:28 GMT
style.css
s0.2mdn.net/5524229/1637932082541/160x600/css/ Frame 4BF6 		1 KB
383 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/5524229/1637932082541/160x600/css/style.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/5524229/1637932082541/160x600/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6ed0cf55e194ca27241e46e1a34ea1d6eff8ee45636d6f3d18a2f2b5beb2a471
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/5524229/1637932082541/160x600/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 20:16:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
37493
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
357
x-xss-protection
0
last-modified
Fri, 26 Nov 2021 13:08:02 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 27 Apr 2022 20:16:05 GMT
bg.jpg
s0.2mdn.net/5524229/1637932082541/160x600/images/ Frame 4BF6 		42 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/5524229/1637932082541/160x600/images/bg.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/5524229/1637932082541/160x600/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f84500d91daa1c48f00f1f068bd435a201de74bb6b343ffe1af18967da6eeb8c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/5524229/1637932082541/160x600/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 20:16:05 GMT
x-content-type-options
nosniff
age
37493
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43421
x-xss-protection
0
last-modified
Fri, 26 Nov 2021 13:08:02 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 27 Apr 2022 20:16:05 GMT
yellowBg.png
s0.2mdn.net/5524229/1637932082541/160x600/images/ Frame 4BF6 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/5524229/1637932082541/160x600/images/yellowBg.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/5524229/1637932082541/160x600/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e969efa774a77d322a698c37ee681f6967078b0765d25da87cd6b5fb4862fe67
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/5524229/1637932082541/160x600/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 20:16:05 GMT
x-content-type-options
nosniff
age
37493
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3958
x-xss-protection
0
last-modified
Fri, 26 Nov 2021 13:08:02 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 27 Apr 2022 20:16:05 GMT
legal.png
s0.2mdn.net/5524229/1637932082541/160x600/images/ Frame 4BF6 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/5524229/1637932082541/160x600/images/legal.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/5524229/1637932082541/160x600/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
201877ad1738da2fbd56ee26e25a82730e56e1dbdd4fad1d9ff98aa718b5ecd7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/5524229/1637932082541/160x600/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 20:16:05 GMT
x-content-type-options
nosniff
age
37493
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5657
x-xss-protection
0
last-modified
Fri, 26 Nov 2021 13:08:02 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 27 Apr 2022 20:16:05 GMT
logo.png
s0.2mdn.net/5524229/1637932082541/160x600/images/ Frame 4BF6 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/5524229/1637932082541/160x600/images/logo.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/5524229/1637932082541/160x600/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
acbdc35b3ceac473725838d9e590eedd4eb35a7263237d8fc591f79d70e016f2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/5524229/1637932082541/160x600/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 20:16:05 GMT
x-content-type-options
nosniff
age
37493
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7960
x-xss-protection
0
last-modified
Fri, 26 Nov 2021 13:08:02 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 27 Apr 2022 20:16:05 GMT
copy1.png
s0.2mdn.net/5524229/1637932082541/160x600/images/ Frame 4BF6 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/5524229/1637932082541/160x600/images/copy1.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/5524229/1637932082541/160x600/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
617124d1b85f766b1690908b346c33c8b7a42e33b05aadb335b452f86eb0d7e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/5524229/1637932082541/160x600/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 20:16:05 GMT
x-content-type-options
nosniff
age
37493
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8800
x-xss-protection
0
last-modified
Fri, 26 Nov 2021 13:08:02 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 27 Apr 2022 20:16:05 GMT
copy2.png
s0.2mdn.net/5524229/1637932082541/160x600/images/ Frame 4BF6 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/5524229/1637932082541/160x600/images/copy2.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/5524229/1637932082541/160x600/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9e2354e52e84b91d12de333308ec7da1795c6b367e380263207c9a3cc1c3e7cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/5524229/1637932082541/160x600/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 20:16:05 GMT
x-content-type-options
nosniff
age
37493
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8074
x-xss-protection
0
last-modified
Fri, 26 Nov 2021 13:08:02 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 27 Apr 2022 20:16:05 GMT
cta.png
s0.2mdn.net/5524229/1637932082541/160x600/images/ Frame 4BF6 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/5524229/1637932082541/160x600/images/cta.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/5524229/1637932082541/160x600/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef5f713442a86de7325c82331583a744301840e70fb74b7df4e0c33a55263b9b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/5524229/1637932082541/160x600/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 20:16:05 GMT
x-content-type-options
nosniff
age
37493
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8183
x-xss-protection
0
last-modified
Fri, 26 Nov 2021 13:08:02 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 27 Apr 2022 20:16:05 GMT
tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 4BF6 		105 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/5524229/1637932082541/160x600/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/5524229/1637932082541/160x600/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35824
x-xss-protection
0
last-modified
Fri, 09 Oct 2015 14:01:28 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 27 Apr 2022 06:40:58 GMT
main.js
s0.2mdn.net/5524229/1637932082541/160x600/js/ Frame 4BF6 		1 KB
418 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/5524229/1637932082541/160x600/js/main.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/5524229/1637932082541/160x600/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
01fe06963157ad4b6b55e18163fdd345d326dd0479d4036cf9a1bca439aeb5dd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/5524229/1637932082541/160x600/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 20:16:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
37493
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
392
x-xss-protection
0
last-modified
Fri, 26 Nov 2021 13:08:02 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 27 Apr 2022 20:16:05 GMT
970x90.html
cstatic.weborama.fr/advertiser/6709/46/304/411/ Frame ACAE 		12 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cstatic.weborama.fr/advertiser/6709/46/304/411/970x90.html?scrrefstr=scr_26141625667banner1651041704560&scrdebug=0&scrwidth=970&scrheight=90&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FFE) /
Resource Hash
2257d825aa332b051f8c285b78ebd7a82e9136c7c49e3b9d6d734b1b38573d0d

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
494088
cache-control
max-age=604800
content-encoding
gzip
content-length
4056
content-type
text/html
date
Wed, 27 Apr 2022 06:40:58 GMT
etag
"593911241"
expires
Wed, 04 May 2022 06:40:58 GMT
last-modified
Thu, 07 Apr 2022 11:33:20 GMT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
server
ECAcc (frc/8FFE)
vary
Accept-Encoding
x-cache
HIT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 5878 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
50392
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 26 Apr 2022 16:41:06 GMT
expires
Wed, 26 Apr 2023 16:41:06 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
init
gw.geoedge.be/api/ Frame CFBD 		0
95 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://gw.geoedge.be/api/init
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.158.72.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-158-72-110.compute-1.amazonaws.com
Software
nginx/1.20.1 / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:40:58 GMT
server
nginx/1.20.1
x-powered-by
Express
content-length
0
html_inpage_rendering_lib_200_275.js
s0.2mdn.net/879366/ Frame 2DCF 		169 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Origin
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 08:05:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
81350
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60173
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:44:51 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 27 Apr 2022 08:05:08 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220425/r20110914/elements/html/ Frame 2DCF 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220425/r20110914/elements/html/omrhp.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:27:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
830
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:27:08 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220425/r20110914/ Frame 2DCF 		25 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220425/r20110914/abg_lite.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36998456859e35cf76812894575b0203d48ad8ac11d3165c5449d1fa73f19800
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:37:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
217
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9783
x-xss-protection
0
server
cafe
etag
9821519945299111448
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:37:21 GMT
pd
u.openx.net/w/1.0/ Frame 3297 		0
35 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.6.18.0_1.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Wed, 27 Apr 2022 06:40:58 GMT
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
via
1.1 google
usync.html
eus.rubiconproject.com/ Frame 58FE 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.6.18.0_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 27 Apr 2022 06:40:58 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 09AF 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.6.18.0_1.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=22394
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Wed, 27 Apr 2022 06:40:58 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 27 Apr 2022 12:54:12 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
ixmatch.html
js-sec.indexww.com/um/ Frame 5A3F 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.6.18.0_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1388
Content-Type
text/html; charset=UTF-8
Date
Wed, 27 Apr 2022 06:40:58 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server
Apache
Vary
Accept-Encoding
check.html
biddr.brealtime.com/ Frame 8142 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html?gdpr=1&gdpr_consent=
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.6.18.0_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

CF-Chl-Bypass
1
CF-RAY
702591ddeeed92ba-FRA
Cache-Control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
close
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 27 Apr 2022 06:40:58 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Permissions-Policy
accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
bridge
cm.adgrx.com/ Frame 9001
Redirect Chain
  • https://ads.stickyadstv.com/auto-user-sync?gdpr=1&gdpr_consent=
  • https://1f2e7.v.fwmrm.net/ad/u?_dv=2&dsp_user_mapping=true&127719=dc87d5fdf19768f58f5cedc353dc9d6&rdU=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D1169%26userId%3d%23%7bu...
  • https://ads.stickyadstv.com/user-registering?dataProviderId=1169&userId=l12c6_7091169925444348927
  • https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_cm=&google_sc&google_hm=ZGM4N2Q1ZmRmMTk3NjhmNThmNWNlZGMzNTNkYzlkNg==&gdpr=0&gdpr_consent=
  • https://ads.stickyadstv.com/user-registering?dataProviderId=141&userId=CAESEJkCvn-F1v-oqPUfbwB3Kao&google_cver=1&gdpr=0&gdpr_consent=
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=stickyads&ttd_tpi=1&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=
  • https://ads.stickyadstv.com/user-registering?dataProviderId=208&userId=1c450bec-b2fe-4198-a495-f72f24a1217e
  • https://match.prod.bidr.io/cookie-sync/stv?gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/stv?gdpr=0&gdpr_consent=&_bee_ppp=1
  • https://ads.stickyadstv.com/user-registering?dataProviderId=817&userId=AACpnk7E0csAADZj0efulg&gdpr=0
  • https://pr-bh.ybp.yahoo.com/sync/stickyads/dc87d5fdf19768f58f5cedc353dc9d6?gdpr=0&gdpr_consent=&gdpr=0
  • https://ads.stickyadstv.com/user-registering?dataProviderId=199&userId=y-5Ey_FgtE2oPa72_poSyufO7LDW1KVdjSVKckWJEr~A
  • https://pm.w55c.net/ping_match.gif?st=FREEWHEEL&rurl=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D593&userId=_wfivefivec_
  • https://pm.w55c.net/ping_match.gif?scc=1&st=FREEWHEEL&rurl=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D593&userId=_wfivefivec_
  • https://ads.stickyadstv.com/user-registering?dataProviderId=593&userId=iOlBJwNX1NJBmb5
  • https://cm.adgrx.com/bridge?AG_PID=freewheel&AG_SETCOOKIE
43 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.adgrx.com/bridge?AG_PID=freewheel&AG_SETCOOKIE
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
HTTP/1.1
Server
72.251.245.181 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
Cowboy /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:59 GMT
server
Cowboy
P3P
CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Connection
keep-alive
Content-Type
image/gif
X-RealServer-NX
ams-delivery-8
Content-Length
43
Expires
Thu, 23 Sep 2004 17:42:04 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:59 GMT
Server
nginx
Access-Control-Allow-Origin
*
Location
https://cm.adgrx.com/bridge?AG_PID=freewheel&AG_SETCOOKIE
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
x-sticky-vk
1651041659630020-578
Expires
Wed, 27 Apr 2022 06:40:59 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame CF0D 		0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-p_psDEOa-zKMDGNXY28cBMAE&v=APEucNWb1EeXrBxic9P7OEC30dQa0T0d9ukhgXQfzSwURQ7HRfEdRXLZlg_Vp2kHtlVzUFqw7Gj9s4_Ww1YdkQata2IRiQxA4I_ADy2CJ-BXZfifxaJyxtMHDt1VASdf-58zB0x3Cv1edoxzNkU-eUjqj9NRVT4LKOnXw6osIl-VVT97Hm9qYvU
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 06:40:58 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame CFBD 		14 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AJnR-wRnLElVtrzEIRefIVqs7DFQfAoclJLF52tW4UznCq75e7WVITvr0oZA901Bjcnnf0wFC2KE8TEIx_-7Mc75VIJ0kQ1LX43ZVtzdwVwUHW4_qB8RDoPCdy8Ho_X7FDkX_NnC5cEYCjHS1afH6p6F8_qA&cry=1&dbm_d=AKAmf-An9-NPh_g74N-yGaXeV9XXgmEjw4uQyuW15HTfeUT8ifpxLADCku9FCMOQWmh1GUule2j-UoxPstKukRbjMp0xj4XuWC65tutTHGQacRCZs3iCUPol_mvlJjdHw5T4WJt2wiGHITrRypbd3dYd3BpS7gegSEWUz_cPJZU72PzfI966F52etctuvNgeb-D9R4DIGG7ted7CPrfGzYw9fys_JzhsBQpc2apgCOwCd-WfOZXLwMUYZqN5LogTQ3Sd015Dl5jfBbsRDum4LhfnuCt1p-W3NdSK4EwEbmQXmFFv7ZwlSpJ2IXsrcNoWEk85g9_0snSku116iMG2hX5r9r4Pm-I4xVNMH8kXyUnxbmrTBxISpSW1pN5SYZ_GXDbMHSaXVyl-OcQdc9KmVRL7nSvrGjU0sNxEG2b2Gnj24go0W6qkMof5Nz7EN_puiv_JXB5_uCuRLUwpxR3y3DP_-IFouebW8Nyl4iRPf6jyMz71DKgLmHr4m8_-QFSUM5i9q-jIiJTj1xWRj-wbPMSb9eDPwqsEwHxxTENr_KJH6MypSZDFFwZXZzFHc6xyCVBcdqUlla5ITIXgTX_SP8EFTND71Ltqqzuy3RAhGaDCwfBK4fEeB7bsU11GOvQOI4kou8mMh_sxcjRnuZpQksiLdb_-jW8pRLjk1FdQQg3Qpr5GMySgymmh-HAeRdseNHMRtOAlO3jCJRe_zab-TKrsMIjFuhI6LG5MJd8SR1ahSs4YgQ75Pmc8v64EhYfTh01977SrIdGcGOdoyLADM6ren-k2SwMGycxHjGdMAOzpyJMlsm-rMMCBTC_yJei_WL5CLrIoE39dwm6C1YPp6hqjG_GJF7Uiwi6kNWg9ijKeEoka_szrmOT_FBgFiMfEJ9FiyB-N-2t3Z9sS6_tz2L7SSkdBhYdZeeiS_T8hzn08t2d5GoN8d_iGcYIqeVLQn6fandUNUiAksEXbtHk8ehuhd_j2zWGG4iKY2gXs2KZxlFvzqA4b7zNuzBb-2OEiFqbyAo0kRsx5cIe9FV4JDesk2afBExSkkob7FCwWJAE27jAsk9M7aTR_ns5zNe13qqUDhrE5wPBMRb7O4x_cRlQ2CJsOBTHjazrXEQr_my9SkwkwUK3STYLJPNthZo59alaAy_xUOJY48S6QGSQqSXfmjw2ZdC_kQuU-TYwPl9u3Ea40ba3Y5FMCSYFiteHWaa3BmmSBQKKwUJaeDa3gde1oNo8wzM6T9zgIasmtxIEk_DPf3NSIUtR8C_izqUyZBc5Pq5iymm8aJ9MDrWiEEk2IUFg0OjSNH117lMemFfiecKOIZ30980fZg_qzDZqexPmU9KvBoqWXv_AnPqxoxXTd83mLeglUOfkpqjAsjTO6JSIxSOLBJ5aigzBKgsbo5H4Dkl_pPM-YKvyYM-Px4PllHkTiXEhgwP0S4L24puu8Ha-pYX00DEMmZwmtqFQnUBSiJ6d_q4sScddBLN6QuEBJR8EQJa5wGFJESEUQrAxXwl06W_fWsmPfLy_WUUO3NhkxixP4SrePBfI3U7eRmyXBjsCXmw3syL6eSmH2_6bqsZ4KuatU7lDbmzQmXvBAqQ_CRmSub5fS0mOIOVWM-e7P2prjIIOcpmgNhpn9ay4t9Yie_Oyqr2G3tIM9D1ojC-Abg6jvNE1d7kVpXX0E7gk-UfMBRPVmvSGaaDsr0s7EVrvO_wgdP8WGWTktBbv-rEfEB9Dk6kyqChKU8wNEMVEV-gZ_Ia0QH5bdYF9G9M8w5q-5OqtKkNd_DI_WO_H-N4M5B1L2GzyIYEOcFv_cI0OJk1hu_zpof6iwkd9P20_uxNqlYytRcJU_6qf4WN44bvZLFjwbL5nOfX0FFT1Q44oNulcLx_kWjSSTUu7zvCZch3I3Tts59oPmCqZFj02fuGdI9Tv2ZOAOo2bXYD_aybUTn02P47glqsNr8I8tknaPeKgBzTzDU5NH5bfq1LesPQsCM7ujfdmVy_nAjDj5VeBEpbHpJ8dGYdwPe4d1wJ9Q4Yj-ko25oHrfysRc_PjRet_dSqJBoUEz14p4ZEcwq0Y5px2ZMM4B3EuEUPeLHcrAELWmHBA5SyBXmDMeRz6Iwpmv9De45phQqFZC_xRHuWWbHzW1elf-O1ophxFlM9Z2l1Npecv3AF2zYPg3LB6VSApurpThANPZ6GBL-eIlXaBiYzbb3eBO_xh1rAeZuAdYTMN6u0kU0hNuBKdacCfXnzy-6n0-zeg9GTWtAt1QOrSRTUs57qRwcWTrTo_tioqB2ejEoI2Nns15SXa6YqyVVnQswrA6xxsDVIQ5JE4xrgak73C03MS4QAI8udGmL0-KuOPFOiMVlzj82rc6mUbUdu_HbUc7pfMEMfD2PsZXTFW56qn-fsgTC8xxJ2zDucTDUHdi5RvwbDnJGfr6zsyBlxNEoUlk6hrFm0IQ6AdwhdMbLN3T_7g_q9gGR4hvge3dHDMmQDafQaI_SJf9z9t51QR-f-tkdBRjhHEpVeO9c9mFfmRiPEABkT99pUXp1wRQEvWdWi140qRXLMva5NRNAaqNElKJpDF08q2yQJYPayvS1kLY377Dc3dy46nBy5UUe3820TFw6eVz1JXRGKTr7K1nXkygnVlbjXYArgCqykPAqZXHsHF36GG4SJC-S6V0wIqsGsr19fAQWntWEKwZH0dWkqGxpHj8BjIzjTeQzGvzDOr-ya_thWgp8cADGO6ftrATAqJX41g1mk8nbpPsxbyEPQPUvnq0Mzls7afqiLr5EtnLRQs51DYQVGV3EXYisL0ivEQ2tp3IW9XE5rzfv1Ck7kyI6Lks-1n-rFrCmeMot7WFnszypJ6yf9M-4SEa6kW9-nClOrsqtdYwqEV1wbQs040i0FTeIB_lGYFFD3SEZrnjIifb-evO5zDpDYRb-y04ArMpAj0CNABMJIUjc1ypMYGAb1z8WK-Pq_19MOr6WsZXEjM7VxWNIakOBTs2KGTlKvXZomeRSO7SVpgl3O9rDLNDinTlVtKmjsN-EZeSOBSRsUpB8SFGQbvjLcT_Z1AU6eDMBcskLOQKaDbNdUIa0bkgSqqSsdBOersv9g_H9r1IH8T9HKYqH3Iq9TligwVjaNdAtTC_qg-gUMhIqcJgBFwNUYQ2tQiYfAcESQKNMDn_gH1jy3xIa-OzReGLZHgXTGmLiisYBL9nglq_MRSf2vYYQqTp1ogzz48InH1ucz8Ld-yRFRzObMGb8FSlZ6LPEOSs7UKor6Qo5gwNzPzUqteh6fk74XmoalUyqSYnTmUcr8d1xdyABQ71wc15vc6hlOtUcmZcONdsh7EnMreO2UHuCjHbAzHHu0p6zgUlXJvsQ7dDbR_o0z9QlaScMAGjnbMIl5RTS9Wics0dxY-n5X5NYASyKDJEWqzO6CYBEDQmJDlYWVET0CXJKcRIHuJkTc_IXXpTxno6EHwOeXpCEwOOm7XAhBcROglYfMar58GCtthXdw&cid=CAASJeRonEDrvKHn5Zp9YJm86ZOaDMC20JEi2zmZwMQN71hEW-8H164&rfl=1%2Chttps%253A%252F%252Fdailyvoice.com%242%2Chttps%253A%252F%252F3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%240
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ced9843b2ba0bc9b47033d319214c7ba742e6cf58afe60e35a1d2c033484eeb2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10824
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
mraid.js
3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CFBD 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/mraid.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
x-content-type-options
nosniff
server
sffe
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1591
x-xss-protection
0
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/ Frame CFBD 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/window_focus_fy2019.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:32:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
511
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:32:27 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame CFBD 		120 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8eb7099cbb3a71d7aac7b13e9bba617caa98ef7b9aea6dea37127204d5b33143
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37288
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1650886898888356"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 27 Apr 2022 06:40:58 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/ Frame CFBD 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:13:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1678
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6415
x-xss-protection
0
server
cafe
etag
567849196274905959
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 11 May 2022 06:13:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame CFBD 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B6YxdmK-WLsPwRJX4b4JhYkui7_zQ-wj_V_7nHh0USoACM93RgFbO67_bZO3hKUPXzXThBNNqMh2DWiIjltoWexhBowsnLg1rfKfJNhlbUSrQM8A8
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
AdxPixel
tr.blismedia.com/v1/api/sync/ Frame EDE8 		0
173 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEJ69HqRI5znGAzgF7uknqsA&google_cver=1&google_push=AYg5qPLA-vxar_TZB-DQBLdof2yPeqyENa96UIZHKZmJlPVVzYEOW4ZH1wNWSyMYmQcMNspj4kykUdeRB1lUAHmy--3LWyZEuB6U
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.105.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.105.96.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pixel
cm.g.doubleclick.net/ Frame EDE8
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEBp0te39fcfogWl02qwZqSI&google_cver=1&google_push=AYg5qPJ3FzxFP0KxsWB6HC8QY8VC0RvRqTnL31jtq8JGfAhCgElaH7C2tDMUQNaKrVtsYHuyd-n8Hc-1pSyIh0...
  • https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA5MTE2OTkyNTQ0NTQ1MzAxMA%3D%3D&google_push=AYg5qPJ3FzxFP0KxsWB6HC8QY8VC0RvRqTnL31jtq8JGfAhCgElaH7C2tDMUQNaKrVtsYHuyd-n8Hc-1pSyIh0FGG6...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA5MTE2OTkyNTQ0NTQ1MzAxMA%3D%3D&google_push=AYg5qPJ3FzxFP0KxsWB6HC8QY8VC0RvRqTnL31jtq8JGfAhCgElaH7C2tDMUQNaKrVtsYHuyd-n8Hc-1pSyIh0FGG6Yr3TPUjmFn
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA5MTE2OTkyNTQ0NTQ1MzAxMA%3D%3D&google_push=AYg5qPJ3FzxFP0KxsWB6HC8QY8VC0RvRqTnL31jtq8JGfAhCgElaH7C2tDMUQNaKrVtsYHuyd-n8Hc-1pSyIh0FGG6Yr3TPUjmFn
Date
Wed, 27 Apr 2022 06:40:58 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
gg_pixel
sync.adaptv.advertising.com/ Frame EDE8 		0
0
pixel
cm.g.doubleclick.net/ Frame EDE8
Redirect Chain
  • https://match.360yield.com/match/ebda?google_gid=CAESELkYCFvMyftGHVp4bZCQsx0&google_cver=1&google_push=AYg5qPLBsCQWYYsV3udoozDOChF1o3462aS158tj7RojT78VaFLxhClmk6WTQIplNTQAOPDvnETyfxJ9zG7kw-XlYTrK2L...
  • https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESELkYCFvMyftGHVp4bZCQsx0&google_cver=1&google_push=AYg5qPLBsCQWYYsV3udoozDOChF1o3462aS158tj7RojT78VaFLxhClmk6WTQIplNTQAOPDvnETyfxJ9zG7kw-Xl...
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=L-9Yl-ihQYiYOe_AfnU9MQ&google_push=AYg5qPLBsCQWYYsV3udoozDOChF1o3462aS158tj7RojT78VaFLxhClmk6WTQIplNTQAOPDvnETyfxJ9zG7kw-X...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=L-9Yl-ihQYiYOe_AfnU9MQ&google_push=AYg5qPLBsCQWYYsV3udoozDOChF1o3462aS158tj7RojT78VaFLxhClmk6WTQIplNTQAOPDvnETyfxJ9zG7kw-XlYTrK2LZQgzk
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=L-9Yl-ihQYiYOe_AfnU9MQ&google_push=AYg5qPLBsCQWYYsV3udoozDOChF1o3462aS158tj7RojT78VaFLxhClmk6WTQIplNTQAOPDvnETyfxJ9zG7kw-XlYTrK2LZQgzk
date
Wed, 27 Apr 2022 06:40:58 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
pixel
cm.g.doubleclick.net/ Frame EDE8
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEO...
  • https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AYg5qPImfota0u13Pm2USewKFGtX9wI9brayon9s6YynR6Vc4UD8RR63dplXNh9Wf7_MiW-pac6bS8h4pmduret3lScE3kidDPw-&redir=https%3A%2F%2Fcm.g.doubl...
  • https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPImfota0u13Pm2USewKFGtX9wI9brayon9s6YynR6Vc4UD8RR63dplXNh9Wf7_MiW-pac6bS8h4pmduret3lScE3kidDPw-&google_hm=
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPImfota0u13Pm2USewKFGtX9wI9brayon9s6YynR6Vc4UD8RR63dplXNh9Wf7_MiW-pac6bS8h4pmduret3lScE3kidDPw-&google_hm=
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
server
Tengine
etag
OPTOUT
content-type
text/html
location
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPImfota0u13Pm2USewKFGtX9wI9brayon9s6YynR6Vc4UD8RR63dplXNh9Wf7_MiW-pac6bS8h4pmduret3lScE3kidDPw-&google_hm=
cache-control
no-store, no-cache, must-revalidate
expires
0
pixel
cm.g.doubleclick.net/ Frame EDE8
Redirect Chain
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEAkNyUEFbOPFtOQ7Ib0HUe4&google_cver=1&google_push=AYg5qPIxVGnLSp6flDVO2zxtqPoKlLXUY797D5kF7cPSJQawK6yaRtJXOznT2d-cEdQQndiwUBcMkNpkB0BfaeM3REVzDhsegDFU
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA4MjY1ODQ4NjU3OTk3ODcyOTg3MA%3D%3D&google_push=AYg5qPIxVGnLSp6flDVO2zxtqPoKlLXUY797D5kF7cPSJQawK6yaRtJX...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA4MjY1ODQ4NjU3OTk3ODcyOTg3MA%3D%3D&google_push=AYg5qPIxVGnLSp6flDVO2zxtqPoKlLXUY797D5kF7cPSJQawK6yaRtJXOznT2d-cEdQQndiwUBcMkNpkB0BfaeM3REVzDhsegDFU
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA4MjY1ODQ4NjU3OTk3ODcyOTg3MA%3D%3D&google_push=AYg5qPIxVGnLSp6flDVO2zxtqPoKlLXUY797D5kF7cPSJQawK6yaRtJXOznT2d-cEdQQndiwUBcMkNpkB0BfaeM3REVzDhsegDFU
date
Wed, 27 Apr 2022 06:40:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
sync
ssbsync.smartadserver.com/api/ Frame EDE8 		0
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEGKQZ40H2nzVRa18xXLpLZ0&google_cver=1&google_push=AYg5qPJJWjm-8980YJ8U3xTr0rgbMfr_bKbVHJjUyg8tcwvXY9XWTPa7Y0wQno81jvUczN0J5XRAJthVCwRd73hp_-Le8LgxwGU
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.104 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
content-length
0
attr
cm.g.doubleclick.net/pixel/ Frame EDE8 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KZKWPPcRSbnAsLZDZyzuknEQHYxoH-wvRluVUoyVnEJ9YisPNcsNVoLF51oUWBmIYokFlH
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
c
c.pub.network/ 		36 B
53 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.pub.network/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.messaging.2.25.0.9843edf0e05467b8fcc058bd038d3ff50171db2479e2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.71.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
192.71.201.35.bc.googleusercontent.com
Software
/
Resource Hash
446043a7ceb4b6eb563bebdd3ed0510fd5280567a053939591c0ca57dc5f7a80

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
via
1.1 google
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/plain;charset=utf-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
36
file.mp4
r3---sn-4g5e6nsk.c.2mdn.net/videoplayback/id/8c41f3bdf2567a85/itag/344/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1682577658/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame D536 		1 MB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://r3---sn-4g5e6nsk.c.2mdn.net/videoplayback/id/8c41f3bdf2567a85/itag/344/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1682577658/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/6FBFC8C1E704BB7DD7A1A0CD3467CD1FD14B798D.2DA27368F84201D835CF13E919D0A635B75A7831/key/cms1/cms_redirect/yes/mh/bu/mip/2a02:6ea0:c71b:0:1012:ff06:2840:1dbd/mm/42/mn/sn-4g5e6nsk/ms/onc/mt/1651041037/mv/u/mvi/3/pl/43/file/file.mp4
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:62::8 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gvs 1.0 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Range
bytes=0-

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
x-content-type-options
nosniff
Content-Range
bytes 0-2362610/2362611
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length
2362611
expires
Wed, 27 Apr 2022 06:40:58 GMT
last-modified
Mon, 25 Apr 2022 11:19:43 GMT
server
gvs 1.0
vary
Origin
content-type
video/mp4
access-control-allow-origin
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
access-control-expose-headers
Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control
private, max-age=86400
access-control-allow-credentials
true
accept-ranges
bytes
timing-allow-origin
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
client-protocol
quic
screenad_interface_1.0.3_scrambled.js
media.adrcdn.com/scripts/ Frame ACAE 		29 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://media.adrcdn.com/scripts/screenad_interface_1.0.3_scrambled.js
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/advertiser/6709/46/304/411/970x90.html?scrrefstr=scr_26141625667banner1651041704560&scrdebug=0&scrwidth=970&scrheight=90&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.163 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frb/6759) /
Resource Hash
6f522fbbba8abd42e7a27c37138ae40a42beca58f750deb37102717d22e8bbd5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
gzip
last-modified
Mon, 30 Aug 2021 13:14:16 GMT
server
ECAcc (frb/6759)
age
495136
etag
"1894109687"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
cache-control
max-age=0
accept-ranges
bytes
content-length
9683
HYPE-724.thin.min.js
cstatic.weborama.fr/advertiser/6709/46/304/411/ Frame ACAE 		55 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cstatic.weborama.fr/advertiser/6709/46/304/411/HYPE-724.thin.min.js
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/advertiser/6709/46/304/411/970x90.html?scrrefstr=scr_26141625667banner1651041704560&scrdebug=0&scrwidth=970&scrheight=90&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F06) /
Resource Hash
fa4ae93330f3a0b8e253e34bc6d66018d996fb5d56ef0802e6def0d91fd035c0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cstatic.weborama.fr/advertiser/6709/46/304/411/970x90.html?scrrefstr=scr_26141625667banner1651041704560&scrdebug=0&scrwidth=970&scrheight=90&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
gzip
last-modified
Thu, 07 Apr 2022 11:33:20 GMT
server
ECAcc (frc/8F06)
age
494087
etag
"1917450012"
vary
Accept-Encoding
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-type
text/javascript
content-length
24509
expires
Wed, 04 May 2022 06:40:58 GMT
d_XgMe7_8DX3JscHlpumBxzOcHqlAtWKp75Cu0r3_I4.js
pagead2.googlesyndication.com/bg/ Frame 33D7 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/d_XgMe7_8DX3JscHlpumBxzOcHqlAtWKp75Cu0r3_I4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
77f5e031eefff035f726c707969ba6071cce707aa502d58aa7be42bb4af7fc8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 16:23:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
51434
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13694
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 26 Apr 2023 16:23:44 GMT
usync.js
eus.rubiconproject.com/ Frame 58FE 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
9373556c315280b756fbe5e357153b8b34d73c3da1a92367a1018561912d4a3a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:40:58 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Mar 2022 16:28:01 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=77805
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9542
Expires
Thu, 28 Apr 2022 04:17:43 GMT
img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame 6864
Redirect Chain
  • https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=d97b2a2bef2774ba6d7223695...
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=YmjleKUCRbN6zLlXA4o4fwAA%261164
49 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=YmjleKUCRbN6zLlXA4o4fwAA%261164
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.158.238.206 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-238-206.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:58 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=YmjleKUCRbN6zLlXA4o4fwAA%261164
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
310
Expires
Wed, 27 Apr 2022 06:40:58 GMT
300x600.html
s0.2mdn.net/sadbundle/11180611858476302336/ Frame F719 		42 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/11180611858476302336/300x600.html?e=69&leftOffset=0&topOffset=0&c=OV7OpjooV4&t=1&renderingType=2
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
45c432c16a068645114767942ab1d37d492d21e4407927dd39e380ed912c944f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 06:40:58 GMT
expires
Thu, 27 Apr 2023 06:40:58 GMT
last-modified
Fri, 11 Jun 2021 18:35:32 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 2DCF 		0
27 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu4D6m9-ZgiuUbjRB1hksUkYfu89uPWuSqGi65WyKQPIgZEJwB_9XheCXos5KWGGSDJizR7YUAjUNT50Fb8g72-xBdq9hMs5XhuKUnUNw0WQ5gzbjI1T304nE7b7gOGgy7lOp8KafzamQp9sdLkSH6InmplHfZt2xcczTkjU2h5X9UlWtCDLp2SGz5sjbFYF5is9w0kGo4DBfci7qhwK2PYomj9c3ADLAlpK6SaglywoVK7GbgNT7AFJFV0hz3uZdgrRYhJvwt5tyZFp4N3t1Li8kA2uBg8qFC7p2aXQ_JUEHQwtIIRbo1trLMyfE8b2Wg3fqU6kt_7b3OvPTVAMSsjXKYJ7v1rnK5eSgMkp8ywe7g13OdBVTYjgBIRGXwtjVAPt5i4N21QeZkRsAJFimFUKlbgDtlIPBKzMwFGGU6BXXIIl4asecQhR0eB3e3PyWR4wFzCOHL6fluoMufe-3cYiBdIvMkk-v5XBHlRndpb-JHlzzIarQklNug437hvmKA0ISH3U68Skkh35oQ3sBiB9xKmQDAMlKU0pcx-tyXMM1UC0rJyCEtmsDclRl6hAtMB5glCS80AeaalkIrncfXhGn48-IHSfTL2TllntMiC0UkDZYlFNL7HdRhcaHxqhyWcn9zIFRniEd4qIQVEfGd7FfVv7-wfXDJTOlcdqzeonp9i3gV9_V8C4XPb3Cm7zEuQ63LopusN1L6q8mqACLCsjHuxxNy52DaG_H9Y6XYIwBz5-eCHy9-0qTwE1HUkRb7xablOLfy3Bhjh7x3GGylqRcbxUgDg8FH--4iygyaZDS2oZ8_GiWj25cCjgeDbD1bjkxdtZkqxjvO3TyTzHepu6Imr_JaPaYmKVWECun6cs1Wv1CqJtlxTcpwcAlCS-GeyJcnSweu1EKfygt7b73-YqhhgzZdXDtDfcZG5okaM5ZlORHX5s90jikHrZwI5ImlKKQ-HkGn1kMufRKJ-kVPT3QJYX6v_U6lY7IuozM-rjCCimvGrDKLmuhoOLi1vAGQeqwGwY85g1RDcjJnduqBmk3zgN87laHALkdT5C0EqNocRUWFESDxoCfE-Cc4XOVMINjdgm6GLmSt-65m-rdpRiSLcIG8Z2RlG7Mzo2Jb_aFFxpzsv-ulfoyY2x0SPTBVWfm5bLkd_RpPgFkfDmikYzZf92u2U77eFeQE8AtcBG0BUMdT3xPirJWnOVwyEqh8y7SctUeDpIVa_hjtlgsGT3DxBj1wz4YFypUz6uvEoRat_vaqPRWARPPnAc6knm6uZ-4pTNVSO8WDpSGwHNDo&sai=AMfl-YQuTxxWoXMhANMPSroMjkWm3r5HslbVKmbfw0kVKv0SRXAhFx0iFhFXstoOELk2F9zkf7fNHMxWM0CUMyVI3YOMN7CTk-FqWGtLAUG6rmk0JQNTAoQRKw4jubmGEXpFZA92EysN7hOBW0obKBJlFHe8LezTMVHre3fo-4y-oDouq66xsU2BvE7g5l1AbHNgdtYhZ7CPyUB5dsj7kEzlpI0C&sig=Cg0ArKJSzLrh6YWP2eVzEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=216&cbvp=1&cstd=210&cisv=r20220425.27945&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date
Wed, 27 Apr 2022 06:40:58 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame CFBD 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 16:41:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
50392
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 26 Apr 2023 16:41:06 GMT
adperf_launch_1.0.0_scrambled.js
cstatic.weborama.fr/js/advertiserv2/ Frame CFBD 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cstatic.weborama.fr/js/advertiserv2/adperf_launch_1.0.0_scrambled.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8E93) /
Resource Hash
ca45cdd891a26581651763d6204ba40be430bd94abe31e9e832822674bb3c4b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
gzip
last-modified
Mon, 07 Jun 2021 11:12:10 GMT
server
ECAcc (frc/8E93)
age
494671
etag
"3541355641"
vary
Accept-Encoding
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-type
text/javascript
content-length
7530
expires
Wed, 04 May 2022 06:40:58 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 2DCF 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 16:41:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
50392
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 26 Apr 2023 16:41:06 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 1139 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2834
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 05:53:44 GMT
etag
48472445140208031
expires
Thu, 28 Apr 2022 05:53:44 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 2DCF 		210 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6c9eaf1d10571c95ba64034a7d243bed717c5bf699ceb43c664039602bba1b60

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type
image/png
LOnNfct_OK6AKwq7GByGz0_K8O7BrCXN6Fs6Py5gnPc.js
pagead2.googlesyndication.com/bg/ Frame 5878 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/LOnNfct_OK6AKwq7GByGz0_K8O7BrCXN6Fs6Py5gnPc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2ce9cd7dcb7f38ae802b0abb181c86cf4fcaf0eec1ac25cde85b3a3f2e609cf7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 19:41:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
39570
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13636
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 26 Apr 2023 19:41:28 GMT
usermatch
ssum-sec.casalemedia.com/ Frame 7F7F 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cad4b863d420705b9f76cc7ed55d19290db1381081664c929d3e1e424e1b0ac4

Request headers

Referer
https://js-sec.indexww.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
1476
Content-Type
text/html
Date
Wed, 27 Apr 2022 06:40:58 GMT
Dropped-Udsids
39|230|241|73|105|81|130|156
Expires
Wed, 27 Apr 2022 06:40:58 GMT
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
Vary
Is-Traffic-Usersync
integrator.js
adservice.google.com/adsid/ Frame 9001 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=dailyvoice.com
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
prebid.min.js
prebid.s-onetag.com/21151f2e-6fc8-4e5d-881a-18a0f86778a8/ Frame 3DBC 		181 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://prebid.s-onetag.com/21151f2e-6fc8-4e5d-881a-18a0f86778a8/prebid.min.js
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/21151f2e-6fc8-4e5d-881a-18a0f86778a8/tag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.68.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-68-93.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
893813e610ccf9b5af45ad55e64a7d9e7536df4d34bab43d26a99d45dd085ba1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-amz-version-id
9B2rhPwckhVzC3SlGdETsqP5FpUtDTOD
content-encoding
gzip
last-modified
Tue, 05 Apr 2022 14:12:14 GMT
server
AmazonS3
age
6351
etag
W/"d8cbba7b189144906ea1c12234301c81"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 7e513424eee237ee26467e8fd5656ec0.cloudfront.net (CloudFront)
cache-control
max-age=86400
date
Wed, 27 Apr 2022 04:55:08 GMT
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
8ialElFUT4VxadujfzTR3UEDH1t01pIMO0CVrcfYMgLONz_uxCOIxg==
Enabler_01_245.js
s0.2mdn.net/879366/ Frame F719 		110 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/Enabler_01_245.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11180611858476302336/300x600.html?e=69&leftOffset=0&topOffset=0&c=OV7OpjooV4&t=1&renderingType=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/11180611858476302336/300x600.html?e=69&leftOffset=0&topOffset=0&c=OV7OpjooV4&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:14:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1616
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38568
x-xss-protection
0
last-modified
Wed, 14 Oct 2020 19:32:54 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 28 Apr 2022 06:14:02 GMT
gsap_3.5.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame F719 		60 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11180611858476302336/300x600.html?e=69&leftOffset=0&topOffset=0&c=OV7OpjooV4&t=1&renderingType=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/11180611858476302336/300x600.html?e=69&leftOffset=0&topOffset=0&c=OV7OpjooV4&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24155
x-xss-protection
0
last-modified
Mon, 31 Aug 2020 21:23:17 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 27 Apr 2022 06:40:58 GMT
smart-logo_dark.svg
cstatic.weborama.fr/advertiser/6709/46/304/411/ Frame ACAE 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cstatic.weborama.fr/advertiser/6709/46/304/411/smart-logo_dark.svg
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/advertiser/6709/46/304/411/970x90.html?scrrefstr=scr_26141625667banner1651041704560&scrdebug=0&scrwidth=970&scrheight=90&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FC0) /
Resource Hash
0f896eb296ca683fdd6cfa0c085fbb867c45c2a47130c32c1f00878c5ff4fa01

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cstatic.weborama.fr/advertiser/6709/46/304/411/970x90.html?scrrefstr=scr_26141625667banner1651041704560&scrdebug=0&scrwidth=970&scrheight=90&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
last-modified
Thu, 07 Apr 2022 11:33:20 GMT
server
ECAcc (frc/8FC0)
age
494087
etag
"2813589617"
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-type
image/svg+xml
content-length
4976
expires
Wed, 04 May 2022 06:40:58 GMT
smart-logo_white.svg
cstatic.weborama.fr/advertiser/6709/46/304/411/ Frame ACAE 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cstatic.weborama.fr/advertiser/6709/46/304/411/smart-logo_white.svg
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/advertiser/6709/46/304/411/970x90.html?scrrefstr=scr_26141625667banner1651041704560&scrdebug=0&scrwidth=970&scrheight=90&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F88) /
Resource Hash
28ce38018c278f3ccdb64280656ef416294c4b999d2fd6eb1bd6c9c3e07666c7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cstatic.weborama.fr/advertiser/6709/46/304/411/970x90.html?scrrefstr=scr_26141625667banner1651041704560&scrdebug=0&scrwidth=970&scrheight=90&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
last-modified
Thu, 07 Apr 2022 11:33:20 GMT
server
ECAcc (frc/8F88)
age
494087
etag
"463662627"
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-type
image/svg+xml
content-length
4976
expires
Wed, 04 May 2022 06:40:58 GMT
btn_mute.svg
cstatic.weborama.fr/advertiser/6709/46/304/411/ Frame ACAE 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cstatic.weborama.fr/advertiser/6709/46/304/411/btn_mute.svg
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/advertiser/6709/46/304/411/970x90.html?scrrefstr=scr_26141625667banner1651041704560&scrdebug=0&scrwidth=970&scrheight=90&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F27) /
Resource Hash
3260ba689558df2cd864c9d118cceeaaeb2410cfd9e911d46adc7ee370d2184e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cstatic.weborama.fr/advertiser/6709/46/304/411/970x90.html?scrrefstr=scr_26141625667banner1651041704560&scrdebug=0&scrwidth=970&scrheight=90&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
last-modified
Thu, 07 Apr 2022 11:33:20 GMT
server
ECAcc (frc/8F27)
age
494087
etag
"1977212031"
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-type
image/svg+xml
content-length
1038
expires
Wed, 04 May 2022 06:40:58 GMT
btn_replay.svg
cstatic.weborama.fr/advertiser/6709/46/304/411/ Frame ACAE 		921 B
991 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cstatic.weborama.fr/advertiser/6709/46/304/411/btn_replay.svg
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/advertiser/6709/46/304/411/970x90.html?scrrefstr=scr_26141625667banner1651041704560&scrdebug=0&scrwidth=970&scrheight=90&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FB5) /
Resource Hash
0ebdfd9b32ab6e8054d916fcdf5fd2c9d539d0e743a5a1a49f1b66557271b7e2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cstatic.weborama.fr/advertiser/6709/46/304/411/970x90.html?scrrefstr=scr_26141625667banner1651041704560&scrdebug=0&scrwidth=970&scrheight=90&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
last-modified
Thu, 07 Apr 2022 11:33:20 GMT
server
ECAcc (frc/8FB5)
age
494087
etag
"1368620142"
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-type
image/svg+xml
content-length
921
expires
Wed, 04 May 2022 06:40:58 GMT
btn_unmute.svg
cstatic.weborama.fr/advertiser/6709/46/304/411/ Frame ACAE 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cstatic.weborama.fr/advertiser/6709/46/304/411/btn_unmute.svg
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/advertiser/6709/46/304/411/970x90.html?scrrefstr=scr_26141625667banner1651041704560&scrdebug=0&scrwidth=970&scrheight=90&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8E84) /
Resource Hash
4284cc65b5c2012f3d56712579aedd1d4e19227894242f9f98cd29b22e4c5277

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cstatic.weborama.fr/advertiser/6709/46/304/411/970x90.html?scrrefstr=scr_26141625667banner1651041704560&scrdebug=0&scrwidth=970&scrheight=90&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
last-modified
Thu, 07 Apr 2022 11:33:20 GMT
server
ECAcc (frc/8E84)
age
494087
etag
"3388595381"
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-type
image/svg+xml
content-length
1363
expires
Wed, 04 May 2022 06:40:58 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 9F24 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvj-vEXNfdaiWh-JFE4s3b3EAASpOpl_ZlY-Qt9xNJk5o9lGy6Epbye12Wgb4XHn4dKOx0as0zSMDscWiDquDdIfuXBPwK7Vr6vFjG54h81XMsEXlszxxu7MmMiFfzJWD2dIp_78flQS8ye1kQspY8GjLZWSgD0kI1nvd4t_fJdOYTZcHK2J7i5Uqv12BIWFo7VAdEjUtVS2gOErgXFbv86jKjzeKcOz3Uf4T-62T7M_x7B2d8Awkjlm5XCA0qWVd83Bu87cfDdcyuphijfL5y9W8Ode9i_s22c2dueRctnw1IBJRIOPPV3HKtppDdcjiutwNgvSvj9aq4n_SLFEOKD2ULBfLRg5BL30i28ryIpC2t9CMiII_JwRUTFNigXrn_AAdrsJjE6l_rG_N_2EPXKv2x_fFjc3W7cLWkyNfWKnj0m3ynwD0OwQJqywL2DCsd-7brGWoKPZPD7YkN24LuSptDLzEW_gn6_kV880Wx-AiMx6GISicbPrHHonovv-z3Uc0HMEBszN_PiMuzXyOrfiXAVpMh2t2ZOMBMgkkTLv6RCjQqQwn4xuhOAf8bzaWf_uqXN6pp7tzD5viB_9XTWzGKYwtblh5adFx7X5S1MyTzMpOed51Ixu7d9DEYAUrQzzhqp1M1AqbXD3gIQjHii9wlhJf77iFcqWjgWlOn_TdWcIgh4whd8L1KuyM_O0WQ-pM3sBh79I2y-zqa9_fNDFt_VbliuMGkatkdfhpp8QDwptJmc-hboCzvoNnWbolb3SDJhRNuI7o3wtOeA2qIx5Gb83qCyTJCb9u3xTaK2Tz-RuuyCFL095tzgrdUmqMGn0njRKt2VC-4tlscl38pDYwZH2rloHG2csRCwu7o1eUR70j7eTkoG-gsQVN8rPj_HixdXRsMoNpaEFdJCYz0GEORMT1JjdyA1u6btu56PZ-W5lbl1RCVtXykO0IHhf0ju4bc_nIf45AD3SIb-SF083x1sNpnKLTjxdw1PFSVhoUmUPVY7mqFNbFsOpBeQ4Osqph_nUX4JK4zmYNWEFiZQ9D076-_M2YcIof2MfYjuLu7tMHGStg9dOmRx1XqPNPv_6RQqGPxU02-TJPp1yor6V1PB2IZR9KRKt75LJP1jPdSsLMAwkt7FBp0YrU3oOzOAQwdI1Ov1FFlbhqgtmKmdmjiKrhQjXfKyFdaeMQCKXXgd2JQZh5QMkF86edO6oz2g7p-3s2FHqqTBDUxLcKUIXmgrqx4LCeiKf6gLll1fxZ5lFZktZzuHV0kAONB-8KsoPYk067zc29eDFpmZrIw&sai=AMfl-YTZGBmfafNlj6nmMv1kO5kxltUeJVmI5IEvQ6dvnlPnTXDt3xDfFmEnPuDx0fQfJPyz8eZtZove9DbQH4w0CqYic24QP9WCTe76ngk83T9_kwsNMykpFHtLDo61yVi_D6lE4YEv-gXC6BLNyOqo3914eFfaWqE7gpVjELPcTM7ieE6A0oTaPeqwmrgGwhO--ObAEtz9_KOfjhhfq-gUkXDr&sig=Cg0ArKJSzKzQVNiaAFz5EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=636&vt=11&dtpt=511&dett=3&cstd=122&cisv=r20220425.42112&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 27 Apr 2022 06:40:58 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame F7F8 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
50392
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 26 Apr 2022 16:41:06 GMT
expires
Wed, 26 Apr 2023 16:41:06 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame F590 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
50392
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 26 Apr 2022 16:41:06 GMT
expires
Wed, 26 Apr 2023 16:41:06 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 2DCF 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodarir&v=30&d=1&s=1&f=0.01&bgai=BAqsFeuVoYoCmFYrU3gPP87i4CAAAAAA4AeAEAg
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame 6864
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D108%26tpuid%3D%5BMM_UUID%5D&uid=0731ea2ad9aad4153bb0dad...
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=0&gdpr_consent=
49 B
579 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=0&gdpr_consent=
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.158.238.206 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-238-206.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

Date
Wed, 27 Apr 2022 06:40:58 GMT
Server
MT3 4335 2c68c00 master ord-pixel-x48 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 27 Apr 2022 06:40:57 GMT
dispatch.fcgi
deptagencynl1.solution.weborama.fr/fcgi-bin/ Frame CFBD 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://deptagencynl1.solution.weborama.fr/fcgi-bin/dispatch.fcgi?a.A=im&a.si=6709&a.te=529&a.ra=1651041657870313&a.agi=159&g.de=0&ca=77722242311&a.hr=js&a.wi=300&a.he=600&a.sh=1200&a.sw=1600&a.ycp=&g.ism=0&gdpr_cmp_failure=1&g.did=&a.we=1&a.pc=https%3A//googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCM53KeeVoYqmPNfLc7_UP0NOYQLTx6Ktpjefn6M4Ph9GivcABEAEg2tfFOWCV6reCyAegAcPukMEoyAEJqQI8k0UEytuxPqgDAaoE8wFP0B3a2eW93qb8YL_oA4_GfvphTsYOCPgyuuA4qWF6Datsj_CodaIlaKuEqsDde9QGvqw9sMC8-IyRUS3yEmYgcDrHbNjfcs1kMv1HdOCVWBw6STdZ_Ycf5hARPg6pCFeoKHQW46g1-VirR0cOok3ocwJZGO3ZB3wyVPXyRx0Wx8Pu8JOXNC3neLy16sDk8B6QkN0ovgbFa1sA2bgKmHcoQqtiDztHdQh_qbemLALv2_02SyHJ_5RWipiyjxxi-mkpK5m3erSo8GTS-AsHuZPTSl3Bvz1IKPrEe2lcr2ztiLm2R8VFiCIv2SMFTySI9davsuHABLfHmJX4A-AEA5AGAaAGTYAHw6bhoAOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTkwMTIxODg0NTE2Mjk5MzSACgOYCwHICwGADAGwE66Qgg_IE6-v498D0BMA2BMKiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJeRonEDrvKHn5Zp9YJm86ZOaDMC20JEi2zmZwMQN71hEW-8H164%26sig%3DAOD64_101IhdGeJ5SWxULXfhh4m2pjtB8A%26client%3Dca-pub-3605257360853185%26dbm_c%3DAKAmf-BYOh0N-L1CC5PGRrcCQRE3Fb-Tbf8O89a6Io6zAl7duTl-A0lLOhKI2BaKS9XazPpYbpzdO7w3DzP_aCaUa0WotwoCbJxqsqmffoSda7b9Q5cozfcDF6GB3EWaex65vEfcbHXrs-rMY1dJqaN4PBZRmfiB2A%26cry%3D1%26dbm_d%3DAKAmf-Bxk9a-16IxPHOJC1xO5Qf1qG502NVUfAnKaqLw0HOs1XC17WRwu7zJH_hTM6XYlRMo5TqUnCnakFSPOaljKBT4xYePLOzYbA0v8XVHMgF7LraEE6FN44-KGKrl1ApJmvrEcNhyNY2_kB2VxA7T9i4y7o2o25dx2-ISmLHgHNwZ7obnmiQDxaZffnos8I_bpEEv31FOdzcP4PzXIXwmpx9hvFrbjgDkjuNJbaa3jh-hVTvqPiwSM22o0P3kpNs2Aa_wjP9BNaFdfDvUCuRiwEv-WmA5LzGfEzrwHFX2Pkir4uC7xQN3Vg3YpokzXIEyw9gLPNJ9SeJoVjRJPAE66O-I06wNKQxs7oUiKCzwdoQgnBC-LPBuXTwHmuYQW1UmHjrnDX_8OzZ-_SYJZGi-HzVADRD6E7VcCzTb2jQWSRRTFlmJYGgOGP8KUZXUuLaPKNGphMkfFqOzY039T9pbf6yOfokh6A%26adurl%3D&g.pu=&g.ru=
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.216.195.18 , France, ASN12516 (WEBORAMA Weborama provides Internet Services, FR),
Reverse DNS
std-collect-lb-c03-01-vip.weborama.fr
Software
Apache /
Resource Hash
49d0d9d2f29e5f79fefae695b1a1608fa2bab8a2138f13655ea3e15fe2e278d1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
content-encoding
gzip
last-modified
Wed, 27 Apr 2022 06:40:58 GMT
server
Apache
vary
Accept-Encoding
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-cache
transfer-encoding
chunked
content-type
application/x-javascript
expires
Tue, 03 Jul 2001 06:00:00 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 8B07 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2834
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 05:53:44 GMT
etag
48472445140208031
expires
Thu, 28 Apr 2022 05:53:44 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame CFBD 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6d11dcfb7b6db9185287ff03176c204852b3a8f86d4437af34a56fa3b780fade

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type
image/png
casale
match.adsrvr.org/track/cmf/ Frame 7F7F 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 7F7F 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB&gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame 7F7F
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB&dcc=t
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:59 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
HP70KSMYJP01VBPQWDE1
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:59 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
V1VGT5CPXA0JX4AH47XA
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 7F7F 		43 B
987 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB?gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3602:54d1:782f:29ca:abc0 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
crum
dsum-sec.casalemedia.com/ Frame 7F7F
Redirect Chain
  • https://d.adroll.com/cm/index/ssp?gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:59 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:40:59 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
date
Wed, 27 Apr 2022 06:40:59 GMT
server
nginx/1.20.0
content-length
76
rum
dsum-sec.casalemedia.com/ Frame 7F7F
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=PvQsF23zLRcl9yJNP_E3Gz-nexol8ysebqepOrxv
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=PvQsF23zLRcl9yJNP_E3Gz-nexol8ysebqepOrxv
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:59 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:40:59 GMT

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=PvQsF23zLRcl9yJNP_E3Gz-nexol8ysebqepOrxv
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 7F7F
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/ie?gdpr=1
  • https://match.prod.bidr.io/cookie-sync/ie?gdpr=1&_bee_ppp=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AACpnk7E0csAADZj0efulg&expiration=1652251259&gdpr=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AACpnk7E0csAADZj0efulg&expiration=1652251259&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:59 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:40:59 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AACpnk7E0csAADZj0efulg&expiration=1652251259&gdpr=1
Date
Wed, 27 Apr 2022 06:40:59 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
cookiesync
bttrack.com/pixel/ Frame 7F7F 		35 B
380 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bttrack.com/pixel/cookiesync?source=67e94f23-25d6-4008-8236-375d1743c2e0&secure=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS
46.bidtellect.com
Software
Microsoft-IIS/8.5 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

X-ServerName
Track004-iad
Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:59 GMT
X-AspNetMvc-Version
5.2
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
P3P
CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control
private,no-cache
Content-Type
image/gif
Content-Length
35
Expires
-1
htw-pixel.gif
js-sec.indexww.com/ht/ Frame 7F7F 		43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://js-sec.indexww.com/ht/htw-pixel.gif?YmjleKUCRbN6zLlXA4o4fwAA%261164
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:40:59 GMT
Last-Modified
Tue, 24 Jan 2017 19:36:04 GMT
Server
Apache
ETag
"902a3d-2b-546dc3a097100"
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=2493
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 07:22:32 GMT
dpixel
cms.quantserve.com/ Frame 1139 		35 B
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECsVNueq8hKvyIx6E8H8YhU&google_cver=1&google_push=AYg5qPLQMqHjJOKkMBrBWfOYBTHMbI9CTA3Gp6ydXWrr_u1GOEVJ46NaAlQrfwqExd7_NPOPd8YUYGCjz1iDIZ1b9eIxcWJ83J4a
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 1139
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESELwPkNwUcXXzfZ1s3mxuVCY&google_cver=1&google_push=AYg5qPJX9yfZRPc5S-OIqPT2SJ5i2P4ZFYtPRdVcLaYnhdIg1VTuM39FrgbE6kdVa01kq2H6Jq8Axs-A3grwRThr...
  • https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=Zx5iaOV5SgCbMQOqdthxpw&google_push=AYg5qPJX9yfZRPc5S-OIqPT2SJ5i2P4ZFYtPRdVcLaYnhdIg1VTuM39FrgbE6kdVa01kq2H6Jq8Axs-A3grwRThraTJTLl9Rcaw
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=Zx5iaOV5SgCbMQOqdthxpw&google_push=AYg5qPJX9yfZRPc5S-OIqPT2SJ5i2P4ZFYtPRdVcLaYnhdIg1VTuM39FrgbE6kdVa01kq2H6Jq8Axs-A3grwRThraTJTLl9Rcaw
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Wed, 27 Apr 2022 06:40:59 GMT
Server
MT3 4335 2c68c00 master ord-pixel-x4 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=Zx5iaOV5SgCbMQOqdthxpw&google_push=AYg5qPJX9yfZRPc5S-OIqPT2SJ5i2P4ZFYtPRdVcLaYnhdIg1VTuM39FrgbE6kdVa01kq2H6Jq8Axs-A3grwRThraTJTLl9Rcaw
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 27 Apr 2022 06:40:58 GMT
pixel
cm.g.doubleclick.net/ Frame 1139
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEOv1g2wNRg3Lam8VAnnJhOY&google_cver=1&google_push=AYg5qPL04eMrXa3ahSRtLapYwGVFxNiWpiUx1L7gJpyfmlbgimFvIdkLYk28cqh0XwwdBOrdLs-oXp5...
  • https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=BNDTPTA1S5uw_VZYhMPEimJo5Xo
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=BNDTPTA1S5uw_VZYhMPEimJo5Xo
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=BNDTPTA1S5uw_VZYhMPEimJo5Xo
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
pixel
cm.g.doubleclick.net/ Frame 1139
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=RzpwsZe8TR-0AUUBecE-GQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=RzpwsZe8TR-0AUUBecE-GQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIG_rZCvsqcGrqX1N3letHk3fs7gc5o5zE04RCog6QgnvXC0iCCaHKXWoTazRJmrlu7VA4aoC1HRlo1VSBb6vzxZmMzHTo
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=RzpwsZe8TR-0AUUBecE-GQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIG_rZCvsqcGrqX1N3letHk3fs7gc5o5zE04RCog6QgnvXC0iCCaHKXWoTazRJmrlu7VA4aoC1HRlo1VSBb6vzxZmMzHTo
date
Wed, 27 Apr 2022 06:40:58 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
pixel
cm.g.doubleclick.net/ Frame 1139
Redirect Chain
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESENbwiumUhwBwSnfmCZBG2MA&google_cver=1&google_push=AYg5qPKhm-MdtSusVFHhySnx4amWy8GdR8l5t5NUixthMh5sphZS6Brg7yveQ8ZCoVFMXDDGock05GSCCHQiH-P4M...
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPKhm-MdtSusVFHhySnx4amWy8GdR8l5t5NUixthMh5sphZS6Brg7yveQ8ZCoVFMXDDGock05GSCCHQiH-P4M0cxE1XsQA8&google_hm=d89d8fb3624ba299d31d58b0
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPKhm-MdtSusVFHhySnx4amWy8GdR8l5t5NUixthMh5sphZS6Brg7yveQ8ZCoVFMXDDGock05GSCCHQiH-P4M0cxE1XsQA8&google_hm=d89d8fb3624ba299d31d58b0
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Wed, 27 Apr 2022 06:40:59 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPKhm-MdtSusVFHhySnx4amWy8GdR8l5t5NUixthMh5sphZS6Brg7yveQ8ZCoVFMXDDGock05GSCCHQiH-P4M0cxE1XsQA8&google_hm=d89d8fb3624ba299d31d58b0
Access-Control-Allow-Credentials
true
Connection
close
X-Sovrn-Pod
ad_ap7ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
/
onetag-sys.com/sync/i,19/ Frame 1139
Redirect Chain
  • https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEArsFFkSEt2u3lJfdPpDmbM&google_cver=1&google_push=AYg5qPKWbYZdUrSRSNdFmBWwhiDHMhKBYBZpmI7Ot3VhwnMGyZSZAQ8BYyEbOFkOzLPwIbjCFQ7D_jh9UNq...
  • https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABgGnAYuUobBpGQDR1ic4IlPo5HTp0ckQ-bw&google_push=AYg5qPKWbYZdUrSRSNdFmBWwhiDHMhKBYBZpmI7Ot3VhwnMGyZSZAQ8BYyEbOFkOzLPwIbjCFQ7D_jh9UN...
  • https://onetag-sys.com/sync/i,19/?google_error=5
0
287 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onetag-sys.com/sync/i,19/?google_error=5
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Server
51.75.86.98 , France, ASN16276 (OVH, FR),
Reverse DNS
ip98.ip-51-75-86.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-cache, no-transform
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://onetag-sys.com/sync/i,19/?google_error=5
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
245
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
attr
cm.g.doubleclick.net/pixel/ Frame 1139 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lo-Ck6yJwB-iVBKmWHZtttm7QWx0jLZcB5yLM4mGMSFkqusr2IyIIeo9pq6nj-HR4
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:58 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
1434
check.analytics.rlcdn.com/check/ 		25 B
385 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://check.analytics.rlcdn.com/check/1434
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.202.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-99.fra53.r.cloudfront.net
Software
/
Resource Hash
8a9ba7bbc88ec23d81a2d63845638a3b6603de473261872f301803cef84ef335

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
via
1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
x-amzn-requestid
5cbb0573-f3e2-4512-ad9c-d05ec1954b21
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-6268e57b-603f165258693e4420b98bb9
x-amz-apigw-id
ROjLQGdyDoEFqtA=
content-length
25
x-amz-cf-id
l9vliUwMitN8FlIYpb_Mw-CZrKYbF13Up4vpzStCfLadTOhyfiiUpA==
Smart_Bold.woff2
cstatic.weborama.fr/advertiser/6709/46/304/411/ Frame ACAE 		14 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cstatic.weborama.fr/advertiser/6709/46/304/411/Smart_Bold.woff2
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/advertiser/6709/46/304/411/970x90.html?scrrefstr=scr_26141625667banner1651041704560&scrdebug=0&scrwidth=970&scrheight=90&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FF6) /
Resource Hash
022df85e302d76490edf39d56b06a5aa1563edcf9da60ba16c2c722758a5c06f

Request headers

Referer
https://cstatic.weborama.fr/advertiser/6709/46/304/411/970x90.html?scrrefstr=scr_26141625667banner1651041704560&scrdebug=0&scrwidth=970&scrheight=90&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Origin
https://cstatic.weborama.fr
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
last-modified
Thu, 07 Apr 2022 11:33:20 GMT
server
ECAcc (frc/8FF6)
age
494087
etag
"1868983580"
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
https://cstatic.weborama.fr
cache-control
max-age=604800
access-control-allow-credentials
true, true
accept-ranges
bytes
content-type
application/octet-stream
content-length
14684
expires
Wed, 04 May 2022 06:40:59 GMT
Smart_Regular.woff2
cstatic.weborama.fr/advertiser/6709/46/304/411/ Frame ACAE 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cstatic.weborama.fr/advertiser/6709/46/304/411/Smart_Regular.woff2
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/advertiser/6709/46/304/411/970x90.html?scrrefstr=scr_26141625667banner1651041704560&scrdebug=0&scrwidth=970&scrheight=90&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F1B) /
Resource Hash
b86e678f724241714425a98d49c80fcdee4cf52b93c913b56ae403d2e423d3e4

Request headers

Referer
https://cstatic.weborama.fr/advertiser/6709/46/304/411/970x90.html?scrrefstr=scr_26141625667banner1651041704560&scrdebug=0&scrwidth=970&scrheight=90&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Origin
https://cstatic.weborama.fr
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
last-modified
Thu, 07 Apr 2022 11:33:20 GMT
server
ECAcc (frc/8F1B)
age
494087
etag
"18342036"
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
https://cstatic.weborama.fr
cache-control
max-age=604800
access-control-allow-credentials
true, true
accept-ranges
bytes
content-type
application/octet-stream
content-length
14848
expires
Wed, 04 May 2022 06:40:59 GMT
liveView.php
live.primis.tech/live/ 		0
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTM2JaNypaZypyRcoWU9MTY1MTA0MTY1NvZ2nWRspGkurWVlVzVlPTMhMS4jJaM9MTA2OTtkJaN0YT0jJat9NmAjJax9NDp2JaZcZF9jYXNmRG9gYWyhPWRunWk5qz9cY2UhY29gJaN1YxyxPWRunWk5qz9cY2UhY29gJzRyYaVaSW5zo3JgYXRco249QUJUJTIjJTJGJTIjYzyxp3qcqGNbJTIjJTJGJTIjMSUlMCUlRvUlMHqcqGuiqXQznXNBpHA9MCZ1p2VlSXBBZGRlPTJuMDIyM0E2ZWEjJTNBYmpkYvUmQTAyM0EkMDElJTNBZzYjNvUmQTI4NDAyM0EkZGJxJaVmZXJVQT1No3ccoGkuJTJGNS4jJTIjJTI4V2yhZG93plUlME5UJTIjMTAhMCUmQvUlMFqcowY0JTNCJTIjrDY0JTI5JTIjQXBjoGVXZWJLnXQyMxY1MmphMmYyMwAyMwuLSFRNTCUlQlUlMGkcn2UyMwBHZWNeolUlOSUlMENbpz9gZSUlRwEjMC4jLwQ4OTYhMTI3JTIjU2FzYXJcJTJGNTM3LwM2JzNmqXVcZD02MwY4ZTU3ODQ0ZwFyJzNioaRyoaRGnWkySWQ9MCZgZWRcYVBfYXyMnXN0SWQ9MCZgZWRcYUkcp3RJZD0jJzqxpHI9MSZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTAzY2NjYT0jJzNwpGFDo25mZW50PSZwYaVmqGVlPTE2NTEjNDE2NTxjMmIzqWyxPVNyn2yhZG9TUGkurWVlNwI2OGU1Nmt1Y2JyNvZjqWJVpzj9nHR0pHMyM0EyMxYyMxZxYWyfrXZinWNyLzNioSUlRz5yql15o3JeJTJGo3JuozqyqG93ovUlRz5yq3MyMxZhrS1xo2N0o3IgY2kunW1yZC1go3JyLXRbYW4gMS1gnWkfnW9hLWyhLWZlYXVxqWkyoaQgqGF4LWRyZHVwqGyioaMgZzVxpl1mYXxyMxY4MwA2NDIyMxYzZzkiYXRTqGF0qXM9qHJ1ZSZynWRmpD1jpzVvnWQ=
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
server
nginx
age
0
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
no-store
x-amz-cf-pop
FRA6-C1
content-type
text/html; charset=UTF-8
x-amz-cf-id
MLL4MgEDhux6_BZQecVOW-VM5VJMyusCWldQTdnXP92EV6qAVAjGSA==
c
c.pub.network/ 		36 B
53 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.pub.network/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.messaging.2.25.0.9843edf0e05467b8fcc058bd038d3ff50171db2479e2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.71.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
192.71.201.35.bc.googleusercontent.com
Software
/
Resource Hash
446043a7ceb4b6eb563bebdd3ed0510fd5280567a053939591c0ca57dc5f7a80

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
via
1.1 google
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/plain;charset=utf-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
36
tap.php
pixel.rubiconproject.com/ Frame 58FE
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=1&us_privacy=1---
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=1&put=CAESEI9IFlujqZqjFsbtpPac2vM&google_cver=1
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=1&put=CAESEI9IFlujqZqjFsbtpPac2vM&google_cver=1
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
HTTP/1.1
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
4b510f0cc5fcbc9800016ef543086418
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=1&put=CAESEI9IFlujqZqjFsbtpPac2vM&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
337
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rubicon
match.adsrvr.org/track/cmf/ Frame 58FE 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/rubicon?gdpr=1&us_privacy=1---
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
setuid
px.ads.linkedin.com/ Frame 58FE
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584&gdpr=1&us_privacy=1---
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L2H7KN97-1S-JSHO&gdpr=1&us_privacy=1---
0
709 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L2H7KN97-1S-JSHO&gdpr=1&us_privacy=1---
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Server
2620:1ec:22::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 32203C0F67E443EB8918EDDCE037FD23 Ref B: VIEEDGE2907 Ref C: 2022-04-27T06:40:59Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXdnReb4RZi7/LNz3ESYQ==

Redirect headers

Location
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L2H7KN97-1S-JSHO&gdpr=1&us_privacy=1---
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4b510f0cc5fcbc9800016ef543086418
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 58FE
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=1&us_privacy=1---
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/Ng2WDYWhC4cg_pEdUKO9Vcn5EUdSAgOZEtemQ7w0kco?csrc=&gdpr=1&us_privacy=1---
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=4647532096596413448
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=4647532096596413448
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
HTTP/1.1
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
4b510f0cc5fcbc9800016ef543086418
Content-Type
image/gif

Redirect headers

date
Wed, 27 Apr 2022 06:40:59 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=4647532096596413448
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
dcm
aax-eu.amazon-adsystem.com/s/ Frame 58FE
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---&dcc=t
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---&dcc=t
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
HTTP/1.1
Server
52.95.126.160 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:59 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
2EQ0VHB0QW7SCF6RGNPY
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:40:59 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
VQQ0SJXJGQT6N1H00HRA
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
v1
ads.yahoo.com/cms/ Frame 58FE
Redirect Chain
  • https://token.rubiconproject.com/token?pid=26594&gdpr=1&us_privacy=1---
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L2H7KN97-1S-JSHO&sigv=1&esig=2~bb1ee7fc752a116df361f2019190de4d3793d5cb&gdpr=1&us_privacy=1---
0
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L2H7KN97-1S-JSHO&sigv=1&esig=2~bb1ee7fc752a116df361f2019190de4d3793d5cb&gdpr=1&us_privacy=1---
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block

Redirect headers

Location
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L2H7KN97-1S-JSHO&sigv=1&esig=2~bb1ee7fc752a116df361f2019190de4d3793d5cb&gdpr=1&us_privacy=1---
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4b510f0cc5fcbc9800016ef543086418
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame 58FE
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n&gdpr=1&us_privacy=1---
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YzUyOTU3ZDU3OWZlNmMxYWM3YTY3OTIxM2NiODQ2N2NjNGFjNjFkYg&gdpr=1&us_privacy=1---
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YzUyOTU3ZDU3OWZlNmMxYWM3YTY3OTIxM2NiODQ2N2NjNGFjNjFkYg&gdpr=1&us_privacy=1---
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YzUyOTU3ZDU3OWZlNmMxYWM3YTY3OTIxM2NiODQ2N2NjNGFjNjFkYg&gdpr=1&us_privacy=1---
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4b510f0cc5fcbc9800016ef543086418
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
709414.gif
id.rlcdn.com/ Frame 58FE 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/709414.gif?gdpr=1&us_privacy=1---
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers
970x90_v1.mp4
cstatic.weborama.fr/advertiser/6709/46/304/411/ Frame ACAE 		2 MB
2 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cstatic.weborama.fr/advertiser/6709/46/304/411/970x90_v1.mp4
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/advertiser/6709/46/304/411/970x90.html?scrrefstr=scr_26141625667banner1651041704560&scrdebug=0&scrwidth=970&scrheight=90&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F14) /
Resource Hash
bffcb82efcd59cbfd224b68053cb4dde6fe427d0f074f05d17c3431b086ecdbf

Request headers

Referer
https://cstatic.weborama.fr/
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Range
bytes=0-

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
last-modified
Thu, 07 Apr 2022 11:33:20 GMT
server
ECAcc (frc/8F14)
age
469795
etag
"1181650231"
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Content-Range
bytes 0-1703561/1703562
cache-control
max-age=604800
accept-ranges
bytes
content-type
video/mp4
access-control-allow-origin
*
Content-Length
1703562
expires
Wed, 04 May 2022 06:40:59 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 2DCF 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu4D6m9-ZgiuUbjRB1hksUkYfu89uPWuSqGi65WyKQPIgZEJwB_9XheCXos5KWGGSDJizR7YUAjUNT50Fb8g72-xBdq9hMs5XhuKUnUNw0WQ5gzbjI1T304nE7b7gOGgy7lOp8KafzamQp9sdLkSH6InmplHfZt2xcczTkjU2h5X9UlWtCDLp2SGz5sjbFYF5is9w0kGo4DBfci7qhwK2PYomj9c3ADLAlpK6SaglywoVK7GbgNT7AFJFV0hz3uZdgrRYhJvwt5tyZFp4N3t1Li8kA2uBg8qFC7p2aXQ_JUEHQwtIIRbo1trLMyfE8b2Wg3fqU6kt_7b3OvPTVAMSsjXKYJ7v1rnK5eSgMkp8ywe7g13OdBVTYjgBIRGXwtjVAPt5i4N21QeZkRsAJFimFUKlbgDtlIPBKzMwFGGU6BXXIIl4asecQhR0eB3e3PyWR4wFzCOHL6fluoMufe-3cYiBdIvMkk-v5XBHlRndpb-JHlzzIarQklNug437hvmKA0ISH3U68Skkh35oQ3sBiB9xKmQDAMlKU0pcx-tyXMM1UC0rJyCEtmsDclRl6hAtMB5glCS80AeaalkIrncfXhGn48-IHSfTL2TllntMiC0UkDZYlFNL7HdRhcaHxqhyWcn9zIFRniEd4qIQVEfGd7FfVv7-wfXDJTOlcdqzeonp9i3gV9_V8C4XPb3Cm7zEuQ63LopusN1L6q8mqACLCsjHuxxNy52DaG_H9Y6XYIwBz5-eCHy9-0qTwE1HUkRb7xablOLfy3Bhjh7x3GGylqRcbxUgDg8FH--4iygyaZDS2oZ8_GiWj25cCjgeDbD1bjkxdtZkqxjvO3TyTzHepu6Imr_JaPaYmKVWECun6cs1Wv1CqJtlxTcpwcAlCS-GeyJcnSweu1EKfygt7b73-YqhhgzZdXDtDfcZG5okaM5ZlORHX5s90jikHrZwI5ImlKKQ-HkGn1kMufRKJ-kVPT3QJYX6v_U6lY7IuozM-rjCCimvGrDKLmuhoOLi1vAGQeqwGwY85g1RDcjJnduqBmk3zgN87laHALkdT5C0EqNocRUWFESDxoCfE-Cc4XOVMINjdgm6GLmSt-65m-rdpRiSLcIG8Z2RlG7Mzo2Jb_aFFxpzsv-ulfoyY2x0SPTBVWfm5bLkd_RpPgFkfDmikYzZf92u2U77eFeQE8AtcBG0BUMdT3xPirJWnOVwyEqh8y7SctUeDpIVa_hjtlgsGT3DxBj1wz4YFypUz6uvEoRat_vaqPRWARPPnAc6knm6uZ-4pTNVSO8WDpSGwHNDo&sai=AMfl-YQuTxxWoXMhANMPSroMjkWm3r5HslbVKmbfw0kVKv0SRXAhFx0iFhFXstoOELk2F9zkf7fNHMxWM0CUMyVI3YOMN7CTk-FqWGtLAUG6rmk0JQNTAoQRKw4jubmGEXpFZA92EysN7hOBW0obKBJlFHe8LezTMVHre3fo-4y-oDouq66xsU2BvE7g5l1AbHNgdtYhZ7CPyUB5dsj7kEzlpI0C&sig=Cg0ArKJSzLrh6YWP2eVzEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=621&vt=11&dtpt=405&dett=3&cstd=210&cisv=r20220425.27945&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 27 Apr 2022 06:40:59 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
adperf_core_1.0.0_scrambled.js
cstatic.weborama.fr/js/advertiserv2/ Frame CFBD 		104 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cstatic.weborama.fr/js/advertiserv2/adperf_core_1.0.0_scrambled.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FF7) /
Resource Hash
57d26dc350cc8c10af56460f5a6b067565c2cf5bea3eac710944814cc9ee4fa3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
content-encoding
gzip
last-modified
Mon, 07 Jun 2021 11:12:11 GMT
server
ECAcc (frc/8FF7)
age
494682
etag
"3365237273"
vary
Accept-Encoding
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-type
text/javascript
content-length
31873
expires
Wed, 04 May 2022 06:40:59 GMT
ads
securepubads.g.doubleclick.net/gampad/ Frame C44B 		79 KB
16 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F15184186%2C33043040%2Ffreestar_primis_adx_video_1876_dailyvoice&description_url=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&env=vp&correlator=3603666700719473&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=1x1&unviewed_position_start=1&cust_params=prmsig%3Dryetde&sdkv=h.3.512.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=4074094401&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.512.0&sid=856B888F-23E7-4758-9A5E-17B53252CF57&nel=0&eid=44750824%2C44757675%2C44761692&url=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&dlt=1651041656261&idt=1759&dt=1651041659111&cookie=ID%3Dd1b90674eb6f343d%3AT%3D1651041656%3AS%3DALNI_MasAy7uMikH1nBVuctsoiFP5EglYA&scor=2262583026123078&ged=ve4_td3_tt1_pd3_la3000_er758.-1810.911.-1510_vi0.0.1200.1600_vp0_ts1_eb16491
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.512.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
41a5d8252e3ba2341f977e01b565d838a5eee262bcc85a812cdb5e360dfe7bce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15875
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6C11 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BHAONeeVoYt3SK4rhx_APg9-gqAkAAAAAOAHgBAI&bg=!UVKlUhbNAAYXWUUuN1k7ACkAdvg8WmYv5U2X1qfF5oyq3Iw0dHplgNIqKsSXBg3YefiqWq0ygznfGQIAAAIzUgAAAAJoAQeZAvMBWqfM57Vdd0MyNCIPk0DJdDaV0oq9phFVD0Ch6jw_8oMcZI4lUoyF8lxxBXhvFC1T9bWVLWtW0U3nt3aM0n3d2T8BcgrVIiIPC4GnXuTNyWIkGRAiu7-7MZNEuvSUjkXdpf4gODFFT32jUrdS-HezkyiySTKxlVqrZ2m2U0NgeZ3Jh-dZL29RU91ulZYZxzA3ip-PeVzpB1R0KTAbJXQGbTLd6P_ogxoFBYenArwwGy1p8fQzLDCIU6IjZ0-LIlCMfSU1enJDu-Tm43YyTqoYdJ0Dpyhg38010_WA7YjCsEs1qZx-eWmjMGNhynQef8WOUYKg2g_QQ2ifrTxdD3ADgLIvP3D5RBzVjQP-p2yMespOJIJk0qTnt6o3aAa95qEWiJfVn2vkogf-86gLdTelT4aEd8wA4Jbrbn0UFS6zS_SrAfRtBxmtuCLTiktanFWYSxRnUFcM0wiyMYP4o-gPEMzyLuKwcs34W-qxSTm1FZCQsnpLICmYqM-03V6rcQNNz9zbwq3UYuR00OHf1Fj2tnqYSbIXBtOj2zxSpuW_JzlR7NSjB90BgwiPbTSjLZUxV6KQ6NIiwyloydVsFrlrtLcgDKiJF8rzbQvywKIYuNnvRB-dnERrH1KFDOrPB1vqyssSaw-5TBa_lIg_HQ7H6pzC5EsumVoBLces1LPEvUrtwzAe8N-_jR-wotoysPnW5_EbhD9kUBp1YO4TZYeEJSmfoTSy95Tt6bN29WPmoieqFBMH8dA-t0hvzk5tjBiOPLX2qEvcks7LweHqAEydcrQPVGRtSUBc8w7S1rN81rh1J3iM0gTgcPoqctJQASB-N5rBhWEbxm_6YgxmDBwaJi68c4NE750jpTArES5kdB54A5LXFzzE-qhzrdEmJavXVL6iNsYmqMs8LGLmUI1WVWsoY3OWeWicNzJm-nz3ecVdZzx58OC-4E8RJ25UeQCqhyqGFslNwNx8scR_50Zl56EfJNZPDJpFgLNByf6cdpdoWQ
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame B996 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvNhyHpM35mb9tFuCOr0AR16n-ox-Hmy1fCiyvZcNtx45N7H40kG3ipu-ECjjK5-ncKVZjuMxy4FdlyOxn4g5ZykZLPPpthjQ1zaScs&sai=AMfl-YQGkKIeveEReb84wD8m1S0_7sm1l8Q8BzZO0Q3bNpiHuYi4bG_lARTRIXSwCKascIVF28xe4_RZchHVqOJmEGL0aXXTlOTxDVaLnY6B0OBVkloTNJtvuYzLDZ4&sig=Cg0ArKJSzHg3FuY4_JgMEAE&cid=CAASJORocYnT7Ju9lWgrCOiV5ILuxswn9Dd1XHkbzAI1Sr4aDfdXmA&id=lidar2&mcvt=1025&p=141,386,395,1356&mtos=0,1025,1025,1025,1025&tos=0,1025,0,0,0&v=20220420&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&app=0&itpl=20&adk=1066284786&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1651041657335&rpt=741&isd=0&lsd=0&met=mue&wmsd=0
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 389A 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsux5SNgLvV6rejtCHYIQud6wMXHOnfI4j5vI2qCxxyibJHN31QaHrhXCGeqLWKAgDf4PmK183ajDiX6YPZ9SdvScIXyOpziWJ0KlJrKvAkbyBSOV2KTDw&sai=AMfl-YTOkmrb3KDMR82PoyiUlSxzSG-WizRozQlBYJIRCWMU3flXvUHjY_jx0EFwugyjQuxz0CamHFawo91zOMhkK8ThPh2qfa6aZ80_-Ry17fSkA-hlOMLNVhSJI5InrtQ&sig=Cg0ArKJSzOCbKdyVZGfdEAE&cid=CAASJ-Roob-_3AXJ0ObXClMJ6w9z1VIrGPS1ZD-jcrWvj-arIKAe5jqhfg&id=lidar2&mcvt=1027&p=1110,315,1200,1285&mtos=1027,1027,1027,1027,1027&tos=1027,0,0,0,0&v=20220420&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=831946728&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1651041657231&rpt=863&isd=0&lsd=0&met=ce&wmsd=0
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 8B07
Redirect Chain
  • https://d5p.de17a.com/cookies/google?google_gid=CAESEJp7fyFBKyOb4qSgdIFQjUg&google_cver=1&google_push=AYg5qPInNpFNR5FOTeQ-mPuhfHch4K65tdpnR2f9ejGdFuOwhtCAR9eavTegUgfRRlwe_tgl8QWv8RXJvNbrW3tWo8B3dmt...
  • https://d5p.de17a.com/cookies/google;c?google_gid=CAESEJp7fyFBKyOb4qSgdIFQjUg&google_cver=1&google_push=AYg5qPInNpFNR5FOTeQ-mPuhfHch4K65tdpnR2f9ejGdFuOwhtCAR9eavTegUgfRRlwe_tgl8QWv8RXJvNbrW3tWo8B3d...
  • https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPInNpFNR5FOTeQ-mPuhfHch4K65tdpnR2f9ejGdFuOwhtCAR9eavTegUgfRRlwe_tgl8QWv8RXJvNbrW3tWo8B3dmtzQ6I
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPInNpFNR5FOTeQ-mPuhfHch4K65tdpnR2f9ejGdFuOwhtCAR9eavTegUgfRRlwe_tgl8QWv8RXJvNbrW3tWo8B3dmtzQ6I
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPInNpFNR5FOTeQ-mPuhfHch4K65tdpnR2f9ejGdFuOwhtCAR9eavTegUgfRRlwe_tgl8QWv8RXJvNbrW3tWo8B3dmtzQ6I
content-length
0
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
dds
rtb.openx.net/sync/ Frame 8B07 		43 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.openx.net/sync/dds?google_gid=CAESECQHdXwRm6MMpKdGLZsUAMc&google_cver=1&google_push=AYg5qPIsPEvYv7eRc64hdKeeaEGUlu5GMOeWoUsWcMjnWCDMBI_cbNcz1scF1RlxzgIx6Ka3_0RPshtgLJrjh6LiZhZ91SkpVn4
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
Cowboy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:58 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-request-id
3ajsctrdg8fcic01u5lmugj9d6ck5i8v
pixel
cm.g.doubleclick.net/ Frame 8B07
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=RzpwsZe8TR-0AUUBecE-GQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=RzpwsZe8TR-0AUUBecE-GQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJGaEl0EOzU2ebeSU4J3AJp8RsXN0AFKW001Lxcunm0wNAjxAvNCvHtwXETNEqJJoI182UWSSC61dkTI1g1MkchHPa_modr
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=RzpwsZe8TR-0AUUBecE-GQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJGaEl0EOzU2ebeSU4J3AJp8RsXN0AFKW001Lxcunm0wNAjxAvNCvHtwXETNEqJJoI182UWSSC61dkTI1g1MkchHPa_modr
date
Wed, 27 Apr 2022 06:40:57 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
pixel
cm.g.doubleclick.net/ Frame 8B07
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFVQqHeeMvrp7VPcWGcxIUs&google_cver=1&google_push=AYg5qPJJuu-u6VTkCxQR9bs7D9jleSeo5FGPVmVl-vgTerx-3LZDWZGI3lfTMNIyM9Rn9FaN814...
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDJIN0tOOTctMVMtSlNITw==&google_push=AYg5qPJJuu-u6VTkCxQR9bs7D9jleSeo5FGPVmVl-vgTerx-3LZDWZGI3lfTMNIyM9Rn9FaN814b5qQXGUCigtZrro4JS55SZ8Q
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDJIN0tOOTctMVMtSlNITw==&google_push=AYg5qPJJuu-u6VTkCxQR9bs7D9jleSeo5FGPVmVl-vgTerx-3LZDWZGI3lfTMNIyM9Rn9FaN814b5qQXGUCigtZrro4JS55SZ8Q
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDJIN0tOOTctMVMtSlNITw==&google_push=AYg5qPJJuu-u6VTkCxQR9bs7D9jleSeo5FGPVmVl-vgTerx-3LZDWZGI3lfTMNIyM9Rn9FaN814b5qQXGUCigtZrro4JS55SZ8Q
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
4b510f0cc5fcbc9800016ef543086418
Expires
0
pixel
cm.g.doubleclick.net/ Frame 8B07
Redirect Chain
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESECsm8hRlWsCTZ8348YSPt0s&google_cver=1&google_push=AYg5qPJJDkL7Y0pS_mvYU6_empltfxUbPF4FCdO013B27KSI_rZQoMdiyfHOtdagdK5nfSLoHwLCfgB_hA7Qvn9NY...
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJJDkL7Y0pS_mvYU6_empltfxUbPF4FCdO013B27KSI_rZQoMdiyfHOtdagdK5nfSLoHwLCfgB_hA7Qvn9NYdeNkxkjZlP0&google_hm=d89d8fb3624ba299d31d58b0
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJJDkL7Y0pS_mvYU6_empltfxUbPF4FCdO013B27KSI_rZQoMdiyfHOtdagdK5nfSLoHwLCfgB_hA7Qvn9NYdeNkxkjZlP0&google_hm=d89d8fb3624ba299d31d58b0
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Wed, 27 Apr 2022 06:40:59 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJJDkL7Y0pS_mvYU6_empltfxUbPF4FCdO013B27KSI_rZQoMdiyfHOtdagdK5nfSLoHwLCfgB_hA7Qvn9NYdeNkxkjZlP0&google_hm=d89d8fb3624ba299d31d58b0
Access-Control-Allow-Credentials
true
Connection
close
X-Sovrn-Pod
ad_ap7ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
pixel
cm.g.doubleclick.net/ Frame 8B07
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEO...
  • https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AYg5qPLN53YCrkGg-poW2DAq0rOTo2d1vh7yD5SfkP45_e4DkdA98zwCBvT3pQ1F_gxpDpnMqWf_ph-Y2ajeyQZkJVah-l0_QHyH&redir=https%3A%2F%2Fcm.g.doubl...
  • https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPLN53YCrkGg-poW2DAq0rOTo2d1vh7yD5SfkP45_e4DkdA98zwCBvT3pQ1F_gxpDpnMqWf_ph-Y2ajeyQZkJVah-l0_QHyH&google_hm=
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPLN53YCrkGg-poW2DAq0rOTo2d1vh7yD5SfkP45_e4DkdA98zwCBvT3pQ1F_gxpDpnMqWf_ph-Y2ajeyQZkJVah-l0_QHyH&google_hm=
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
server
Tengine
etag
OPTOUT
content-type
text/html
location
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPLN53YCrkGg-poW2DAq0rOTo2d1vh7yD5SfkP45_e4DkdA98zwCBvT3pQ1F_gxpDpnMqWf_ph-Y2ajeyQZkJVah-l0_QHyH&google_hm=
cache-control
no-store, no-cache, must-revalidate
expires
0
sync
ssbsync.smartadserver.com/api/ Frame 8B07 		0
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEGKQZ40H2nzVRa18xXLpLZ0&google_cver=1&google_push=AYg5qPI0a5DUSoCJPU4bo4xGjqoKZaZU4hlg44UBBBthXEYga71hrFfSyjYuAc0t9iEZwM-vrn2mTN5VSqVsrccoZabdYlbXh9w
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.104 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
content-length
0
attr
cm.g.doubleclick.net/pixel/ Frame 8B07 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KlGT3Qc-2-aqLSBO5TSrMSeb6ETg-yE7bHclJbuFTPxY9scO644cJztV5zk4SjKymKJFG4
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
img
ih.adscale.de/sium/6de2f23660ee4ae997dfec95845e2fc6/1651041658215/0/ Frame 6864
Redirect Chain
  • https://track.adform.net/serving/cookie/match/?party=9&uid=7b02ae63e25242d977b478f6bb5abafc9b6e98c867cc28336cdaec787a7f6438&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F6de2f23660ee4ae997dfec...
  • https://track.adform.net/serving/cookie/match/?CC=1&party=9&uid=7b02ae63e25242d977b478f6bb5abafc9b6e98c867cc28336cdaec787a7f6438&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F6de2f23660ee4ae99...
  • https://ih.adscale.de/sium/6de2f23660ee4ae997dfec95845e2fc6/1651041658215/0/img?tpid=42&gdpr=0&tpuid=7378935371015770253
49 B
589 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ih.adscale.de/sium/6de2f23660ee4ae997dfec95845e2fc6/1651041658215/0/img?tpid=42&gdpr=0&tpuid=7378935371015770253
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.158.238.206 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-238-206.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
server
nginx
location
https://ih.adscale.de/sium/6de2f23660ee4ae997dfec95845e2fc6/1651041658215/0/img?tpid=42&gdpr=0&tpuid=7378935371015770253
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
gen_204
pagead2.googlesyndication.com/pagead/ Frame 414E 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B-H5meeVoYtzgMJPX3gOo-JToDQAAAAA4AeAEAg&bg=!1tWl1ZHNAAYXWUUuN1k7ACkAdvg8Wq2ssEGpJhl76aFVTGSi0J_6f1Nn8Y9uM4SVlzlhkLcakilLBQIAAAG-UgAAAAFoAQcKADdg0s_tS9UMF-PMYMYroEudacJaTF7YzyeBQ-RjUfc6F3BmfS1K-8YH4d5bywwYcfE8WKRKodjzmQLlspUHdBiVI3M7ryF9RuE0G1UQaVBfu23_LWT9b9-u5fhdbIs2e6o90v6G_zgjFZomPpPfCLRUezUlX8vTCeTdNEwGxkg0hHYbUwLbixWCiOX6V70j-iWqDSBVQDUGZXRZdx7q3U5Yvxq3dAZ9-DbaYGm2CRGGYAgtBaBSWSHZfTxv98x6XAdyFJCKXpzQ_jddrKIM4Qj35QVtrWP_wS4f253rnOCtQwM9ItRNItXFbsBt7h8yOoEYOa5j2AGhlFYIj_yCNlbt-W9hM-Kkew1ARSqs9M9ZiSOfZsa4hbwdfwPAiFQDcn2XOkhkVWR-wbFksljcHmlRpp2cXB8oyALcx8_U0ECAhPPLWz3j1wFd2cR9qXOdJKjPJEfZjln95H3tV8azcSNx5eHkREF8mKQ6g50A83SrWwPKTIpsvifIIJ2iGLTNUKJEL8YQgdRkRGMl4--6ZaA4Xe7oBa_fH7w5t6BHZO7DHrNJlObZc24HEp5fvVkYHys48NttiDJxUE1CO7DTxDnLUQgDb_eubVBSfCHttquatA59RLDfFMYTrWj7UARI-oJLHUvsDsn-ITxrFsYJ8L2eudPqMOYKjBcoB7IBrCI_Nufdnci7LKlQy_rIClr0vzmpOsI1tT49fhXRA3pbrJKfy4MBfcxv-0ijx8twXU5iH_hQWJx7U85NQh2pGS5Dejbc2U-Txn6wnqW6puZ6fgL0XLdqiRr25qPo5LqLF-EWA4cDJRh19wfttKR3BOiU2GQDH8XZAA_VIjTRpN--f_8jk0qWo35_3CAbEwUaO3nSvMRCAfz1dJRSkW5pCUrNMWbr_ZDDZeZou9jr7BKZd0OrdcePpmJFxbSt67HJdD1vP0Y4wu9ro6CJtOPJTL9S7mpVDJdwXBS4HYZSYB3_c2c9dPiRTyQZSq-CYnOxSF4948Zs4LiK_RvYpZoqbVwgqpJOKy61mln27zgUTaMPVQiicRYrDtIsdwX_1TBrepO5
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
LOnNfct_OK6AKwq7GByGz0_K8O7BrCXN6Fs6Py5gnPc.js
pagead2.googlesyndication.com/bg/ Frame F7F8 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/LOnNfct_OK6AKwq7GByGz0_K8O7BrCXN6Fs6Py5gnPc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2ce9cd7dcb7f38ae802b0abb181c86cf4fcaf0eec1ac25cde85b3a3f2e609cf7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 19:41:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
39571
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13636
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 26 Apr 2023 19:41:28 GMT
LOnNfct_OK6AKwq7GByGz0_K8O7BrCXN6Fs6Py5gnPc.js
pagead2.googlesyndication.com/bg/ Frame F590 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/LOnNfct_OK6AKwq7GByGz0_K8O7BrCXN6Fs6Py5gnPc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2ce9cd7dcb7f38ae802b0abb181c86cf4fcaf0eec1ac25cde85b3a3f2e609cf7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 19:41:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
39571
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13636
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 26 Apr 2023 19:41:28 GMT
OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame F719 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/11180611858476302336/300x600.html?e=69&leftOffset=0&topOffset=0&c=OV7OpjooV4&t=1&renderingType=2
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:30:43 GMT
x-content-type-options
nosniff
age
616
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47676
x-xss-protection
0
last-modified
Thu, 06 May 2021 11:38:39 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 27 Apr 2022 06:45:43 GMT
OnAir-Regular.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame F719 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/creatives/assets/4140742/OnAir-Regular.woff2
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c110419995948214e5b16d9d0df8f7d91536cc42783edd90c7fc1810308309ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/11180611858476302336/300x600.html?e=69&leftOffset=0&topOffset=0&c=OV7OpjooV4&t=1&renderingType=2
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:38:58 GMT
x-content-type-options
nosniff
age
121
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47848
x-xss-protection
0
last-modified
Thu, 06 May 2021 11:38:29 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 27 Apr 2022 06:53:58 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame F719 		7 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4c8a766813fc2edef6aef58ebbac6642929a85974d537faef5d3dae566abf302
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 27 Apr 2022 06:40:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5630
x-xss-protection
0
60005582_20211207084343680_300x600_Intro.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame F719 		98 KB
98 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20211207084343680_300x600_Intro.png
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e7b5f81e362407f407330379b0cd9391ea4cbe59e37d5cc0353292833bb9aa13
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/11180611858476302336/300x600.html?e=69&leftOffset=0&topOffset=0&c=OV7OpjooV4&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 11:09:41 GMT
x-content-type-options
nosniff
age
70278
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
99900
x-xss-protection
0
last-modified
Tue, 07 Dec 2021 16:43:43 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 27 Apr 2022 11:09:41 GMT
60005582_20211207084357883_STOERER.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame F719 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20211207084357883_STOERER.png
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fd9e0785965a3881b1e79bfc260f97a61906bd1917b6c812c0cdb62bac45896c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/11180611858476302336/300x600.html?e=69&leftOffset=0&topOffset=0&c=OV7OpjooV4&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 17:50:48 GMT
x-content-type-options
nosniff
age
46211
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2528
x-xss-protection
0
last-modified
Tue, 07 Dec 2021 16:43:57 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 27 Apr 2022 17:50:48 GMT
60005582_20211207084354469_ASSET.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame F719 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20211207084354469_ASSET.png
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
03884282898321524ba5cda546d71a38ae87704bcf092d9457ba739060528908
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/11180611858476302336/300x600.html?e=69&leftOffset=0&topOffset=0&c=OV7OpjooV4&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 17:50:48 GMT
x-content-type-options
nosniff
age
46211
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13128
x-xss-protection
0
last-modified
Tue, 07 Dec 2021 16:43:54 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 27 Apr 2022 17:50:48 GMT
postview.gif
portal.o2online.de/nws/img/ Frame F719 		43 B
609 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14112_PV&mediacode=27008872_4307561_324251169_146027701_-0&ref=27008872_4307561_324251169_146027701_-0
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
82.113.101.132 Hanau, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS
portal.o2online.de
Software
Apache /
Resource Hash
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:40:59 GMT
Last-Modified
Wed, 26 Aug 2020 10:11:24 GMT
Server
Apache
ETag
"2b-5adc50abeeb00"
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection
close
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
43
sodar2.js
tpc.googlesyndication.com/sodar/ Frame F719 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 27 Apr 2022 06:40:59 GMT
300x600.html
cstatic.weborama.fr/advertiser/6709/46/307/414/ Frame 2C5A 		12 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cstatic.weborama.fr/advertiser/6709/46/307/414/300x600.html?scrrefstr=scr_39218609124banner1651041698788&scrdebug=0&scrwidth=300&scrheight=600&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F44) /
Resource Hash
8f6f8941c721c6f3ed83adaf973dd32d824eb440f5f6a20cb79e9df245d0978c

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
494092
cache-control
max-age=604800
content-encoding
gzip
content-length
4043
content-type
text/html
date
Wed, 27 Apr 2022 06:40:59 GMT
etag
"1952931272"
expires
Wed, 04 May 2022 06:40:59 GMT
last-modified
Thu, 07 Apr 2022 11:33:21 GMT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
server
ECAcc (frc/8F44)
vary
Accept-Encoding
x-cache
HIT
img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame 6864
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&u...
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=59a1600e-0f3a-4c9e-8fe0-6369948a946e&gdpr=0
49 B
611 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=59a1600e-0f3a-4c9e-8fe0-6369948a946e&gdpr=0
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.158.238.206 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-238-206.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
server
Kestrel
x-errorlevel
0
strict-transport-security
max-age=31536000; preload;
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=59a1600e-0f3a-4c9e-8fe0-6369948a946e&gdpr=0
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1983166
content-length
0
expires
Wed, 27 Apr 2022 00:00:00 GMT
dispatch.fcgi
deptagencynl1.solution.weborama.fr/fcgi-bin/ Frame 389A 		0
360 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://deptagencynl1.solution.weborama.fr/fcgi-bin/dispatch.fcgi?a.A=ev&a.si=6709&a.te=518&a.aap=545&a.ra=1651041656887405&a.agi=199&ca=26060867435&a.wi=970&a.he=90&a.evn=video_mute&a.mo=1269&a.mox=-9999&a.moy=-9999&a.foi=1&a.foe=1&g.did=&g.ism=0&g.de=0&g.ru=&gdpr_cmp_failure=1&g.pu=
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.216.195.18 , France, ASN12516 (WEBORAMA Weborama provides Internet Services, FR),
Reverse DNS
std-collect-lb-c03-01-vip.weborama.fr
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
last-modified
Wed, 27 Apr 2022 06:40:59 GMT
server
Apache
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
expires
Tue, 03 Jul 2001 06:00:00 GMT
LOnNfct_OK6AKwq7GByGz0_K8O7BrCXN6Fs6Py5gnPc.js
pagead2.googlesyndication.com/bg/ Frame 2F10 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/LOnNfct_OK6AKwq7GByGz0_K8O7BrCXN6Fs6Py5gnPc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2ce9cd7dcb7f38ae802b0abb181c86cf4fcaf0eec1ac25cde85b3a3f2e609cf7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 19:41:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
39571
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13636
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 26 Apr 2023 19:41:28 GMT
screenad_interface_1.0.3_scrambled.js
media.adrcdn.com/scripts/ Frame 2C5A 		29 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://media.adrcdn.com/scripts/screenad_interface_1.0.3_scrambled.js
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/advertiser/6709/46/307/414/300x600.html?scrrefstr=scr_39218609124banner1651041698788&scrdebug=0&scrwidth=300&scrheight=600&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.163 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frb/6759) /
Resource Hash
6f522fbbba8abd42e7a27c37138ae40a42beca58f750deb37102717d22e8bbd5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
content-encoding
gzip
last-modified
Mon, 30 Aug 2021 13:14:16 GMT
server
ECAcc (frb/6759)
age
495137
etag
"1894109687"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
cache-control
max-age=0
accept-ranges
bytes
content-length
9683
HYPE-724.thin.min.js
cstatic.weborama.fr/advertiser/6709/46/307/414/ Frame 2C5A 		55 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cstatic.weborama.fr/advertiser/6709/46/307/414/HYPE-724.thin.min.js
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/advertiser/6709/46/307/414/300x600.html?scrrefstr=scr_39218609124banner1651041698788&scrdebug=0&scrwidth=300&scrheight=600&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FC5) /
Resource Hash
fa4ae93330f3a0b8e253e34bc6d66018d996fb5d56ef0802e6def0d91fd035c0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cstatic.weborama.fr/advertiser/6709/46/307/414/300x600.html?scrrefstr=scr_39218609124banner1651041698788&scrdebug=0&scrwidth=300&scrheight=600&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
content-encoding
gzip
last-modified
Thu, 07 Apr 2022 11:33:21 GMT
server
ECAcc (frc/8FC5)
age
494093
etag
"124419341"
vary
Accept-Encoding
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-type
text/javascript
content-length
24509
expires
Wed, 04 May 2022 06:40:59 GMT
dispatch.fcgi
deptagencynl1.solution.weborama.fr/fcgi-bin/ Frame 389A 		0
360 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://deptagencynl1.solution.weborama.fr/fcgi-bin/dispatch.fcgi?a.A=ev&a.si=6709&a.te=518&a.aap=545&a.ra=1651041656887405&a.agi=199&ca=36677368175&a.wi=970&a.he=90&a.evn=video_play&a.mo=1321&a.mox=-9999&a.moy=-9999&a.foi=1&a.foe=1&g.did=&g.ism=0&g.de=0&g.ru=&gdpr_cmp_failure=1&g.pu=
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.216.195.18 , France, ASN12516 (WEBORAMA Weborama provides Internet Services, FR),
Reverse DNS
std-collect-lb-c03-01-vip.weborama.fr
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
last-modified
Wed, 27 Apr 2022 06:40:59 GMT
server
Apache
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
expires
Tue, 03 Jul 2001 06:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 33D7 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=Bo-R-euVoYr2VDJPKsgLHwLuwBwAAAAA4AeAEAg&bg=!DwylDEjNAAYXWUUuN1k7ACkAdvg8Wn4jwxmGqjMihC2vKguBVFAmE1XEVut5iV1FOmS8heqBV4useQIAAAHaUgAAAAVoAQcKAEtoKyEqLdfjEMzbiboM7Dt5BspSO7IrtRJlAgv9IZfffjEE4uaRsxzT_G4YStxW48Xm9Hs987RgqopvE2FjkCjhaEHR0LrdU64ZK2iZAu76z-L5oRXocTVDqrHNy-gVnxzuYB_SD3mMmYUc4gPpP7UHEY4_uRUNy9v7_3Hf8w7kdT8dPdWKyT2vbIumZd81DERHskAkPyDJlja0-OLBMbhCeZL37d3NlAXilqyFmQZ2KJdzCMe5zE-URBDqBx74kU-vuKUfoo-vlqAQmDPJKoPKritMRpVsZKgOL-fVFv5l0ceVlFoN7i9TB1T0HE_0oFYMa1dIEB6i6P_wyIxvrhgmE8BmgNR4evU3UVHR8KHBYWjsJdkBBypEoAsC2U9ugPEHaLcwE3Bkdm4RLlYwjhPF9Zk9mw23_DkTfH0oKSHA1M2dSNExARprxyUauZlENsLRbGia7uE34qHzScfKiRCgFg3Q33G28HUqlpO7Gl_z_7CvLhpeYfOAyaEIoszYx5eG1ILzZ-tLQ1obucNMgIBD4asZRe4FziyN6tWQnY5iFqskCuBxCgQ-ZVDLFtK-oY5eKJMaph3W8Xj2jlYs22fqjfY407TTV8MEC3-Etgc7W9r5tL550n83piWWQ23OZgABGqsUF3O_Kt9qSf-Ci9cdFSEG-VLoXys_iIHD-ZM7hJ2G0hzQQB-yBdtv1E_nCUzZ5AeKqgdC1KOqt7sw-Sx1_nRKuOmtC4YUwCMJSRP9Ug_rVdl8MCrk_LvFbyXycyPCKnR1-DCJjpiapTnKccM5CNJLIHsBIoMlRzoKmL2BOu5MMXvexxdWeEUosFDavVMwQi-ha_GHIpk_OROC9WyPIl0-K9l2mTN7KX-d0a0vXnKO3lCdR_tLH7Z4FzCpteYi4ZWxCh2wYjOLzL5tbHkdzyCB_LSUETB4VUp4Cszadyk37K4kTomOKft73HazG0HaZNTsdxUE9ZBlELTZPrgG5sX_LSKh6nSF4HSHzoyKXWtHuTzxkHLKlaHuBrUb3NrZEDSjvWZQOpXwKREcw11rqLeN2kd2JImzJR-hqYx5xvGeR9hUb1tA-j4rNG8TZ-PrAfXtJhsmBFqDYns
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 9F24 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst7m08rRsh65kK555CQM8R6PSIANhYG2s8PoKKKtgxWIhgKXt96xQM6Jst6ZP2bbNNOejKnBE-7W0wWnVP8PCUPeL6M838l9E1oElAb4Qrpv9RH0coEDA&sai=AMfl-YTlqYuWmxz-wZFYZ1rlsMJFiB4tsh5POhe9fSduu_WLfuceFOfSTode4hKlngEG66RhJbowvRfFPI2uccOlrl2dUDi4j546CRU7amCta4yFh20yiztOZZinSfOL&sig=Cg0ArKJSzO29lp1lAiySEAE&cid=CAASJeRoxQNdehpFfTwDRNJnR3gI24tKJPMVJWgwLq5QfihA3nno5d4&id=lidar2&mcvt=1033&p=432,1266,1032,1426&mtos=1033,1033,1033,1033,1033&tos=1033,0,0,0,0&v=20220420&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2073927154&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1651041657608&rpt=756&isd=0&lsd=0&met=mue&wmsd=0
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5878 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bs9oFeuVoYrT0A_mOjuwPyJS6cAAAAAA4AeAEAg&bg=!QkGlQQXNAAYXWUUuN1k7ACkAdvg8WhAXl3siaOEs4eNUvnwh5slM6txzcE4CrHegMds4w2ZCuFjBsAIAAAF5UgAAAAJoAQeZAthIV0PNLyWWwdRl5bCc01CZYIVJ67MCWc-csRs6pku1s5OpfesIbYZskbagVxOXIPPPTo0Jl1utz7pDUinXQyhAr38NTJzQcyM3fW4vY8fKSLJQ4cCb4YLSnO6pyBjmB7vofqBTUUEV-DpazFT6c8fssn-dlFIw1wzI2wGoyaX9qdKiRj35lRuuomsnragZeoBPqug5tOgoJcv0H1eYFg4M_yQ2NC_bUepuHkr_IGMpY0WvokzMPHRPt-Rkv4ucvZSxMxaZpfSOkfenMsmudtdZU9vXzSNwJQ9HEIMXW2K5sAraFx8b11ghSZrcW7N0Dq_9PgvLFeFxuxJNthuwUxVtuGhbbdyUSjS9AMexgRD4UlQLF8Wk0A7r6BabxyKQ65_SUKSV8nKXLKVRw08IqwJ2qm4cZtVK4oUxxnY5db7uHEIcSL4O-hYaTpBziRFP8JGBBmd1xRkNEhObF_CJ2rcwpiHa_nqMEKglRr6qlDHsh4jSNlRIqSQ7z66CAEIPlhPeri8IZZwrQaB7micGzXDawoULcTVBCpXhdpRv4oxTFSXg8s0fqHeIMzEA-_Si3HJxyWwZTGdAxF4KmqZJFZRQCfDeNbGGc6_mhyk-sS55Et_ZSnWDPtJUQG9gnqBsEwUujByxMwO63h-aEo-q2cgPRrdpG-ws_uAcK1s-YB-mRQRhISIffnSL2r9rIv9pxJYo9_HxgRqNNLdFZEKzGpUvQDtvwBYG3F9RVfpDhOIWO9Ygr1Wd1dt7SSQPGU8hg-xqdpnmjJwafMKQ-P0UViL_H0G5M6CtVY87hJZrznhN_TuqbUFPN2zjC0n1GxRfdpWS3hEYcmdVKuQxVxeys_5Upj8AyDsAfeCuKBUmRPpY1m_Lu5-3c2LwOxG5PipbpIyzu8qQenxtaPPQWLPTYhIDSW0rV3OguErXGaQmpVXqyjcDVf6-xN1pbfoWNRZoTnUtMyiT9o_iPg
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame 6864
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=ff3a7d08e832d7eff9581911...
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=0&gdpr_consent=
49 B
633 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=0&gdpr_consent=
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.158.238.206 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-238-206.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

Date
Wed, 27 Apr 2022 06:40:59 GMT
Server
MT3 4335 2c68c00 master ord-pixel-x14 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 27 Apr 2022 06:40:58 GMT
smart-logo_dark.svg
cstatic.weborama.fr/advertiser/6709/46/307/414/ Frame 2C5A 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cstatic.weborama.fr/advertiser/6709/46/307/414/smart-logo_dark.svg
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/advertiser/6709/46/307/414/300x600.html?scrrefstr=scr_39218609124banner1651041698788&scrdebug=0&scrwidth=300&scrheight=600&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FC9) /
Resource Hash
0f896eb296ca683fdd6cfa0c085fbb867c45c2a47130c32c1f00878c5ff4fa01

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cstatic.weborama.fr/advertiser/6709/46/307/414/300x600.html?scrrefstr=scr_39218609124banner1651041698788&scrdebug=0&scrwidth=300&scrheight=600&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
last-modified
Thu, 07 Apr 2022 11:33:21 GMT
server
ECAcc (frc/8FC9)
age
494092
etag
"2542923792"
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-type
image/svg+xml
content-length
4976
expires
Wed, 04 May 2022 06:40:59 GMT
smart-logo_white.svg
cstatic.weborama.fr/advertiser/6709/46/307/414/ Frame 2C5A 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cstatic.weborama.fr/advertiser/6709/46/307/414/smart-logo_white.svg
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/advertiser/6709/46/307/414/300x600.html?scrrefstr=scr_39218609124banner1651041698788&scrdebug=0&scrwidth=300&scrheight=600&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F8A) /
Resource Hash
28ce38018c278f3ccdb64280656ef416294c4b999d2fd6eb1bd6c9c3e07666c7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cstatic.weborama.fr/advertiser/6709/46/307/414/300x600.html?scrrefstr=scr_39218609124banner1651041698788&scrdebug=0&scrwidth=300&scrheight=600&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
last-modified
Thu, 07 Apr 2022 11:33:22 GMT
server
ECAcc (frc/8F8A)
age
494092
etag
"2627335799"
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-type
image/svg+xml
content-length
4976
expires
Wed, 04 May 2022 06:40:59 GMT
btn_mute.svg
cstatic.weborama.fr/advertiser/6709/46/307/414/ Frame 2C5A 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cstatic.weborama.fr/advertiser/6709/46/307/414/btn_mute.svg
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/advertiser/6709/46/307/414/300x600.html?scrrefstr=scr_39218609124banner1651041698788&scrdebug=0&scrwidth=300&scrheight=600&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FFA) /
Resource Hash
3260ba689558df2cd864c9d118cceeaaeb2410cfd9e911d46adc7ee370d2184e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cstatic.weborama.fr/advertiser/6709/46/307/414/300x600.html?scrrefstr=scr_39218609124banner1651041698788&scrdebug=0&scrwidth=300&scrheight=600&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
last-modified
Thu, 07 Apr 2022 11:33:21 GMT
server
ECAcc (frc/8FFA)
age
494092
etag
"1121178137"
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-type
image/svg+xml
content-length
1038
expires
Wed, 04 May 2022 06:40:59 GMT
btn_replay.svg
cstatic.weborama.fr/advertiser/6709/46/307/414/ Frame 2C5A 		921 B
990 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cstatic.weborama.fr/advertiser/6709/46/307/414/btn_replay.svg
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/advertiser/6709/46/307/414/300x600.html?scrrefstr=scr_39218609124banner1651041698788&scrdebug=0&scrwidth=300&scrheight=600&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F09) /
Resource Hash
0ebdfd9b32ab6e8054d916fcdf5fd2c9d539d0e743a5a1a49f1b66557271b7e2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cstatic.weborama.fr/advertiser/6709/46/307/414/300x600.html?scrrefstr=scr_39218609124banner1651041698788&scrdebug=0&scrwidth=300&scrheight=600&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
last-modified
Thu, 07 Apr 2022 11:33:21 GMT
server
ECAcc (frc/8F09)
age
494093
etag
"3981354716"
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-type
image/svg+xml
content-length
921
expires
Wed, 04 May 2022 06:40:59 GMT
btn_unmute.svg
cstatic.weborama.fr/advertiser/6709/46/307/414/ Frame 2C5A 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cstatic.weborama.fr/advertiser/6709/46/307/414/btn_unmute.svg
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/advertiser/6709/46/307/414/300x600.html?scrrefstr=scr_39218609124banner1651041698788&scrdebug=0&scrwidth=300&scrheight=600&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FEC) /
Resource Hash
4284cc65b5c2012f3d56712579aedd1d4e19227894242f9f98cd29b22e4c5277

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cstatic.weborama.fr/advertiser/6709/46/307/414/300x600.html?scrrefstr=scr_39218609124banner1651041698788&scrdebug=0&scrwidth=300&scrheight=600&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
last-modified
Thu, 07 Apr 2022 11:33:21 GMT
server
ECAcc (frc/8FEC)
age
494093
etag
"3284815877"
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-type
image/svg+xml
content-length
1363
expires
Wed, 04 May 2022 06:40:59 GMT
Smart_Bold.woff2
cstatic.weborama.fr/advertiser/6709/46/307/414/ Frame 2C5A 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cstatic.weborama.fr/advertiser/6709/46/307/414/Smart_Bold.woff2
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/advertiser/6709/46/307/414/300x600.html?scrrefstr=scr_39218609124banner1651041698788&scrdebug=0&scrwidth=300&scrheight=600&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F1D) /
Resource Hash
022df85e302d76490edf39d56b06a5aa1563edcf9da60ba16c2c722758a5c06f

Request headers

Referer
https://cstatic.weborama.fr/advertiser/6709/46/307/414/300x600.html?scrrefstr=scr_39218609124banner1651041698788&scrdebug=0&scrwidth=300&scrheight=600&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Origin
https://cstatic.weborama.fr
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
last-modified
Thu, 07 Apr 2022 11:33:21 GMT
server
ECAcc (frc/8F1D)
age
494092
etag
"1632480588"
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
https://cstatic.weborama.fr
cache-control
max-age=604800
access-control-allow-credentials
true, true
accept-ranges
bytes
content-type
application/octet-stream
content-length
14684
expires
Wed, 04 May 2022 06:40:59 GMT
Smart_Regular.woff2
cstatic.weborama.fr/advertiser/6709/46/307/414/ Frame 2C5A 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cstatic.weborama.fr/advertiser/6709/46/307/414/Smart_Regular.woff2
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/advertiser/6709/46/307/414/300x600.html?scrrefstr=scr_39218609124banner1651041698788&scrdebug=0&scrwidth=300&scrheight=600&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F43) /
Resource Hash
b86e678f724241714425a98d49c80fcdee4cf52b93c913b56ae403d2e423d3e4

Request headers

Referer
https://cstatic.weborama.fr/advertiser/6709/46/307/414/300x600.html?scrrefstr=scr_39218609124banner1651041698788&scrdebug=0&scrwidth=300&scrheight=600&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Origin
https://cstatic.weborama.fr
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
last-modified
Thu, 07 Apr 2022 11:33:21 GMT
server
ECAcc (frc/8F43)
age
494092
etag
"3177147590"
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
https://cstatic.weborama.fr
cache-control
max-age=604800
access-control-allow-credentials
true, true
accept-ranges
bytes
content-type
application/octet-stream
content-length
14848
expires
Wed, 04 May 2022 06:40:59 GMT
csi
csi.gstatic.com/ Frame C44B 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~l2h7koks&c=3469786965697&slotId=1734893482848.5&qqid=CP6o6bzRs_cCFZaHgwcdcF8Low&gqid=e-VoYq2hB4TH3gOomavwDQ&fb=ima_html5-lima&sdkv=h.3.512.0&mrd=4&aab=0&itv=1&eee=missing-element&bi=missing-id&ghmsh_eids=44750824%2C44757675%2C44761692&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&vmfc=2&vhc=0&wta=1&hghme=1&met.4=ghmsh_s.l2h7kpru~ghmsh_s.l2h7kprv&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=8TnDjSWB4cRQYqzg
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.512.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4023:1009::5e Fort Worth, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
300x600_v2.mp4
cstatic.weborama.fr/advertiser/6709/46/307/414/ Frame 2C5A 		2 MB
2 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cstatic.weborama.fr/advertiser/6709/46/307/414/300x600_v2.mp4
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/advertiser/6709/46/307/414/300x600.html?scrrefstr=scr_39218609124banner1651041698788&scrdebug=0&scrwidth=300&scrheight=600&scrwebodomain=0&scrdevtype=desktop&vars=wuid%3D%26retargeting%3D%26
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F49) /
Resource Hash
c787b960ead3afb475a27ea8e6712e408b2247a06659762750c6907aa4f42f35

Request headers

Referer
https://cstatic.weborama.fr/
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Range
bytes=0-

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
last-modified
Thu, 07 Apr 2022 11:33:21 GMT
server
ECAcc (frc/8F49)
age
474520
etag
"3760615324"
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Content-Range
bytes 0-1586811/1586812
cache-control
max-age=604800
accept-ranges
bytes
content-type
video/mp4
access-control-allow-origin
*
Content-Length
1586812
expires
Wed, 04 May 2022 06:40:59 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame F7F8 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BjUoleuVoYpKpIuuCx_APvJC9yAIAAAAAOAHgBAI&bg=!JySlJGDNAAYXWUUuN1k7ACkAdvg8Wp_PIP4kp09bDPERiHjfuRTtmOfqTVO_wLUFtpd8fSwxljsw-AIAAAEbUgAAAAJoAQcKAC5v7vdkO0xacrWXnnEQ4AGLn6fX-DBdsZnyCXlp5843IJ8TRBkWAFCdgPMhKs_HmQLoEMDe2N687NkyyrXbzYaU3Em4-Gluerqz0op1fFQStLyvmTMz_7EvKtOBV2ZjZ9iGTgPDx72Mqm4fDd5FwLWgvwDdZOC40giWJVWdzZ0IsL6xbLcIIpVjVGtjtWg8Be-4IJNAGyxPl-8aV8M8Rq9ZF6NUcpFtCVfzCAciGJU-Ml0QN8fHLw9PQ5ycFS7lGcrDpW3SdVlSRkhjkelChPcs1GmRaofwa7MCoAS2P_EUkEKBlc0FoaIrxFlZtw3ktA9O6A5k3RUfwWmGoZqD0DP1H2-wqbjHlGL4loD0tzbH6jP9rjVvegvwIB8HmeRYfSZ2oCRZYoAYifQgkxZrZ5eQtYYkIBXrPY7imIRSFseX7eW_XS35WaJWXp-gS8FGQAclIMQfoi-cIgljEBbdXW09GZnzwKum4Lld2q_G-wDS7e5QSqC6NUbgsd-6Ih6qQbYqazhQwX8Ha_Gap2_XIVy0P0dXsa43d6uka-9RVN5xEhuuvsnc_vpM4jFDNeBPLyUOuNuZA_p5znb4oimGDlzoe-OSBJridRnmauTNnkMPAKxPa2O3fDYHcagOF49kywV0wt7MBu5w27gX7NoUmACjnUpwehJrZug2BxFSFXhlqPxFSxI32-6lByFwZgDtB5_mPACAaOLLknk-5PWPeY9reN1PAneuflpNdxfdFiKlDpEH3VPZWlWCixmqkDAgtSIxZOXaTyT5ypmPKI3rhmbpU2Zdxo50qIH9cslDkfPIkIf9agmZ1EKWPMrssRB0kc92tFDz1Epypsxo4rnKrjCjz67neXkVADMUSHKkeyfTOLMtyDqprsEkSlV2n57sF5kLb6b4_Am-4nRXqjF_gflZpHe9Jt4VY8AxLVKnjuQ73DplbpUzxSIPgfKWzL0lXyJkp5M1MiKR4a12Pkk_adXI1Vx_xi8PI6paTKJBoVKLQ_nEEHqtDx4qpInkQwitqI-Tr7nP-kroZL26uJ4P2--55rsQ57B5Qstc
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
liveView.php
live.primis.tech/live/ 		43 B
472 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTI2JaNypaZypyRcoWU9MTY1MTA0MTY1NvZ2nWRspGkurWVlVzVlPTMhMS4jJaM9NTtjNTpzp3RuPTE3MwI2OTE5Jat9NDAjJax9MwI1Jz1mqGE9MTYlNmMkODQzqzyxX3Zup3RUrXByPTMzqzyxX3ZcZXquYzyfnXR5U3RuqGU9MSZ2nWRspGFmp0RioWFcow1xYWyfrXZinWNyLzNioSZmqWJJZD1xYWyfrXZinWNyLzNioSZxZWJ1Z0yhZz9loWF0nW9hPUFCVCUlMCUlRvUlMGJcZHN3nXRwnCUlMCUlRvUlMDEyMwAyMxYyMwB3nXRbo3V0JzymQXBjPTAzqzyxX2F0nT1zpzVyp3Rupy9jpzygnXNsYWR4X3ZcZGViXmE4NmZsZGFcoHy2o2ywZSZ1p2VlSXBBZGRlPTJuMDIyM0E2ZWEjJTNBYmpkYvUmQTAyM0EkMDElJTNBZzYjNvUmQTI4NDAyM0EkZGJxJaVmZXJVQT1No3ccoGkuJTJGNS4jJTIjJTI4V2yhZG93plUlME5UJTIjMTAhMCUmQvUlMFqcowY0JTNCJTIjrDY0JTI5JTIjQXBjoGVXZWJLnXQyMxY1MmphMmYyMwAyMwuLSFRNTCUlQlUlMGkcn2UyMwBHZWNeolUlOSUlMENbpz9gZSUlRwEjMC4jLwQ4OTYhMTI3JTIjU2FzYXJcJTJGNTM3LwM2JzNmqXVcZD02MwY4ZTU3ODQ0ZwFyJaJ2ow0jJzNioaRyoaRGnWkySWQ9MCZgZWRcYVBfYXyMnXN0SWQ9MCZgZWRcYUkcp3RJZD0jJaNmpF9uZG9gPSZaZHBlPTEzZ2RjpxNioaNyoaQ9JzymV2VQYXNmR2Rjpw0jJzNwpGE9MCZwY3BuQ29hp2VhqD0zY2J1p3Rypw0kNwUkMDQkNwU5NwEjJaVcZD1TZWgcozRiU1BfYXyypwYlNwuyNTp4NWNvZTYzpHVvVXJfPWu0qHBmJTNBJTJGJTJGZGFcoHy2o2ywZS5wo20yMxZhZXpgrW9lnlUlRz9lYW5aZXRiq24yMxZhZXqmJTJGoaxgZG9wqG9lLWNfYWygZWQgoW9lZS10nGFhLTEgoWyfoGyiov1cov1zpzF1ZHVfZW50LXRurC1xZWR1Y3Rco25mLWZyZHMgp2F5JTJGODIjNwQlJTJGJzZfo2F0U3RuqHVmPXRlqWUzZWyxp3A9pHJyYzyx
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
server
nginx
age
0
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
max-age=315360000
content-disposition
inline; filename="pixel.gif"
x-amz-cf-pop
FRA6-C1
content-type
image/gif
x-amz-cf-id
zraW0lGZL5SJPBdpTSOIrCFyqyCjDGplmHJ4J0BoPLQ3aRFsetZW9A==
expires
Thu, 31 Dec 2037 23:55:55 GMT
liveView.php
live.primis.tech/live/ 		0
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTQkJaNypaZypyRcoWU9MTY1MTA0MTY1NvZ2nWRspGkurWVlVzVlPTMhMS4jJaM9NTtjNTpzp3RuPTE3MwI2OTE5Jat9NDAjJax9MwI1Jz1mqGE9MTYlNmMkODQzqzyxX3Zup3RUrXByPTMzqzyxX3ZcZXquYzyfnXR5U3RuqGU9MSZ2nWRspGFmp0RioWFcow1xYWyfrXZinWNyLzNioSZmqWJJZD1xYWyfrXZinWNyLzNioSZxZWJ1Z0yhZz9loWF0nW9hPUFCVCUlMCUlRvUlMGJcZHN3nXRwnCUlMCUlRvUlMDEyMwAyMxYyMwB3nXRbo3V0JzymQXBjPTAzqzyxX2F0nT1zpzVyp3Rupy9jpzygnXNsYWR4X3ZcZGViXmE4NmZsZGFcoHy2o2ywZSZ1p2VlSXBBZGRlPTJuMDIyM0E2ZWEjJTNBYmpkYvUmQTAyM0EkMDElJTNBZzYjNvUmQTI4NDAyM0EkZGJxJaVmZXJVQT1No3ccoGkuJTJGNS4jJTIjJTI4V2yhZG93plUlME5UJTIjMTAhMCUmQvUlMFqcowY0JTNCJTIjrDY0JTI5JTIjQXBjoGVXZWJLnXQyMxY1MmphMmYyMwAyMwuLSFRNTCUlQlUlMGkcn2UyMwBHZWNeolUlOSUlMENbpz9gZSUlRwEjMC4jLwQ4OTYhMTI3JTIjU2FzYXJcJTJGNTM3LwM2JzNmqXVcZD02MwY4ZTU3ODQ0ZwFyJaJ2ow0jJzNioaRyoaRGnWkySWQ9MCZgZWRcYVBfYXyMnXN0SWQ9MCZgZWRcYUkcp3RJZD0jJaNmpF9uZG9gPSZaZHBlPTEzZ2RjpxNioaNyoaQ9JzymV2VQYXNmR2Rjpw0jJzNwpGE9MCZwY3BuQ29hp2VhqD0zY2J1p3Rypw0kNwUkMDQkNwU5NwEkJaVcZD1TZWgcozRiU1BfYXyypwYlNwuyNTp4NWNvZTYzpHVvVXJfPWu0qHBmJTNBJTJGJTJGZGFcoHy2o2ywZS5wo20yMxZhZXpgrW9lnlUlRz9lYW5aZXRiq24yMxZhZXqmJTJGoaxgZG9wqG9lLWNfYWygZWQgoW9lZS10nGFhLTEgoWyfoGyiov1cov1zpzF1ZHVfZW50LXRurC1xZWR1Y3Rco25mLWZyZHMgp2F5JTJGODIjNwQlJTJGJzZfo2F0U3RuqHVmPXRlqWUzZWyxp3A9pHJyYzyx
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
server
nginx
age
0
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
no-store
x-amz-cf-pop
FRA6-C1
content-type
text/html; charset=UTF-8
x-amz-cf-id
Os96VKjye8mXtTPzHiDJvsC_hDmJUfusp-Ti5-1m_aGYY_aXALYl1w==
help_outline_white_24dp_with_3px_trbl_padding.png
imasdk.googleapis.com/formats/wta/ Frame C44B 		453 B
478 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imasdk.googleapis.com/formats/wta/help_outline_white_24dp_with_3px_trbl_padding.png?wp=ca-pub-8061946413537984
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/js/core/bridge3.512.0_en.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:30:32 GMT
x-content-type-options
nosniff
age
627
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
453
x-xss-protection
0
last-modified
Wed, 13 Oct 2021 14:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
image/png
cache-control
public, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Apr 2022 07:20:32 GMT
/
googleads.g.doubleclick.net/pagead/interaction/ Frame C44B 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/interaction/?ai=CACYZe-VoYr7_CJaPjuwP8L6tmArkt4HhaZeJ2PnND9WAk67PLxABIMDCrHpglYKAgJQHoAGwuqHXA8gBBakCPJNFBMrbsT7gAgCoAwGYBACqBOMCT9A-6o6Eofj_IgI7ztW-7ExLHI7MC1RCddBAlKGwKzq-XNHmI9XrlQh3uYpjtFeool0WUInr03VnLI_NNV30fncA4GUEndinH8svwjpFC1h29Twfk3mqsUMVxP1jZs_gI-s6suO0EAGzhMzdWobXKOxpPsoUWv30Ae8YpHxW3tctmZHYEvFk09nToLNaSuOuJIK43ps-xEc55WVmSCkkxz_XZNb0mu2LwQMJkenGIQmQVFV6ofxpSnwemORAzqrIEDgXHyeZ-Fuymn3Smi_0pynbl2Tpcg_lNnP3gYCm6-SYqfK4zvEIHoGDYmTCIg4fus0O3-SWrfrEpgi4KvxTki8SFKgdpUZQ6p7fbtwxy6bE7atD95-8qdI3NqtyFR0VrAOzcC_4GFq2ARhVLj_HRgQUfxQgzO-i_uIbAkrljUGqbuWqrrtkWb4Iu_oNhwNR_u9UseVsQAeRpM45PwQDuPGW38AEp-zY4P0D4AQBoAZUgAee7PaDA6gHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi05MDEyMTg4NDUxNjI5OTM0sQmEDDxlQhpKeIAKA5gLAcgLAdALDrgMAdgTDNAVAeIWAggB-BYBgBcB&sigh=qGXi6Dft-oE&label=show_ad&acvw=&sdkv=h.3.512.0&vci=CmsIARIec2VjdXJlcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUzNjMyMDgwMzk5MTIMNTg1NDgwMDgxMDM0QIsDUh0QDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25QABgB
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame C44B 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CB9mze-VoYr7_CJaPjuwP8L6tmArkt4HhaZeJ2PnND9WAk67PLxABIMDCrHpglYKAgJQHoAGwuqHXA8gBBakCPJNFBMrbsT7gAgCoAwGYBACqBOACT9A-6o6Eofj_IgI7ztW-7ExLHI7MC1RCddBAlKGwKzq-XNHmI9XrlQh3uYpjtFeool0WUInr03VnLI_NNV30fncA4GUEndinH8svwjpFC1h29Twfk3mqsUMVxP1jZs_gI-s6suO0EAGzhMzdWobXKOxpPsoUWv30Ae8YpHxW3tctmZHYEvFk09nToLNaSuOuJIK43ps-xEc55WVmSCkkxz_XZNb0mu2LwQMJkenGIQmQVFV6ofxpSnwemORAzqrIEDgXHyeZ-Fuymn3Smi_0pynbl2Tpcg_lNnP3gYCm6-SYqfK4zvEIHoGDYmTCIg4fus0O3-SWrfrEpgi4KvxTki8SFKgdpUZQ6p7fbtwxy6bE7atD95-8qdI3NqtyFR0VrAOzcC_4GFq2ARhVLj_HRgQUfxQglO4A4uohlGh3QLc5cCw51Q2NLgrJ4uUHAwp_5kX6QJLYi9qHiNb27I8dccAEp-zY4P0D4AQBoAZUgAee7PaDA6gHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwUQ5K7yAagIAdIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA8gLAcITBhiwuqHXA9gTDNAVAeIWAggBgBcBshceChwIABIUcHViLTM2MDUyNTczNjA4NTMxODUYusgX&sigh=ic7MVewEeK8&cmd=Ch1jYS12aWRlby1wdWItMzYwNTI1NzM2MDg1MzE4NRAAGAI&uach_m=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&vt=10&sdkv=h.3.512.0&vci=CmsIARIec2VjdXJlcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUzNjMyMDgwMzk5MTIMNTg1NDgwMDgxMDM0QIsDUh0QDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25QABgB
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers
truncated
/ Frame C44B 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type
image/gif
csi
csi.gstatic.com/ Frame 9001 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~l2h7kodk&c=3469786965697&slotId=1734893482848.5&eee=missing-element&bi=missing-id
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4023:1009::5e Fort Worth, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame C44B 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?evt=start&format=TRUEVIEW&lid=143&sdkv=h.3.512.0&e=44750824%2C44757675%2C44761692&id=ima_html5&c=2789614745042956&domain
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
img
ih.adscale.de/sium/6de2f23660ee4ae997dfec95845e2fc6/1651041658215/0/ Frame 6864
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_sc&uid=836e304e9f9c310d921286d1f5780bf277695ff7ecbac33f19541387fc50b801&tpid=38&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F6de...
  • https://ih.adscale.de/sium/6de2f23660ee4ae997dfec95845e2fc6/1651041658215/0/img?uid=836e304e9f9c310d921286d1f5780bf277695ff7ecbac33f19541387fc50b801&tpid=38&gdpr=0&tpuid=CAESEPMdCjruO_nJ-7cLolOK4MQ...
49 B
650 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ih.adscale.de/sium/6de2f23660ee4ae997dfec95845e2fc6/1651041658215/0/img?uid=836e304e9f9c310d921286d1f5780bf277695ff7ecbac33f19541387fc50b801&tpid=38&gdpr=0&tpuid=CAESEPMdCjruO_nJ-7cLolOK4MQ&google_cver=1
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.158.238.206 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-238-206.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ih.adscale.de/sium/6de2f23660ee4ae997dfec95845e2fc6/1651041658215/0/img?uid=836e304e9f9c310d921286d1f5780bf277695ff7ecbac33f19541387fc50b801&tpid=38&gdpr=0&tpuid=CAESEPMdCjruO_nJ-7cLolOK4MQ&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
424
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame F590 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BAqsFeuVoYoCmFYrU3gPP87i4CAAAAAA4AeAEAg&bg=!SUqlSg7NAAYXWUUuN1k7ACkAdvg8WjIQZCHZcIEYrz4D_sB8GgPYi0dHkhln3QKmh1FWigk3n7FfjgIAAAFQUgAAAAFoAQeZAu3QQ4URbf8dWaHoKVFIVTNPvF5PK-CbakP-vHrCT-tQF9PX-SKQSUj7tgc2fvRbu_5hS8vv1T-qxMJ9EGzCSH1nL3CSiAyAcB1L06nMTTAl3_lnjQ9X2e6OZ992Odm2-1YjlYDxMcP4P3LTr-mSp1fRWT_y0sZY57MBR_0ubAojIl6IhjWB1bfbAor0EHCQ0sTku-lfPhXUGElYbJyH6nSj2rbDZoQKTaSR4meEv2PUxm2kzPbgycwJ-hAd18ClLb5iv2_VdS1EX8myTOCcUdbL0GZgDGMax8yTWBFM-YPrGootLMc9WoJBYRsWHEa-84BGfG7n5LmyAamDUzbdB66N1nS0szY8PCC3HXXakMMuEeIF5PYYBW9_cZMb9tmqKABJxurr8y0odE6U4gaOPpIMTD6HGphrLP9iDzhkcV6prVKqu6iFcqLDeL59QBlIDPz8IRaTOlbkz87IjNZvVD3Uzie7InYcvHTjAnAsEtf4uZ9EePZ-2EI1H4r5Hdgh0le2tcyslc8K-GyGoOhD5uDm4PHGvs8yY8a_K895eXrw99zyktd3cE_C3Zr1rkp5mLMyXviIkhrrB_gRmGgc82sYpLTxKCnd6VI2AI0m-k3CDzfQn4bJv5K3IfcXTY3P1TPaLgt_7cfI_oYOxdlIz_JTDK5gc45zeAJxq6HPxXQZNwqdp9_mlblYA3Sv8eb-ru-1YWBNbD0rixP-9deU6cggRqu7rPMczNOJAj7yyc0S9Zg22WCZPbG13L1oRMI9WCYhWW4QcMZpUjWZD4G9-q0EoxHfG6XIwzpffhsvt1e6WgIW98TPzz7cCkVJ_jEF-4McSWDitP6j0XdLp8R858hYJYFImPOhuFGTRiJzBH0WdEoMWNW3PEIAVGWAD0c4SAEVeKzFPbK6nb5tWRqYHXQx9pygZ8YlyjR2tDnK9GYBUOZf5hVrc8kTX-d-V2Lm5cIYqHhs6I1TOYt1Jc7a79ztPPAiCzmN1N3tdbuBLA
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
videoplayback
rr5---sn-n02xgoxufvg3-2gbs.googlevideo.com/ 		3 MB
3 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://rr5---sn-n02xgoxufvg3-2gbs.googlevideo.com/videoplayback?expire=1651070459&ei=e-VoYqOsGsSngQfgtbT4Cg&ip=138.199.38.133&id=c574e9fa066036d8&itag=22&source=youtube&requiressl=yes&mh=Ck&mm=31&mn=sn-n02xgoxufvg3-2gbs&ms=au&mv=m&mvi=5&pl=25&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=20.108&lmt=1648660266175374&mt=1651041413&txp=5432434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIgNku7uMKVZ8ZfgerfEmIi1PXAtnoOltsdfvhtcFqmOb0CIQCz573HLsnI5Of9EbmXyKFOu_O2uYW7UubgUO_jm5_khg==&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIgI8j4h2vl7SOz8mDROGoi64vZeikRV6wGtuZdbOZolYsCIQCBqLdsxXOlqGjyLVsh2z5scXucsmejLqgOKgEP_UKPAw==&cpn=8TnDjSWB4cRQYqzg
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a01:28:cb6:3::10 , Czech Republic, ASN39392 (SUPERNETWORK ^_^, CZ),
Reverse DNS
Software
gvs 1.0 /
Resource Hash
fe89b1819788633045d05c4f1d086cf94f3f2808c54be6c81687007a3ff74851
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Range
bytes=0-

Response headers

Date
Wed, 27 Apr 2022 06:40:59 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 30 Mar 2022 17:11:06 GMT
Server
gvs 1.0
Vary
Origin
Content-Type
video/mp4
Content-Range
bytes 0-2688699/2688700
Cache-Control
private, max-age=28500
Cross-Origin-Resource-Policy
cross-origin
Connection
close
Accept-Ranges
bytes
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length
2688700
Expires
Wed, 27 Apr 2022 06:40:59 GMT
js
ih.adscale.de/sium/6de2f23660ee4ae997dfec95845e2fc6/1651041658215/0/ Frame 6864
Redirect Chain
  • https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=6176f821e68719d3ab4c811588171f7e27b76a9b333d8f0fd0d1e9d24b145040&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F6de2f23660ee4a...
  • https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=6176f821e68719d3ab4c811588171f7e27b76a9b333d8f0fd0d1e9d24b145040&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F6de2f23660ee4a...
  • https://ih.adscale.de/sium/6de2f23660ee4ae997dfec95845e2fc6/1651041658215/0/js?tpid=48&tpuid=1de816c23bb88879ffa86fb1faf799b6
44 B
596 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ih.adscale.de/sium/6de2f23660ee4ae997dfec95845e2fc6/1651041658215/0/js?tpid=48&tpuid=1de816c23bb88879ffa86fb1faf799b6
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.158.238.206 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-238-206.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
d134f8640a1efeb4bb5df2217fcab4bceca8bc6e2a8422144c408b3c1a6f6076

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
p3p
CP=NOI PSA OUR
content-length
44
content-type
text/javascript

Redirect headers

Date
Wed, 27 Apr 2022 06:40:59 GMT
Server
nginx
Vary
Accept
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://ih.adscale.de/sium/6de2f23660ee4ae997dfec95845e2fc6/1651041658215/0/js?tpid=48&tpuid=1de816c23bb88879ffa86fb1faf799b6
Connection
close
Content-Type
text/plain; charset=utf-8
Content-Length
147
dispatch.fcgi
deptagencynl1.solution.weborama.fr/fcgi-bin/ Frame CFBD 		0
360 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://deptagencynl1.solution.weborama.fr/fcgi-bin/dispatch.fcgi?a.A=ev&a.si=6709&a.te=529&a.aap=542&a.ra=1651041657870313&a.agi=159&ca=66969666444&a.wi=300&a.he=600&a.evn=video_play&a.mo=798&a.mox=-9999&a.moy=-9999&a.foi=1&a.foe=1&g.did=&g.ism=0&g.de=0&g.ru=&gdpr_cmp_failure=1&g.pu=
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.216.195.18 , France, ASN12516 (WEBORAMA Weborama provides Internet Services, FR),
Reverse DNS
std-collect-lb-c03-01-vip.weborama.fr
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
last-modified
Wed, 27 Apr 2022 06:40:59 GMT
server
Apache
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
expires
Tue, 03 Jul 2001 06:00:00 GMT
bid
ap.lijit.com/rtb/ Frame 3DBC 		23 B
518 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_3.26.0&iv=ov
Requested by
Host: prebid.s-onetag.com
URL: https://prebid.s-onetag.com/21151f2e-6fc8-4e5d-881a-18a0f86778a8/prebid.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
57d93c30e52cd710b2dee2770b50b65e4cbc5964d2883e3df12babd136a2dc69

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 27 Apr 2022 06:40:59 GMT
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://dailyvoice.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap7ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
23
/
googleads.g.doubleclick.net/pagead/interaction/ Frame C44B 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/interaction/?ai=CACYZe-VoYr7_CJaPjuwP8L6tmArkt4HhaZeJ2PnND9WAk67PLxABIMDCrHpglYKAgJQHoAGwuqHXA8gBBakCPJNFBMrbsT7gAgCoAwGYBACqBOMCT9A-6o6Eofj_IgI7ztW-7ExLHI7MC1RCddBAlKGwKzq-XNHmI9XrlQh3uYpjtFeool0WUInr03VnLI_NNV30fncA4GUEndinH8svwjpFC1h29Twfk3mqsUMVxP1jZs_gI-s6suO0EAGzhMzdWobXKOxpPsoUWv30Ae8YpHxW3tctmZHYEvFk09nToLNaSuOuJIK43ps-xEc55WVmSCkkxz_XZNb0mu2LwQMJkenGIQmQVFV6ofxpSnwemORAzqrIEDgXHyeZ-Fuymn3Smi_0pynbl2Tpcg_lNnP3gYCm6-SYqfK4zvEIHoGDYmTCIg4fus0O3-SWrfrEpgi4KvxTki8SFKgdpUZQ6p7fbtwxy6bE7atD95-8qdI3NqtyFR0VrAOzcC_4GFq2ARhVLj_HRgQUfxQgzO-i_uIbAkrljUGqbuWqrrtkWb4Iu_oNhwNR_u9UseVsQAeRpM45PwQDuPGW38AEp-zY4P0D4AQBoAZUgAee7PaDA6gHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi05MDEyMTg4NDUxNjI5OTM0sQmEDDxlQhpKeIAKA5gLAcgLAdALDrgMAdgTDNAVAeIWAggB-BYBgBcB&sigh=qGXi6Dft-oE&label=video_ad_loaded&acvw=&sdkv=h.3.512.0&vci=CmsIARIec2VjdXJlcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUzNjMyMDgwMzk5MTIMNTg1NDgwMDgxMDM0QIsDUh0QDyUAAMhBKAE6B3Vua25vd25CB3Vua25vd25QABgB
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Oy6hyfNY.js
tpc.googlesyndication.com/sodar/ Frame C44B 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Oy6hyfNY.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.512.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3b2ea1c9f3587781b58285cf64279e67f6329a3924fb93f81529f1826e2f4d16
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 10:58:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
70936
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15406
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Wed, 26 Apr 2023 10:58:43 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame C44B 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CB9mze-VoYr7_CJaPjuwP8L6tmArkt4HhaZeJ2PnND9WAk67PLxABIMDCrHpglYKAgJQHoAGwuqHXA8gBBakCPJNFBMrbsT7gAgCoAwGYBACqBOACT9A-6o6Eofj_IgI7ztW-7ExLHI7MC1RCddBAlKGwKzq-XNHmI9XrlQh3uYpjtFeool0WUInr03VnLI_NNV30fncA4GUEndinH8svwjpFC1h29Twfk3mqsUMVxP1jZs_gI-s6suO0EAGzhMzdWobXKOxpPsoUWv30Ae8YpHxW3tctmZHYEvFk09nToLNaSuOuJIK43ps-xEc55WVmSCkkxz_XZNb0mu2LwQMJkenGIQmQVFV6ofxpSnwemORAzqrIEDgXHyeZ-Fuymn3Smi_0pynbl2Tpcg_lNnP3gYCm6-SYqfK4zvEIHoGDYmTCIg4fus0O3-SWrfrEpgi4KvxTki8SFKgdpUZQ6p7fbtwxy6bE7atD95-8qdI3NqtyFR0VrAOzcC_4GFq2ARhVLj_HRgQUfxQglO4A4uohlGh3QLc5cCw51Q2NLgrJ4uUHAwp_5kX6QJLYi9qHiNb27I8dccAEp-zY4P0D4AQBoAZUgAee7PaDA6gHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwUQ5K7yAagIAdIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tOTAxMjE4ODQ1MTYyOTkzNIAKA8gLAcITBhiwuqHXA9gTDNAVAeIWAggBgBcBshceChwIABIUcHViLTM2MDUyNTczNjA4NTMxODUYusgX&sigh=ic7MVewEeK8&cmd=Ch1jYS12aWRlby1wdWItMzYwNTI1NzM2MDg1MzE4NRAAGAI&uach_m=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&sdkv=h.3.512.0
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers
/
googleads.g.doubleclick.net/pagead/interaction/ Frame C44B 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/interaction/?ai=CmWDPe-VoYr7_CJaPjuwP8L6tmArkt4HhaZeJ2PnND9WAk67PLxABIMDCrHpglYKAgJQHoAGwuqHXA8gBBakCPJNFBMrbsT7gAgCoAwGYBACqBOACT9A-6o6Eofj_IgI7ztW-7ExLHI7MC1RCddBAlKGwKzq-XNHmI9XrlQh3uYpjtFeool0WUInr03VnLI_NNV30fncA4GUEndinH8svwjpFC1h29Twfk3mqsUMVxP1jZs_gI-s6suO0EAGzhMzdWobXKOxpPsoUWv30Ae8YpHxW3tctmZHYEvFk09nToLNaSuOuJIK43ps-xEc55WVmSCkkxz_XZNb0mu2LwQMJkenGIQmQVFV6ofxpSnwemORAzqrIEDgXHyeZ-Fuymn3Smi_0pynbl2Tpcg_lNnP3gYCm6-SYqfK4zvEIHoGDYmTCIg4fus0O3-SWrfrEpgi4KvxTki8SFKgdpUZQ6p7fbtwxy6bE7atD95-8qdI3NqtyFR0VrAOzcC_4GFq2ARhVLj_HRgQUfxQglO4A4uohlGh3QLc5cCw51Q2NLgrJ4uUHAwp_5kX6QJLYi9qHiNb27I8dccAEp-zY4P0D4AQBoAZUgAee7PaDA6gHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi05MDEyMTg4NDUxNjI5OTM0gAoDyAsB2BMM0BUB4hYCCAH4FgGAFwE&sigh=TQOoRK2UGZI&cmd=Ch1jYS12aWRlby1wdWItMzYwNTI1NzM2MDg1MzE4NRAAGAI&label=vast_creativeview&ad_mt=0&acvw=sv%3D925%26cb%3Dima%26e%3D19%26nas%3D1%26sdk%3Dh%26p%3D758,-1810,983,-1410%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D20062%26vmtime%3D-1%26is%3D18%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D0%26ces%26femt%3D1673%26femvt%3D0%26emc%3D3%26emuc%3D0%26emb%3D0,0,0,0,0%26avms%3Dexc%26qi%3D887553569%26psm%3D-2147483648%26psv%3D0%26psfv%3D0%26psa%3D0%26ptlt%3D2178%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1651041659635&sdkv=h.3.512.0&vci=Cm4IARIec2VjdXJlcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUzNjMyMDgwMzk5MTIMNTg1NDgwMDgxMDM0QIsDUiAQDyUAAMhBKAE6B3Vua25vd25CB3Vua25vd25I6gFQABgB
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame C44B 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstrjaHixG3CNNfEhKT7nNsoFm0m1E1wj_IPyYzAl3eGKVkBLMesbcxOOIYObn1FYwvUDfyGAffyLyInAxF96K139CNR2ZE0Ga86-gd5teMX75woGRj49EDNplj6gmE3tJaSSXwABmYmMArW&sai=AMfl-YSBbvVSDt-09mK-4yXnL2TokziJCRFNqEq0mBwGQoMg0mpA_-x8p-qc4Z8lzgEJKOFikpZCskX6vBB-zz90V1OW-9osCHTJsq4OlIh59JsT_popnGmc3CW0zK6a&sig=Cg0ArKJSzOXuc51zIU77EAE&cid=CAASF-RoZ5jKsdv_S5OLr2_3XdZ4bULUII3f&id=lidarv&acvw=sv%3D925%26cb%3Dima%26e%3D15%26nas%3D1%26sdk%3Dh%26p%3D758,-1810,983,-1410%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D20062%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26ic%3D18%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D0%26ces%26femt%3D1673%26femvt%3D0%26emc%3D3%26emuc%3D0%26emb%3D0,0,0,0,0%26avms%3Dexc%26qi%3D887553569%26psm%3D-2147483648%26psv%3D0%26psfv%3D0%26psa%3D0%26ptlt%3D2180%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1651041659635&avm=1
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/interaction/ Frame C44B 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/interaction/?ai=CmWDPe-VoYr7_CJaPjuwP8L6tmArkt4HhaZeJ2PnND9WAk67PLxABIMDCrHpglYKAgJQHoAGwuqHXA8gBBakCPJNFBMrbsT7gAgCoAwGYBACqBOACT9A-6o6Eofj_IgI7ztW-7ExLHI7MC1RCddBAlKGwKzq-XNHmI9XrlQh3uYpjtFeool0WUInr03VnLI_NNV30fncA4GUEndinH8svwjpFC1h29Twfk3mqsUMVxP1jZs_gI-s6suO0EAGzhMzdWobXKOxpPsoUWv30Ae8YpHxW3tctmZHYEvFk09nToLNaSuOuJIK43ps-xEc55WVmSCkkxz_XZNb0mu2LwQMJkenGIQmQVFV6ofxpSnwemORAzqrIEDgXHyeZ-Fuymn3Smi_0pynbl2Tpcg_lNnP3gYCm6-SYqfK4zvEIHoGDYmTCIg4fus0O3-SWrfrEpgi4KvxTki8SFKgdpUZQ6p7fbtwxy6bE7atD95-8qdI3NqtyFR0VrAOzcC_4GFq2ARhVLj_HRgQUfxQglO4A4uohlGh3QLc5cCw51Q2NLgrJ4uUHAwp_5kX6QJLYi9qHiNb27I8dccAEp-zY4P0D4AQBoAZUgAee7PaDA6gHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi05MDEyMTg4NDUxNjI5OTM0gAoDyAsB2BMM0BUB4hYCCAH4FgGAFwE&sigh=TQOoRK2UGZI&cmd=Ch1jYS12aWRlby1wdWItMzYwNTI1NzM2MDg1MzE4NRAAGAI&label=part2viewed&ad_mt=0&acvw=sv%3D925%26cb%3Dima%26e%3D0%26nas%3D1%26sdk%3Dh%26p%3D758,-1810,983,-1410%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D20062%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26i0%3D18%26ic%3D0%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D0%26ces%26femt%3D1673%26femvt%3D0%26emc%3D3%26emuc%3D0%26emb%3D0,0,0,0,0%26avms%3Dexc%26qi%3D887553569%26psm%3D-2147483648%26psv%3D0%26psfv%3D0%26psa%3D0%26ptlt%3D2181%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1651041659635&sdkv=h.3.512.0&vci=Cm4IARIec2VjdXJlcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUzNjMyMDgwMzk5MTIMNTg1NDgwMDgxMDM0QIsDUiAQDyUAAMhBKAE6B3Vua25vd25CB3Vua25vd25I6gFQABgB
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame C44B 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?evt=showui&format=TRUEVIEW&lid=143&sdkv=h.3.512.0&e=44750824%2C44757675%2C44761692&id=ima_html5&c=2789614745042956&domain
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/interaction/ Frame C44B 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/interaction/?ai=CmWDPe-VoYr7_CJaPjuwP8L6tmArkt4HhaZeJ2PnND9WAk67PLxABIMDCrHpglYKAgJQHoAGwuqHXA8gBBakCPJNFBMrbsT7gAgCoAwGYBACqBOACT9A-6o6Eofj_IgI7ztW-7ExLHI7MC1RCddBAlKGwKzq-XNHmI9XrlQh3uYpjtFeool0WUInr03VnLI_NNV30fncA4GUEndinH8svwjpFC1h29Twfk3mqsUMVxP1jZs_gI-s6suO0EAGzhMzdWobXKOxpPsoUWv30Ae8YpHxW3tctmZHYEvFk09nToLNaSuOuJIK43ps-xEc55WVmSCkkxz_XZNb0mu2LwQMJkenGIQmQVFV6ofxpSnwemORAzqrIEDgXHyeZ-Fuymn3Smi_0pynbl2Tpcg_lNnP3gYCm6-SYqfK4zvEIHoGDYmTCIg4fus0O3-SWrfrEpgi4KvxTki8SFKgdpUZQ6p7fbtwxy6bE7atD95-8qdI3NqtyFR0VrAOzcC_4GFq2ARhVLj_HRgQUfxQglO4A4uohlGh3QLc5cCw51Q2NLgrJ4uUHAwp_5kX6QJLYi9qHiNb27I8dccAEp-zY4P0D4AQBoAZUgAee7PaDA6gHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi05MDEyMTg4NDUxNjI5OTM0gAoDyAsB2BMM0BUB4hYCCAH4FgGAFwE&sigh=TQOoRK2UGZI&cmd=Ch1jYS12aWRlby1wdWItMzYwNTI1NzM2MDg1MzE4NRAAGAI&label=admute&ad_mt=0&acvw=sv%3D925%26cb%3Dima%26e%3D10%26nas%3D1%26sdk%3Dh%26p%3D758,-1810,983,-1410%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D10%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D10%26pst%3D-1%26dur%3D20062%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D10%26is%3D18%26i0%3D18%26ic%3D4096%26cs%3D4114%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D0%26ces%26femt%3D1673%26femvt%3D0%26emc%3D3%26emuc%3D0%26emb%3D0,0,0,0,0%26avms%3Dexc%26qi%3D887553569%26psm%3D-2147483648%26psv%3D0%26psfv%3D0%26psa%3D0%26ptlt%3D2184%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1651041659635&sdkv=h.3.512.0&vci=Cm4IARIec2VjdXJlcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUzNjMyMDgwMzk5MTIMNTg1NDgwMDgxMDM0QIsDUiAQDyUAAMhBKAE6B3Vua25vd25CB3Vua25vd25I6gFQABgB
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
liveView.php
live.primis.tech/live/ 		0
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTAzp2VlqzVlVGygZT0kNwUkMDQkNwU2JaZcZF9joGF5ZXJWZXI9Ml4kLwAzpm01ODA1NlZmqGE9MTplMwY5MTxzrD00MDAzrT0lMwUzoXN0YT0kNwI3MmE4NCZ2nWRsqzFmqFR5pGU9MlZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0kJaZcZF9jYXNmRG9gYWyhPWRunWk5qz9cY2UhY29gJaN1YxyxPWRunWk5qz9cY2UhY29gJzRyYaVaSW5zo3JgYXRco249QUJUJTIjJTJGJTIjYzyxp3qcqGNbJTIjJTJGJTIjMSUlMCUlRvUlMHqcqGuiqXQznXNBpHA9MCZ2nWRsYXRcPWZlZWVmqGFlX3BlnW1cp19uZHusqzyxZW9sMTt3Ny9xYWyfrXZinWNyJaJcPTZDNwx3NwY1NTM3NDYkNmQ3MmqDNmM2QwMkN0I1NDMjN0Q3QwY0MmImMDMlMmIlRDMjMmQlRDMlMmp1RwMjMmx3RDqCNmMmMTM2MmImNmMmMmEmODM0N0Q3QwQmMmUmNmqEN0I1MmVBNDp0NwpjNwI0ODZDMmI2MwMlNxM2QTVBNTMmNTZBNwImMwMjM0Q3RDqCNwI2MmY4NmI2RwZENwU3RDqCNmE2NDY1NmM2Qwp0NxY3MDqEN0I2Rwp3Nwx2RTY0NxY3NmpmN0Q3QwU4MmpmMDMjN0Q3QwU5MmQmNmM2N0Q3QwY2MmE3RDqCNmI1MTU1NEE1NTQ5NDMmODY3NTx2RDZDNxI2MmMmNwQ3MDY0NDp0RTZGNDx0MmM4Nwp0RDUmNDE3NwQ5NDt2NDpjNwQ0NmY4NmY2NDU4NTEmRDqEN0I0QmMkMmAmOTM0MmQ3REZFRxUzZGyunWQ9JaVmZXJJpEFxZHI9MzEjMvUmQTZyYTAyM0FwNmFvJTNBMCUmQTEjMTIyM0FzZwA2JTNBMwt0MCUmQTFxYzQzqXNypyVBPU1irzyfoGEyMxY1LwAyMwAyMwuXnW5xo3qmJTIjTyQyMwAkMC4jJTNCJTIjV2yhNwQyM0IyMwB4NwQyMwxyMwBBpHBfZVqyYxgcqCUlRwUmNl4mNvUlMCUlOEgIVE1MJTJDJTIjoGyeZSUlMEqyY2giJTI5JTIjQ2ulo21yJTJGMTAjLwAhNDt5Nv4kMwpyMwBTYWZupzxyMxY1MmphMmYzY3N1qWyxPTYlNwuyNTp4NDRzMWUzpaZhPTAzY29hqGVhqEZcoGVJZD0lMTt4MTU5Jz1yZGyuUGkurUkcp3RJZD0kMDQ0MSZgZWRcYUkcp3RJZD0lNwUmOSZcp0V4Y2k1ZGVGpz9gT3B0PTAznXNDYWNbZWRCnWQ9MCZwo250ZW50TWF0Y2uUrXByPSZmp3BsYWRioT0zZ2Rjpw0kJzqxpHJDo25mZW50PSZcp1qyUGFmp0qxpHI9MCZwY3BuPTAzY2NjYUNioaNyoaQ9JzNvqXN0ZXI9MTY1MTA0MTY1OTt5NlZ1nWQ9U2VenW5xo1NQoGF5ZXI2MwY4ZTU3ODVwYzU2JaB1YyVloD1bqHRjplUmQSUlRvUlRzRunWk5qz9cY2UhY29gJTJGozV3LXyipzfyMxZipzFhZ2V0o3qhJTJGozV3plUlRz55LWRiY3Ripv1woGFcoWVxLW1ipzUgqGuuov0kLW1coGkco24gnW4gZaJuqWR1oGVhqC10YXtgZGVxqWN0nW9hpl1zZWRmLXNurSUlRwtlMDY0MvUlRvZzoG9uqFN0YXR1pm10paVyJzVcZHNjPXBlZWJcZA==
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
server
nginx
age
0
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
no-store
x-amz-cf-pop
FRA6-C1
content-type
text/html; charset=UTF-8
x-amz-cf-id
me5RfUCckzW1OShH4MnEfCYgkSY3h3SxKITjQsGaj8SSH7IE_vjiRw==
liveView.php
live.primis.tech/live/ 		0
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTpzp2VlqzVlVGygZT0kNwUkMDQkNwU2JaZcZF9joGF5ZXJWZXI9Ml4kLwAzpm01ODA1NlZmqGE9MTplMwY5MTxzrD00MDAzrT0lMwUzoXN0YT0kNwI3MmE4NCZ2nWRsqzFmqFR5pGU9MlZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0kJaZcZF9jYXNmRG9gYWyhPWRunWk5qz9cY2UhY29gJaN1YxyxPWRunWk5qz9cY2UhY29gJzRyYaVaSW5zo3JgYXRco249QUJUJTIjJTJGJTIjYzyxp3qcqGNbJTIjJTJGJTIjMSUlMCUlRvUlMHqcqGuiqXQznXNBpHA9MCZ2nWRsYXRcPWZlZWVmqGFlX3BlnW1cp19uZHusqzyxZW9sMTt3Ny9xYWyfrXZinWNyJaVmZXJJpEFxZHI9MzEjMvUmQTZyYTAyM0FwNmFvJTNBMCUmQTEjMTIyM0FzZwA2JTNBMwt0MCUmQTFxYzQzqXNypyVBPU1irzyfoGEyMxY1LwAyMwAyMwuXnW5xo3qmJTIjTyQyMwAkMC4jJTNCJTIjV2yhNwQyM0IyMwB4NwQyMwxyMwBBpHBfZVqyYxgcqCUlRwUmNl4mNvUlMCUlOEgIVE1MJTJDJTIjoGyeZSUlMEqyY2giJTI5JTIjQ2ulo21yJTJGMTAjLwAhNDt5Nv4kMwpyMwBTYWZupzxyMxY1MmphMmYzY3N1qWyxPTYlNwuyNTp4NDRzMWUzpaZhPTAzY29hqGVhqEZcoGVJZD0jJz1yZGyuUGkurUkcp3RJZD0jJz1yZGyuTGymqEyxPTAzZ2Rjpw0kJzqxpHJDo25mZW50PSZcp1qyUGFmp0qxpHI9MCZwY3BuPTAzY2NjYUNioaNyoaQ9JzNvqXN0ZXI9MTY1MTA0MTY1OTxjMlZ1nWQ9U2VenW5xo1NQoGF5ZXI2MwY4ZTU3ODVwYzU2JaB1YyVloD1bqHRjplUmQSUlRvUlRzRunWk5qz9cY2UhY29gJTJGozV3LXyipzfyMxZipzFhZ2V0o3qhJTJGozV3plUlRz55LWRiY3Ripv1woGFcoWVxLW1ipzUgqGuuov0kLW1coGkco24gnW4gZaJuqWR1oGVhqC10YXtgZGVxqWN0nW9hpl1zZWRmLXNurSUlRwtlMDY0MvUlRvZzoG9uqFN0YXR1pm10paVyJzVcZHNjPXBlZWJcZA==
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
server
nginx
age
0
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
no-store
x-amz-cf-pop
FRA6-C1
content-type
text/html; charset=UTF-8
x-amz-cf-id
oa0Rt6PFzL5cdVvJCWMhzhLX8kZUusAF2BX81iUxnQJ6Fw7BJXQpAw==
sium
ih.adscale.de/ Frame 6864 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ih.adscale.de/sium
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/match.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.238.206 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-238-206.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://ih.adscale.de
date
Wed, 27 Apr 2022 06:40:59 GMT
access-control-allow-credentials
true
access-control-allow-headers
x-openrtb-version
content-length
0
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
any
idx.liadm.com/idex/unknown/ 		0
488 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://idx.liadm.com/idex/unknown/any?duid=6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw
Requested by
Host: b-code.liadm.com
URL: https://b-code.liadm.com/a-00ex.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.136.163 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-136-163.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:41:00 GMT
Request-Time
3
Server
nginx/1.18.0
Vary
Origin
Access-Control-Allow-Origin
https://dailyvoice.com
Connection
keep-alive
Access-Control-Allow-Credentials
true
Strict-Transport-Security
max-age=31536000; includeSubDomains
trace-id
b89ebf926afda448
envelope
api.rlcdn.com/api/identity/ 		0
252 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.rlcdn.com/api/identity/envelope?pid=1434
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.133.55 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
55.133.120.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
content-length
0
sync.html
public.servenobid.com/ Frame 76FB 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://public.servenobid.com/sync.html
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5ba644f0fddbedd145f222319852b63c370c3cb827de34c21e5f0823e6d33057

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=86400
content-encoding
br
content-type
text/html
date
Wed, 27 Apr 2022 06:40:59 GMT
etag
"a067ca1c11975e052149fcb5fac5e2d3"
last-modified
Tue, 26 Apr 2022 01:37:54 GMT
server
AmazonS3
x-amz-id-2
C7ydDd7AkMSlHWM30A52dYWArIxPDQIPYoJe6eFBdgNljrrKy19JHqh+7259cnInog52ta1ikp4=
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:5eb96107-ea8e-4447-a80a-9b951732aaca
x-amz-meta-codebuild-content-md5
e5441cba1c83e44c16f2d792acc1823c
x-amz-meta-codebuild-content-sha256
3b14aefb08d603d224cbf56f0ff34e70ebd576659dc2557c0629a8ec6943dc55
x-amz-request-id
XG65YG01VG5TWA0H
x-azure-ref
0fOVoYgAAAAC89r3ogXWEQr4iSCpjRPbrRlJBMzFFREdFMDMxOQA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
x-azure-ref-originshield
0rL9oYgAAAADoqF2oOZpGQpsJoM6wG+xMQU1TMDRFREdFMTkxMAA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
x-cache
TCP_HIT
usync.html
eus.rubiconproject.com/ Frame C614 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 27 Apr 2022 06:40:59 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
checksync.php
contextual.media.net/ Frame 01FC 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUR0N35X&prvid=2034%2C2033%2C173%2C251%2C175%2C178%2C233%2C3018%2C3017%2C159%2C214%2C236%2C3016%2C237%2C117%2C337%2C338%2C70%2C97%2C99%2C77%2C3012%2C182%2C3010%2C141%2C222%2C201%2C3007%2C246%2C4%2C203%2C10000%2C80%2C108%2C229%2C9%2C109%2C208%2C307&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
96bdf7b1036a1ba412b252f15f9bb814e1a208c929447ff7dc1de78ce96a46c1
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
8153
content-type
text/html; charset=UTF-8
date
Wed, 27 Apr 2022 06:40:59 GMT
expires
Fri, 29 Apr 2022 06:40:59 GMT
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
ixmatch.html
js-sec.indexww.com/um/ Frame 1BB1 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1388
Content-Type
text/html; charset=UTF-8
Date
Wed, 27 Apr 2022 06:40:59 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server
Apache
Vary
Accept-Encoding
sync
pre.ads.justpremium.com/v/1.0/t/ Frame 4578 		6 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pre.ads.justpremium.com/v/1.0/t/sync?_c=a8um8db1651041656857
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.86.25 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-86-25.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
115d0ed8e5977aaffd686d66e65d19f79976afa066ff494748ed9d880f8d0d45

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public, no-cache, no-store, must-revalidate
content-type
text/html; charset=utf-8
date
Wed, 27 Apr 2022 06:40:59 GMT
beacon
ap.lijit.com/ Frame E72B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon?informer=13410438
Requested by
Host: daily-voice-res.cloudinary.com
URL: https://daily-voice-res.cloudinary.com/raw/upload/v1640915222/static/Prebid6.5.0_20211230.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date
Wed, 27 Apr 2022 06:40:59 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
Server
nginx
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap7ams1
hhrtBw21.html
tpc.googlesyndication.com/sodar/ Frame AEB9 		23 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/hhrtBw21.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Oy6hyfNY.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
861aed070db50ce0da9928455deff784c115b44540b09450f225ff7cff0c7429
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://imasdk.googleapis.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
19488
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8727
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 01:16:11 GMT
expires
Thu, 27 Apr 2023 01:16:11 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
analytics
pba.aws.lijit.com/ Frame 3DBC 		0
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pba.aws.lijit.com/analytics
Requested by
Host: prebid.s-onetag.com
URL: https://prebid.s-onetag.com/21151f2e-6fc8-4e5d-881a-18a0f86778a8/prebid.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.224.78.125 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-224-78-125.us-east-2.compute.amazonaws.com
Software
nginx/1.14.1 / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:41:00 GMT
server
nginx/1.14.1
x-powered-by
Express
analytics
pba.aws.lijit.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pba.aws.lijit.com/analytics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.224.78.125 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-224-78-125.us-east-2.compute.amazonaws.com
Software
nginx/1.14.1 / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://dailyvoice.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:40:59 GMT
server
nginx/1.14.1
vary
Access-Control-Request-Headers
x-powered-by
Express
usync.js
eus.rubiconproject.com/ Frame C614 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
9373556c315280b756fbe5e357153b8b34d73c3da1a92367a1018561912d4a3a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:40:59 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Mar 2022 16:28:01 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=77804
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9542
Expires
Thu, 28 Apr 2022 04:17:43 GMT
external.html
cstatic.weborama.fr/iframe/ Frame 4B9C 		55 B
193 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cstatic.weborama.fr/iframe/external.html?gdpr_cmp_failure=1
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F94) /
Resource Hash
538ed9d8c563eca08780be8790440c3d8e3ca397c255afbed9c851e42d91d8ac

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
444637
cache-control
max-age=604800
content-length
55
content-type
text/html
date
Wed, 27 Apr 2022 06:41:00 GMT
etag
"2365077470"
expires
Wed, 04 May 2022 06:41:00 GMT
last-modified
Wed, 21 Apr 2021 09:47:58 GMT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
server
ECAcc (frc/8F94)
x-cache
HIT
jp
rtb.gumgum.com/usync/ Frame 5FF1 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-980b0e51-fee1-433d-8ba0-5e54271b5428-7348-576199536%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Requested by
Host: pre.ads.justpremium.com
URL: https://pre.ads.justpremium.com/v/1.0/t/sync?_c=a8um8db1651041656857
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e34b3bcf06d0c366c063abde04d02d3ce08d8a44e2bb522ca4581bb82dde9125

Request headers

Referer
https://pre.ads.justpremium.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Wed, 27 Apr 2022 06:41:00 GMT
etag
W/"077dab144875ff06cf0aabac00de92aaf"
server
nginx
timing-allow-origin
*
c
c.pub.network/ 		36 B
53 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.pub.network/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.messaging.2.25.0.9843edf0e05467b8fcc058bd038d3ff50171db2479e2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.71.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
192.71.201.35.bc.googleusercontent.com
Software
/
Resource Hash
446043a7ceb4b6eb563bebdd3ed0510fd5280567a053939591c0ca57dc5f7a80

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 27 Apr 2022 06:41:00 GMT
via
1.1 google
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/plain;charset=utf-8
access-control-allow-origin
https://dailyvoice.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
36
csi
csi.gstatic.com/ Frame D536 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~l2h7kop6&c=3013544730103&slotId=1506772365051.5&qqid=CMGo5LvRs_cCFcrKuwgdjIwPqQ&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=1000&br=746&mt=video%2Fmp4&vs=640x360&ulv=1&cll=0&vmfc=12&vhc=0&msm=1&aits=0%2C18%2C22%2C37%2C692%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=344&vsrc=web_video_ads&ape=1&ple=0&umsem=0
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220418_RC00/outstream.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4023:1009::5e Fort Worth, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usermatch
ssum-sec.casalemedia.com/ Frame 07C9 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
adae9d2f4c09e86a997123a680fa0b592f097488c0a7ea012b03f0e0c75614f0

Request headers

Referer
https://js-sec.indexww.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
1662
Content-Type
text/html
Date
Wed, 27 Apr 2022 06:41:00 GMT
Dropped-Udsids
46|88|206|3|73|152|221|188
Expires
Wed, 27 Apr 2022 06:41:00 GMT
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
Vary
Is-Traffic-Usersync
d_XgMe7_8DX3JscHlpumBxzOcHqlAtWKp75Cu0r3_I4.js
pagead2.googlesyndication.com/bg/ Frame AEB9 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/d_XgMe7_8DX3JscHlpumBxzOcHqlAtWKp75Cu0r3_I4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/hhrtBw21.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
77f5e031eefff035f726c707969ba6071cce707aa502d58aa7be42bb4af7fc8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 16:23:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
51436
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13694
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 26 Apr 2023 16:23:44 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame CB54 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fx.yieldlift.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1YN-%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=22392
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Wed, 27 Apr 2022 06:41:00 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 27 Apr 2022 12:54:12 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
13926
g2.gumgum.com/usync/ Frame 0129 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
19a2f0e55b8b27b0b2f46e821abd2ed91a355e086a5ed756bee99ec62ecf34ef

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Wed, 27 Apr 2022 06:41:00 GMT
etag
W/"029171a9b98bcbe8cab8304b9b1211a3f"
server
nginx
timing-allow-origin
*
ps
pixel.33across.com/ Frame A285 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip24.67-202-105.static.steadfastdns.net
Software
33XP003 /
Resource Hash

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 27 Apr 2022 06:41:00 GMT
server
33XP003
x-33x-status
2000208
/
onetag-sys.com/usync/ Frame EF23 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.75.86.98 , France, ASN16276 (OVH, FR),
Reverse DNS
ip98.ip-51-75-86.eu
Software
/
Resource Hash
6bf43be58a29c016e721a86d5c5efb03377e225af9d7b3b48b5abd0a873ec13e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-transform, no-cache
content-encoding
gzip
content-length
1464
content-type
text/html
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
strict-transport-security
max-age=15552000
sync
ssbsync.smartadserver.com/api/ Frame E9B7 		765 B
1015 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.104 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
3117f031f71e77fbdc0bf40c3ba81421259a24a26cda1cdc524855d428b81e8a

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
765
content-type
text/html
date
Wed, 27 Apr 2022 06:40:59 GMT
usermatch
ssum-sec.casalemedia.com/ Frame 1000 		1 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e2aa214c8efb2d342afa0da35883bedc9f93f10926fe76548d6a29c3984aadb5

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
1489
Content-Type
text/html
Date
Wed, 27 Apr 2022 06:41:00 GMT
Dropped-Udsids
4|65|64|111|10|241|88|190
Expires
Wed, 27 Apr 2022 06:41:00 GMT
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
Vary
Is-Traffic-Usersync
sync.php
pixel.rubiconproject.com/exchange/ Frame 76FB 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/exchange/sync.php?p=13702&gdpr=0&gdpr_consent=&us_privacy=1YN-&
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
4b510f0cc5fcbc9800016ef543086418
Content-Type
image/gif
sync
ads.servenobid.com/ Frame 76FB
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
  • https://ads.servenobid.com/sync?pid=312&uid=4382111657419277628
0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=312&uid=4382111657419277628
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
99.80.41.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-41-206.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:00 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:00 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
2aa5fab7-ee71-4196-be47-74d844852266
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ads.servenobid.com/sync?pid=312&uid=4382111657419277628
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
ads.servenobid.com/ Frame 76FB
Redirect Chain
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
  • https://ads.servenobid.com/sync?pid=310&uid=d89d8fb3624ba299d31d58b0
0
348 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=310&uid=d89d8fb3624ba299d31d58b0
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
99.80.41.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-41-206.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:00 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:00 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Location
https://ads.servenobid.com/sync?pid=310&uid=d89d8fb3624ba299d31d58b0
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap4ams1
Content-Length
0
Expires
Fri, 20 Mar 2009 00:00:00 GMT
pixel
ap.lijit.com/ Frame 76FB 		0
277 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Wed, 27 Apr 2022 06:41:00 GMT
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap7ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
sync
ads.servenobid.com/ Frame 76FB
Redirect Chain
  • https://x.yieldlift.com/getuid?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D314%26uid%3D%24UID
  • https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiYWY2YzgwOWItNzFhOC00OGRmLWI2YWUtMDViNTU3ZmQwYjU5IiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNC0yN1QwNjo0MTowMC40NjI1MzVaIn0=
0
431 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiYWY2YzgwOWItNzFhOC00OGRmLWI2YWUtMDViNTU3ZmQwYjU5IiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNC0yN1QwNjo0MTowMC40NjI1MzVaIn0=
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
99.80.41.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-41-206.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:00 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Location
https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiYWY2YzgwOWItNzFhOC00OGRmLWI2YWUtMDViNTU3ZmQwYjU5IiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNC0yN1QwNjo0MTowMC40NjI1MzVaIn0=
Pragma
no-cache
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
0
rmpssp
sync.1rx.io/usersync2/ Frame 76FB 		0
0
sync
ads.servenobid.com/ Frame 76FB
Redirect Chain
  • https://p.rfihub.com/cm?pub=44007&in=1
  • https://ads.servenobid.com/sync?pid=324&uid=5144588520131858600
0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=324&uid=5144588520131858600
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
99.80.41.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-41-206.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:00 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Location
https://ads.servenobid.com/sync?pid=324&uid=5144588520131858600
Date
Wed, 27 Apr 2022 06:41:00 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
usa
sync.go.sonobi.com/ Frame 76FB 		0
478 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:00 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-129
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
sync
ads.servenobid.com/ Frame 76FB
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
  • https://ads.servenobid.com/sync?pid=327&uid=828e9447-06f4-4492-9978-ee5ec1ef4c4b&gdpr=0&gdpr_consent=&us_privacy=1YN-
0
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=327&uid=828e9447-06f4-4492-9978-ee5ec1ef4c4b&gdpr=0&gdpr_consent=&us_privacy=1YN-
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
99.80.41.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-41-206.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:00 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

location
https://ads.servenobid.com/sync?pid=327&uid=828e9447-06f4-4492-9978-ee5ec1ef4c4b&gdpr=0&gdpr_consent=&us_privacy=1YN-
date
Wed, 27 Apr 2022 06:40:59 GMT
cache-control
max-age=0, private, must-revalidate
x-envoy-upstream-service-time
1
server
envoy
content-length
0
sync
ads.servenobid.com/ Frame 76FB
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58559/occ
  • https://ads.servenobid.com/sync?pid=337&uid=y-6ZfGNzBE2uG_G4BGO02v1w1IbmQczXalfLeqEuw-~A
0
367 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=337&uid=y-6ZfGNzBE2uG_G4BGO02v1w1IbmQczXalfLeqEuw-~A
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
99.80.41.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-41-206.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:00 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

location
https://ads.servenobid.com/sync?pid=337&uid=y-6ZfGNzBE2uG_G4BGO02v1w1IbmQczXalfLeqEuw-~A
date
Wed, 27 Apr 2022 06:41:00 GMT
server
ATS/9.1.0.46
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
getuid
secure.adnxs.com/ Frame 07C9 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.90 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers
ZMAwryCI
sync-tm.everesttech.net/upi/pid/ Frame 07C9 		0
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
via
1.1 varnish
server
Varnish
x-timer
S1651041660.171885,VS0,VE0
x-cache
MISS
cache-control
no-cache
x-cache-hits
0
accept-ranges
bytes
content-length
0
retry-after
0
x-served-by
cache-hhn4070-HHN
sync
ups.analytics.yahoo.com/ups/55940/ Frame 07C9 		0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB&gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:00 GMT
server
ATS/9.1.0.46
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
crum
dsum-sec.casalemedia.com/ Frame 07C9
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=1&gdpr_consent=
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=1&gdpr_consent=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:00 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:41:00 GMT

Redirect headers

Date
Wed, 27 Apr 2022 06:41:00 GMT
Server
MT3 4374 b349c17 master ord-pixel-x3 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=1&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 27 Apr 2022 06:40:59 GMT
YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 07C9 		43 B
985 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB?gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3602:54d1:782f:29ca:abc0 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:00 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
crum
dsum-sec.casalemedia.com/ Frame 07C9
Redirect Chain
  • https://sync.extend.tv/r.gif?exchange=index
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=956c06c7-d18f-417d-b6cc-da1115f6fb4f
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=956c06c7-d18f-417d-b6cc-da1115f6fb4f
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:00 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:41:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:00 GMT
Access-Control-Allow-Origin
*
Content-Type
text/html; charset=utf-8
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=956c06c7-d18f-417d-b6cc-da1115f6fb4f
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
132
Expires
Tue, 29 May 1984 15:00:00 GMT
qmap
sync.crwdcntrl.net/ Frame 07C9
Redirect Chain
  • https://sync.crwdcntrl.net/qmap?c=6725&tp=INDX&tpid=YmjleKUCRbN6zLlXA4o4fwAA%261164&gdpr=1&gdpr_consent=&us_privacy=
  • https://sync.crwdcntrl.net/qmap?c=6725&tp=INDX&tpid=YmjleKUCRbN6zLlXA4o4fwAA%261164&gdpr=1&gdpr_consent=&us_privacy=&ct=y
49 B
279 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.crwdcntrl.net/qmap?c=6725&tp=INDX&tpid=YmjleKUCRbN6zLlXA4o4fwAA%261164&gdpr=1&gdpr_consent=&us_privacy=&ct=y
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Server
54.220.157.118 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-220-157-118.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
expires
0
cache-control
no-cache
x-server
10.45.10.128
content-type
image/gif
content-length
49
x-consent
absent

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://sync.crwdcntrl.net/qmap?c=6725&tp=INDX&tpid=YmjleKUCRbN6zLlXA4o4fwAA%261164&gdpr=1&gdpr_consent=&us_privacy=&ct=y
cache-control
no-cache
x-server
10.45.25.20
content-length
0
expires
0
CookieIndex
rtb.adentifi.com/ Frame 07C9 		0
47 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.adentifi.com/CookieIndex
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.200.145.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-200-145-253.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:00 GMT
content-length
0
content-type
text/plain
htw-pixel.gif
js-sec.indexww.com/ht/ Frame 07C9 		43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://js-sec.indexww.com/ht/htw-pixel.gif?YmjleKUCRbN6zLlXA4o4fwAA%261164
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:41:00 GMT
Last-Modified
Tue, 24 Jan 2017 19:36:04 GMT
Server
Apache
ETag
"902a3d-2b-546dc3a097100"
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=2492
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 07:22:32 GMT
usersync
rtb.gumgum.com/ Frame 5FF1
Redirect Chain
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
  • https://rtb.gumgum.com/usersync?b=apn&i=4382111657419277628
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=apn&i=4382111657419277628
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-980b0e51-fee1-433d-8ba0-5e54271b5428-7348-576199536%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol
H2
Server
34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:00 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
a1c8eb27-e9f9-460a-9ee8-4c47ccab8c70
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://rtb.gumgum.com/usersync?b=apn&i=4382111657419277628
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
x.bidswitch.net/ Frame 5FF1 		43 B
220 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_7266872c-f8f0-4b3e-8269-ddf99d58de69&gdpr=1&gdpr_consent=&us_privacy=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-980b0e51-fee1-433d-8ba0-5e54271b5428-7348-576199536%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.121.19.101 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-121-19-101.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:41:00 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
cookie-sync
sync.outbrain.com/ Frame 5FF1
Redirect Chain
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=1&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%28RolI8uDdeG62eGQ3hYOPAb44bW2fKqmHC867sdav67lf7naOwveNRHS5sGyB0u0J%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_4d40ca8c-ae78-4c69-8550-473caf72df38&obuid=ENC(RolI8uDdeG62eGQ3hYOPAb44bW2fKqmHC867sdav67lf7naOwveNRHS5sGyB0u0J)
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
  • https://sync.1rx.io/usersync2/rmpssp?sub=outbrain&redirect=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dunruly%26uid%3Duuid%3D%5BRX_UUID%5D%26obUid%3DRwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-...
  • https://sync.1rx.io/usersync2/rmpssp?sub=outbrain&zcc=1&cb=1651041661607
  • https://sync.outbrain.com/cookie-sync?p=unruly&uid=OPTOUT&obUid=$D
0
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.outbrain.com/cookie-sync?p=unruly&uid=OPTOUT&obUid=$D
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-980b0e51-fee1-433d-8ba0-5e54271b5428-7348-576199536%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol
HTTP/1.1
Server
70.42.32.31 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:41:01 GMT
Cache-Control
no-cache
X-TraceId
9aa3e0c7abc36d10b0cab5a19919c81c
Content-Length
0

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:01 GMT
server
Tengine
etag
OPTOUT
content-type
text/html
location
https://sync.outbrain.com/cookie-sync?p=unruly&uid=OPTOUT&obUid=$D
cache-control
no-store, no-cache, must-revalidate
expires
0
cm
us-u.openx.net/w/1.0/ Frame 5FF1 		43 B
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=1&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-980b0e51-fee1-433d-8ba0-5e54271b5428-7348-576199536%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
content-encoding
gzip
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
via
1.1 google
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT
sync
sync.srv.stackadapt.com/ Frame 5FF1 		43 B
168 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.srv.stackadapt.com/sync?nid=1&gdpr=1&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-980b0e51-fee1-433d-8ba0-5e54271b5428-7348-576199536%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.237.23.137 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-237-23-137.compute-1.amazonaws.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:41:00 GMT
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
usersync
rtb.gumgum.com/ Frame 5FF1
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=1&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=oth&i=y-d07gHRdE2pfojnEAZYhtf1kp1JyFoy5io9x5~A
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=oth&i=y-d07gHRdE2pfojnEAZYhtf1kp1JyFoy5io9x5~A
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-980b0e51-fee1-433d-8ba0-5e54271b5428-7348-576199536%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol
H2
Server
34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Wed, 27 Apr 2022 06:41:00 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://rtb.gumgum.com/usersync?b=oth&i=y-d07gHRdE2pfojnEAZYhtf1kp1JyFoy5io9x5~A
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
usersync
rtb.gumgum.com/ Frame 5FF1
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=1&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%...
  • https://rtb.gumgum.com/usersync?b=vnt&i=005e4457-c5f5-11ec-a021-4d86a53e2b06
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=vnt&i=005e4457-c5f5-11ec-a021-4d86a53e2b06
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-980b0e51-fee1-433d-8ba0-5e54271b5428-7348-576199536%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol
H2
Server
34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=vnt&i=005e4457-c5f5-11ec-a021-4d86a53e2b06
Date
Wed, 27 Apr 2022 06:40:59 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
005e4458-c5f5-11ec-a021-4d86a53e2b06
services
sync.technoratimedia.com/ Frame 5FF1 		0
293 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-980b0e51-fee1-433d-8ba0-5e54271b5428-7348-576199536%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
150.136.156.92 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:00 GMT
via
1.1 varnish
server
nginx
age
0
access-control-allow-methods
POST,GET,HEAD,OPTIONS
x-varnish
844331282
access-control-allow-origin
https://rtb.gumgum.com/
access-control-allow-credentials
true
usersync
rtb.gumgum.com/ Frame 5C21
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=1&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
  • https://rtb.gumgum.com/usersync?b=mmh&i=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=1&gdpr_consent=
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=mmh&i=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=1&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-980b0e51-fee1-433d-8ba0-5e54271b5428-7348-576199536%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Wed, 27 Apr 2022 06:41:00 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Wed, 27 Apr 2022 06:41:00 GMT
Expires
Wed, 27 Apr 2022 06:40:59 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 4335 2c68c00 master ord-pixel-x31 config:1.0.0
location
https://rtb.gumgum.com/usersync?b=mmh&i=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=1&gdpr_consent=
URnmbSKM
sync-tm.everesttech.net/upi/pid/ Frame 4B0A 		0
60 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-980b0e51-fee1-433d-8ba0-5e54271b5428-7348-576199536%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
no-cache
content-length
0
date
Wed, 27 Apr 2022 06:41:00 GMT
pragma
no-cache
retry-after
0
server
Varnish
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-hhn4070-HHN
x-timer
S1651041660.204670,VS0,VE0
pixel
cm.g.doubleclick.net/ Frame 4C7D 		170 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV83MjY2ODcyYy1mOGYwLTRiM2UtODI2OS1kZGY5OWQ1OGRlNjk=&gdpr=1&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-980b0e51-fee1-433d-8ba0-5e54271b5428-7348-576199536%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
170
content-type
image/png
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 06:41:00 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 50F3 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-980b0e51-fee1-433d-8ba0-5e54271b5428-7348-576199536%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=22392
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Wed, 27 Apr 2022 06:41:00 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 27 Apr 2022 12:54:12 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
generic
match.adsrvr.org/track/cmf/ Frame 36F3 		70 B
264 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-980b0e51-fee1-433d-8ba0-5e54271b5428-7348-576199536%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private,no-cache, must-revalidate
content-length
70
content-type
image/gif
date
Wed, 27 Apr 2022 06:41:00 GMT
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma
no-cache
x-aspnet-version
4.0.30319
usync.html
eus.rubiconproject.com/ Frame 30BC
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-980b0e51-fee1-433d-8ba0-5e54271b5428-7348-576199536%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 27 Apr 2022 06:41:00 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Wed, 27 Apr 2022 06:41:00 GMT
location
https://eus.rubiconproject.com/usync.html?p=gumgum
server
AkamaiGHost
um
cs.emxdgt.com/ Frame C91A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=1&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-980b0e51-fee1-433d-8ba0-5e54271b5428-7348-576199536%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
content-type
text/html
date
Wed, 27 Apr 2022 06:40:59 GMT
usersync
rtb.gumgum.com/ Frame 0E82
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://rtb.gumgum.com/usersync?b=sus&i=YmjlfMCo8XkAAJ5jFUAAAAAA
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=sus&i=YmjlfMCo8XkAAJ5jFUAAAAAA
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-980b0e51-fee1-433d-8ba0-5e54271b5428-7348-576199536%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Wed, 27 Apr 2022 06:41:00 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

Cache-Control
private
Connection
keep-alive
Content-Length
0
Date
Wed, 27 Apr 2022 06:41:00 GMT
Location
https://rtb.gumgum.com/usersync?b=sus&i=YmjlfMCo8XkAAJ5jFUAAAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
Server
nginx
X-SO-Ads-Time
10
X-SO-Cluster-ID
3
X-SO-HostName
m-ad195.dc4p.scaleout.jp
X-SO-IP
138.199.38.133
X-SO-Key
YmjlfMCo8XkAAJ5jFUAAAAAA
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":3,"gdpr":true,"ipv4":"0.0.0.0","key":"YmjlfMCo8XkAAJ5jFUAAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad195"}
X-SO-LB-Hostname
m-tgng21.dc4p.scaleout.jp
X-SO-Upstream-ID
m-ad195
sync
ads.servenobid.com/ Frame E9B7 		0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=317&uid=5142193176481493273&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.80.41.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-41-206.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:00 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
/
rtb-csync.smartadserver.com/redir/ Frame E9B7
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=39&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D25%26partneruserid%3D%5BMM_UUID%5D&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=25&partneruserid=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=0&gdpr_consent=
43 B
465 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=25&partneruserid=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.139.89 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
cache-control
no-cache,no-store
content-type
image/gif
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

Date
Wed, 27 Apr 2022 06:41:00 GMT
Server
MT3 4335 2c68c00 master ord-pixel-x6 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=25&partneruserid=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 27 Apr 2022 06:40:59 GMT
/
rtb-csync.smartadserver.com/redir/ Frame E9B7
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=30&p=273&cp=smartortb&cu=1&url=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D79%26partneruserid%3D%40%40CRITEO_USERID%40%4...
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=79&partneruserid=59a1600e-0f3a-4c9e-8fe0-6369948a946e&gdpr=0&gdpr_consent=
43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=79&partneruserid=59a1600e-0f3a-4c9e-8fe0-6369948a946e&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.139.89 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
cache-control
no-cache,no-store
content-type
image/gif
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
server
Kestrel
x-errorlevel
0
strict-transport-security
max-age=31536000; preload;
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=79&partneruserid=59a1600e-0f3a-4c9e-8fe0-6369948a946e&gdpr=0&gdpr_consent=
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1826492
content-length
0
expires
Wed, 27 Apr 2022 00:00:00 GMT
/
rtb-csync.smartadserver.com/redir/ Frame E9B7
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-EtBqU4Lj3YbAv.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=2ghNHYkPTB3BC0NH2w1WEdtbGhDBD0oUilsbFh6L
43 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=2ghNHYkPTB3BC0NH2w1WEdtbGhDBD0oUilsbFh6L
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.139.89 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:00 GMT
transfer-encoding
chunked
content-type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=2ghNHYkPTB3BC0NH2w1WEdtbGhDBD0oUilsbFh6L
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
smartadserver
cs.admanmedia.com/sync/ Frame E9B7 		0
225 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.admanmedia.com/sync/smartadserver?us_privacy=&coppa=&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
8.2.111.142 , United States, ASN46636 (NATCOWEB, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:41:00 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
Server
nginx
Connection
keep-alive
X-Frame-Options
DENY
Content-Type
text/plain
usersync
rtb.gumgum.com/ Frame 0129
Redirect Chain
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
  • https://rtb.gumgum.com/usersync?b=apn&i=4382111657419277628
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=apn&i=4382111657419277628
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:00 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
c23c4700-e5ab-49a0-9c5c-f60cc2aea923
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://rtb.gumgum.com/usersync?b=apn&i=4382111657419277628
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usersync
rtb.gumgum.com/ Frame 0129
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_4d40ca8c-ae78-4c69-8550-473caf72df38&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgumgum2
  • https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgumgum2
  • https://x.bidswitch.net/sync?dsp_id=59&user_id=efa0ec7f-7a01-430e-992f-d163b25d14bf&ssp=gumgum2
  • https://rtb.gumgum.com/usersync?b=bsw&i=2275a37a-a7fe-43bf-85f5-f6d1ffd0e621
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=bsw&i=2275a37a-a7fe-43bf-85f5-f6d1ffd0e621
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
//rtb.gumgum.com/usersync?b=bsw&i=2275a37a-a7fe-43bf-85f5-f6d1ffd0e621
Date
Wed, 27 Apr 2022 06:41:00 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
pubmatic
um.simpli.fi/ Frame 0129
Redirect Chain
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%28RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_4d40ca8c-ae78-4c69-8550-473caf72df38&obuid=ENC(RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82)
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160065&gdpr=PM_GDPR&gdpr_consent=PM_CONSENT&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160065%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%...
  • https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=PM_CONSENT
43 B
610 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=PM_CONSENT
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
169.50.137.184 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
b8.89.32a9.ip4.static.sl-reverse.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:01 GMT
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Tue, 26 Apr 2022 06:41:01 GMT

Redirect headers

location
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=PM_CONSENT
date
Wed, 27 Apr 2022 06:41:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
217
content-type
text/html; charset=utf-8
usersync
rtb.gumgum.com/ Frame 0129
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://rtb.gumgum.com/usersync?b=opx&i=b9dd46b2-d86f-4dfd-9377-d0f414cc0ff4
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=opx&i=b9dd46b2-d86f-4dfd-9377-d0f414cc0ff4
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Wed, 27 Apr 2022 06:41:00 GMT
content-encoding
gzip
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://rtb.gumgum.com/usersync?b=opx&i=b9dd46b2-d86f-4dfd-9377-d0f414cc0ff4
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
via
1.1 google
usersync
rtb.gumgum.com/ Frame 0129
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=sta&i=0-2b196980-0ccf-4d76-6d4a-d76f85212a65$ip$138.199.38.133
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=sta&i=0-2b196980-0ccf-4d76-6d4a-d76f85212a65$ip$138.199.38.133
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=sta&i=0-2b196980-0ccf-4d76-6d4a-d76f85212a65$ip$138.199.38.133
Date
Wed, 27 Apr 2022 06:41:00 GMT
Connection
keep-alive
Content-Length
123
Content-Type
text/html; charset=utf-8
usersync
rtb.gumgum.com/ Frame 0129
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=oth&i=y-d07gHRdE2pfojnEAZYhtf1kp1JyFoy5io9x5~A
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=oth&i=y-d07gHRdE2pfojnEAZYhtf1kp1JyFoy5io9x5~A
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Wed, 27 Apr 2022 06:41:00 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://rtb.gumgum.com/usersync?b=oth&i=y-d07gHRdE2pfojnEAZYhtf1kp1JyFoy5io9x5~A
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
usersync
rtb.gumgum.com/ Frame 0129
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%...
  • https://rtb.gumgum.com/usersync?b=vnt&i=0063e9eb-c5f5-11ec-8220-5f16f286a6e8
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=vnt&i=0063e9eb-c5f5-11ec-8220-5f16f286a6e8
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=vnt&i=0063e9eb-c5f5-11ec-8220-5f16f286a6e8
Date
Wed, 27 Apr 2022 06:41:00 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
0063e9ec-c5f5-11ec-8220-5f16f286a6e8
services
sync.technoratimedia.com/ Frame 0129 		0
293 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
150.136.156.92 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:00 GMT
via
1.1 varnish
server
nginx
age
0
access-control-allow-methods
POST,GET,HEAD,OPTIONS
x-varnish
831942275
access-control-allow-origin
https://g2.gumgum.com/
access-control-allow-credentials
true
142
match.deepintent.com/usersync/ Frame 0129 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/142
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
content-length
0
server
b
usersync
rtb.gumgum.com/ Frame 0129
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_4d40ca8c-ae78-4c69-8550-473caf72df38&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://stags.bluekai.com/site/23178?id=Oc2Stf5sMtY6CvvACRw9&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2T3DGJJXIZRVONGXIWJWIN3HMQKDKJ3TSJTVONPXA...
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=Oc2Stf5sMtY6CvvACRw9&us_privacy=1---
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=Oc2Stf5sMtY6CvvACRw9&us_privacy=1---
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:00 GMT
P3p
CP="We do not support P3P header."
Location
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=Oc2Stf5sMtY6CvvACRw9&us_privacy=1---
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
118
Expires
Thu, 01 Dec 1994 16:00:00 GMT
usersync
usersync.gumgum.com/ Frame 0129
Redirect Chain
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://usersync.gumgum.com/usersync?b=idi&i=2fef5897-e8a1-4188-9839-efc07e753d31
35 B
296 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=idi&i=2fef5897-e8a1-4188-9839-efc07e753d31
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.241.76.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-241-76-6.eu-west-1.compute.amazonaws.com
Software
envoy /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:40:59 GMT
server
envoy
content-type
image/gif
cache-control
private, no-store, must-revalidate, max-age=0
x-envoy-upstream-service-time
0
x-region
ireland
content-length
35
expires
0

Redirect headers

location
https://usersync.gumgum.com/usersync?b=idi&i=2fef5897-e8a1-4188-9839-efc07e753d31
date
Wed, 27 Apr 2022 06:41:00 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
usersync
rtb.gumgum.com/ Frame 0129
Redirect Chain
  • https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=
  • https://sync.1rx.io/usersync2/floor6?zcc=1&cb=1651041660355
  • https://rtb.gumgum.com/usersync?b=rhy&i=OPTOUT
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=rhy&i=OPTOUT
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:01 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:01 GMT
server
Tengine
etag
OPTOUT
content-type
text/html
location
https://rtb.gumgum.com/usersync?b=rhy&i=OPTOUT
cache-control
no-store, no-cache, must-revalidate
expires
0
usersync
rtb.gumgum.com/ Frame 0129
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://rtb.gumgum.com/usersync?b=pln&i=poDrh0pGchoE&ev=1&pid=558355
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=pln&i=poDrh0pGchoE&ev=1&pid=558355
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
de-DE
location
https://rtb.gumgum.com/usersync?b=pln&i=poDrh0pGchoE&ev=1&pid=558355
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-588fbd8cf7-j7svj
expires
-1
sync
ssbsync.smartadserver.com/api/ Frame 0129 		0
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=15
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.104 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:00 GMT
content-length
0
sync
ads.servenobid.com/ Frame 0129 		0
358 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=309&uid=e_4d40ca8c-ae78-4c69-8550-473caf72df38
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.80.41.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-41-206.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:00 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
671e6268-e579-4a00-9b31-03aa76d871a7
onetag-sys.com/sync/i,1/ Frame EF23
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=75&redir=%2F%2Fonetag-sys.com%2Fsync%2Fi%2C1%2F%5BMM_UUID%5D
  • https://onetag-sys.com/sync/i,1/671e6268-e579-4a00-9b31-03aa76d871a7
0
290 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onetag-sys.com/sync/i,1/671e6268-e579-4a00-9b31-03aa76d871a7
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol
H2
Server
51.75.86.98 , France, ASN16276 (OVH, FR),
Reverse DNS
ip98.ip-51-75-86.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-cache, no-transform
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date
Wed, 27 Apr 2022 06:41:00 GMT
Server
MT3 4335 2c68c00 master ord-pixel-x6 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://onetag-sys.com/sync/i,1/671e6268-e579-4a00-9b31-03aa76d871a7
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 27 Apr 2022 06:40:59 GMT
sync.php
pixel-eu.rubiconproject.com/exchange/ Frame EF23 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-eu.rubiconproject.com/exchange/sync.php?p=onetag
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
4b510f0cc5fcbc9800016ef543086418
Content-Type
image/gif
7378935371015770253
onetag-sys.com/sync/i,34/ Frame EF23
Redirect Chain
  • https://dmp.adform.net/serving/cookie/match?party=1167&cid=SrADCIRy6rK7oRvgkwnVU8eqN1KDvjd1D42gLRICfKA
  • https://onetag-sys.com/sync/i,34/7378935371015770253
0
290 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onetag-sys.com/sync/i,34/7378935371015770253
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol
H2
Server
51.75.86.98 , France, ASN16276 (OVH, FR),
Reverse DNS
ip98.ip-51-75-86.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-cache, no-transform
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
server
nginx
location
https://onetag-sys.com/sync/i,34/7378935371015770253
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
/
onetag-sys.com/match/ Frame EF23
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D98%26gdpr%3D0%26gdpr_consent%3D%26uid%3D$UID
  • https://onetag-sys.com/match/?int_id=98&gdpr=0&gdpr_consent=&uid=4382111657419277628
0
291 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onetag-sys.com/match/?int_id=98&gdpr=0&gdpr_consent=&uid=4382111657419277628
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol
H2
Server
51.75.86.98 , France, ASN16276 (OVH, FR),
Reverse DNS
ip98.ip-51-75-86.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:00 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
6294d60f-d799-4c58-b2dd-94740552aca0
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://onetag-sys.com/match/?int_id=98&gdpr=0&gdpr_consent=&uid=4382111657419277628
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
tap.php
pixel.rubiconproject.com/ Frame EF23 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=SrADCIRy6rK7oRvgkwnVU8eqN1KDvjd1D42gLRICfKA
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
4b510f0cc5fcbc9800016ef543086418
Content-Type
image/gif
y-vKz6yvdE2uEavwmxnnAnl.Wf4z6ghAwK~A~UPff0ac2f5-c5f4-11ec-8f58-06867cf268a4
onetag-sys.com/sync/i,39/ Frame EF23
Redirect Chain
  • https://pixel.advertising.com/ups/58198/sync?&gdpr=0&gdpr_consent=&redir=true
  • https://ups.analytics.yahoo.com/ups/58198/sync?&gdpr=0&gdpr_consent=&redir=true&apid=UPff0ac2f5-c5f4-11ec-8f58-06867cf268a4
  • https://onetag-sys.com/sync/i,39/y-vKz6yvdE2uEavwmxnnAnl.Wf4z6ghAwK~A~UPff0ac2f5-c5f4-11ec-8f58-06867cf268a4
0
290 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onetag-sys.com/sync/i,39/y-vKz6yvdE2uEavwmxnnAnl.Wf4z6ghAwK~A~UPff0ac2f5-c5f4-11ec-8f58-06867cf268a4
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol
H2
Server
51.75.86.98 , France, ASN16276 (OVH, FR),
Reverse DNS
ip98.ip-51-75-86.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-cache, no-transform
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location
https://onetag-sys.com/sync/i,39/y-vKz6yvdE2uEavwmxnnAnl.Wf4z6ghAwK~A~UPff0ac2f5-c5f4-11ec-8f58-06867cf268a4
date
Wed, 27 Apr 2022 06:41:00 GMT
server
ATS/9.1.0.46
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
pixel
cm.g.doubleclick.net/ Frame EF23
Redirect Chain
  • https://onetag-sys.com/match/?int_id=106&redir=1&ot_initiated=1
  • https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABgGnAbUU6mRbxuxKyXSS3M0jkrBt8iHoRIA
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABgGnAbUU6mRbxuxKyXSS3M0jkrBt8iHoRIA
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABgGnAbUU6mRbxuxKyXSS3M0jkrBt8iHoRIA
strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
/
onetag-sys.com/match/ Frame EF23
Redirect Chain
  • https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=&us_privacy=1YN-&redirectUri=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D107%26uid%3D[ssb_sync_pid]
  • https://onetag-sys.com/match/?int_id=107&uid=5142193176481493273
0
291 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onetag-sys.com/match/?int_id=107&uid=5142193176481493273
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol
H2
Server
51.75.86.98 , France, ASN16276 (OVH, FR),
Reverse DNS
ip98.ip-51-75-86.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location
https://onetag-sys.com/match/?int_id=107&uid=5142193176481493273
date
Wed, 27 Apr 2022 06:40:59 GMT
content-length
0
711916.gif
id.rlcdn.com/ Frame EF23 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/711916.gif?ct=4&cv=
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers
ecm3
s.amazon-adsystem.com/ Frame EF23
Redirect Chain
  • https://onetag-sys.com/match/?int_id=113&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Donetag.com%26id%3D%24%7BUSER_TOKEN%7D&ot_initiated=1
  • https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=-KmBIR6RgDqC1uhDCUpggV5nDSWlNlrlEgxR8zXq4CY
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=-KmBIR6RgDqC1uhDCUpggV5nDSWlNlrlEgxR8zXq4CY
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:00 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
9S0WGWY3H5FAJACCC9KA
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location
https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=-KmBIR6RgDqC1uhDCUpggV5nDSWlNlrlEgxR8zXq4CY
strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
/
onetag-sys.com/match/ Frame EF23
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=159706&gdpr=0&gdpr_consent=&us_privacy=1YN-&pu=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D114%26uid%3D%23PMUID
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NDczQTcwQjEtOTdCQy00RDFGLUI0MDEtNDUwMTc5QzEzRTE5&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDH8GT0DoGLwq_ZMN-Rre3o&google_cver=1
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://onetag-sys.com/match/?int_id=114&uid=473A70B1-97BC-4D1F-B401-450179C13E19
0
291 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onetag-sys.com/match/?int_id=114&uid=473A70B1-97BC-4D1F-B401-450179C13E19
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol
H2
Server
51.75.86.98 , France, ASN16276 (OVH, FR),
Reverse DNS
ip98.ip-51-75-86.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location
https://onetag-sys.com/match/?int_id=114&uid=473A70B1-97BC-4D1F-B401-450179C13E19
date
Wed, 27 Apr 2022 06:41:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
108
content-type
text/html; charset=utf-8
/
onetag-sys.com/match/ Frame EF23
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=onetag_eb&google_cm
  • https://onetag-sys.com/match/?int_id=106&google_gid=CAESEC087wa9xzlqi5N-HWoCUzo&google_cver=1
0
291 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onetag-sys.com/match/?int_id=106&google_gid=CAESEC087wa9xzlqi5N-HWoCUzo&google_cver=1
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol
H2
Server
51.75.86.98 , France, ASN16276 (OVH, FR),
Reverse DNS
ip98.ip-51-75-86.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://onetag-sys.com/match/?int_id=106&google_gid=CAESEC087wa9xzlqi5N-HWoCUzo&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
298
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
onetag-sys.com/match/ Frame EF23
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58488/occ
  • https://onetag-sys.com/match/?int_id=92&uid=y-6ZfGNzBE2uG_G4BGO02v1w1IbmQczXalfLeqEuw-~A
0
291 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onetag-sys.com/match/?int_id=92&uid=y-6ZfGNzBE2uG_G4BGO02v1w1IbmQczXalfLeqEuw-~A
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol
H2
Server
51.75.86.98 , France, ASN16276 (OVH, FR),
Reverse DNS
ip98.ip-51-75-86.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location
https://onetag-sys.com/match/?int_id=92&uid=y-6ZfGNzBE2uG_G4BGO02v1w1IbmQczXalfLeqEuw-~A
date
Wed, 27 Apr 2022 06:41:00 GMT
server
ATS/9.1.0.46
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
/
onetag-sys.com/sync/i,29/ Frame EF23
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=0&gdpr_consent=
  • https://onetag-sys.com/sync/i,29/?tdid=1c450bec-b2fe-4198-a495-f72f24a1217e&ttl=1653633660
43 B
370 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onetag-sys.com/sync/i,29/?tdid=1c450bec-b2fe-4198-a495-f72f24a1217e&ttl=1653633660
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol
H2
Server
51.75.86.98 , France, ASN16276 (OVH, FR),
Reverse DNS
ip98.ip-51-75-86.eu
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
cache-control
no-cache, no-transform
content-length
64
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://onetag-sys.com/sync/i,29/?tdid=1c450bec-b2fe-4198-a495-f72f24a1217e&ttl=1653633660
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
211
sync
odr.mookie1.com/t/v2/ Frame EF23
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=onetag
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=2275a37a-a7fe-43bf-85f5-f6d1ffd0e621&ssp=onetag&gdpr=&gdpr_consent=
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=2275a37a-a7fe-43bf-85f5-f6d1ffd0e621&ssp=onetag&gdpr=&gdpr_consent=
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol
H3
Server
34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
61.67.98.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
via
1.1 google
server
Apache
p3p
CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif;charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-application-context
application
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
//odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=2275a37a-a7fe-43bf-85f5-f6d1ffd0e621&ssp=onetag&gdpr=&gdpr_consent=
Date
Wed, 27 Apr 2022 06:41:00 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
sync
ads.servenobid.com/ Frame EF23 		0
365 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=318&uid=SrADCIRy6rK7oRvgkwnVU8eqN1KDvjd1D42gLRICfKA
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.80.41.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-41-206.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:00 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
playback
s.youtube.com/api/stats/ Frame C44B 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.youtube.com/api/stats/playback?ns=yt&fexp=44750824%2C44757675%2C44761692&el=adunit&cpn=8TnDjSWB4cRQYqzg&docid=xXTp-gZgNtg&visitordata=Cgt4UjRaUmlqVmgyWQ%253D%253D&ver=2&cmt=0.271&fmt=18&rt=0.000&adformat=2_2_1&euri&len=20.062&vtype=gvp&c=web_gvp_ads&cver=h.0.0.0&cbr=Chrome&cbrver=100.0.4896.127&cos=Linux%20x86_64&cosver=537.36&cplatform=desktop&mos=1&volume=0&delay=18&rtn=10
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c02::8b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers
rum
dsum-sec.casalemedia.com/ Frame 1000
Redirect Chain
  • https://ad.turn.com/r/cs?pid=21&gdpr=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4177690674198123042
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4177690674198123042
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:00 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:41:00 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4177690674198123042
pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
rum
dsum.casalemedia.com/ Frame 1000
Redirect Chain
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1651128060&gdpr=1
43 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1651128060&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:00 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Wed, 27 Apr 2022 06:41:00 GMT

Redirect headers

location
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1651128060&gdpr=1
pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
content-length
0
expires
0
pixelSync
pixel-sync.sitescout.com/dmp/ Frame 1000 		0
191 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
66.155.71.25 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
AC1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
cache-control
max-age=0,no-cache,no-store
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires
Tue, 11 Oct 1977 12:34:56 GMT
match
c1.adform.net/serving/cookie/ Frame 1000 		0
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c1.adform.net/serving/cookie/match?party=29&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
crum
dsum-sec.casalemedia.com/ Frame 1000
Redirect Chain
  • https://ums.acuityplatform.com/tum?umid=8
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=10&external_user_id=665800460170
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=10&external_user_id=665800460170
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:00 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:41:00 GMT

Redirect headers

access-control-allow-origin
*
content-length
0
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=10&external_user_id=665800460170
dcm
s.amazon-adsystem.com/ Frame 1000
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB&dcc=t
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:00 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
5WN05XJWWM1KZHK6TB5G
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:00 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
9XCRQNMCRWKY3TE4K1P3
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
ZMAwryCI
sync-tm.everesttech.net/upi/pid/ Frame 1000 		0
59 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
via
1.1 varnish
server
Varnish
x-timer
S1651041660.314853,VS0,VE0
x-cache
MISS
cache-control
no-cache
x-cache-hits
0
accept-ranges
bytes
content-length
0
retry-after
0
x-served-by
cache-hhn4070-HHN
getuid
ib.adnxs.com/ Frame 1000 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers
sync
ads.servenobid.com/ Frame 1000 		0
357 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=333&uid=YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.80.41.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-41-206.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:00 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
usersync
rtb.gumgum.com/ Frame DDA7
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
  • https://rtb.gumgum.com/usersync?b=mmh&i=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=0&gdpr_consent=
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=mmh&i=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Wed, 27 Apr 2022 06:41:00 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Wed, 27 Apr 2022 06:41:00 GMT
Expires
Wed, 27 Apr 2022 06:40:59 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 4335 2c68c00 master ord-pixel-x7 config:1.0.0
location
https://rtb.gumgum.com/usersync?b=mmh&i=671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=0&gdpr_consent=
URnmbSKM
sync-tm.everesttech.net/upi/pid/ Frame 2DE0 		0
59 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
no-cache
content-length
0
date
Wed, 27 Apr 2022 06:41:00 GMT
pragma
no-cache
retry-after
0
server
Varnish
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-hhn4070-HHN
x-timer
S1651041660.277982,VS0,VE0
pixel
cm.g.doubleclick.net/ Frame D9EB 		170 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV80ZDQwY2E4Yy1hZTc4LTRjNjktODU1MC00NzNjYWY3MmRmMzg=&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
170
content-type
image/png
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 06:41:00 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 727A 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=22392
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Wed, 27 Apr 2022 06:41:00 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 27 Apr 2022 12:54:12 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
usersync
rtb.gumgum.com/ Frame 7774
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=ttd&i=1c450bec-b2fe-4198-a495-f72f24a1217e&t=1653633660
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=ttd&i=1c450bec-b2fe-4198-a495-f72f24a1217e&t=1653633660
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Wed, 27 Apr 2022 06:41:00 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

cache-control
private,no-cache, must-revalidate
content-length
209
content-type
text/html
date
Wed, 27 Apr 2022 06:41:00 GMT
location
https://rtb.gumgum.com/usersync?b=ttd&i=1c450bec-b2fe-4198-a495-f72f24a1217e&t=1653633660
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma
no-cache
x-aspnet-version
4.0.30319
usync.html
eus.rubiconproject.com/ Frame F407
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 27 Apr 2022 06:41:00 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Wed, 27 Apr 2022 06:41:00 GMT
location
https://eus.rubiconproject.com/usync.html?p=gumgum
server
AkamaiGHost
usersync
usersync.gumgum.com/ Frame 3C14
Redirect Chain
  • https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=0&gdpr_consent=
  • https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID
  • https://cs.emxdgt.com/umcheck?apnxid=4382111657419277628&redirect=https://usersync.gumgum.com/usersync?b=emx&i=$EMXUID
  • https://usersync.gumgum.com/usersync?b=emx&uid=4382111657419277628brt16951651041660284998f1
35 B
296 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=emx&uid=4382111657419277628brt16951651041660284998f1
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.241.76.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-241-76-6.eu-west-1.compute.amazonaws.com
Software
envoy /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif
date
Wed, 27 Apr 2022 06:40:59 GMT
expires
0
pragma
no-cache
server
envoy
x-envoy-upstream-service-time
0
x-region
ireland

Redirect headers

content-length
0
content-type
text/html
date
Wed, 27 Apr 2022 06:40:59 GMT
location
https://usersync.gumgum.com/usersync?b=emx&uid=4382111657419277628brt16951651041660284998f1
usersync
rtb.gumgum.com/ Frame EBA5
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://rtb.gumgum.com/usersync?b=sus&i=YmjlfMCo8XcAAK7YJ8UAAAAA
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=sus&i=YmjlfMCo8XcAAK7YJ8UAAAAA
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Wed, 27 Apr 2022 06:41:00 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

Cache-Control
private
Connection
keep-alive
Content-Length
0
Date
Wed, 27 Apr 2022 06:41:00 GMT
Location
https://rtb.gumgum.com/usersync?b=sus&i=YmjlfMCo8XcAAK7YJ8UAAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
Server
nginx
X-SO-Ads-Time
3
X-SO-Cluster-ID
15
X-SO-HostName
m-ad105.dc4p.scaleout.jp
X-SO-IP
138.199.38.133
X-SO-Key
YmjlfMCo8XcAAK7YJ8UAAAAA
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":15,"gdpr":true,"ipv4":"0.0.0.0","key":"YmjlfMCo8XcAAK7YJ8UAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad105"}
X-SO-LB-Hostname
m-tgng19.dc4p.scaleout.jp
X-SO-Upstream-ID
m-ad105
usersync
rtb.gumgum.com/ Frame 41E8
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://rtb.gumgum.com/usersync?b=rth&i=QuO7j6tCXszybLZpKdGp&pi=gumgum
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=rth&i=QuO7j6tCXszybLZpKdGp&pi=gumgum
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Wed, 27 Apr 2022 06:41:00 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
date
Wed, 27 Apr 2022 06:41:00 GMT Wed, 27 Apr 2022 06:41:00 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://rtb.gumgum.com/usersync?b=rth&i=QuO7j6tCXszybLZpKdGp&pi=gumgum
pragma
no-cache
usync.js
eus.rubiconproject.com/ Frame 30BC 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
9373556c315280b756fbe5e357153b8b34d73c3da1a92367a1018561912d4a3a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:41:00 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Mar 2022 16:28:01 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=77803
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9542
Expires
Thu, 28 Apr 2022 04:17:43 GMT
usync.js
eus.rubiconproject.com/ Frame F407 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
9373556c315280b756fbe5e357153b8b34d73c3da1a92367a1018561912d4a3a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:41:00 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Mar 2022 16:28:01 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=77803
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9542
Expires
Thu, 28 Apr 2022 04:17:43 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame 50F3 		0
39 B 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=3721856&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=1---
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:40:59 GMT
content-length
0
sync.php
pixel.rubiconproject.com/exchange/ Frame 30BC 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&us_privacy=1---&khaos=L2H7KN97-1S-JSHO
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
4b510f0cc5fcbc9800016ef543086418
Content-Type
image/gif
gen_204
pagead2.googlesyndication.com/pagead/ Frame AEB9 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=36&t=2&li=v_h.3.512.0&bgai=BDPyBe-VoYr7_CJaPjuwP8L6tmAoAAAAAOAG6BRMI7crnvNGz9wIVhKN3Ch2ozAre&bg=!ERKlElbNAAYXWUUuN1k7ACkAdvg8WjLwhAY4gM50NjLlA2jEVazllI8ZAHWTHG4HAE7I2zczg_WQdAIAAAFpUgAAAAJoAQcKAK1eZ4Ij11ZZ-LD33bGn0OT19lTMmsmYgeeYvrct6uI_SNi63LgPAWsTJEiV7vEmXP2yu94y2wdWXlL5DQlTfbS_F1Rcc0sFiFqb1hrZCGNrJdzMGpl_2WfWI1GLca4sOikgr2Q8gnZ5ZUKxx2Iqq_s6SwVwMBZgbkpaLoIv8EFW01VFzG0uTsHkjLrGVyb0doWXyMDogsXK11sD5Ztb3AnwtYDaBFJvm8jsMN8zg5kCQIX2vmuLrLa7vEutJeedBXx7ef_K7ncpZiSTJLMZdpuILB-jiYutebW64ZRUeg0OoMPGj5rnFh8ziZ3o2L1hx2l8ukpTtUkMSLAPpeB2LD4XH9QVrMrBFT51YcEJD7Q-EmvV5ZX6uwIX0mMqGzLrtnrB3Q_GjIw4u5ywIuQd4Zzn2PoC4fziSxxTBiWu7p0hJBwko3lihKBzKpyau_v6Ez9i_CsZQAB2by6-_SrZA-j_otzexqLOig1_L2icIhkbA5nyxGdDrkQsnjrAQLy9H-AWkjjlmV1FevT3Ygv3AzL0aiM2-Q1qx6iL-ewancn-5U2uaL__jb7mRfzZSxUNIP0tWFbpE_2zephNWuaUCE-zPm4WecLjD3o-jSgX_CQ41Wp0qBvW3up5zV2ogzpfxH7Ol0-XbL5eOO2ucA7DnwrJQYTfz4yBTwqigt26260GY6YUFoY_32OUUCzY5KOQCBf5ubmro6HPTPB4DQO7MT_-wwqEv3Vzhgk2hg79ceaYbB1lev2ysqlqi-F584qP6nETWF2g9vcLE6ceBNc7ZuT2F5z7SGaqWau4t80HD3A6sLLijBNc7rYW5gG5Qb_lk_DjFSP-F4VXlYrWsO5R9De8qMsIP6ZMG1Kt1Z9NIk5dw6Wgjltonox3zNsRQ8MyreaYKX_cBuOUzrSVmRRpOdDYCi8uNeRm_4VQAFuq16yaB3qTLZCJEVr8cEB0dOHgsopzROS1598guDBkGYFN1vV7s7KuJYKZuOXnbDMNl6yh4w
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:00 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
common.js
maps.googleapis.com/maps-api-v3/api/js/48/10/intl/de_ALL/ 		82 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/48/10/intl/de_ALL/common.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
585eac76ebafa3fd2bd62e2e5a38798e0d5705b4e8c332a91d63e5bd0924e025
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 18:53:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
560856
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30524
x-xss-protection
0
last-modified
Mon, 18 Apr 2022 19:49:13 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 20 Apr 2023 18:53:24 GMT
util.js
maps.googleapis.com/maps-api-v3/api/js/48/10/intl/de_ALL/ 		308 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/48/10/intl/de_ALL/util.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ddff2fc030e835a876bfe0c87adb7f984644d0a76b277a299766ebe70163321b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 18:53:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
560856
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
93838
x-xss-protection
0
last-modified
Mon, 18 Apr 2022 19:49:13 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 20 Apr 2023 18:53:24 GMT
external.html
cstatic.weborama.fr/iframe/ Frame 6CBA 		55 B
110 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cstatic.weborama.fr/iframe/external.html?gdpr_cmp_failure=1
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F94) /
Resource Hash
538ed9d8c563eca08780be8790440c3d8e3ca397c255afbed9c851e42d91d8ac

Request headers

Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
444637
cache-control
max-age=604800
content-length
55
content-type
text/html
date
Wed, 27 Apr 2022 06:41:00 GMT
etag
"2365077470"
expires
Wed, 04 May 2022 06:41:00 GMT
last-modified
Wed, 21 Apr 2021 09:47:58 GMT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
server
ECAcc (frc/8F94)
x-cache
HIT
liveMatching.php
live.primis.tech/live/ Frame 9001 		0
393 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/live/liveMatching.php
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30342D32375F30397D7B7331363237333138347D7B4335377D7B535A47467062486C3262326C6A5A53356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583730307D7B593437367D7B66317D7B7251554A5549433867596D6C6B6333647064474E6F494338674D53417649486470644768766458513D7D7B4C31303934347DFEFE&userIpAddr=2a02%3A6ea0%3Ac71b%3A0%3A1012%3Aff06%3A2840%3A1dbd&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F100.0.4896.127+Safari%2F537.36&debugInformation=ABT+%2F+bidswitch+%2F+1+%2F+without&isWePassGdpr=0&schain=1.0%2C1%21freestar.com%2C864%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=6268e57844f1e&debugInfo=16273184_ABT+%2F+bidswitch+%2F+1+%2F+without&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=16273184&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed28c9hxvurpzi&secondaryContent=&x=700&y=476&pubUrl=https%3A%2F%2Fdailyvoice.com%2Fnew-york%2Forangetown%2Fnews%2Fny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say%2F820642%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=left&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=105&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.1188&geoLong=8.6843&vpTemplate=10944&flowMode=both&isRealPreroll=0&playerApiId=freestarPrimisPlayer&isApp=0&ccpa=0&ccpaConsent=&subId=dailyvoice.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:01 GMT
via
1.1 a7dcca466407f1871feceef50bc84272.cloudfront.net (CloudFront)
server
nginx
age
0
x-cache
Miss from cloudfront
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
n2WY8rSHo1-GUGqT4TpvoR9hX9A5sN1C5BAteV9G4FYI55NIZW2EWA==
PugMaster
image6.pubmatic.com/AdServer/ Frame 09AF 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=57130830&p=156595&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=1---
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
bc729e23c41e4d98cf02db3c5a1fc7fd99fd60df75222b407ff886996d6d49dd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:00 GMT
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
match
c1.adform.net/serving/cookie/ Frame BEC5 		35 B
468 B 		Document
General
Check archive.org
Download Go to
Full URL
https://c1.adform.net/serving/cookie/match?party=14&cid=473A70B1-97BC-4D1F-B401-450179C13E19
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-type
image/gif
date
Wed, 27 Apr 2022 06:41:01 GMT
expires
-1
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
ImgSync
image8.pubmatic.com/AdServer/ Frame E5C0
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:671e6268-e579-4a00-9b31-03aa76d871a7&gdpr=1&gdpr_consent=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=
0
39 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.18 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Wed, 27 Apr 2022 06:41:01 GMT

Redirect headers

cache-control
no-store, no-cache, private
date
Wed, 27 Apr 2022 06:41:01 GMT
location
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
amspug007:0:437
ImgSync
image8.pubmatic.com/AdServer/ Frame 47C0
Redirect Chain
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=1&gdpr_consent=&piggybackCookie=$UID
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=1&gdpr_consent=&piggybackCookie=5933655983883860888
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=
0
39 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.18 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Wed, 27 Apr 2022 06:41:01 GMT

Redirect headers

cache-control
no-store, no-cache, private
date
Wed, 27 Apr 2022 06:41:01 GMT
location
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
lhrpug007:0:532
usersync.aspx
dis.criteo.com/dis/ Frame F299 		43 B
362 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=1&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache
content-type
image/gif
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 06:41:01 GMT
expires
Wed, 27 Apr 2022 00:00:00 GMT
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
995635
strict-transport-security
max-age=31536000; preload;
x-errorlevel
0
cookie-sync
sync.outbrain.com/ Frame CE46
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?ssp=9
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7091169925445453010
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?p=160065&pmc=1&pr=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dpubmatic%26obUid%3DRwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82%2...
  • https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82&uid=473A70B1-97BC-4D1F-B401-450179C13E19
0
311 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82&uid=473A70B1-97BC-4D1F-B401-450179C13E19
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.42.32.31 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache
Content-Length
0
Date
Wed, 27 Apr 2022 06:41:02 GMT
X-TraceId
41874bfee69debdb59fb87912381a6c1

Redirect headers

cache-control
no-store, no-cache, private
date
Tue, 26 Apr 2022 23:54:00 GMT
location
https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82&uid=473A70B1-97BC-4D1F-B401-450179C13E19
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
b9pj45k4
sync-tm.everesttech.net/upi/pid/ Frame A473 		0
83 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D1%26gdpr_consent%3D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
no-cache
content-length
0
date
Wed, 27 Apr 2022 06:41:01 GMT
pragma
no-cache
retry-after
0
server
Varnish
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-hhn4070-HHN
x-timer
S1651041662.827124,VS0,VE0
Pug
simage2.pubmatic.com/AdServer/ Frame 4AF4
Redirect Chain
  • https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=1&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=1
0
243 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 27 Apr 2022 06:41:01 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
amspug020:5:297

Redirect headers

content-length
0
date
Wed, 27 Apr 2022 06:41:01 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=1
server
_
i.match
s.tribalfusion.com/z/ Frame FAD9
Redirect Chain
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...
43 B
423 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:98f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache private
cf-cache-status
DYNAMIC
cf-ray
702591f3e8f968ef-FRA
content-length
43
content-type
image/gif; charset=utf-8
date
Wed, 27 Apr 2022 06:41:02 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Thu, 01 Jan 1970 00:00:00 GMT
p3p
CP="NOI DEVo TAIa OUR BUS"
pragma
no-cache
server
cloudflare
x-function
302

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache private
cf-cache-status
DYNAMIC
cf-ray
702591f2aed968ef-FRA
content-type
text/html
date
Wed, 27 Apr 2022 06:41:02 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
p3p
CP="NOI DEVo TAIa OUR BUS"
pragma
no-cache
server
cloudflare
x-function
206
x-reuse-index
5984
cookie-sync
sync.outbrain.com/ Frame ECD4
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=11
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=KxlpgAzPTXZtStdvhSEqZYrHJoU
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?p=160065&pmc=1&pr=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dpubmatic%26obUid%3DRwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82%2...
  • https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82&uid=473A70B1-97BC-4D1F-B401-450179C13E19
0
311 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82&uid=473A70B1-97BC-4D1F-B401-450179C13E19
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.42.32.31 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache
Content-Length
0
Date
Wed, 27 Apr 2022 06:41:02 GMT
X-TraceId
c8eb1a970c5d7775e2a8576a7e6fe827

Redirect headers

cache-control
no-store, no-cache, private
date
Tue, 26 Apr 2022 23:55:29 GMT
location
https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82&uid=473A70B1-97BC-4D1F-B401-450179C13E19
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
bridge
cm.adgrx.com/ Frame F84E 		43 B
408 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=1&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
72.251.245.181 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
Cowboy /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Wed, 27 Apr 2022 06:41:01 GMT
Expires
Thu, 23 Sep 2004 17:42:04 GMT
P3P
CP="NOI OTC OTP OUR NOR"
Pragma
no-cache
X-RealServer-NX
ams-delivery-8
server
Cowboy
redir
rtb-csync.smartadserver.com/ Frame 3583
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=1&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFDcG5rN0UwY3NBQURaajBlZnVsZw&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
  • https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AACpnk7E0csAADZj0efulg&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%2...
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AACpnk7E0csAADZj0efulg&pid=558502&do=add
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AACpnk7E0csAADZj0efulg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_part...
43 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AACpnk7E0csAADZj0efulg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.89 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-type
image/gif
date
Wed, 27 Apr 2022 06:41:01 GMT
transfer-encoding
chunked

Redirect headers

Connection
keep-alive
Content-Length
0
Date
Wed, 27 Apr 2022 06:41:02 GMT
Server
nginx
location
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AACpnk7E0csAADZj0efulg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
strict-transport-security
max-age=2592000; includeSubDomains
pub
matching.truffle.bid/sync/ Frame 3BD7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://matching.truffle.bid/sync/pub?sid=161&suid=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDQmdGw9MjAxNjA=&piggybackCookie=$UID
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
5.161.54.172 , Germany, ASN213230 (HETZNER-CLOUD2-AS, DE),
Reverse DNS
static.172.54.161.5.clients.your-server.de
Software
nginx/1.21.4 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Date
Wed, 27 Apr 2022 06:41:02 GMT
Server
nginx/1.21.4
Strict-Transport-Security
max-age=15768000
cookiesync
core.iprom.net/ Frame 436E 		43 B
280 B 		Document
General
Check archive.org
Download Go to
Full URL
https://core.iprom.net/cookiesync
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.5.165.20 , Slovenia, ASN44968 (IPROM-AS, SI),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
close
Content-Length
43
Content-Type
image/gif
Date
Wed, 27 Apr 2022 06:41:01 GMT
Vary
Accept-Encoding
X-adserver-worker
leviathan-db9c97666b0f@version_1.419
X-core-time
0ms
X-server-arch
v2
Pug
image2.pubmatic.com/AdServer/ Frame D618
Redirect Chain
  • https://green.erne.co/pubmatic/cm?
  • https://pixel-eu.onaudience.com/?partner=270&smartmap=1&gdpr=&gdpr_consent=&redirect=image2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%26piggybackCookie%3D%25_rid
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D%26redirect%3Dhttps%253A%252F%252Fimage2...
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D%26redirect%3Dhttps%253A%252F%252Fimage2...
  • https://pixel-eu.onaudience.com/?partner=161&icm&cver&mapped=d075bc9693d2e1d6bc02c23db15cf0fc&gdpr=&redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQ...
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=NOvcHvPGbWhQWjhhXMYhaUVV
42 B
391 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=NOvcHvPGbWhQWjhhXMYhaUVV
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Wed, 27 Apr 2022 06:41:02 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
lhrpug011:0:457

Redirect headers

content-length
0
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=NOvcHvPGbWhQWjhhXMYhaUVV
Pug
simage2.pubmatic.com/AdServer/ Frame C73F
Redirect Chain
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=1&gdpr_consent=
  • https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1651041661869
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
42 B
235 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Wed, 27 Apr 2022 06:41:01 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
amspug004:0:524

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-type
text/html
date
Wed, 27 Apr 2022 06:41:02 GMT
etag
OPTOUT
expires
0
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
pragma
no-cache
server
Tengine
rtb-h
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame 50C9
Redirect Chain
  • https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
  • https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=0bab17a1-aaf4-4032-81ea-c46472bb087e-tuct9626afe&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...
0
147 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=0bab17a1-aaf4-4032-81ea-c46472bb087e-tuct9626afe&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-length
0
date
Wed, 27 Apr 2022 06:41:02 GMT
server
nginx
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-hhn4071-HHN
x-timer
S1651041662.336439,VS0,VE9

Redirect headers

accept-ranges
bytes
content-length
0
date
Wed, 27 Apr 2022 06:41:02 GMT
location
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=0bab17a1-aaf4-4032-81ea-c46472bb087e-tuct9626afe&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
server
nginx
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-icn1450087-ICN
x-timer
S1651041662.991699,VS0,VE189
x-vcl-time-ms
189
141
match.deepintent.com/usersync/ Frame 17F7 		0
39 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.deepintent.com/usersync/141?gdpr=1&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Wed, 27 Apr 2022 06:41:01 GMT
server
b
ImgSync
image8.pubmatic.com/AdServer/ Frame 44F4
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=1&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:iOlBJwNX1NJBmb5&gdpr=1&gdpr_consent=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=
0
39 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.18 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Wed, 27 Apr 2022 06:41:01 GMT

Redirect headers

cache-control
no-store, no-cache, private
date
Wed, 27 Apr 2022 06:41:00 GMT
location
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
amspug008:0:517
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 09AF
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=RzpwsZe8TR-0AUUBecE-GQ%3D%3D
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:01 GMT
content-encoding
gzip
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300708-3de4-5d6ef246ef4cf"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=22391
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
5549
expires
Wed, 27 Apr 2022 12:54:12 GMT

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:01 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
272
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
SPug
image4.pubmatic.com/AdServer/ Frame 09AF
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=671e6268-e579-4a00-9b31-03aa76d871a7
0
128 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=671e6268-e579-4a00-9b31-03aa76d871a7
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Server
185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 23:53:54 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Wed, 27 Apr 2022 06:41:01 GMT
Server
MT3 4335 2c68c00 master ord-pixel-x52 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=671e6268-e579-4a00-9b31-03aa76d871a7
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 27 Apr 2022 06:41:00 GMT
mw
mwzeom.zeotap.com/ Frame 09AF
Redirect Chain
  • https://pixel.onaudience.com/?partner=214&mapped=473A70B1-97BC-4D1F-B401-450179C13E19
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D0
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D0&xl8blockcheck=1
  • https://pixel.onaudience.com/?partner=161&icm&cver&mapped=2fdf1deda5c4cc56cb6a1c563f28d7fc&gdpr=0
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=06c877626d832d44/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%...
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=&gdpr=0
  • https://spl.zeotap.com/?zdid=1332&zcluid=06c877626d832d44
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=05441684-9e01-4838-753b-c1807d7e68a5&reqId=5d487b24-9910-41b3-7d14-69446eb43ee1&zclui...
  • https://mwzeom.zeotap.com/mw?google_gid=CAESEN0OckqReJf59wWZyALjBvo&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=05441684-9e01-4838-753b-c1807d7e68a5&reqId=5d487b24-9910-41b3-7d14-694...
95 B
164 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?google_gid=CAESEN0OckqReJf59wWZyALjBvo&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=05441684-9e01-4838-753b-c1807d7e68a5&reqId=5d487b24-9910-41b3-7d14-69446eb43ee1&zcluid=06c877626d832d44&zdid=1332
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:02 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://ads.pubmatic.com
access-control-allow-credentials
true
cf-ray
702591f71cd092a2-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:02 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://mwzeom.zeotap.com/mw?google_gid=CAESEN0OckqReJf59wWZyALjBvo&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=05441684-9e01-4838-753b-c1807d7e68a5&reqId=5d487b24-9910-41b3-7d14-69446eb43ee1&zcluid=06c877626d832d44&zdid=1332
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
469
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
match
c1.adform.net/serving/cookie/ Frame 09AF 		0
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=1&gdpr_consent=
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:01 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
generic
match.adsrvr.org/track/cmf/ Frame 09AF 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:01 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
getuid
ib.adnxs.com/ Frame 09AF 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=1&gdpr_consent=
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers
Pug
simage2.pubmatic.com/AdServer/ Frame 09AF
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=1&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=L_d4gnzweYI09HbYLvJjji6kL4808H-Lf6Q4yjAN
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=0063e9eb-c5f5-11ec-8220-5f16f286a6e8&gdpr=0&gdpr_consent=
1 B
329 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=0063e9eb-c5f5-11ec-8220-5f16f286a6e8&gdpr=0&gdpr_consent=
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:01 GMT
cache-control
no-store, no-cache, private
x-lat
amspug002:0:600
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=0063e9eb-c5f5-11ec-8220-5f16f286a6e8&gdpr=0&gdpr_consent=
Date
Wed, 27 Apr 2022 06:41:01 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
01351cad-c5f5-11ec-a021-4d86a53e2b06
473A70B1-97BC-4D1F-B401-450179C13E19
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 09AF 		43 B
985 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/473A70B1-97BC-4D1F-B401-450179C13E19?gdpr=1&gdpr_consent=
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3602:54d1:782f:29ca:abc0 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:01 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
sync
ups.analytics.yahoo.com/ups/58292/ Frame 09AF 		0
38 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=473A70B1-97BC-4D1F-B401-450179C13E19&redir=true&gdpr=1&gdpr_consent=
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:01 GMT
server
ATS/9.1.0.46
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
sync
x.bidswitch.net/ Frame 09AF 		43 B
220 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=1&gdpr_consent=
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.121.19.101 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-121-19-101.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:41:01 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
cookie-sync
sync.outbrain.com/ Frame 09AF
Redirect Chain
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=1&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:7e591755-4410-4197-8c71-0b387d7bb9c0&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?p=160065&pmc=1&pr=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dpubmatic%26obUid%3DRwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82%2...
  • https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82&uid=473A70B1-97BC-4D1F-B401-450179C13E19
0
311 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82&uid=473A70B1-97BC-4D1F-B401-450179C13E19
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
HTTP/1.1
Server
70.42.32.31 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:41:02 GMT
Cache-Control
no-cache
X-TraceId
af2d2fba08479a89d2fe5dcab4e023ec
Content-Length
0

Redirect headers

location
https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82&uid=473A70B1-97BC-4D1F-B401-450179C13E19
date
Wed, 27 Apr 2022 06:41:00 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
current
pubmatic-match.dotomi.com/match/bounce/ Frame 09AF 		0
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=473A70B1-97BC-4D1F-B401-450179C13E19&gdpr=1&gdpr_consent=
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:12::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:01 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
ImgSync
image8.pubmatic.com/AdServer/ Frame 09AF
Redirect Chain
  • https://ad.turn.com/r/cs?pid=1&gdpr=1&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4177690674198123042&gdpr=1&gdpr_consent=&us_privacy=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=
0
39 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Server
198.47.127.18 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:01 GMT
content-length
0

Redirect headers

location
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=
date
Wed, 27 Apr 2022 06:41:01 GMT
cache-control
no-store, no-cache, private
x-lat
amspug005:0:403
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
pixelSync
pixel-sync.sitescout.com/dmp/ Frame 09AF 		0
191 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=1&gdpr_consent=
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
66.155.71.25 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
AC1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:01 GMT
cache-control
max-age=0,no-cache,no-store
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires
Tue, 11 Oct 1977 12:34:56 GMT
cookie-sync
sync.outbrain.com/ Frame 09AF
Redirect Chain
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=4382111657419277628
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?p=160065&pmc=1&pr=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dpubmatic%26obUid%3DRwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82%2...
  • https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82&uid=473A70B1-97BC-4D1F-B401-450179C13E19
0
311 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82&uid=473A70B1-97BC-4D1F-B401-450179C13E19
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
HTTP/1.1
Server
70.42.32.31 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:41:02 GMT
Cache-Control
no-cache
X-TraceId
35ceb8a44485aa209a638c03947a4302
Content-Length
0

Redirect headers

location
https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=RwL_mDecAHP9biFIy1GO2OVUR8GQtu1FrD_Rqru-9Yoa6906_aqjk8dmOcJGvC82&uid=473A70B1-97BC-4D1F-B401-450179C13E19
date
Wed, 27 Apr 2022 06:41:01 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
d1ba4609
rtb.gumgum.com/getuid/ Frame 09AF 		35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=1&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:01 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0
liveView.php
live.primis.tech/live/ 		0
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTEmJaNypaZypyRcoWU9MTY1MTA0MTY1NvZ2nWRspGkurWVlVzVlPTMhMS4jJaM9NTtjNTpzp3RuPTE3MwI2OTE5Jat9NDAjJax9MwI1Jz1mqGE9MTYlNmMkODQzqzyxX3Zup3RUrXByPTMzqzyxX3ZcZXquYzyfnXR5U3RuqGU9MSZ2nWRspGFmp0RioWFcow1xYWyfrXZinWNyLzNioSZmqWJJZD1xYWyfrXZinWNyLzNioSZxZWJ1Z0yhZz9loWF0nW9hPUFCVCUlMCUlRvUlMGJcZHN3nXRwnCUlMCUlRvUlMDEyMwAyMxYyMwB3nXRbo3V0JzymQXBjPTAzqzyxX2F0nT1zpzVyp3Rupy9jpzygnXNsYWR4X3ZcZGViXmE4NmZsZGFcoHy2o2ywZSZ1p2VlSXBBZGRlPTJuMDIyM0E2ZWEjJTNBYmpkYvUmQTAyM0EkMDElJTNBZzYjNvUmQTI4NDAyM0EkZGJxJaVmZXJVQT1No3ccoGkuJTJGNS4jJTIjJTI4V2yhZG93plUlME5UJTIjMTAhMCUmQvUlMFqcowY0JTNCJTIjrDY0JTI5JTIjQXBjoGVXZWJLnXQyMxY1MmphMmYyMwAyMwuLSFRNTCUlQlUlMGkcn2UyMwBHZWNeolUlOSUlMENbpz9gZSUlRwEjMC4jLwQ4OTYhMTI3JTIjU2FzYXJcJTJGNTM3LwM2JzNmqXVcZD02MwY4ZTU3ODQ0ZwFyJaJ2ow0jJzNioaRyoaRGnWkySWQ9MCZgZWRcYVBfYXyMnXN0SWQ9MCZgZWRcYUkcp3RJZD0jJaNmpF9uZG9gPSZaZHBlPTEzZ2RjpxNioaNyoaQ9JzymV2VQYXNmR2Rjpw0jJzNwpGE9MCZwY3BuQ29hp2VhqD0zY2J1p3Rypw0kNwUkMDQkNwYkOTAjJaVcZD1TZWgcozRiU1BfYXyypwYlNwuyNTp4NWNvZTYzpHVvVXJfPWu0qHBmJTNBJTJGJTJGZGFcoHy2o2ywZS5wo20yMxZhZXpgrW9lnlUlRz9lYW5aZXRiq24yMxZhZXqmJTJGoaxgZG9wqG9lLWNfYWygZWQgoW9lZS10nGFhLTEgoWyfoGyiov1cov1zpzF1ZHVfZW50LXRurC1xZWR1Y3Rco25mLWZyZHMgp2F5JTJGODIjNwQlJTJGJzZfo2F0U3RuqHVmPXRlqWUzZWyxp3A9pHJyYzyx
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:01 GMT
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
server
nginx
age
0
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
no-store
x-amz-cf-pop
FRA6-C1
content-type
text/html; charset=UTF-8
x-amz-cf-id
A1Icwq8tEuRPWzwCsuCMkVjtJeJ7YBONi90MAKOR-VDbsxdC8gQb9w==
dispatch.fcgi
deptagencynl1.solution.weborama.fr/fcgi-bin/ Frame 389A 		0
360 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://deptagencynl1.solution.weborama.fr/fcgi-bin/dispatch.fcgi?a.A=ev&a.si=6709&a.te=518&a.aap=545&a.ra=1651041656887405&a.agi=199&ca=34607621910&a.wi=970&a.he=90&a.evn=video_progress_25&a.mo=3834&a.mox=-9999&a.moy=-9999&a.foi=1&a.foe=1&g.did=&g.ism=0&g.de=0&g.ru=&gdpr_cmp_failure=1&g.pu=
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.216.195.18 , France, ASN12516 (WEBORAMA Weborama provides Internet Services, FR),
Reverse DNS
std-collect-lb-c03-01-vip.weborama.fr
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:01 GMT
last-modified
Wed, 27 Apr 2022 06:41:01 GMT
server
Apache
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
expires
Tue, 03 Jul 2001 06:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame C44B 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstrjaHixG3CNNfEhKT7nNsoFm0m1E1wj_IPyYzAl3eGKVkBLMesbcxOOIYObn1FYwvUDfyGAffyLyInAxF96K139CNR2ZE0Ga86-gd5teMX75woGRj49EDNplj6gmE3tJaSSXwABmYmMArW&sai=AMfl-YSBbvVSDt-09mK-4yXnL2TokziJCRFNqEq0mBwGQoMg0mpA_-x8p-qc4Z8lzgEJKOFikpZCskX6vBB-zz90V1OW-9osCHTJsq4OlIh59JsT_popnGmc3CW0zK6a&sig=Cg0ArKJSzOXuc51zIU77EAE&cid=CAASF-RoZ5jKsdv_S5OLr2_3XdZ4bULUII3f&id=lidarv&acvw=sv%3D925%26cb%3Dima%26e%3D9%26nas%3D1%26sdk%3Dh%26p%3D870,1190,1095,1590%26tos%3D2072,0,0,0,0%26mtos%3D2072,2072,2072,2072,2072%26amtos%3D0,0,0,0,0%26mcvt%3D2072%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2295%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D625%26pst%3D489%26dur%3D20062%26vmtime%3D2045%26dtos%3D2072%26dtoss%3D1%26dvs%3D2072%26dfvs%3D2072%26dvpt%3D2285%26is%3D275%26i0%3D18%26ic%3D16777473%26cs%3D16781587%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D0%26ces%26femt%3D1673%26femvt%3D0%26emc%3D14%26emuc%3D0%26emb%3D11,0,0,0,0%26avms%3Dexc%26qi%3D887553569%26psm%3D-2147483641%26psv%3D7%26psfv%3D7%26psa%3D0%26ptlt%3D4468%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2072&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.04%26t%3D1651041659635
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:02 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dispatch.fcgi
deptagencynl1.solution.weborama.fr/fcgi-bin/ Frame CFBD 		0
360 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://deptagencynl1.solution.weborama.fr/fcgi-bin/dispatch.fcgi?a.A=ev&a.si=6709&a.te=529&a.aap=542&a.ra=1651041657870313&a.agi=159&ca=4289117124&a.wi=300&a.he=600&a.evn=video_progress_25&a.mo=3368&a.mox=-9999&a.moy=-9999&a.foi=1&a.foe=1&g.did=&g.ism=0&g.de=0&g.ru=&gdpr_cmp_failure=1&g.pu=
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.216.195.18 , France, ASN12516 (WEBORAMA Weborama provides Internet Services, FR),
Reverse DNS
std-collect-lb-c03-01-vip.weborama.fr
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:02 GMT
last-modified
Wed, 27 Apr 2022 06:41:02 GMT
server
Apache
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
expires
Tue, 03 Jul 2001 06:00:00 GMT
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fdailyvoice.com%2F&domain=dailyvoice.com&cw=1&pbt=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://dailyvoice.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Wed, 27 Apr 2022 06:41:02 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1452
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
sid
mug.criteo.com/
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fdailyvoice.com%2F&domain=dailyvoice.com&cw=1&pbt=1&lsw=1
  • https://mug.criteo.com/sid?cpp=XtkX6HxpK0pyQjlWZ1RNRGdRcW1pR1J5UG51TXZ4U3FPemZOVUFSaHZsbXcrTFVCN0xySERlZEpta2NyaUxSa3hVL2cvWi9WVk1MTnBBWE1sZFpaWEZPNCtuaFdWMUVSMDF1eUM2RUdhVyticHQ5ekJKQUpaQnZ2UVRMUF...
444 B
684 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=XtkX6HxpK0pyQjlWZ1RNRGdRcW1pR1J5UG51TXZ4U3FPemZOVUFSaHZsbXcrTFVCN0xySERlZEpta2NyaUxSa3hVL2cvWi9WVk1MTnBBWE1sZFpaWEZPNCtuaFdWMUVSMDF1eUM2RUdhVyticHQ5ekJKQUpaQnZ2UVRMUFByakRZMVNQcm5YNEVWdUIyZWlneVNFRy9jbjFOUUlYZG5tS1QrZkZncWxqVEFuK0NZcUI3eDdsblFVQkRUSjEwZWk2bWZ1azBiT0Z6YkREN2xzZnJtYmV2QnlDNXdxQXdGS1p6dUYrWlNtZ1pnMVFmbzdZYnpjWWRrc25VaFBHNkNyeVFvYkxiRjBUSkU5SHdpN0huZUlWRGFORDhjUT09fA&cppv=2
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
07ba064a74893db28c7b856f705363ee06e1b3e0f56dfb8c93277762873d932f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
3849
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:02 GMT
location
https://mug.criteo.com/sid?cpp=XtkX6HxpK0pyQjlWZ1RNRGdRcW1pR1J5UG51TXZ4U3FPemZOVUFSaHZsbXcrTFVCN0xySERlZEpta2NyaUxSa3hVL2cvWi9WVk1MTnBBWE1sZFpaWEZPNCtuaFdWMUVSMDF1eUM2RUdhVyticHQ5ekJKQUpaQnZ2UVRMUFByakRZMVNQcm5YNEVWdUIyZWlneVNFRy9jbjFOUUlYZG5tS1QrZkZncWxqVEFuK0NZcUI3eDdsblFVQkRUSjEwZWk2bWZ1azBiT0Z6YkREN2xzZnJtYmV2QnlDNXdxQXdGS1p6dUYrWlNtZ1pnMVFmbzdZYnpjWWRrc25VaFBHNkNyeVFvYkxiRjBUSkU5SHdpN0huZUlWRGFORDhjUT09fA&cppv=2
strict-transport-security
max-age=31536000; preload;
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1510
content-length
541
expires
0
id
id.crwdcntrl.net/ 		63 B
335 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id.crwdcntrl.net/id
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.220.157.118 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-220-157-118.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
cedca2b42e4f5828c7e8e51358aeb7a589a62ed827f2816c9ec962e6ca864c0b

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:02 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache
x-server
10.45.1.230
access-control-allow-credentials
true
content-type
application/json;charset=utf-8
content-length
63
expires
0
rid
match.adsrvr.org/track/ 		108 B
687 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
4396b65e0a15cf7c9360d435cff94fa1a79c2ce49e11656affdfcb2e4aad5daa

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 27 Apr 2022 06:41:02 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://dailyvoice.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
108
expires
Fri, 27 May 2022 06:41:02 GMT
sync
eb2.3lift.com/ Frame 1FB6 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
452848debb4bb4cf1e26c95ee48efed325dec430904bda12bd9ce5adbf307ffa

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
456
content-type
text/html; charset=utf-8
date
Wed, 27 Apr 2022 06:41:02 GMT
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 58C6 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156696
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=22390
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Wed, 27 Apr 2022 06:41:02 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 27 Apr 2022 12:54:12 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
checksync.php
contextual.media.net/ Frame 32BC 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUJ8GUQF&prvid=2030%2C173%2C251%2C175%2C178%2C157%2C2027%2C3017%2C159%2C2026%2C214%2C3016%2C336%2C117%2C238%2C337%2C338%2C339%2C97%2C99%2C77%2C56%2C59%2C3012%2C141%2C222%2C201%2C3007%2C246%2C4%2C126%2C203%2C226%2C10000%2C228%2C80%2C108%2C229%2C9%2C109%2C307%2C82&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
4a3f2b93226d6d0a20204d8b66333d244216fd3919e4c94bcdc0466213b72ded
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
8261
content-type
text/html; charset=UTF-8
date
Wed, 27 Apr 2022 06:41:02 GMT
expires
Fri, 29 Apr 2022 06:41:02 GMT
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 2AE6 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156696
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=22390
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Wed, 27 Apr 2022 06:41:02 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 27 Apr 2022 12:54:12 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
checksync.php
contextual.media.net/ Frame 9A44 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUJ8GUQF&prvid=2030%2C173%2C251%2C175%2C178%2C157%2C2027%2C3017%2C159%2C2026%2C214%2C3016%2C336%2C117%2C238%2C337%2C338%2C339%2C97%2C99%2C77%2C56%2C59%2C3012%2C141%2C222%2C201%2C3007%2C246%2C4%2C126%2C203%2C226%2C10000%2C228%2C80%2C108%2C229%2C9%2C109%2C307%2C82&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
4a3f2b93226d6d0a20204d8b66333d244216fd3919e4c94bcdc0466213b72ded
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
8261
content-type
text/html; charset=UTF-8
date
Wed, 27 Apr 2022 06:41:02 GMT
expires
Fri, 29 Apr 2022 06:41:02 GMT
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 40EB 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156696
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=22390
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Wed, 27 Apr 2022 06:41:02 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 27 Apr 2022 12:54:12 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
ixmatch.html
js-sec.indexww.com/um/ Frame F59E 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1388
Content-Type
text/html; charset=UTF-8
Date
Wed, 27 Apr 2022 06:41:02 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server
Apache
Vary
Accept-Encoding
ixmatch.html
js-sec.indexww.com/um/ Frame EE49 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1388
Content-Type
text/html; charset=UTF-8
Date
Wed, 27 Apr 2022 06:41:02 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server
Apache
Vary
Accept-Encoding
sync
eb2.3lift.com/ Frame 320E 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
8db9d590a4006f3b61f3a3b72c9ec3bb105adad0cb7b87e79de4c12247d37c1b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
521
content-type
text/html; charset=utf-8
date
Wed, 27 Apr 2022 06:41:02 GMT
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
async_usersync.html
acdn.adnxs.com/dmp/ Frame 540D 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
6882
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Wed, 27 Apr 2022 06:41:02 GMT
ETag
W/"623de86a-cf34"
Expires
Wed, 27 Apr 2022 04:46:20 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
2, 111353
X-Served-By
cache-lga13627-LGA, cache-hhn4043-HHN
X-Timer
S1651041663.941178,VS0,VE0
async_usersync.html
acdn.adnxs.com/dmp/ Frame 820D 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
6883
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Wed, 27 Apr 2022 06:41:02 GMT
ETag
W/"623de86a-cf34"
Expires
Wed, 27 Apr 2022 04:46:20 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
2, 109288
X-Served-By
cache-lga13627-LGA, cache-hhn4066-HHN
X-Timer
S1651041663.941211,VS0,VE0
async_usersync.html
acdn.adnxs.com/dmp/ Frame 02E8 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
6882
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Wed, 27 Apr 2022 06:41:02 GMT
ETag
W/"623de86a-cf34"
Expires
Wed, 27 Apr 2022 04:46:20 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
2, 110408
X-Served-By
cache-lga13627-LGA, cache-hhn4063-HHN
X-Timer
S1651041663.941192,VS0,VE0
pd
u.openx.net/w/1.0/ Frame 5BA1 		0
35 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Wed, 27 Apr 2022 06:41:02 GMT
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
via
1.1 google
check.html
biddr.brealtime.com/ Frame 6292 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

CF-Chl-Bypass
1
CF-RAY
702591f92bb59a03-FRA
Cache-Control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
close
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 27 Apr 2022 06:41:02 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Permissions-Policy
accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
sync
eb2.3lift.com/ Frame 3D7B 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
8db9d590a4006f3b61f3a3b72c9ec3bb105adad0cb7b87e79de4c12247d37c1b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
521
content-type
text/html; charset=utf-8
date
Wed, 27 Apr 2022 06:41:02 GMT
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
async_usersync.html
acdn.adnxs.com/dmp/ Frame C404 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
6882
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Wed, 27 Apr 2022 06:41:02 GMT
ETag
W/"623de86a-cf34"
Expires
Wed, 27 Apr 2022 04:46:20 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
2, 111557
X-Served-By
cache-lga13627-LGA, cache-hhn4049-HHN
X-Timer
S1651041663.941672,VS0,VE0
checksync.php
contextual.media.net/ Frame 67F0 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUJ8GUQF&prvid=2030%2C173%2C251%2C175%2C178%2C157%2C2027%2C3017%2C159%2C2026%2C214%2C3016%2C336%2C117%2C238%2C337%2C338%2C339%2C97%2C99%2C77%2C56%2C59%2C3012%2C141%2C222%2C201%2C3007%2C246%2C4%2C126%2C203%2C226%2C10000%2C228%2C80%2C108%2C229%2C9%2C109%2C307%2C82&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
4a3f2b93226d6d0a20204d8b66333d244216fd3919e4c94bcdc0466213b72ded
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
8261
content-type
text/html; charset=UTF-8
date
Wed, 27 Apr 2022 06:41:02 GMT
expires
Fri, 29 Apr 2022 06:41:02 GMT
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
sync
eb2.3lift.com/ Frame 5F84 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
90dceba28c9deb5f89e7a14eb8292c0272a93910e13858376de0fa95a5105593

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
624
content-type
text/html; charset=utf-8
date
Wed, 27 Apr 2022 06:41:02 GMT
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 6475 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156696
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=22390
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Wed, 27 Apr 2022 06:41:02 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 27 Apr 2022 12:54:12 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
beacon
ap.lijit.com/ Frame E8B4 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon?informer=13388523
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date
Wed, 27 Apr 2022 06:41:02 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
Server
nginx
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap7ams1
check.html
biddr.brealtime.com/ Frame 78EA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

CF-Chl-Bypass
1
CF-RAY
702591f9388c6969-FRA
Cache-Control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
close
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 27 Apr 2022 06:41:02 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Permissions-Policy
accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
ixmatch.html
js-sec.indexww.com/um/ Frame 6EE4 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1388
Content-Type
text/html; charset=UTF-8
Date
Wed, 27 Apr 2022 06:41:02 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server
Apache
Vary
Accept-Encoding
beacon
ap.lijit.com/ Frame 96E8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon?informer=13388523
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date
Wed, 27 Apr 2022 06:41:02 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
Server
nginx
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap7ams1
pd
u.openx.net/w/1.0/ Frame 574C 		0
35 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Wed, 27 Apr 2022 06:41:02 GMT
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
via
1.1 google
checksync.php
contextual.media.net/ Frame 00B2 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUJ8GUQF&prvid=2030%2C173%2C251%2C175%2C178%2C157%2C2027%2C3017%2C159%2C2026%2C214%2C3016%2C336%2C117%2C238%2C337%2C338%2C339%2C97%2C99%2C77%2C56%2C59%2C3012%2C141%2C222%2C201%2C3007%2C246%2C4%2C126%2C203%2C226%2C10000%2C228%2C80%2C108%2C229%2C9%2C109%2C307%2C82&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
4a3f2b93226d6d0a20204d8b66333d244216fd3919e4c94bcdc0466213b72ded
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
8261
content-type
text/html; charset=UTF-8
date
Wed, 27 Apr 2022 06:41:02 GMT
expires
Fri, 29 Apr 2022 06:41:02 GMT
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
usync.html
eus.rubiconproject.com/ Frame D860 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 27 Apr 2022 06:41:02 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
ixmatch.html
js-sec.indexww.com/um/ Frame 4859 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1388
Content-Type
text/html; charset=UTF-8
Date
Wed, 27 Apr 2022 06:41:02 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server
Apache
Vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 4BB1 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156696
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=22390
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Wed, 27 Apr 2022 06:41:02 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 27 Apr 2022 12:54:12 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
checksync.php
contextual.media.net/ Frame 89A4 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUJ8GUQF&prvid=2030%2C173%2C251%2C175%2C178%2C157%2C2027%2C3017%2C159%2C2026%2C214%2C3016%2C336%2C117%2C238%2C337%2C338%2C339%2C97%2C99%2C77%2C56%2C59%2C3012%2C141%2C222%2C201%2C3007%2C246%2C4%2C126%2C203%2C226%2C10000%2C228%2C80%2C108%2C229%2C9%2C109%2C307%2C82&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
4a3f2b93226d6d0a20204d8b66333d244216fd3919e4c94bcdc0466213b72ded
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
8261
content-type
text/html; charset=UTF-8
date
Wed, 27 Apr 2022 06:41:02 GMT
expires
Fri, 29 Apr 2022 06:41:02 GMT
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
ixmatch.html
js-sec.indexww.com/um/ Frame AE3A 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1388
Content-Type
text/html; charset=UTF-8
Date
Wed, 27 Apr 2022 06:41:02 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server
Apache
Vary
Accept-Encoding
beacon
ap.lijit.com/ Frame C871 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon?informer=13388523
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date
Wed, 27 Apr 2022 06:41:02 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
Server
nginx
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap7ams1
pd
u.openx.net/w/1.0/ Frame 9043 		0
35 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Wed, 27 Apr 2022 06:41:02 GMT
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
via
1.1 google
check.html
biddr.brealtime.com/ Frame F9B1 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

CF-Chl-Bypass
1
CF-RAY
702591f959775c50-FRA
Cache-Control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
close
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 27 Apr 2022 06:41:02 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Permissions-Policy
accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
beacon
ap.lijit.com/ Frame 0538 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon?informer=13388523
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date
Wed, 27 Apr 2022 06:41:02 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
Server
nginx
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap7ams1
pd
u.openx.net/w/1.0/ Frame 3412 		0
35 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Wed, 27 Apr 2022 06:41:02 GMT
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
via
1.1 google
check.html
biddr.brealtime.com/ Frame 29AB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

CF-Chl-Bypass
1
CF-RAY
702591f96fc39a24-FRA
Cache-Control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
close
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 27 Apr 2022 06:41:02 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Permissions-Policy
accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
sync
eb2.3lift.com/ Frame 1D6D 		1022 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
8c0397e0c10774c4c5a149e4aa54e2633f55b0700c7a797040eb786939e52010

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
496
content-type
text/html; charset=utf-8
date
Wed, 27 Apr 2022 06:41:02 GMT
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
check.html
biddr.brealtime.com/ Frame C497 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

CF-Chl-Bypass
1
CF-RAY
702591f96ab0926e-FRA
Cache-Control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
close
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 27 Apr 2022 06:41:02 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Permissions-Policy
accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
pd
u.openx.net/w/1.0/ Frame 0C96 		0
35 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Wed, 27 Apr 2022 06:41:02 GMT
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
via
1.1 google
async_usersync.html
acdn.adnxs.com/dmp/ Frame 19B9 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
6883
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Wed, 27 Apr 2022 06:41:02 GMT
ETag
W/"623de86a-cf34"
Expires
Wed, 27 Apr 2022 04:46:20 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
2, 111903
X-Served-By
cache-lga13627-LGA, cache-hhn4046-HHN
X-Timer
S1651041663.946483,VS0,VE0
beacon
ap.lijit.com/ Frame AA2F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon?informer=13388523
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-5.20.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date
Wed, 27 Apr 2022 06:41:02 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
Server
nginx
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap7ams1
sync
x.bidswitch.net/
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=themediagrid
  • https://ads.betweendigital.com/match?bidder_id=43092&gdpr=&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dthemediagrid%26expires%3D30...
  • https://ads.betweendigital.com/match?bidder_id=43092&gdpr=&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dthemediagrid%26expires%3D30...
  • https://x.bidswitch.net/sync?dsp_id=429&user_id=de3c4d2a-750f-5175-ba9f-340cd8f7d173&ssp=themediagrid&expires=30&user_group=1&gdpr=&gdpr_consent=
43 B
220 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?dsp_id=429&user_id=de3c4d2a-750f-5175-ba9f-340cd8f7d173&ssp=themediagrid&expires=30&user_group=1&gdpr=&gdpr_consent=
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
HTTP/1.1
Server
3.121.19.101 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-121-19-101.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:41:03 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

location
https://x.bidswitch.net/sync?dsp_id=429&user_id=de3c4d2a-750f-5175-ba9f-340cd8f7d173&ssp=themediagrid&expires=30&user_group=1&gdpr=&gdpr_consent=
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
generic
match.adsrvr.org/track/cmf/ Frame 1FB6 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 1FB6
Redirect Chain
  • https://eb2.3lift.com/ebda?sync=1&gdpr=1&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA4MjY1ODQ4NjU3OTk3ODcyOTg3MA%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA4MjY1ODQ4NjU3OTk3ODcyOTg3MA%3D%3D
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA4MjY1ODQ4NjU3OTk3ODcyOTg3MA%3D%3D
date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
pixel
cm.g.doubleclick.net/ Frame 1FB6 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 1FB6
Redirect Chain
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA4MjY1ODQ4NjU3OTk3ODcyOTg3MA%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA4MjY1ODQ4NjU3OTk3ODcyOTg3MA%3D%3D
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDA4MjY1ODQ4NjU3OTk3ODcyOTg3MA%3D%3D
date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
setuid
px.ads.linkedin.com/ Frame 1FB6 		0
143 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=4082658486579978729870&dbredirect=true&gdpr=1&consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:22::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 6937FA53BB884CA5A6CBCD5A69C8607A Ref B: VIEEDGE2907 Ref C: 2022-04-27T06:41:03Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXdnRfYo7J/WGTwy0zutQ==
xuid
eb2.3lift.com/ Frame 1FB6
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/4082658486579978729870?gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-jg5NI15E2oRtQ19E8Kla6Ww6dsILiE5WMMpF8_THrQ--~A&dongle=0883
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2662&xuid=y-jg5NI15E2oRtQ19E8Kla6Ww6dsILiE5WMMpF8_THrQ--~A&dongle=0883
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date
Wed, 27 Apr 2022 06:41:03 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://eb2.3lift.com/xuid?mid=2662&xuid=y-jg5NI15E2oRtQ19E8Kla6Ww6dsILiE5WMMpF8_THrQ--~A&dongle=0883
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
sync
x.bidswitch.net/ Frame 1FB6 		43 B
220 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=triplelift&user_id=4082658486579978729870&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.121.19.101 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-121-19-101.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:41:03 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
c.gif
c.bing.com/ Frame 1FB6 		42 B
596 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.bing.com/c.gif?xid=4082658486579978729870&Red3=TLMS_pd
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:02 GMT
etag
"8120eaf0ff3ad81:0"
last-modified
Fri, 18 Mar 2022 19:39:54 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 870E2FDBE1564B1D85553D51D6CAC2BE Ref B: FRA31EDGE0609 Ref C: 2022-04-27T06:41:03Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42
iu3
s.amazon-adsystem.com/ Frame 1FB6
Redirect Chain
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=4082658486579978729870
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4082658486579978729870&dcc=t
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4082658486579978729870&dcc=t
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
Q6QAYJG4PE2X5TGGW4Z1
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4082658486579978729870&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
xuid
eb2.3lift.com/ Frame 1FB6
Redirect Chain
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=Oc2Stf5sMtY6CvvACRw9&gdpr=1
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=Oc2Stf5sMtY6CvvACRw9&gdpr=1
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=Oc2Stf5sMtY6CvvACRw9&gdpr=1
Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
115
Content-Type
text/html; charset=utf-8
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=XtkX6HxpK0pyQjlWZ1RNRGdRcW1pR1J5UG51TXZ4U3FPemZOVUFSaHZsbXcrTFVCN0xySERlZEpta2NyaUxSa3hVL2cvWi9WVk1MTnBBWE1sZFpaWEZPNCtuaFdWMUVSMDF1eUM2RUdhVyticHQ5ekJKQUpaQnZ2UVRMUFByakRZMVNQcm5YNEVWdUIyZWlneVNFRy9jbjFOUUlYZG5tS1QrZkZncWxqVEFuK0NZcUI3eDdsblFVQkRUSjEwZWk2bWZ1azBiT0Z6YkREN2xzZnJtYmV2QnlDNXdxQXdGS1p6dUYrWlNtZ1pnMVFmbzdZYnpjWWRrc25VaFBHNkNyeVFvYkxiRjBUSkU5SHdpN0huZUlWRGFORDhjUT09fA&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Wed, 27 Apr 2022 06:41:02 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1088
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
setuid
ib.adnxs.com/prebid/ Frame 320E 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/prebid/setuid?bidder=triplelift_native&gdpr=1&gdpr_consent=&uid=4082658486579978729870
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers
setuid
ib.adnxs.com/prebid/ Frame 320E 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/prebid/setuid?bidder=triplelift&gdpr=1&gdpr_consent=&uid=4082658486579978729870
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers
xuid
eb2.3lift.com/ Frame 320E
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/trl
  • https://eb2.3lift.com/xuid?mid=7255&xuid=AACpnk7E0csAADZj0efulg&dongle=bzwx
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=7255&xuid=AACpnk7E0csAADZj0efulg&dongle=bzwx
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://eb2.3lift.com/xuid?mid=7255&xuid=AACpnk7E0csAADZj0efulg&dongle=bzwx
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
xuid
eb2.3lift.com/ Frame 320E
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://eb2.3lift.com/xuid?mid=3702&xuid=${ADELPHIC_CUID}&dongle=d54f&gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3702&xuid=0063e9eb-c5f5-11ec-8220-5f16f286a6e8&dongle=d54f&gdpr=1&gdpr_consent=
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=3702&xuid=0063e9eb-c5f5-11ec-8220-5f16f286a6e8&dongle=d54f&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location
https://eb2.3lift.com/xuid?mid=3702&xuid=0063e9eb-c5f5-11ec-8220-5f16f286a6e8&dongle=d54f&gdpr=1&gdpr_consent=
Date
Wed, 27 Apr 2022 06:41:02 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
01f9f321-c5f5-11ec-95ba-bbc9c32010ed
xuid
eb2.3lift.com/ Frame 320E
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=13&gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2319&xuid=0-2b196980-0ccf-4d76-6d4a-d76f85212a65$ip$138.199.38.133&dongle=4430
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2319&xuid=0-2b196980-0ccf-4d76-6d4a-d76f85212a65$ip$138.199.38.133&dongle=4430
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location
https://eb2.3lift.com/xuid?mid=2319&xuid=0-2b196980-0ccf-4d76-6d4a-d76f85212a65$ip$138.199.38.133&dongle=4430
Date
Wed, 27 Apr 2022 06:41:03 GMT
Connection
keep-alive
Content-Length
140
Content-Type
text/html; charset=utf-8
RVF22VSl
sync-tm.everesttech.net/upi/pid/ Frame 320E 		0
83 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-tm.everesttech.net/upi/pid/RVF22VSl?redir=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3657%26xuid%3D%24%7BTM_USER_ID%7D%26dongle%3D3c0a%26gdpr=1%26gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
via
1.1 varnish
server
Varnish
x-timer
S1651041663.204066,VS0,VE0
x-cache
MISS
cache-control
no-cache
x-cache-hits
0
accept-ranges
bytes
content-length
0
retry-after
0
x-served-by
cache-hhn4070-HHN
xuid
eb2.3lift.com/ Frame 320E
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=1%26gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3335&xuid=4382111657419277628&dongle=4d58&gdpr=1&gdpr_consent=
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=3335&xuid=4382111657419277628&dongle=4d58&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
ab78c3ef-70eb-46af-88e8-f60544cc6aa2
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://eb2.3lift.com/xuid?mid=3335&xuid=4382111657419277628&dongle=4d58&gdpr=1&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
xuid
eb2.3lift.com/ Frame 320E
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=triplelift&gdpr=1&gdpr_consent=
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=triplelift&gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=4945&xuid=e2cd560a-dcc3-4fdb-b5bd-6a9e66cac51a&dongle=31ac
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=4945&xuid=e2cd560a-dcc3-4fdb-b5bd-6a9e66cac51a&dongle=31ac
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location
//eb2.3lift.com/xuid?mid=4945&xuid=e2cd560a-dcc3-4fdb-b5bd-6a9e66cac51a&dongle=31ac
Date
Wed, 27 Apr 2022 06:41:03 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
xuid
eb2.3lift.com/ Frame 320E
Redirect Chain
  • https://ad.turn.com/r/cs?pid=49&gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=4771&xuid=4177690674198123042&dongle=d407
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=4771&xuid=4177690674198123042&dongle=d407
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://eb2.3lift.com/xuid?mid=4771&xuid=4177690674198123042&dongle=d407
pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
xuid
eb2.3lift.com/ Frame 320E
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=62&redir=%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3690%26xuid%3D%5BMM_UUID%5D%26dongle%3D3995%26gdpr=1%26gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3690&xuid=671e6268-e579-4a00-9b31-03aa76d871a7&dongle=3995&gdpr=1&gdpr_consent=
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=3690&xuid=671e6268-e579-4a00-9b31-03aa76d871a7&dongle=3995&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
MT3 4335 2c68c00 master ord-pixel-x12 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eb2.3lift.com/xuid?mid=3690&xuid=671e6268-e579-4a00-9b31-03aa76d871a7&dongle=3995&gdpr=1&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 27 Apr 2022 06:41:02 GMT
setuid
ib.adnxs.com/prebid/ Frame 3D7B 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/prebid/setuid?bidder=triplelift_native&gdpr=1&gdpr_consent=&uid=4082658486579978729870
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers
setuid
ib.adnxs.com/prebid/ Frame 3D7B 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/prebid/setuid?bidder=triplelift&gdpr=1&gdpr_consent=&uid=4082658486579978729870
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers
xuid
eb2.3lift.com/ Frame 3D7B
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/trl
  • https://eb2.3lift.com/xuid?mid=7255&xuid=AACpnk7E0csAADZj0efulg&dongle=bzwx
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=7255&xuid=AACpnk7E0csAADZj0efulg&dongle=bzwx
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://eb2.3lift.com/xuid?mid=7255&xuid=AACpnk7E0csAADZj0efulg&dongle=bzwx
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
xuid
eb2.3lift.com/ Frame 3D7B
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://eb2.3lift.com/xuid?mid=3702&xuid=${ADELPHIC_CUID}&dongle=d54f&gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3702&xuid=0063e9eb-c5f5-11ec-8220-5f16f286a6e8&dongle=d54f&gdpr=1&gdpr_consent=
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=3702&xuid=0063e9eb-c5f5-11ec-8220-5f16f286a6e8&dongle=d54f&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location
https://eb2.3lift.com/xuid?mid=3702&xuid=0063e9eb-c5f5-11ec-8220-5f16f286a6e8&dongle=d54f&gdpr=1&gdpr_consent=
Date
Wed, 27 Apr 2022 06:41:02 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
01fa417d-c5f5-11ec-b5b2-9f5d5a66ef32
xuid
eb2.3lift.com/ Frame 3D7B
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=13&gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2319&xuid=0-2b196980-0ccf-4d76-6d4a-d76f85212a65$ip$138.199.38.133&dongle=4430
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2319&xuid=0-2b196980-0ccf-4d76-6d4a-d76f85212a65$ip$138.199.38.133&dongle=4430
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location
https://eb2.3lift.com/xuid?mid=2319&xuid=0-2b196980-0ccf-4d76-6d4a-d76f85212a65$ip$138.199.38.133&dongle=4430
Date
Wed, 27 Apr 2022 06:41:03 GMT
Connection
keep-alive
Content-Length
140
Content-Type
text/html; charset=utf-8
RVF22VSl
sync-tm.everesttech.net/upi/pid/ Frame 3D7B 		0
59 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-tm.everesttech.net/upi/pid/RVF22VSl?redir=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3657%26xuid%3D%24%7BTM_USER_ID%7D%26dongle%3D3c0a%26gdpr=1%26gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
via
1.1 varnish
server
Varnish
x-timer
S1651041663.206329,VS0,VE0
x-cache
MISS
cache-control
no-cache
x-cache-hits
0
accept-ranges
bytes
content-length
0
retry-after
0
x-served-by
cache-hhn4070-HHN
xuid
eb2.3lift.com/ Frame 3D7B
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=1%26gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3335&xuid=4382111657419277628&dongle=4d58&gdpr=1&gdpr_consent=
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=3335&xuid=4382111657419277628&dongle=4d58&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
9435e81c-c217-44f6-b620-cc8f23a8f846
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://eb2.3lift.com/xuid?mid=3335&xuid=4382111657419277628&dongle=4d58&gdpr=1&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
xuid
eb2.3lift.com/ Frame 3D7B
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=triplelift&gdpr=1&gdpr_consent=
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=triplelift&gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=4945&xuid=e2cd560a-dcc3-4fdb-b5bd-6a9e66cac51a&dongle=31ac
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=4945&xuid=e2cd560a-dcc3-4fdb-b5bd-6a9e66cac51a&dongle=31ac
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location
//eb2.3lift.com/xuid?mid=4945&xuid=e2cd560a-dcc3-4fdb-b5bd-6a9e66cac51a&dongle=31ac
Date
Wed, 27 Apr 2022 06:41:03 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
xuid
eb2.3lift.com/ Frame 3D7B
Redirect Chain
  • https://ad.turn.com/r/cs?pid=49&gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=4771&xuid=4177690674198123042&dongle=d407
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=4771&xuid=4177690674198123042&dongle=d407
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://eb2.3lift.com/xuid?mid=4771&xuid=4177690674198123042&dongle=d407
pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
xuid
eb2.3lift.com/ Frame 3D7B
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=62&redir=%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3690%26xuid%3D%5BMM_UUID%5D%26dongle%3D3995%26gdpr=1%26gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3690&xuid=671e6268-e579-4a00-9b31-03aa76d871a7&dongle=3995&gdpr=1&gdpr_consent=
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=3690&xuid=671e6268-e579-4a00-9b31-03aa76d871a7&dongle=3995&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
MT3 4335 2c68c00 master ord-pixel-x16 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eb2.3lift.com/xuid?mid=3690&xuid=671e6268-e579-4a00-9b31-03aa76d871a7&dongle=3995&gdpr=1&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 27 Apr 2022 06:41:02 GMT
pixelSync
pixel-sync.sitescout.com/dmp/ Frame 5F84 		0
191 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-sync.sitescout.com/dmp/pixelSync?nid=83&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
66.155.71.25 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
AC1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:02 GMT
cache-control
max-age=0,no-cache,no-store
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires
Tue, 11 Oct 1977 12:34:56 GMT
xuid
eb2.3lift.com/ Frame 5F84
Redirect Chain
  • https://sync.hgrtb.com/triplelift?redir=http%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D7666%26xuid%3Dmy_external_user_id%26dongle%3D8f7
  • https://eb2.3lift.com/xuid?mid=7666&xuid=1884f9e9-c003-4c8e-abe2-78689c1bc5fc&dongle=8f7
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=7666&xuid=1884f9e9-c003-4c8e-abe2-78689c1bc5fc&dongle=8f7
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
http://eb2.3lift.com/xuid?mid=7666&xuid=1884f9e9-c003-4c8e-abe2-78689c1bc5fc&dongle=8f7
date
Wed, 27 Apr 2022 06:41:03 GMT
content-length
118
strict-transport-security
max-age=15724800; includeSubDomains
content-type
text/html; charset=utf-8
current
triplelift-match.dotomi.com/match/bounce/ Frame 5F84 		0
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://triplelift-match.dotomi.com/match/bounce/current?networkId=74572&version=1&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:12::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
xuid
eb2.3lift.com/ Frame 5F84
Redirect Chain
  • https://cms.quantserve.com/pixel/p-VtN-a_yLd-GB-.gif?idmatch=0&gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?&mid=5316&dongle=fa68&xuid=acbNVTrBzFVyxcMPaMPWWWiVmlhywcpcOZUslLFG
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?&mid=5316&dongle=fa68&xuid=acbNVTrBzFVyxcMPaMPWWWiVmlhywcpcOZUslLFG
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://eb2.3lift.com/xuid?&mid=5316&dongle=fa68&xuid=acbNVTrBzFVyxcMPaMPWWWiVmlhywcpcOZUslLFG
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
iu3
aax-eu.amazon-adsystem.com/s/ Frame 5F84
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=4082658486579978729870
  • https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4082658486579978729870&dcc=t
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4082658486579978729870&dcc=t
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
HTTP/1.1
Server
52.95.126.160 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
TQ024Q8QZ3WVKB3S3239
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4082658486579978729870&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
value=4082658486579978729870
sasinator.realestate.com.au/rea/lserver/setid/external=TRIPLELIFT/ Frame 5F84
Redirect Chain
  • https://sasinator.realestate.com.au/rea/setid/external=TRIPLELIFT/value=4082658486579978729870
  • https://sasinator.realestate.com.au/rea/lserver/setid/external=TRIPLELIFT/value=4082658486579978729870
43 B
523 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sasinator.realestate.com.au/rea/lserver/setid/external=TRIPLELIFT/value=4082658486579978729870
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
54.66.168.86 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-66-168-86.ap-southeast-2.compute.amazonaws.com
Software
Match/6817.2933fd11c233c2bdcb1c706b698b10fcabbf4860 (i-07624522d839cb8bb) /
Resource Hash
82e400c090fb5260267fa339b115e8fe2cb3171303e252844d9756f252f39099

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:04 GMT
server
Match/6817.2933fd11c233c2bdcb1c706b698b10fcabbf4860 (i-07624522d839cb8bb)
p3p
CP="NOI NID ADMa PSAa OUR BUS COM NAV"
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-type
image/gif
content-length
43
expires
-1

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
server
Match/6817.2933fd11c233c2bdcb1c706b698b10fcabbf4860 (i-07624522d839cb8bb)
p3p
CP="NOI NID ADMa PSAa OUR BUS COM NAV"
location
https://sasinator.realestate.com.au/rea/lserver/setid/external=TRIPLELIFT/value=4082658486579978729870
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
expires
-1
usermatch
usersync.getpublica.com/ Frame 5F84 		0
198 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.getpublica.com/usermatch?provider=triplelift&TripleLiftID={$UID}
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.205.113.20 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-205-113-20.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate
Content-Length
0
Vary
Origin
Expires
0
xuid
eb2.3lift.com/ Frame 5F84
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?st=TRIPLELIFT&rurl=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D6019%26xuid%3D_wfivefivec_%26dongle%3D465e%26gdpr=1%26gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=6019&xuid=iOlBJwNX1NJBmb5&dongle=465e&gdpr=1&gdpr_consent=
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=6019&xuid=iOlBJwNX1NJBmb5&dongle=465e&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:02 GMT
Server
PingMatch/v2.0.30-713-gdae83a2#rel-ec2-master i-022b0454a7aa0bd60@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://eb2.3lift.com/xuid?mid=6019&xuid=iOlBJwNX1NJBmb5&dongle=465e&gdpr=1&gdpr_consent=
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
xuid
eb2.3lift.com/ Frame 5F84
Redirect Chain
  • https://us.creativecdn.com/cm-notify?pi=triplelift&gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=6547&xuid=QuO7j6tCXszybLZpKdGp&dongle=45fg&pi=triplelift&gdpr=1&gdpr_consent=
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=6547&xuid=QuO7j6tCXszybLZpKdGp&dongle=45fg&pi=triplelift&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://eb2.3lift.com/xuid?mid=6547&xuid=QuO7j6tCXszybLZpKdGp&dongle=45fg&pi=triplelift&gdpr=1&gdpr_consent=
pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT, Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
cookiesync
bttrack.com/pixel/ Frame 5F84 		35 B
380 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bttrack.com/pixel/cookiesync?source=3a66d299-1ebd-4293-884e-8e6f36dc1a6a&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS
46.bidtellect.com
Software
Microsoft-IIS/8.5 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

X-ServerName
Track004-iad
Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
X-AspNetMvc-Version
5.2
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
P3P
CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control
private,no-cache
Content-Type
image/gif
Content-Length
35
Expires
-1
usync.js
eus.rubiconproject.com/ Frame D860 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
9373556c315280b756fbe5e357153b8b34d73c3da1a92367a1018561912d4a3a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:41:03 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Mar 2022 16:28:01 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=77800
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9542
Expires
Thu, 28 Apr 2022 04:17:43 GMT
xuid
eb2.3lift.com/ Frame 1D6D
Redirect Chain
  • https://csync.loopme.me/?redirect=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D6126%26xuid%3D%7Bdevice_id%7D%26dongle%3D9e4f%26gdpr=1%26gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=6126&xuid=650a56bd-65ad-4363-aed9-f0f1a2750f63&dongle=9e4f&gdpr
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=6126&xuid=650a56bd-65ad-4363-aed9-f0f1a2750f63&dongle=9e4f&gdpr
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://eb2.3lift.com/xuid?mid=6126&xuid=650a56bd-65ad-4363-aed9-f0f1a2750f63&dongle=9e4f&gdpr
date
Wed, 27 Apr 2022 06:41:03 GMT
server
_
content-length
0
CookieSyncTripleLift&gdpr=1&gdpr_consent=
rtb.adentifi.com/ Frame 1D6D 		0
46 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.adentifi.com/CookieSyncTripleLift&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.200.145.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-200-145-253.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
content-length
0
content-type
text/plain
match
c1.adform.net/serving/cookie/ Frame 1D6D 		0
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c1.adform.net/serving/cookie/match?party=1245&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
140
match.deepintent.com/usersync/ Frame 1D6D 		0
39 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/140
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
content-length
0
server
b
xuid
eb2.3lift.com/ Frame 1D6D
Redirect Chain
  • https://bh.contextweb.com/bh/sync/3lift?rurl=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D2636%26xuid%3D%25%25VGUID%25%25%26dongle%3D8bee%26gdpr=1%26gdpr_consent=
  • https://bh.contextweb.com/bh/rtset?pid=558356&ev=1&daaqp=1&rurl=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D2636%26xuid%3DPPbFdmaSFn2g%26dongle%3D8bee%26gdpr%3D1%26gdpr_consent%3D
  • https://eb2.3lift.com/xuid?mid=2636&xuid=PPbFdmaSFn2g&dongle=8bee&gdpr=1&gdpr_consent=
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2636&xuid=PPbFdmaSFn2g&dongle=8bee&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
de-DE
location
https://eb2.3lift.com/xuid?mid=2636&xuid=PPbFdmaSFn2g&dongle=8bee&gdpr=1&gdpr_consent=
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-588fbd8cf7-j7svj
expires
-1
us.gif
sync.go.sonobi.com/ Frame 1D6D 		49 B
513 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=tl&nuid=4082658486579978729870
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-129
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
xuid
eb2.3lift.com/ Frame 1D6D
Redirect Chain
  • https://www.storygize.net/ccm/9779a491-75d6-4ad2-92bd-2f159c9892ab
  • https://eb2.3lift.com/xuid?mid=3396&xuid=37cf273d-6031-4a9e-b4c2-17b86d952301&dongle=c7e1
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=3396&xuid=37cf273d-6031-4a9e-b4c2-17b86d952301&dongle=c7e1
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location
https://eb2.3lift.com/xuid?mid=3396&xuid=37cf273d-6031-4a9e-b4c2-17b86d952301&dongle=c7e1
Pragma
no-cache
cache-control
no-cache, no-store, must-revalidate
Connection
keep-alive
P3P
CP ALL ADM DEV PSAi COM OUR OTRo STP IND ONL
Content-Length
0
expires
0
xuid
eb2.3lift.com/ Frame 1D6D
Redirect Chain
  • https://um.simpli.fi/triplelift
  • https://eb2.3lift.com/xuid?mid=7969&xuid=29DFB062F03745C1AB22E13B516BBAFA&dongle=yf3
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=7969&xuid=29DFB062F03745C1AB22E13B516BBAFA&dongle=yf3
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date
Wed, 27 Apr 2022 06:41:03 GMT
x-content-type-options
nosniff
server
nginx
location
https://eb2.3lift.com/xuid?mid=7969&xuid=29DFB062F03745C1AB22E13B516BBAFA&dongle=yf3
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
138
expires
Tue, 26 Apr 2022 06:41:03 GMT
xuid
eb2.3lift.com/ Frame 1D6D
Redirect Chain
  • https://ums.acuityplatform.com/tum?umid=23&uid=4082658486579978729870&gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3391&xuid=665800460170&dongle=6f30
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=3391&xuid=665800460170&dongle=6f30
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

access-control-allow-origin
*
content-length
0
location
https://eb2.3lift.com/xuid?mid=3391&xuid=665800460170&dongle=6f30
xuid
eb2.3lift.com/ Frame 1D6D
Redirect Chain
  • https://sync.1rx.io/usersync2/triplelift
  • https://sync.1rx.io/usersync2/triplelift?zcc=1&cb=1651041663233
  • https://eb2.3lift.com/xuid?mid=4070&xuid=OPTOUT&dongle=2dcc
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=4070&xuid=OPTOUT&dongle=2dcc
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
server
Tengine
etag
OPTOUT
content-type
text/html
location
https://eb2.3lift.com/xuid?mid=4070&xuid=OPTOUT&dongle=2dcc
cache-control
no-store, no-cache, must-revalidate
expires
0
async_usersync
ib.adnxs.com/ Frame 540D 		0
745 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
1a855f9e-9e49-4c6a-b375-dab7c2604208
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 02E8 		0
745 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
097f2962-2f6a-4e53-96c4-0d4d4a7219d3
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame C404 		0
745 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
e86c4b99-ec3c-4f0c-8684-f05f2ee36654
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 820D 		0
745 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
d8b7b756-d899-4571-b5c1-08c7a9879a79
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 19B9 		0
745 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
a52dade8-627d-4bb5-8c98-93cdebf29108
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usermatch
ssum-sec.casalemedia.com/ Frame 2293 		1 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ff109d38c206c434f4f363030d0c90d201bc332b2d27d7dead097b7fc075d03e

Request headers

Referer
https://js-sec.indexww.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
1445
Content-Type
text/html
Date
Wed, 27 Apr 2022 06:41:03 GMT
Dropped-Udsids
90|41|176|47|65|39|218|64
Expires
Wed, 27 Apr 2022 06:41:03 GMT
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
Vary
Is-Traffic-Usersync
usermatch
ssum-sec.casalemedia.com/ Frame CC33 		1 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
89c135feacd515d13a0ba0cb46408b00db8c18ecbca95baaa851f7f08be441e1

Request headers

Referer
https://js-sec.indexww.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
1430
Content-Type
text/html
Date
Wed, 27 Apr 2022 06:41:03 GMT
Dropped-Udsids
90|41|176|47|18|17|8|191
Expires
Wed, 27 Apr 2022 06:41:03 GMT
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
Vary
Is-Traffic-Usersync
usermatch
ssum-sec.casalemedia.com/ Frame 816A 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c07bd38f949e296b810023e25f2700973c07832c0ab48ca83b82a3cf2e28d06a

Request headers

Referer
https://js-sec.indexww.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
1574
Content-Type
text/html
Date
Wed, 27 Apr 2022 06:41:03 GMT
Dropped-Udsids
90|41|176|47|51|39|88|195
Expires
Wed, 27 Apr 2022 06:41:03 GMT
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
Vary
Is-Traffic-Usersync
usermatch
ssum-sec.casalemedia.com/ Frame 9ED3 		1 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
005a6abf772f5a71490186676d5a0f3a3e5360a2445f06c8f53dce0f72eabe8e

Request headers

Referer
https://js-sec.indexww.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
1331
Content-Type
text/html
Date
Wed, 27 Apr 2022 06:41:03 GMT
Dropped-Udsids
90|41|47|176|109|196|57|8
Expires
Wed, 27 Apr 2022 06:41:03 GMT
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
Vary
Is-Traffic-Usersync
usermatch
ssum-sec.casalemedia.com/ Frame EBA5 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0ba1b72b723f378698972f0419f2280b088eb36aa814db4e6f7eb36bec2a494f

Request headers

Referer
https://js-sec.indexww.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
1624
Content-Type
text/html
Date
Wed, 27 Apr 2022 06:41:03 GMT
Dropped-Udsids
41|47|176|57|64|88|31|13
Expires
Wed, 27 Apr 2022 06:41:03 GMT
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
Vary
Is-Traffic-Usersync
PugMaster
image6.pubmatic.com/AdServer/ Frame CB54 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=73223941&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fx.yieldlift.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1YN-%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
23809ea0e8d21231d20360000aa8e279e133891bea0a32f63682293c95db2d6e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:01 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
1047
content-type
text/html; charset=UTF-8
no_match_opted_out
um.simpli.fi/ Frame 2293
Redirect Chain
  • https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1
  • https://um.simpli.fi/no_match_opted_out
0
272 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/no_match_opted_out
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Server
169.50.137.184 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
b8.89.32a9.ip4.static.sl-reverse.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:41:03 GMT
x-content-type-options
nosniff
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS

Redirect headers

date
Wed, 27 Apr 2022 06:41:03 GMT
x-content-type-options
nosniff
server
nginx
location
/no_match_opted_out
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
138
expires
Tue, 26 Apr 2022 06:41:03 GMT
bridge
cm.adgrx.com/ Frame 2293 		43 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.adgrx.com/bridge?AG_PID=casale&AG_SETCOOKIE&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
72.251.245.181 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
Cowboy /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
server
Cowboy
P3P
CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Connection
keep-alive
Content-Type
image/gif
X-RealServer-NX
ams-delivery-8
Content-Length
43
Expires
Thu, 23 Sep 2004 17:42:04 GMT
113
match.deepintent.com/usersync/ Frame 2293 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/113
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
content-length
0
server
b
crum
dsum-sec.casalemedia.com/ Frame 2293
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=iOlBJwNX1NJBmb5&gdpr=1
43 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=iOlBJwNX1NJBmb5&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:41:03 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:02 GMT
Server
PingMatch/v2.0.30-713-gdae83a2#rel-ec2-master i-022b0454a7aa0bd60@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=iOlBJwNX1NJBmb5&gdpr=1
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum.casalemedia.com/ Frame 2293
Redirect Chain
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1651128063&gdpr=1
43 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1651128063&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Wed, 27 Apr 2022 06:41:03 GMT

Redirect headers

location
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1651128063&gdpr=1
pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
content-length
0
expires
0
casale
match.adsrvr.org/track/cmf/ Frame 2293 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
ibs:dpid=23728&dpuuid=YmjleKUCRbN6zLlXA4o4fwAA%261164
dpm.demdex.net/ Frame 2293 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YmjleKUCRbN6zLlXA4o4fwAA%261164?gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.28.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-28-241.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers
pixelSync
pixel-sync.sitescout.com/dmp/ Frame 2293 		0
191 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
66.155.71.25 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
AC1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:02 GMT
cache-control
max-age=0,no-cache,no-store
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires
Tue, 11 Oct 1977 12:34:56 GMT
htw-pixel.gif
js-sec.indexww.com/ht/ Frame 2293 		43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://js-sec.indexww.com/ht/htw-pixel.gif?YmjleKUCRbN6zLlXA4o4fwAA%261164
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:41:03 GMT
Last-Modified
Tue, 24 Jan 2017 19:36:04 GMT
Server
Apache
ETag
"902a3d-2b-546dc3a097100"
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=2489
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 07:22:32 GMT
no_match_opted_out
um.simpli.fi/ Frame 816A
Redirect Chain
  • https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1
  • https://um.simpli.fi/no_match_opted_out
0
272 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/no_match_opted_out
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Server
169.50.137.184 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
b8.89.32a9.ip4.static.sl-reverse.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:41:03 GMT
x-content-type-options
nosniff
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS

Redirect headers

date
Wed, 27 Apr 2022 06:41:03 GMT
x-content-type-options
nosniff
server
nginx
location
/no_match_opted_out
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
138
expires
Tue, 26 Apr 2022 06:41:03 GMT
bridge
cm.adgrx.com/ Frame 816A 		43 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.adgrx.com/bridge?AG_PID=casale&AG_SETCOOKIE&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
72.251.245.181 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
Cowboy /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
server
Cowboy
P3P
CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Connection
keep-alive
Content-Type
image/gif
X-RealServer-NX
ams-delivery-8
Content-Length
43
Expires
Thu, 23 Sep 2004 17:42:04 GMT
113
match.deepintent.com/usersync/ Frame 816A 		0
39 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/113
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:02 GMT
content-length
0
server
b
crum
dsum-sec.casalemedia.com/ Frame 816A
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=iOlBJwNX1NJBmb5&gdpr=1
43 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=iOlBJwNX1NJBmb5&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:41:03 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:02 GMT
Server
PingMatch/v2.0.30-713-gdae83a2#rel-ec2-master i-078691873e5d8cf91@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=iOlBJwNX1NJBmb5&gdpr=1
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
sync
x.bidswitch.net/ Frame 816A 		43 B
220 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=index&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.121.19.101 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-121-19-101.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:41:03 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
casale
match.adsrvr.org/track/cmf/ Frame 816A 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
ZMAwryCI
sync-tm.everesttech.net/upi/pid/ Frame 816A 		0
59 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
via
1.1 varnish
server
Varnish
x-timer
S1651041663.410751,VS0,VE0
x-cache
MISS
cache-control
no-cache
x-cache-hits
0
accept-ranges
bytes
content-length
0
retry-after
0
x-served-by
cache-hhn4070-HHN
crum
dsum-sec.casalemedia.com/ Frame 816A
Redirect Chain
  • https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-e2989857-2aac-4c5e-9edd-c9c3ae45551c
43 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-e2989857-2aac-4c5e-9edd-c9c3ae45551c
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:41:03 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-e2989857-2aac-4c5e-9edd-c9c3ae45551c
date
Wed, 27 Apr 2022 06:41:03 GMT
server
Apache-Coyote/1.1
content-length
0
htw-pixel.gif
js-sec.indexww.com/ht/ Frame 816A 		43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://js-sec.indexww.com/ht/htw-pixel.gif?YmjleKUCRbN6zLlXA4o4fwAA%261164
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:41:03 GMT
Last-Modified
Tue, 24 Jan 2017 19:36:04 GMT
Server
Apache
ETag
"902a3d-2b-546dc3a097100"
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=2489
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 07:22:32 GMT
usersync
match.bnmla.com/ Frame 8649 		0
114 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fx.yieldlift.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1YN-%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
38.27.122.158 Chestertown, United States, ASN174 (COGENT-174, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Length
0
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
nginx
Pug
simage2.pubmatic.com/AdServer/ Frame A96B
Redirect Chain
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:29DFB062F03745C1AB22E13B516BBAFA
1 B
145 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:29DFB062F03745C1AB22E13B516BBAFA
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fx.yieldlift.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1YN-%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
1
content-type
text/html; charset=utf-8
date
Wed, 27 Apr 2022 06:41:03 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
amspug014:0:320

Redirect headers

access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-length
138
content-type
text/html
date
Wed, 27 Apr 2022 06:41:03 GMT
expires
Tue, 26 Apr 2022 06:41:03 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:29DFB062F03745C1AB22E13B516BBAFA
server
nginx
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
setuid
x.yieldlift.com/ Frame B6C8 		0
598 B 		Document
General
Check archive.org
Download Go to
Full URL
https://x.yieldlift.com/setuid?bidder=pubmatic&gdpr=0&gdpr_consent=&us_privacy=1YN-&uid=473A70B1-97BC-4D1F-B401-450179C13E19
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fx.yieldlift.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1YN-%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.148.240 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-234-148-240.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept
application/json
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
Content-Type
application/json;charset=utf-8
Expires
0
Pragma
no-cache
Artemis
aud.pubmatic.com/AdServer/ Frame CB54
Redirect Chain
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=473A70B1-97BC-4D1F-B401-450179C13E19&gdpr=
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=473A70B1-97BC-4D1F-B401-450179C13E19&gdpr=&fbounce=1
  • https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=473A70B1-97BC-4D1F-B401-450179C13E19&addseg=19,36,42
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=473A70B1-97BC-4D1F-B401-450179C13E19&addseg=19,36,42
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
204.237.133.247 West Chester, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Redirect headers

date
Wed, 27 Apr 2022 06:41:03 GMT
via
1.1 google
p3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=473A70B1-97BC-4D1F-B401-450179C13E19&addseg=19,36,42
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type
text/html; charset=utf-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
141
info2
uipglob.semasio.net/pubmatic/1/ Frame CB54
Redirect Chain
  • https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=473A70B1-97BC-4D1F-B401-450179C13E19&sInitiator=external&gdpr=0&gdpr_consent=
  • https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=473A70B1-97BC-4D1F-B401-450179C13E19&sInitiator=external&gdpr=0&gdpr_consent=
42 B
603 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=473A70B1-97BC-4D1F-B401-450179C13E19&sInitiator=external&gdpr=0&gdpr_consent=
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Server
77.243.60.138 Aalborg, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software
/
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:01 GMT
frontend-id
6
p3p
policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin
*
uip-response-status
Ok
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
routing-server-id
-1
expires
Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:01 GMT
frontend-id
7
location
/pubmatic/1/info2?sType=sync&sExtCookieId=473A70B1-97BC-4D1F-B401-450179C13E19&sInitiator=external&gdpr=0&gdpr_consent=
p3p
policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin
*
uip-response-status
Ok
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
0
routing-server-id
-1
expires
Sat, 01 Jan 2011 12:00:00 GMT
mw
mwzeom.zeotap.com/ Frame CB54 		95 B
176 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=473A70B1-97BC-4D1F-B401-450179C13E19
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://ads.pubmatic.com
access-control-allow-credentials
true
cf-ray
702591fc3c6c92a2-FRA
access-control-allow-headers
*
content-length
95
p
a.audrte.com/ Frame CB54
Redirect Chain
  • https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=473A70B1-97BC-4D1F-B401-450179C13E19
  • https://a.audrte.com/p
68 B
617 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.audrte.com/p
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Server
23.22.109.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-22-109-120.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
68

Redirect headers

Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
nginx/1.18.0
Access-Control-Allow-Origin
*
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Location
https://a.audrte.com:443/p
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
no_match_opted_out
um.simpli.fi/ Frame 9ED3
Redirect Chain
  • https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1
  • https://um.simpli.fi/no_match_opted_out
0
272 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/no_match_opted_out
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Server
169.50.137.184 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
b8.89.32a9.ip4.static.sl-reverse.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:41:03 GMT
x-content-type-options
nosniff
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS

Redirect headers

date
Wed, 27 Apr 2022 06:41:03 GMT
x-content-type-options
nosniff
server
nginx
location
/no_match_opted_out
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
138
expires
Tue, 26 Apr 2022 06:41:03 GMT
bridge
cm.adgrx.com/ Frame 9ED3 		43 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.adgrx.com/bridge?AG_PID=casale&AG_SETCOOKIE&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
72.251.245.181 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
Cowboy /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
server
Cowboy
P3P
CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Connection
keep-alive
Content-Type
image/gif
X-RealServer-NX
ams-delivery-8
Content-Length
43
Expires
Thu, 23 Sep 2004 17:42:04 GMT
crum
dsum-sec.casalemedia.com/ Frame 9ED3
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=iOlBJwNX1NJBmb5&gdpr=1
43 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=iOlBJwNX1NJBmb5&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:41:03 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
PingMatch/v2.0.30-713-gdae83a2#rel-ec2-master i-04fd973f611872bb0@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=iOlBJwNX1NJBmb5&gdpr=1
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
113
match.deepintent.com/usersync/ Frame 9ED3 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/113
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:02 GMT
content-length
0
server
b
crum
dsum-sec.casalemedia.com/ Frame 9ED3
Redirect Chain
  • https://cm.ctnsnet.com/int/cm?exc=19&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=109&external_user_id=07430fd5c7ca4fa58645fcbbba2d4104&expiration=1653633663
43 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=109&external_user_id=07430fd5c7ca4fa58645fcbbba2d4104&expiration=1653633663
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:41:03 GMT

Redirect headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
via
1.1 google
server
Apache-Coyote/1.1
status
302
p3p
CP="NOI DSP COR NID CUR OUR NOR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=109&external_user_id=07430fd5c7ca4fa58645fcbbba2d4104&expiration=1653633663
cache-control
no-cache, must-revalidate
content-type
text/html;charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 9ED3
Redirect Chain
  • https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1
  • https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1&prevuid=&knw=0
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
43 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Wed, 27 Apr 2022 06:41:03 GMT

Redirect headers

date
Wed, 27 Apr 2022 06:41:03 GMT
server
nginx
access-control-allow-origin
*
transfer-encoding
chunked
access-control-allow-methods
POST, GET, OPTIONS
p3p
CP="NOI DEV OUR BUS UNI"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
cache-control
no-cache
content-type
text/html; charset=UTF-8
access-control-allow-headers
Origin
keep-alive
timeout=10
crum
dsum-sec.casalemedia.com/ Frame 9ED3
Redirect Chain
  • https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5144588520131858600
43 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5144588520131858600
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:41:03 GMT

Redirect headers

Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5144588520131858600
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
crum
dsum-sec.casalemedia.com/ Frame 9ED3
Redirect Chain
  • https://beacon.lynx.cognitivlabs.com/ix.gif
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=46b51b4d-bbf7-4096-81db-1df1f4ee4803&expiration=1682577663
43 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=46b51b4d-bbf7-4096-81db-1df1f4ee4803&expiration=1682577663
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:41:03 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=46b51b4d-bbf7-4096-81db-1df1f4ee4803&expiration=1682577663
date
Wed, 27 Apr 2022 06:41:03 GMT
server
Kestrel
content-length
0
htw-pixel.gif
js-sec.indexww.com/ht/ Frame 9ED3 		43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://js-sec.indexww.com/ht/htw-pixel.gif?YmjleKUCRbN6zLlXA4o4fwAA%261164
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:41:03 GMT
Last-Modified
Tue, 24 Jan 2017 19:36:04 GMT
Server
Apache
ETag
"902a3d-2b-546dc3a097100"
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=2524
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 07:23:07 GMT
no_match_opted_out
um.simpli.fi/ Frame CC33
Redirect Chain
  • https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1
  • https://um.simpli.fi/no_match_opted_out
0
272 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/no_match_opted_out
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Server
169.50.137.184 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
b8.89.32a9.ip4.static.sl-reverse.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:41:03 GMT
x-content-type-options
nosniff
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS

Redirect headers

date
Wed, 27 Apr 2022 06:41:03 GMT
x-content-type-options
nosniff
server
nginx
location
/no_match_opted_out
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
138
expires
Tue, 26 Apr 2022 06:41:03 GMT
bridge
cm.adgrx.com/ Frame CC33 		43 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.adgrx.com/bridge?AG_PID=casale&AG_SETCOOKIE&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
72.251.245.181 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
Cowboy /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
server
Cowboy
P3P
CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Connection
keep-alive
Content-Type
image/gif
X-RealServer-NX
ams-delivery-8
Content-Length
43
Expires
Thu, 23 Sep 2004 17:42:04 GMT
113
match.deepintent.com/usersync/ Frame CC33 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/113
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:02 GMT
content-length
0
server
b
crum
dsum-sec.casalemedia.com/ Frame CC33
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=iOlBJwNX1NJBmb5&gdpr=1
43 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=iOlBJwNX1NJBmb5&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:41:03 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
PingMatch/v2.0.30-713-gdae83a2#rel-ec2-master i-0ae965e2f8a6b4310@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=iOlBJwNX1NJBmb5&gdpr=1
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame CC33
Redirect Chain
  • https://s.company-target.com/s/ix?cm_dsp_id=18&us_privacy=&gdpr=1&gdpr_consent=
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1666852863&external_user_id=c11e4a48-4743-4a4a-baa1-af50315103a6
43 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1666852863&external_user_id=c11e4a48-4743-4a4a-baa1-af50315103a6
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:41:03 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1666852863&external_user_id=c11e4a48-4743-4a4a-baa1-af50315103a6
date
Wed, 27 Apr 2022 06:41:03 GMT
access-control-allow-origin
*.casalemedia.com
content-length
157
access-control-allow-methods
GET,OPTIONS
content-type
text/html; charset=utf-8
crum
dsum-sec.casalemedia.com/ Frame CC33
Redirect Chain
  • https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=1&gdpr_consent=
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=Oc2Stf5sMtY6CvvACRw9&gdpr=1
43 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=Oc2Stf5sMtY6CvvACRw9&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:41:03 GMT

Redirect headers

Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=Oc2Stf5sMtY6CvvACRw9&gdpr=1
Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
126
Content-Type
text/html; charset=utf-8
crum
dsum-sec.casalemedia.com/ Frame CC33
Redirect Chain
  • https://beacon.lynx.cognitivlabs.com/ix.gif
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=efb5d0d5-62d7-4c9a-9571-935c7d2023d1&expiration=1682577663
43 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=efb5d0d5-62d7-4c9a-9571-935c7d2023d1&expiration=1682577663
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:41:03 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=efb5d0d5-62d7-4c9a-9571-935c7d2023d1&expiration=1682577663
date
Wed, 27 Apr 2022 06:41:03 GMT
server
Kestrel
content-length
0
rum
dsum-sec.casalemedia.com/ Frame CC33
Redirect Chain
  • https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E&gdpr=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=16d57df4-f577-73ba-c87a937a
43 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=16d57df4-f577-73ba-c87a937a
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:41:03 GMT

Redirect headers

date
Wed, 27 Apr 2022 06:41:03 GMT
via
1.1 google
server
nginx/1.20.2
access-control-allow-origin
*
p3p
CP='This is not a P3P policy!'
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=16d57df4-f577-73ba-c87a937a
cache-control
max-age=3600
content-type
text/html; charset=utf-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
146
htw-pixel.gif
js-sec.indexww.com/ht/ Frame CC33 		43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://js-sec.indexww.com/ht/htw-pixel.gif?YmjleKUCRbN6zLlXA4o4fwAA%261164
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:41:03 GMT
Last-Modified
Tue, 24 Jan 2017 19:36:04 GMT
Server
Apache
ETag
"902a3d-2b-546dc3a097100"
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=2524
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 07:23:07 GMT
bridge
cm.adgrx.com/ Frame EBA5 		43 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.adgrx.com/bridge?AG_PID=casale&AG_SETCOOKIE&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
72.251.245.181 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
Cowboy /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
server
Cowboy
P3P
CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Connection
keep-alive
Content-Type
image/gif
X-RealServer-NX
ams-delivery-8
Content-Length
43
Expires
Thu, 23 Sep 2004 17:42:04 GMT
crum
dsum-sec.casalemedia.com/ Frame EBA5
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=iOlBJwNX1NJBmb5&gdpr=1
43 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=iOlBJwNX1NJBmb5&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:41:03 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
PingMatch/v2.0.30-713-gdae83a2#rel-ec2-master i-04fd973f611872bb0@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=iOlBJwNX1NJBmb5&gdpr=1
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
113
match.deepintent.com/usersync/ Frame EBA5 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/113
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
content-length
0
server
b
crum
dsum-sec.casalemedia.com/ Frame EBA5
Redirect Chain
  • https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5144588520131858600
43 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5144588520131858600
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:41:03 GMT

Redirect headers

Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5144588520131858600
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixelSync
pixel-sync.sitescout.com/dmp/ Frame EBA5 		0
191 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
66.155.71.25 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
AC1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
cache-control
max-age=0,no-cache,no-store
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires
Tue, 11 Oct 1977 12:34:56 GMT
ZMAwryCI
sync-tm.everesttech.net/upi/pid/ Frame EBA5 		0
59 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
via
1.1 varnish
server
Varnish
x-timer
S1651041663.420436,VS0,VE0
x-cache
MISS
cache-control
no-cache
x-cache-hits
0
accept-ranges
bytes
content-length
0
retry-after
0
x-served-by
cache-hhn4070-HHN
noop
px.owneriq.net/ Frame EBA5
Redirect Chain
  • https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID)
  • https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ7043280631636501034&uid=Q7043280631636501034&ref=%2Feucm%2Fp%2Fcc
  • https://px.owneriq.net/noop?ct=image%2Fgif
0
287 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.owneriq.net/noop?ct=image%2Fgif
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.75.246.168 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-75-246-168.deploy.static.akamaitechnologies.com
Software
Apache/2.4.6 (CentOS) / PHP/7.3.33
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
Apache/2.4.6 (CentOS)
Connection
keep-alive
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Powered-By
PHP/7.3.33
Content-Length
0
Content-Type
image/gif

Redirect headers

Location
https://px.owneriq.net/noop?ct=image%2Fgif
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
AkamaiGHost
Connection
keep-alive
Content-Length
0
crum
dsum-sec.casalemedia.com/ Frame EBA5
Redirect Chain
  • https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
43 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:03 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 06:41:03 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
date
Wed, 27 Apr 2022 06:41:03 GMT
access-control-allow-credentials
true
x-powered-by
Express
content-length
0
vary
Origin
keep-alive
timeout=5
htw-pixel.gif
js-sec.indexww.com/ht/ Frame EBA5 		43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://js-sec.indexww.com/ht/htw-pixel.gif?YmjleKUCRbN6zLlXA4o4fwAA%261164
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 06:41:03 GMT
Last-Modified
Tue, 24 Jan 2017 19:36:04 GMT
Server
Apache
ETag
"902a3d-2b-546dc3a097100"
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=2489
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
43
Expires
Wed, 27 Apr 2022 07:22:32 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame 727A 		289 B
516 B 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=535515&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
1104924cb36156fb19b90a6d9d8ba0a75e14275c5406069b88b6f86f78967ebf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:01 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
289
content-type
text/html; charset=UTF-8
usersync
usersync.gumgum.com/ Frame 6CAA 		35 B
296 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=pbm&i=473A70B1-97BC-4D1F-B401-450179C13E19
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.241.76.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-241-76-6.eu-west-1.compute.amazonaws.com
Software
envoy /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif
date
Wed, 27 Apr 2022 06:41:02 GMT
expires
0
pragma
no-cache
server
envoy
x-envoy-upstream-service-time
0
x-region
ireland
ids
idsync.frontend.weborama.fr/ Frame 727A
Redirect Chain
  • https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fidsync.frontend.weborama.fr%2Fids%3Fkey%3Dpubmatic%26value%3D%23PM_USER_ID&gdpr=0
  • https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=473A70B1-97BC-4D1F-B401-450179C13E19
0
268 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=473A70B1-97BC-4D1F-B401-450179C13E19
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
35.201.81.244 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
244.81.201.35.bc.googleusercontent.com
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
via
1.1 google
last-modified
Wed, 27 Apr 2022 06:41:03 GMT
server
nginx/1.18.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

location
https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=473A70B1-97BC-4D1F-B401-450179C13E19
date
Wed, 27 Apr 2022 06:41:02 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
qmap
sync.crwdcntrl.net/ Frame 727A 		49 B
279 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=473A70B1-97BC-4D1F-B401-450179C13E19&gdpr=0&gdpr_consent=
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.220.157.118 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-220-157-118.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:03 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
expires
0
cache-control
no-cache
x-server
10.45.10.128
content-type
image/gif
content-length
49
x-consent
absent
master_480.m3u8
video.primis.tech/uploads/cn14/video/users/hls/24485/video1523973537/vid6268c562a3943650596614.mp4/ 		278 B
714 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.primis.tech/uploads/cn14/video/users/hls/24485/video1523973537/vid6268c562a3943650596614.mp4/master_480.m3u8
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
63.250.60.65 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software
Tengine /
Resource Hash
d22e287bccda3b35ab308c7f0d73813c7863d1f2a04d3899be59711bb70621e0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
via
1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
content-length
278
last-modified
Thu, 26 Aug 2021 09:35:24 GMT
server
Tengine
etag
"ea4369fc299c9c63622d12ea83f9c946"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
application/vnd.apple.mpegurl
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
_J7v_Su-9H9lXCKWN7M7x_hmPWGlTmSDhSb0WgAtSaYnjZxKWCOU-w==
expires
Wed, 11 May 2022 06:41:03 GMT
SPug
simage4.pubmatic.com/AdServer/ Frame 09AF 		0
47 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=156595&gdpr=1&gdpr_consent=&us_privacy=1---
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:02 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
chunklist_480.m3u8
video.primis.tech/uploads/cn14/video/users/hls/24485/video1523973537/vid6268c562a3943650596614.mp4/ 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.primis.tech/uploads/cn14/video/users/hls/24485/video1523973537/vid6268c562a3943650596614.mp4/chunklist_480.m3u8
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
63.250.60.65 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software
Tengine /
Resource Hash
ae3eb795ab75acfbed9f530ee953c4a30dd572673a6acd31e2b3a7f46d5881ce

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
via
1.1 5b6e22c950501920595c86fc25834582.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
content-length
1532
last-modified
Wed, 27 Apr 2022 04:35:46 GMT
server
Tengine
etag
"21b76fd07aacc9324b06f0c41315d928"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
application/vnd.apple.mpegurl
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
kfEFVtypD9G0B_5VEqVYmbKDJ5qMLCycufkfwzg-pDYENXMJBRUvVQ==
expires
Wed, 11 May 2022 06:41:03 GMT
prog_index.m3u8
video.primis.tech/uploads/cn14/video/users/hls/24485/video1523973537/vid6268c562a3943650596614.mp4/ 		159 B
594 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.primis.tech/uploads/cn14/video/users/hls/24485/video1523973537/vid6268c562a3943650596614.mp4/prog_index.m3u8
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
63.250.60.65 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software
Tengine /
Resource Hash
f6fb3b7b52110b314bb3c3a297baf08745f27b5b8690656bc4ae3fc7fc994d32

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
via
1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
content-length
159
last-modified
Wed, 27 Apr 2022 04:50:02 GMT
server
Tengine
etag
"90ada805f99b411dd26d1ed74dc2fc4d"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
application/vnd.apple.mpegurl
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
SUea97zIUA9nfEO0v4qoSd4cvDZWs9BM9zswOxao0v4171O_CRYBNw==
expires
Wed, 11 May 2022 06:41:03 GMT
w_480_00000.ts
video.primis.tech/uploads/cn14/video/users/hls/24485/video1523973537/vid6268c562a3943650596614.mp4/ 		296 KB
297 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.primis.tech/uploads/cn14/video/users/hls/24485/video1523973537/vid6268c562a3943650596614.mp4/w_480_00000.ts
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
63.250.60.65 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software
Tengine /
Resource Hash
4ede5772d970131c333789f8ed75d1d274002894a907fcdf9f9d42935b471c23

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
content-length
303056
last-modified
Wed, 27 Apr 2022 04:35:47 GMT
server
Tengine
etag
"c0b690ce9792a8d8a5934fb08cd10926"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
video/mp2t
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
31HALOgwsrAJPXtuY8cwxa1kNtDlUGKrMTb3fYNQJsSl-koqtB1Kww==
expires
Wed, 11 May 2022 06:41:03 GMT
f0614ca3-331c-4f6d-ae5d-78c230ea901d
https://dailyvoice.com/ 		67 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://dailyvoice.com/f0614ca3-331c-4f6d-ae5d-78c230ea901d
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b3e57eb372e8b405c816875571e184854b2846261c7477c6c9bdb7782faa1a30

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Length
68465
Content-Type
text/javascript
w_480_00001.ts
video.primis.tech/uploads/cn14/video/users/hls/24485/video1523973537/vid6268c562a3943650596614.mp4/ 		350 KB
350 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.primis.tech/uploads/cn14/video/users/hls/24485/video1523973537/vid6268c562a3943650596614.mp4/w_480_00001.ts
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
63.250.60.65 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software
Tengine /
Resource Hash
ed26da99e12f078fc40ee649feb05f65d9f0dc641714abd5c987d69a71448403

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:03 GMT
via
1.1 5b6e22c950501920595c86fc25834582.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
content-length
357952
last-modified
Wed, 27 Apr 2022 04:35:47 GMT
server
Tengine
etag
"71bbacc38c50178de91c063824e33f6a"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
video/mp2t
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
jtmKP3FcP5QNfxtedyTyED_spMpZsbbW1TI3TxDRgEClVrfcvfy2QA==
expires
Wed, 11 May 2022 06:41:03 GMT
w_480_00002.ts
video.primis.tech/uploads/cn14/video/users/hls/24485/video1523973537/vid6268c562a3943650596614.mp4/ 		333 KB
333 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.primis.tech/uploads/cn14/video/users/hls/24485/video1523973537/vid6268c562a3943650596614.mp4/w_480_00002.ts
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
63.250.60.65 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software
Tengine /
Resource Hash
96e6f6c4f2a190d7b49775a9ab0a5bf1a1dc0dcde38d71a7cc982142c5932d8b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:04 GMT
via
1.1 6fc439c8bc0a64a7ab978ce699795274.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
content-length
340656
last-modified
Wed, 27 Apr 2022 04:35:47 GMT
server
Tengine
etag
"beb6c9aa7f5ba0f1fcfe2d2ed4551166"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
video/mp2t
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
uJt_6aB2382nsyhU2V_fc5DnHMruKo2SzjX9tWHqEh1yfhtsvmFWjQ==
expires
Wed, 11 May 2022 06:41:04 GMT
w_480_00003.ts
video.primis.tech/uploads/cn14/video/users/hls/24485/video1523973537/vid6268c562a3943650596614.mp4/ 		318 KB
319 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.primis.tech/uploads/cn14/video/users/hls/24485/video1523973537/vid6268c562a3943650596614.mp4/w_480_00003.ts
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
63.250.60.65 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software
Tengine /
Resource Hash
50223a68bd5fdf00d4bd4daaf5c2395741b4c486453db72eb356efbcc53dc340

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:04 GMT
via
1.1 99092867f863705e8ff048fff99f968c.cloudfront.net (CloudFront)
x-amz-cf-pop
BRU50-C1
content-length
325992
last-modified
Wed, 27 Apr 2022 04:35:47 GMT
server
Tengine
etag
"3fcda35d77dc178039d2b1a6305f7544"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
video/mp2t
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
pMXxqTyhhVq03TGKaN-A7W_CyVX6Pv1powVy1FRWCsO3jpkJAYwPcg==
expires
Wed, 11 May 2022 06:41:04 GMT
w_480_00004.ts
video.primis.tech/uploads/cn14/video/users/hls/24485/video1523973537/vid6268c562a3943650596614.mp4/ 		260 KB
261 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.primis.tech/uploads/cn14/video/users/hls/24485/video1523973537/vid6268c562a3943650596614.mp4/w_480_00004.ts
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
63.250.60.65 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software
Tengine /
Resource Hash
148478606d25d638e8f415e457cea6d2f004a33dbff0036206bc5d2d7d6707a9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:04 GMT
via
1.1 99578e20c0b3a3e3de02b1f1fe508f98.cloudfront.net (CloudFront)
x-amz-cf-pop
BRU50-C1
content-length
266208
last-modified
Wed, 27 Apr 2022 04:35:47 GMT
server
Tengine
etag
"629c40e65c29000930cc504d2b843f88"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
video/mp2t
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
vhd8MW6_w3beYLpcAL7EuckkEGp_TJqIJesA-Cb6083ulQXXYYBkcA==
expires
Wed, 11 May 2022 06:41:04 GMT
w_480_00005.ts
video.primis.tech/uploads/cn14/video/users/hls/24485/video1523973537/vid6268c562a3943650596614.mp4/ 		267 KB
268 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.primis.tech/uploads/cn14/video/users/hls/24485/video1523973537/vid6268c562a3943650596614.mp4/w_480_00005.ts
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
63.250.60.65 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software
Tengine /
Resource Hash
1d6ef0102642400680819f4ed5093b4a3f2fbefd7f4c22b8ec0479eba4fe4772

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:04 GMT
via
1.1 854e69d09dba9252a1cd2401bf2be25e.cloudfront.net (CloudFront)
x-amz-cf-pop
BRU50-C1
content-length
273540
last-modified
Wed, 27 Apr 2022 04:35:47 GMT
server
Tengine
etag
"55c7f6ead5b5a6aa1ef7c6847a9c461d"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
video/mp2t
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
pstIlOg5dYSKQXqWniIJ0Zi_iVH7akMA9KTSHgTSQJUspgZzYX4Llw==
expires
Wed, 11 May 2022 06:41:04 GMT
async_usersync
ib.adnxs.com/ Frame 540D 		0
745 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:04 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
0f70e071-342f-4fbd-826e-537df0fd4cad
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 02E8 		0
745 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:04 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
b289fd4b-04ad-4940-ad15-4a3c1a8d82ec
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame C404 		0
745 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:04 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
df94da6d-eb89-4cce-9a9c-0f092c5863c3
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 820D 		0
745 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:04 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
6170cfdd-48cf-4eb7-9dda-71e7df35b187
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 19B9 		0
745 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 27 Apr 2022 06:41:04 GMT
X-Proxy-Origin
138.199.38.133; 138.199.38.133; 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
06ffdbb2-1c7a-40b0-8ada-55075dde2365
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
dispatch.fcgi
deptagencynl1.solution.weborama.fr/fcgi-bin/ Frame 389A 		0
360 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://deptagencynl1.solution.weborama.fr/fcgi-bin/dispatch.fcgi?a.A=ev&a.si=6709&a.te=518&a.aap=545&a.ra=1651041656887405&a.agi=199&ca=50257089412&a.wi=970&a.he=90&a.evn=video_progress_50&a.mo=6250&a.mox=-9999&a.moy=-9999&a.foi=1&a.foe=1&g.did=&g.ism=0&g.de=0&g.ru=&gdpr_cmp_failure=1&g.pu=
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.216.195.18 , France, ASN12516 (WEBORAMA Weborama provides Internet Services, FR),
Reverse DNS
std-collect-lb-c03-01-vip.weborama.fr
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:04 GMT
last-modified
Wed, 27 Apr 2022 06:41:04 GMT
server
Apache
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
expires
Tue, 03 Jul 2001 06:00:00 GMT
fileSequence0.webvtt
video.primis.tech/uploads/cn14/video/users/hls/24485/video1523973537/vid6268c562a3943650596614.mp4/ 		5 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.primis.tech/uploads/cn14/video/users/hls/24485/video1523973537/vid6268c562a3943650596614.mp4/fileSequence0.webvtt
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
63.250.60.65 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software
Tengine /
Resource Hash
fac0758eb8842033e1cd0fc5d17184454278e1c0ecf8d550273acbb637d24e95

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:04 GMT
via
1.1 7395d1816622756cd6753f5e1281200c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
content-length
5530
last-modified
Wed, 27 Apr 2022 04:50:03 GMT
server
Tengine
etag
"39a22718742940b34a83cf6709eddcf1"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
binary/octet-stream
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
_5SKkuIvo0pbi4nZPu0HEkbTyNINIF2X_A74o9wdOVxtGL7pIRyW4Q==
expires
Wed, 11 May 2022 06:41:04 GMT
dispatch.fcgi
deptagencynl1.solution.weborama.fr/fcgi-bin/ Frame CFBD 		0
360 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://deptagencynl1.solution.weborama.fr/fcgi-bin/dispatch.fcgi?a.A=ev&a.si=6709&a.te=529&a.aap=542&a.ra=1651041657870313&a.agi=159&ca=96677960980&a.wi=300&a.he=600&a.evn=video_progress_50&a.mo=5755&a.mox=-9999&a.moy=-9999&a.foi=1&a.foe=1&g.did=&g.ism=0&g.de=0&g.ru=&gdpr_cmp_failure=1&g.pu=
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.216.195.18 , France, ASN12516 (WEBORAMA Weborama provides Internet Services, FR),
Reverse DNS
std-collect-lb-c03-01-vip.weborama.fr
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:05 GMT
last-modified
Wed, 27 Apr 2022 06:41:05 GMT
server
Apache
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
expires
Tue, 03 Jul 2001 06:00:00 GMT
liveView.php
live.primis.tech/live/ 		0
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTI1JaNypaZypyRcoWU9MTY1MTA0MTY1NvZ2nWRspGkurWVlVzVlPTMhMS4jJaM9MTA2OTtkJaN0YT0jJat9NmAjJax9NDp2JaZcZF9jYXNmRG9gYWyhPWRunWk5qz9cY2UhY29gJaN1YxyxPWRunWk5qz9cY2UhY29gJzRyYaVaSW5zo3JgYXRco249QUJUJTIjJTJGJTIjYzyxp3qcqGNbJTIjJTJGJTIjMSUlMCUlRvUlMHqcqGuiqXQznXNBpHA9MCZ1p2VlSXBBZGRlPTJuMDIyM0E2ZWEjJTNBYmpkYvUmQTAyM0EkMDElJTNBZzYjNvUmQTI4NDAyM0EkZGJxJaVmZXJVQT1No3ccoGkuJTJGNS4jJTIjJTI4V2yhZG93plUlME5UJTIjMTAhMCUmQvUlMFqcowY0JTNCJTIjrDY0JTI5JTIjQXBjoGVXZWJLnXQyMxY1MmphMmYyMwAyMwuLSFRNTCUlQlUlMGkcn2UyMwBHZWNeolUlOSUlMENbpz9gZSUlRwEjMC4jLwQ4OTYhMTI3JTIjU2FzYXJcJTJGNTM3LwM2JzNmqXVcZD02MwY4ZTU3ODQ0ZwFyJzNioaRyoaRGnWkySWQ9MCZgZWRcYVBfYXyMnXN0SWQ9MCZgZWRcYUkcp3RJZD0jJzR1pw04MDAzZ2Rjpw0kJzqxpHJDo25mZW50PSZcp1qyUGFmp0qxpHI9MCZwY3BuPTAzY2NjYUNioaNyoaQ9JzNvqXN0ZXI9MTY1MTA0MTY2NDtkMCZ1nWQ9U2VenW5xo1NQoGF5ZXI2MwY4ZTU3ODVwYzU2JaB1YyVloD1bqHRjplUmQSUlRvUlRzRunWk5qz9cY2UhY29gJTJGozV3LXyipzfyMxZipzFhZ2V0o3qhJTJGozV3plUlRz55LWRiY3Ripv1woGFcoWVxLW1ipzUgqGuuov0kLW1coGkco24gnW4gZaJuqWR1oGVhqC10YXtgZGVxqWN0nW9hpl1zZWRmLXNurSUlRwtlMDY0MvUlRvZzoG9uqFN0YXR1pm10paVyJzVcZHNjPXBlZWJcZA==
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:04 GMT
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
server
nginx
age
0
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
no-store
x-amz-cf-pop
FRA6-C1
content-type
text/html; charset=UTF-8
x-amz-cf-id
mTJ1iAGQ2j7MoBA1pSQkaPH4N-R4fZgbxwZ1VYvuRJMA0NexyiS10g==
liveView.php
live.primis.tech/live/ 		0
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTQlJaNypaZypyRcoWU9MTY1MTA0MTY1NvZ2nWRspGkurWVlVzVlPTMhMS4jJaM9MTA2OTtkJaN0YT0jJat9NmAjJax9NDp2JaZcZF9jYXNmRG9gYWyhPWRunWk5qz9cY2UhY29gJaN1YxyxPWRunWk5qz9cY2UhY29gJzRyYaVaSW5zo3JgYXRco249QUJUJTIjJTJGJTIjYzyxp3qcqGNbJTIjJTJGJTIjMSUlMCUlRvUlMHqcqGuiqXQznXNBpHA9MCZ1p2VlSXBBZGRlPTJuMDIyM0E2ZWEjJTNBYmpkYvUmQTAyM0EkMDElJTNBZzYjNvUmQTI4NDAyM0EkZGJxJaVmZXJVQT1No3ccoGkuJTJGNS4jJTIjJTI4V2yhZG93plUlME5UJTIjMTAhMCUmQvUlMFqcowY0JTNCJTIjrDY0JTI5JTIjQXBjoGVXZWJLnXQyMxY1MmphMmYyMwAyMwuLSFRNTCUlQlUlMGkcn2UyMwBHZWNeolUlOSUlMENbpz9gZSUlRwEjMC4jLwQ4OTYhMTI3JTIjU2FzYXJcJTJGNTM3LwM2JzNmqXVcZD02MwY4ZTU3ODQ0ZwFyJzNioaRyoaRGnWkySWQ9MCZgZWRcYVBfYXyMnXN0SWQ9MCZgZWRcYUkcp3RJZD0jJzR1pw04MDAzZ2Rjpw0kJzqxpHJDo25mZW50PSZcp1qyUGFmp0qxpHI9MCZwY3BuPTAzY2NjYUNioaNyoaQ9JzNvqXN0ZXI9MTY1MTA0MTY2NDx2NvZ1nWQ9U2VenW5xo1NQoGF5ZXI2MwY4ZTU3ODVwYzU2JaB1YyVloD1bqHRjplUmQSUlRvUlRzRunWk5qz9cY2UhY29gJTJGozV3LXyipzfyMxZipzFhZ2V0o3qhJTJGozV3plUlRz55LWRiY3Ripv1woGFcoWVxLW1ipzUgqGuuov0kLW1coGkco24gnW4gZaJuqWR1oGVhqC10YXtgZGVxqWN0nW9hpl1zZWRmLXNurSUlRwtlMDY0MvUlRvZzoG9uqFN0YXR1pm10paVyJzVcZHNjPXBlZWJcZA==
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:04 GMT
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
server
nginx
age
0
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
no-store
x-amz-cf-pop
FRA6-C1
content-type
text/html; charset=UTF-8
x-amz-cf-id
-GhHsjJNSMg5Hmx2ZBAc7D-8CGjBFNOLyiRH4Ek3VNX5AdD3BNTxqg==
/
googleads.g.doubleclick.net/pagead/interaction/ Frame C44B 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/interaction/?ai=CmWDPe-VoYr7_CJaPjuwP8L6tmArkt4HhaZeJ2PnND9WAk67PLxABIMDCrHpglYKAgJQHoAGwuqHXA8gBBakCPJNFBMrbsT7gAgCoAwGYBACqBOACT9A-6o6Eofj_IgI7ztW-7ExLHI7MC1RCddBAlKGwKzq-XNHmI9XrlQh3uYpjtFeool0WUInr03VnLI_NNV30fncA4GUEndinH8svwjpFC1h29Twfk3mqsUMVxP1jZs_gI-s6suO0EAGzhMzdWobXKOxpPsoUWv30Ae8YpHxW3tctmZHYEvFk09nToLNaSuOuJIK43ps-xEc55WVmSCkkxz_XZNb0mu2LwQMJkenGIQmQVFV6ofxpSnwemORAzqrIEDgXHyeZ-Fuymn3Smi_0pynbl2Tpcg_lNnP3gYCm6-SYqfK4zvEIHoGDYmTCIg4fus0O3-SWrfrEpgi4KvxTki8SFKgdpUZQ6p7fbtwxy6bE7atD95-8qdI3NqtyFR0VrAOzcC_4GFq2ARhVLj_HRgQUfxQglO4A4uohlGh3QLc5cCw51Q2NLgrJ4uUHAwp_5kX6QJLYi9qHiNb27I8dccAEp-zY4P0D4AQBoAZUgAee7PaDA6gHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi05MDEyMTg4NDUxNjI5OTM0gAoDyAsB2BMM0BUB4hYCCAH4FgGAFwE&sigh=TQOoRK2UGZI&cmd=Ch1jYS12aWRlby1wdWItMzYwNTI1NzM2MDg1MzE4NRAAGAI&label=videoplaytime25&ad_mt=5244&acvw=sv%3D925%26cb%3Dima%26e%3D1%26nas%3D1%26sdk%3Dh%26p%3D870,1190,1095,1590%26tos%3D5069,0,0,0,0%26mtos%3D5069,5069,5069,5069,5069%26amtos%3D0,0,0,0,0%26mcvt%3D5069%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D5292%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D1218%26pst%3D489%26dur%3D20062%26vmtime%3D5243%26dtos%3D2997%26dtoss%3D2%26dvs%3D2997%26dfvs%3D2997%26dvpt%3D2997%26is%3D275%26i0%3D18%26i1%3D275%26ic%3D0%26cs%3D16781587%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D5069,5069,5069,5069,5069%26qnc%3D0%26qmv%3D0%26qnv%3D0%26lte%3D0%26ces%26femt%3D1673%26femvt%3D0%26emc%3D28%26emuc%3D0%26emb%3D25,0,0,0,0%26avms%3Dexc%26qi%3D887553569%26psm%3D-2147483585%26psv%3D63%26psfv%3D63%26psa%3D0%26ptlt%3D7466%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,5069&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.04%26t%3D1651041659635&sdkv=h.3.512.0&vci=Cm4IARIec2VjdXJlcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUzNjMyMDgwMzk5MTIMNTg1NDgwMDgxMDM0QIsDUiAQDyUAAMhBKAE6B3Vua25vd25CB3Vua25vd25I6gFQABgB
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:05 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/interaction/ Frame C44B 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/interaction/?ai=CmWDPe-VoYr7_CJaPjuwP8L6tmArkt4HhaZeJ2PnND9WAk67PLxABIMDCrHpglYKAgJQHoAGwuqHXA8gBBakCPJNFBMrbsT7gAgCoAwGYBACqBOACT9A-6o6Eofj_IgI7ztW-7ExLHI7MC1RCddBAlKGwKzq-XNHmI9XrlQh3uYpjtFeool0WUInr03VnLI_NNV30fncA4GUEndinH8svwjpFC1h29Twfk3mqsUMVxP1jZs_gI-s6suO0EAGzhMzdWobXKOxpPsoUWv30Ae8YpHxW3tctmZHYEvFk09nToLNaSuOuJIK43ps-xEc55WVmSCkkxz_XZNb0mu2LwQMJkenGIQmQVFV6ofxpSnwemORAzqrIEDgXHyeZ-Fuymn3Smi_0pynbl2Tpcg_lNnP3gYCm6-SYqfK4zvEIHoGDYmTCIg4fus0O3-SWrfrEpgi4KvxTki8SFKgdpUZQ6p7fbtwxy6bE7atD95-8qdI3NqtyFR0VrAOzcC_4GFq2ARhVLj_HRgQUfxQglO4A4uohlGh3QLc5cCw51Q2NLgrJ4uUHAwp_5kX6QJLYi9qHiNb27I8dccAEp-zY4P0D4AQBoAZUgAee7PaDA6gHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi05MDEyMTg4NDUxNjI5OTM0gAoDyAsB2BMM0BUB4hYCCAH4FgGAFwE&sigh=TQOoRK2UGZI&cmd=Ch1jYS12aWRlby1wdWItMzYwNTI1NzM2MDg1MzE4NRAAGAI&label=video_skip_shown&ad_mt=5244&acvw=sv%3D925%26cb%3Dima%26nas%3D1%26sdk%3Dh%26p%3D870,1190,1095,1590%26p0%3D758,-1810,983,-1410%26p1%3D870,1190,1095,1590%26tos%3D5071,0,0,0,0%26mtos%3D5071,5071,5071,5071,5071%26amtos%3D0,0,0,0,0%26mtos1%3D5069,0,0%26mcvt%3D5071%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26a1%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D5294%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D1220%26pst%3D489%26dur%3D20062%26vmtime%3D5243%26is%3D275%26i0%3D18%26i1%3D275%26cs%3D16781587%26c%3D1%26c0%3D0%26c1%3D0,1,1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D2,2,2,2,2%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D0%26ces%26femt%3D1673%26femvt%3D0%26emc%3D28%26emuc%3D0%26emb%3D25,0,0,0,0%26avms%3Dexc%26qi%3D887553569%26psm%3D-2147483585%26psv%3D63%26psfv%3D63%26psa%3D0%26ptlt%3D7467%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,5071%26ss0%3D0%26ss1%3D0,0.04,0.04&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0.04%26t%3D1651041659635&sdkv=h.3.512.0&vci=Cm4IARIec2VjdXJlcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDUzNjMyMDgwMzk5MTIMNTg1NDgwMDgxMDM0QIsDUiAQDyUAAMhBKAE6B3Vua25vd25CB3Vua25vd25I6gFQABgB
Requested by
Host: dailyvoice.com
URL: https://dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:05 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
SPug
simage4.pubmatic.com/AdServer/ Frame CB54 		0
128 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=0&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fx.yieldlift.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1YN-%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 06:41:05 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
dispatch.fcgi
deptagencynl1.solution.weborama.fr/fcgi-bin/ Frame 389A 		0
360 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://deptagencynl1.solution.weborama.fr/fcgi-bin/dispatch.fcgi?a.A=ev&a.si=6709&a.te=518&a.aap=545&a.ra=1651041656887405&a.agi=199&ca=31061132054&a.wi=970&a.he=90&a.evn=video_progress_75&a.mo=8532&a.mox=-9999&a.moy=-9999&a.foi=1&a.foe=1&g.did=&g.ism=0&g.de=0&g.ru=&gdpr_cmp_failure=1&g.pu=
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.216.195.18 , France, ASN12516 (WEBORAMA Weborama provides Internet Services, FR),
Reverse DNS
std-collect-lb-c03-01-vip.weborama.fr
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:06 GMT
last-modified
Wed, 27 Apr 2022 06:41:06 GMT
server
Apache
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
expires
Tue, 03 Jul 2001 06:00:00 GMT
dispatch.fcgi
deptagencynl1.solution.weborama.fr/fcgi-bin/ Frame CFBD 		0
360 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://deptagencynl1.solution.weborama.fr/fcgi-bin/dispatch.fcgi?a.A=ev&a.si=6709&a.te=529&a.aap=542&a.ra=1651041657870313&a.agi=159&ca=51740957664&a.wi=300&a.he=600&a.evn=video_progress_75&a.mo=8008&a.mox=-9999&a.moy=-9999&a.foi=1&a.foe=1&g.did=&g.ism=0&g.de=0&g.ru=&gdpr_cmp_failure=1&g.pu=
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.216.195.18 , France, ASN12516 (WEBORAMA Weborama provides Internet Services, FR),
Reverse DNS
std-collect-lb-c03-01-vip.weborama.fr
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:06 GMT
last-modified
Wed, 27 Apr 2022 06:41:06 GMT
server
Apache
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
expires
Tue, 03 Jul 2001 06:00:00 GMT
metrics
connect-metrics-collector.s-onetag.com/ 		0
73 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://connect-metrics-collector.s-onetag.com/metrics
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/21151f2e-6fc8-4e5d-881a-18a0f86778a8/tag.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.83.181.31 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:41:07 GMT
content-length
0
vary
Origin
metrics
signal-metrics-collector-beta.s-onetag.com/ 		0
72 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://signal-metrics-collector-beta.s-onetag.com/metrics
Requested by
Host: signal-beacon.s-onetag.com
URL: https://signal-beacon.s-onetag.com/beacon.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.83.181.31 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Wed, 27 Apr 2022 06:41:08 GMT
content-length
0
vary
Origin
dc_oe=ChMItJmnvNGz9wIVeYeDBx1Iig4OEAAYACCk6q5NQhMI3tf1u9Gz9wIVysa7CB1_BgAU;met=1;&timestamp=1651041668858;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 9F24 		42 B
494 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMItJmnvNGz9wIVeYeDBx1Iig4OEAAYACCk6q5NQhMI3tf1u9Gz9wIVysa7CB1_BgAU;met=1;&timestamp=1651041668858;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:08 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dispatch.fcgi
deptagencynl1.solution.weborama.fr/fcgi-bin/ Frame 389A 		0
360 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://deptagencynl1.solution.weborama.fr/fcgi-bin/dispatch.fcgi?a.A=ev&a.si=6709&a.te=518&a.aap=545&a.ra=1651041656887405&a.agi=199&ca=18056236732&a.wi=970&a.he=90&a.evn=video_complete&a.mo=10783&a.mox=-9999&a.moy=-9999&a.foi=1&a.foe=1&g.did=&g.ism=0&g.de=0&g.ru=&gdpr_cmp_failure=1&g.pu=
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.216.195.18 , France, ASN12516 (WEBORAMA Weborama provides Internet Services, FR),
Reverse DNS
std-collect-lb-c03-01-vip.weborama.fr
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:08 GMT
last-modified
Wed, 27 Apr 2022 06:41:08 GMT
server
Apache
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
expires
Tue, 03 Jul 2001 06:00:00 GMT
floors
api.floors.dev/sgw/v1/ 		158 B
179 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.floors.dev/sgw/v1/floors
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.25.0.9384edf0e05467b8fcc058bd038d3ff50171db2479e2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.227.238.208 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
de4dc8dca28a76c05fcbf667889027eed583a53dc45b1219e5c3f44d24b768f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains;preload;

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
x-api-key
4e799501-b8b6-4ef1-bad5-225b3dd1aa8d
Content-Type
application/json

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:09 GMT
via
1.1 google
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Key, Authorization, x-api-key
access-control-max-age
3600
access-control-allow-methods
ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROL
content-type
application/json
access-control-allow-origin
https://dailyvoice.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
strict-transport-security
max-age=31536000;includeSubDomains;preload;
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
0
floors
api.floors.dev/sgw/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.floors.dev/sgw/v1/floors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.238.208 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains;preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://dailyvoice.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Key, Authorization, x-api-key
access-control-allow-methods
ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROL
access-control-allow-origin
https://dailyvoice.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
date
Wed, 27 Apr 2022 06:41:09 GMT
expires
0
pragma
no-cache
strict-transport-security
max-age=31536000;includeSubDomains;preload;
via
1.1 google
dc_oe=ChMIgMu4vNGz9wIVCqp3Ch3POQ6HEAAYACC16dBFQhMIxryHvNGz9wIVONG7CB2mVQRg;met=1;&timestamp=1651041669193;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 2DCF 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIgMu4vNGz9wIVCqp3Ch3POQ6HEAAYACC16dBFQhMIxryHvNGz9wIVONG7CB2mVQRg;met=1;&timestamp=1651041669193;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
Requested by
Host: 3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 06:41:09 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
sync.adaptv.advertising.com
URL
https://sync.adaptv.advertising.com/gg_pixel?google_gid=CAESECQZ6_xndkP-os5a5Gr-RY4&google_cver=1&google_push=AYg5qPKVs65G6GNoW_nr-gvVOE6xBmSmFX4rkVSqBioYv4WqzeC9-dHBeYz4u0HdrAG_1YkZtAy7npjLtp98hQYozqMFG6Q7OPk
Domain
sync.1rx.io
URL
https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D

Verdicts & Comments Add Verdict or Comment

224 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| 26 object| 27 object| 28 object| 29 object| 30 object| 31 object| 32 object| 33 object| 34 object| 35 object| 36 object| 37 object| 38 object| 39 object| 40 object| 41 object| 42 object| 43 object| 44 object| 45 object| 46 object| 47 object| 48 object| 49 object| 50 object| 51 object| 52 object| 53 object| 54 object| 55 object| 56 object| 57 object| 58 object| 59 object| 60 object| 61 object| 62 object| 63 object| 64 object| 65 object| 66 object| 67 object| 68 object| 69 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails boolean| FBSDKLoaded object| sites_by_coords string| ad_system_winners string| ad_system_losers object| freestar string| GoogleAnalyticsObject function| ga object| dataLayer function| fbq function| _fbq object| dv_data object| google object| module$exports$mapsapi$util$event object| module$contents$mapsapi$overlay$overlayView_OverlayView object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_tag_manager function| require object| addthis_share object| addthis_config object| _comscore object| _qevents function| kwa object| se object| fs object| atsScript object| grumi object| googletag object| pbjs object| cmp object| ccpaConfiguration object| node function| __ccpa function| __uspapi object| LI object| __li__evt_bus function| jQuery function| mobileAndTabletcheck function| load_fb_sdk function| parse_params function| Waypoint function| udm_ object| ns_p object| COMSCORE function| quantserve function| __qc object| ezt object| _qoptions function| qtrack function| _typeof2 function| __liSync function| WatchPreference function| SetPreference function| SetStyle function| Preference function| ShareURL function| CreateNotificationPopup function| DisableNotificationSlider function| EnableNotificationSlider function| IsArticleDetailPage boolean| isMobile object| blacklist string| waypointContextKey object| ats object| fsdata object| fsprebid object| user_location object| liQ object| ggeac object| google_js_reporting_queue object| wpJsonpLiverampCcpaCmp function| setImmediate function| clearImmediate object| core undefined| nQuery number| ntvLoadStart object| ntv object| prdom object| onFocusEvents function| ntvjQueryInit function| ntvExtends function| ntvAppendStylesheet function| ntvAppendScript function| ntvArticleTracker function| ntvGetElementViewability function| ntvViewableImpressionTracker object| PostRelease object| ntvToutAds boolean| onFocus function| load_script object| GlobalSnowplowNamespace function| snowplowKW undefined| google_measure_js_timing object| apstag function| Tapad function| fsprebidChunk object| _pbjsGlobals object| mnet object| Snowplow function| pbjsChunk string| nobidVersion object| nobid boolean| apstagLOADED object| __bt_tag_d object| __bt_intrnl boolean| __bt_already_invoked object| paramMatch object| viewPortSize object| debugIp object| debugId number| sekindoDisplayedPlacement function| constructsekindoParent71 boolean| creativeVendorLibraryLoaded object| ID5 object| PublisherCommonId object| google_reactive_ads_global_state object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id string| slotElement function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto object| Criteo object| __connect boolean| sekindoFlowingPlayerOn object| ampInaboxIframes object| ampInaboxPendingMessages boolean| __@@##MUH object| freewheelssp_cache number| google_global_correlator object| closure_lm_834678 object| criteo_pubtag object| criteo_pubtag_prebid_113 object| Criteo_prebid_113

219 Cookies

Domain/Path Name / Value
dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642 Name: _liChk
Value: 0.9743127168360026
dailyvoice.com/new-york/orangetown/news/ny-doctor-claimed-more-than-1-million-in-fraudulent-tax-deductions-feds-say/820642 Name: ntvSession
Value: {"id":9761321,"placementID":1108768,"lastInteraction":1651041656655,"sessionStart":1651041656655,"sessionEndDate":1651104000000,"experiment":""}
.3lift.com/sync Name: sync
Value: CgoIgAIQte-BzoYwCgoIgQIQh--BzoYwCgoIggIQte-BzoYwCgoIhwIQh--BzoYwCgkICRCH74HOhjAKCQhJEKbvgc6GMAoJCAsQh--BzoYwCgoIiwIQ0O-BzoYwCgoIjAIQh--BzoYwCgoIjgEQpu-BzoYwCgoIzgEQpu-BzoYwCgkIDhDQ74HOhjAKCgiPAhC174HOhjAKCgiQAhDQ74HOhjAKCgiRAhCm74HOhjAKCgiSAhCm74HOhjAKCgiUAhCm74HOhjAKCgiVAhDQ74HOhjAKCgjWARCm74HOhjAKCgiWAhC174HOhjAKCgiaARDQ74HOhjAKCQgbEKbvgc6GMAoKCJ0CENDvgc6GMAoKCN4BELXvgc6GMAoJCF8Qh--BzoYwCgkIHxCm74HOhjAKCgihARCH74HOhjAKCgjiARCH74HOhjAKCgiiAhC174HOhjAKCgjjARC174HOhjAKCQgkENDvgc6GMAoKCOYBEIfvgc6GMAoKCOcBELXvgc6GMAoJCHMQte-BzoYwCgoIuAEQ0O-BzoYwCgkIORCm74HOhjAKCQg6EIfvgc6GMAoKCPsBENDvgc6GMAoKCP8BELXvgc6GMAoJCD8Q0O-BzoYw
i.liadm.com/s Name: _li_ss
Value: MgUIBhCTEjIFCAoQkxIyBQh-EJISMgYIiwEQkxIyBQgLEJMSMgUIDBCTEjIFCHkQkhIyCQj_____BxCTEg
dailyvoice.com/ Name: fsbotchecked
Value: true
.dailyvoice.com/ Name: _ga
Value: GA1.2.2030874453.1651041656
.dailyvoice.com/ Name: _gid
Value: GA1.2.1748060043.1651041656
.dailyvoice.com/ Name: _gat
Value: 1
.scorecardresearch.com/ Name: UID
Value: 1C000b2cb5d9f53bc22309b1651041655
.dailyvoice.com/ Name: _li_dcdm_c
Value: .dailyvoice.com
.dailyvoice.com/ Name: _lc2_fpi
Value: 6feb88ade73d--01g1mw0q2pdyjbebzjrfx8m1rw
dailyvoice.com/ Name: _lr_geo_location
Value: DE
dailyvoice.com/ Name: _fssid
Value: 2ea31228-8d12-44d4-ac36-bd603d43687b
.dailyvoice.com/ Name: kw.session_ts
Value: 1651041656005
.dailyvoice.com/ Name: kw.pv_session
Value: 1
.dailyvoice.com/ Name: _fbp
Value: fb.1.1651041656018.1904096205
dailyvoice.com/ Name: geo-location
Value: {"country":"DE","region":"HE"}
dailyvoice.com/ Name: usprivacy
Value: 1---
dailyvoice.com/ Name: ntv_as_us_privacy
Value: 1---
.quantserve.com/ Name: mc
Value: 6268e578-18b77-47aa5-511fa
dailyvoice.com/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
dailyvoice.com/ Name: cookie
Value: dce9db50-4dac-44ae-a4f1-659cb8a71eae
.dailyvoice.com/ Name: _sp_ses.8074
Value: *
.dailyvoice.com/ Name: _sp_id.8074
Value: 4cab5a68-665a-4ee5-8c67-d1162cdb2bb8.1651041656.1.1651041656.1651041656.a800d15c-17e6-4e1e-89c5-44772fd0d41c
.dailyvoice.com/ Name: __qca
Value: P0-965710457-1651041655908
.liadm.com/ Name: lidid
Value: 13711f39-e3c9-46dc-a55e-2054f1e848d7
.adnxs.com/ Name: uuid2
Value: 4382111657419277628
.rubiconproject.com/ Name: khaos
Value: L2H7KN97-1S-JSHO
.rubiconproject.com/ Name: audit
Value: 1|naVuGyos1qoToPaPpBofbHjc0/aJelRdbjRFtGIHH0vHQJWDSP5VGVe8jqBJjwOjt8aZ3xOlAZEiPnBiMlBpv6nT0g8BNG56TAleD4ev/QA=
.postrelease.com/ Name: opt_out
Value: 1
dailyvoice.com/ Name: serving_shown
Value: 1
dailyvoice.com/ Name: _ublock
Value: 1
.3lift.com/ Name: tluid
Value: 4082658486579978729870
.casalemedia.com/ Name: CMID
Value: YmjleKUCRbN6zLlXA4o4fwAA
.casalemedia.com/ Name: CMPS
Value: 3240
.spotxchange.com/ Name: audience
Value: fe2a860b-c5f4-11ec-9aa9-102ad03c0106
dailyvoice.com/ Name: ccpa-dau
Value: true
.casalemedia.com/ Name: CMPRO
Value: 1164
.tremorhub.com/ Name: tvid
Value: 554884d9a2164d78ba36df4fadb32eca
.bidswitch.net/ Name: c
Value: 1651041657
.bidswitch.net/ Name: tuuid_lu
Value: 1651041657
.bidswitch.net/ Name: tuuid
Value: 2275a37a-a7fe-43bf-85f5-f6d1ffd0e621
.adsrvr.org/ Name: TDID
Value: 1c450bec-b2fe-4198-a495-f72f24a1217e
.creativecdn.com/ Name: u
Value: QuO7j6tCXszybLZpKdGp
.creativecdn.com/ Name: ts
Value: 1651041657
ads.stickyadstv.com/ Name: UID
Value: dc87d5fdf19768f58f5cedc353dc9d6
.demdex.net/ Name: demdex
Value: 18111496120938825200621355339970630952
.addthis.com/ Name: na_id
Value: 2022042706405700085553870631
.addthis.com/ Name: na_tc
Value: Y
.addthis.com/ Name: uid
Value: 6268e579054eaf77
.addthis.com/ Name: ouid
Value: 6268e5790001f82a49f7f6621711eae447bf57c2bfce70b22ff2
.doubleclick.net/ Name: IDE
Value: AHWqTUn1kf2OaOjxN4iioXr5uHUxYcMnBGAVdzvtEJ8PsBeVNOw1FYQH2ARCeDqpT9w
.dpm.demdex.net/ Name: dpm
Value: 18111496120938825200621355339970630952
.mathtag.com/ Name: uuid
Value: 671e6268-e579-4a00-9b31-03aa76d871a7
.adscale.de/ Name: uu
Value: 63b73b1226f445519ec494ffac245040
.dailyvoice.com/ Name: __gads
Value: ID=d1b90674eb6f343d:T=1651041656:S=ALNI_MasAy7uMikH1nBVuctsoiFP5EglYA
.pub.network/ Name: _fsuid
Value: 06b15b1f-3456-48a0-8776-040924c40c70
.dlx.addthis.com/ Name: na_sc_x
Value: 1
.console.adtarget.com.tr/ Name: vmuid
Value: 812f2c972e2a6dc9
.console.adtarget.com.tr/ Name: a550070
Value: ${USER_ID}
.console.adtarget.com.tr/ Name: a502624
Value: ${USER_ID}
.console.adtarget.com.tr/ Name: a544989
Value: ${USER_ID}
.console.adtarget.com.tr/ Name: a307080
Value: QuO7j6tCXszybLZpKdGp
.console.adtarget.com.tr/ Name: a550214
Value: ${USER_ID}
.console.adtarget.com.tr/ Name: a306708
Value: ${USER_ID}
.console.adtarget.com.tr/ Name: a307565
Value: 63b73b1226f445519ec494ffac245040
.adnxs.com/ Name: icu
Value: ChgItc0aEAoYASABKAEw-cqjkwY4AUABSAEKGAih1zQQChgFIAUoBTD5yqOTBjgFQAVIBRD5yqOTBhgF
.doubleclick.net/ Name: DSID
Value: NO_DATA
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2IlbqPEJN!]tbPl1M>e)ZlrFUfJ+tGXxoaHJN9*CYb>*A)G<nY1+Q:OppJ(_K@^FQcTn(3If)y3KL9D3I?+Wp<.J+
.adfarm1.adition.com/ Name: UserID1
Value: 7091169925445453010
.weborama.fr/ Name: AFFICHE_W
Value: ICefTryHDJsg63
.bidswitch.net/ Name: google_push
Value: AYg5qPK7S8_rQxX9hnoLXIRwNURnP8QEXbLxN3cDyV5soC_jIjkgJwYxkatB6LJuPNHLv8tXM6_Hhj_fVfiiHfhH2MZ-j-9pH44SHw
.advertising.com/ Name: APID
Value: UPff0ac2f5-c5f4-11ec-8f58-06867cf268a4
.lijit.com/ Name: ljt_reader
Value: d89d8fb3624ba299d31d58b0
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 473A70B1-97BC-4D1F-B401-450179C13E19
.sitescout.com/ Name: ssi
Value: 04d0d33d-3035-4b9b-b0fd-565884c3c48a#1651041658394
.sitescout.com/ Name: _ssuma
Value: e30
.yahoo.com/ Name: A3
Value: d=AQABBHrlaGICEIZkHyf1gPd4LemebD8LArcFEgEBAQE2amJyYgAAAAAA_eMAAA&S=AQAAAlZrKURpa5sWsvvUc-0M2lM
.ibillboard.com/ Name: ibbid
Value: BBID-01-03257556584655875-16587864
ads.stickyadstv.com/ Name: sessionId
Value: 285345559995b77f58b26ad8c191be1f
.blismedia.com/ Name: b
Value: 6268E57AD8EAB468AB7F3A40BLIS
.360yield.com/ Name: tuuid
Value: 2fef5897-e8a1-4188-9839-efc07e753d31
.360yield.com/ Name: tuuid_lu
Value: 1651041658
.fwmrm.net/ Name: _uid
Value: "l12c6_7091169925444348927"
ads.stickyadstv.com/ Name: uid-bp-36033
Value: l12c6_7091169925444348927
ads.stickyadstv.com/ Name: MRM_UID
Value: l12c6_7091169925444348927
ads.stickyadstv.com/ Name: uid-bp-159
Value: CAESEJkCvn-F1v-oqPUfbwB3Kao
dailyvoice.com/ Name: _lr_sampling_rate
Value: 100
.mathtag.com/ Name: mt_mop
Value: 4:1651041659
ads.stickyadstv.com/ Name: uid-bp-892
Value: 1c450bec-b2fe-4198-a495-f72f24a1217e
.adform.net/ Name: C
Value: 1
.o2online.de/ Name: webShopPV
Value: ?partnerId=O2_DSP_TRA_HAV_14112_PV&mediacode=27008872_4307561_324251169_146027701_-0&ref=27008872_4307561_324251169_146027701_-0
.adform.net/ Name: uid
Value: 7378935371015770253
.bidr.io/ Name: bito
Value: AACpnk7E0csAADZj0efulg
.bidr.io/ Name: bitoIsSecure
Value: ok
.de17a.com/ Name: guid2
Value: 1.5933655983883860888
.bidr.io/ Name: checkForPermission
Value: ok
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&e0408b0f-356a-4b94-8fb8-1c9877e09c81"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NTEwNDE2NTk7MjswMjH0Z0NQ8vm396R1f5+/gjNEUoVFJLOE9slmqK+bMWvEGg==
.linkedin.com/ Name: lidc
Value: "b=VGST04:s=V:r=V:a=V:p=V:g=2611:u=1:x=1:i=1651041659:t=1651128059:v=2:sig=AQG0SZqqYhlt5qSDFObTW7IaYIGpBrES"
ads.stickyadstv.com/ Name: uid-bp-26913
Value: AACpnk7E0csAADZj0efulg
.criteo.com/ Name: uid
Value: 59a1600e-0f3a-4c9e-8fe0-6369948a946e
ads.stickyadstv.com/ Name: uid-bp-717
Value: y-5Ey_FgtE2oPa72_poSyufO7LDW1KVdjSVKckWJEr~A
.w55c.net/ Name: wfivefivec
Value: iOlBJwNX1NJBmb5
.w55c.net/ Name: matchfreewheel
Value: 5
ads.stickyadstv.com/ Name: uid-bp-23329
Value: iOlBJwNX1NJBmb5
.adscale.de/ Name: cct
Value: 1651041659700
.m6r.eu/ Name: test
Value: true
.m6r.eu/ Name: cct
Value: 1651041659854
.m6r.eu/ Name: id
Value: 1de816c23bb88879ffa86fb1faf799b6
.ih.adscale.de/ Name: tu
Value: 4#4229096571#48~1de816c23bb88879ffa86fb1faf799b6~458622~0~0#101~BBID-01-03257556584655875-16587864~458622~0~0#38~CAESEPMdCjruO_nJ-7cLolOK4MQ~458622~0~0#39~671e6268-e579-4a00-9b31-03aa76d871a7~458622~0~0#40~59a1600e-0f3a-4c9e-8fe0-6369948a946e~458622~0~0#42~7378935371015770253~458622~0~0#108~671e6268-e579-4a00-9b31-03aa76d871a7~458622~0~0#63~YmjleKUCRbN6zLlXA4o4fwAA&1164~458622~0~0
dailyvoice.com/ Name: _lr_retry_request
Value: true
dailyvoice.com/ Name: _lr_env_src_ats
Value: false
.lijit.com/ Name: ljtrtb
Value: eJyrrgUAAXUA%2BQ%3D%3D
.smartadserver.com/ Name: pid
Value: 5142193176481493273
.gumgum.com/ Name: vst
Value: e_4d40ca8c-ae78-4c69-8550-473caf72df38
.lijit.com/ Name: _ljtrtb_273657
Value: 273657
.servenobid.com/ Name: pid_312
Value: 4382111657419277628
.servenobid.com/ Name: pid_337
Value: y-6ZfGNzBE2uG_G4BGO02v1w1IbmQczXalfLeqEuw-~A
.servenobid.com/ Name: pid_317
Value: 5142193176481493273
.servenobid.com/ Name: pid_310
Value: d89d8fb3624ba299d31d58b0
.servenobid.com/ Name: pid_318
Value: SrADCIRy6rK7oRvgkwnVU8eqN1KDvjd1D42gLRICfKA
.crwdcntrl.net/ Name: _cc_cc
Value: ctst
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSNjU0MTG1sDA1MjA0NrQwtTAzMBDiM9TNzHZMryyPLCquzE-X4jU0MzU0MDE0MzMwMjMHAMR0RJM0AAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSNjU0MTG1sDA1MjA0NrQwtTAzMBDiM9TNzHZMryyPLCquzE8HAFK3Ql0lAAAA
.emxdgt.com/ Name: euid
Value: 16951651041660284998f1
.openx.net/ Name: i
Value: 9d4cdd9b-59fd-4a5c-aeda-08f1b8bb3d4f|1651041660
.servenobid.com/ Name: pid_309
Value: e_4d40ca8c-ae78-4c69-8550-473caf72df38
.analytics.yahoo.com/ Name: IDSYNC
Value: "18yl~24k6:196n~24k6:194o~24k6:18wm~24k6"
.adsrvr.org/ Name: TDCPM
Value: CAESGQoKbGl2ZWludGVudBILCK6R3LDdiNQ6EAUYASABKAIyCwis9fz484jUOhAFOAFaBmd1bWd1bWAC
.emxdgt.com/ Name: eapn_id
Value: 4382111657419277628
.turn.com/ Name: uid
Value: 4177690674198123042
.servenobid.com/ Name: pid_333
Value: YmjleKUCRbN6zLlXA4o4fwAABIwAAAIB
.servenobid.com/ Name: pid_324
Value: 5144588520131858600
.acuityplatform.com/ Name: auid
Value: 665800460170
.dailyvoice.com/ Name: __li_idex_cache
Value: {}
dailyvoice.com/ Name: pbjs_li_nonid
Value: %7B%7D
ads.avct.cloud/ Name: uuid
Value: efa0ec7f-7a01-430e-992f-d163b25d14bf
.a-mo.net/ Name: amuid2
Value: 828e9447-06f4-4492-9978-ee5ec1ef4c4b
.smartadserver.com/ Name: csync
Value: 25:671e6268-e579-4a00-9b31-03aa76d871a7|79:59a1600e-0f3a-4c9e-8fe0-6369948a946e
.servenobid.com/ Name: pid_327
Value: 828e9447-06f4-4492-9978-ee5ec1ef4c4b
.technoratimedia.com/ Name: tads_uid
Value: GDPR
.pubmatic.com/ Name: PUBMDCID
Value: 3
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: e5bac009d6c287e9
.servenobid.com/ Name: pid_314
Value: eyJ4dWlkIjoiYWY2YzgwOWItNzFhOC00OGRmLWI2YWUtMDViNTU3ZmQwYjU5IiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNC0yN1QwNjo0MTowMC40NjI1MzVaIn0=
.onetag-sys.com/ Name: OTP
Value: rAvE59aPaHstrCBWO24OKvZrlo664dSEja98eSKi6Jw
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 22987-CAESEDH8GT0DoGLwq_ZMN-Rre3o&KRTB&16514-CAESEDH8GT0DoGLwq_ZMN-Rre3o&KRTB&23025-CAESEDH8GT0DoGLwq_ZMN-Rre3o
.outbrain.com/ Name: obuid
Value: 42eea55f-5715-4a0e-bd3b-48bebfe92318
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-2b196980-0ccf-4d76-6d4a-d76f85212a65.itMDUbqUqEF55ngqY3JucKO6JvOZLYACWyriV535aUE
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AKxlpgAzPTXZtStdvhSEqZYrHJoU.e5%2FcHs1nNOaN1vqIn136xxq6bLiY9GQuLQSp0KlUCSY
.zemanta.com/ Name: zuid
Value: Oc2Stf5sMtY6CvvACRw9
.ipredictive.com/ Name: cu
Value: 0063e9eb-c5f5-11ec-8220-5f16f286a6e8|1651041660585
.simpli.fi/ Name: suid
Value: 29DFB062F03745C1AB22E13B516BBAFA
.w55c.net/ Name: matchpubmatic
Value: 5
.pubmatic.com/ Name: KRTBCOOKIE_336
Value: 5844-5933655983883860888
.pubmatic.com/ Name: KRTBCOOKIE_153
Value: 1923-L_d4gnzweYI09HbYLvJjji6kL4808H-Lf6Q4yjAN&KRTB&19420-L_d4gnzweYI09HbYLvJjji6kL4808H-Lf6Q4yjAN&KRTB&22979-L_d4gnzweYI09HbYLvJjji6kL4808H-Lf6Q4yjAN
.adsby.bidtheatre.com/ Name: __kuid
Value: 7e591755-4410-4197-8c71-0b387d7bb9c0.420255661
ads.playground.xyz/ Name: connect.sid
Value: s%3AFHaSOOAnC413-VLsDQOiXwRr4j7wlVgj.%2BCHXMgZoVIyII%2F1PSOlI53mkreZFaW2my81p6N12It4
.onaudience.com/ Name: done_redirects161
Value: 1
.pubmatic.com/ Name: KRTBCOOKIE_1101
Value: 23040-7091169925445453010
.pubmatic.com/ Name: KRTBCOOKIE_860
Value: 16335-KxlpgAzPTXZtStdvhSEqZYrHJoU
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:671e6268-e579-4a00-9b31-03aa76d871a7&KRTB&16736-uid:671e6268-e579-4a00-9b31-03aa76d871a7&KRTB&23019-uid:671e6268-e579-4a00-9b31-03aa76d871a7&KRTB&23208-uid:671e6268-e579-4a00-9b31-03aa76d871a7
.pubmatic.com/ Name: KRTBCOOKIE_22
Value: 14911-4177690674198123042
.pubmatic.com/ Name: KRTBCOOKIE_107
Value: 1471-uid:iOlBJwNX1NJBmb5
.pubmatic.com/ Name: KRTBCOOKIE_279
Value: 22890-0063e9eb-c5f5-11ec-8220-5f16f286a6e8&KRTB&23011-0063e9eb-c5f5-11ec-8220-5f16f286a6e8&KRTB&23355-0063e9eb-c5f5-11ec-8220-5f16f286a6e8
.pubmatic.com/ Name: SPugT
Value: 1651017234
.outbrain.com/ Name: pubmatic
Value: 473A70B1-97BC-4D1F-B401-450179C13E19
.onaudience.com/ Name: cookie
Value: 06c877626d832d44
.pubmatic.com/ Name: KRTBCOOKIE_409
Value: 22966-NOvcHvPGbWhQWjhhXMYhaUVV
.tribalfusion.com/ Name: ANON_ID
Value: aGnsIHoNIvbpmVrCJZalYOT2tjEoL21n6m8R9yWw9mBM8btQAv2PPOvHVpamaPiZbZcvg7W1Zd1bbYhbJA2aYcUq0MjZb
.onaudience.com/ Name: done_redirects104
Value: 1
.pubmatic.com/ Name: KRTBCOOKIE_594
Value: 17105-OPTOUT&KRTB&17107-OPTOUT
.pubmatic.com/ Name: PugT
Value: 1651041661
.onaudience.com/ Name: done_redirects219
Value: 1
.zeotap.com/ Name: zc
Value: 05441684-9e01-4838-753b-c1807d7e68a5
.zeotap.com/ Name: zsc
Value: x%02%E2%15%12%D2%9C%2F%00k%16%CE%1Dl%8F%83%F8%A3%7CH%B4%A4%09H%24W%B9%05%B1%00%C8%DD%A1%FBD%29%ED%D5%9E%89d%D5%EE%B0%3F%EA%2F%BE%95xZ%EAI%D3%8F.q%2F%A4%1Bx%FC%F7%11%9E%BF%E6%B2%C2%CAQ%C86%23pt%F2%C1%DA%D63%FF%BA
.dailyvoice.com/ Name: panoramaId_expiry
Value: 1651128062865
.betweendigital.com/ Name: dc
Value: mow1
.betweendigital.com/ Name: tuuid
Value: de3c4d2a-750f-5175-ba9f-340cd8f7d173
.betweendigital.com/ Name: ss
Value: 1
.w55c.net/ Name: matchtriplelift
Value: 5
.quantserve.com/ Name: d
Value: EA0BIgGAJoEO-TC_vLEM-7ENzfsQ
dailyvoice.com/ Name: cto_bundle
Value: zbMMNV9CQ0VnJTJGUThxZTh6WlkwMHdycFolMkZnWldNTHFjd3RGYjYzOFJrbFlNT3lBJTJGajZEYnhXRVFUVFl3VjhqaVhmT3hLUEZFUFRrSWFCZXJGcVl0OEhVb2R2M0FFckNLdDQ0UmNMNlZWWUhJN3hQMnRzQ2IzUkRnTzI3S2QlMkJWdWcwaVdSQllCS2t4Rzlia1FXRTFUMXA4bGdsZyUzRCUzRA
dailyvoice.com/ Name: cto_bidid
Value: zSphol95T0x3JTJGbHlON1YlMkJ0eWElMkJydENyV01NSGZTb3JBNEtRR0dnT2V6Mlo3NVR4ZHlaRHQxQ0NpbllickJpQkhyaWNnaVA0Z05KJTJGOTlRVFlxWSUyRktkUFl6VG02TzQxeDZrQmc2YWk4WWFSUE9ER2RrUnFjUEpucHgyaEx3RWpLJTJCV1FFcg
.bing.com/ Name: MUID
Value: 38085973F3DC623030A248E0F2576360
.acuityplatform.com/ Name: aum
Value: OikKAfqbdXNlck1hdGNoQnlVc2VyTWF0Y2hpbmdJZE1hcPqAOPqNdXNlck1hdGNoaW5nSWTQkWxhc3REcm9wVGltZU1pbGxpcyUBQBo4Bm26mGxhc3RTdWNjZXNzZnVsTWF0Y2hNaWxsaXMlAUAaOAZtuo90aGlyZFBhcnR5VXNlcklkIfuBMjP6QiSuQyUBQBo4B0iERCUBQBo4B0iERVU0MDgyNjU4NDg2NTc5OTc4NzI5ODcw+/uGdmVyc2lvbsL7
.betweendigital.com/ Name: ut
Value: YmjlfwADR9imRD-S2txM4MTcaOSiukTkRm1cOQ==
.mfadsrvr.com/ Name: c
Value: 1651041663
.mfadsrvr.com/ Name: tuuid_lu
Value: 1651041663
.mfadsrvr.com/ Name: tuuid
Value: e2cd560a-dcc3-4fdb-b5bd-6a9e66cac51a
.mfadsrvr.com/ Name: ssh
Value: !triplelift,1651041663
.casalemedia.com/ Name: CMST
Value: YmjleGJo5X8A
.pubmatic.com/ Name: SyncRTB3
Value: 1653609600%3A203%7C1652227200%3A165_234_104_13_57_5_99_7_22_222_231_238_243_176_56_3_161_54_71_189_8_220_204_88_166_233_55_21_81%7C1652313600%3A35%7C1651881600%3A63%7C1651622400%3A223_2_15%7C1656201600%3A69
.w55c.net/ Name: matchcasale
Value: 5
.ctnsnet.com/ Name: cid
Value: 07430fd5c7ca4fa58645fcbbba2d4104
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAAAPvFyGtoZmpoYGJoZmZsYmR-ShzBNzAyswAAvOSzCCAAAAA
.fiftyt.com/ Name: fifid
Value: 1dd08f1e-9ff4-405f-7c54-0abe258e0a57
.fiftyt.com/ Name: cs
Value: MTY1MTA0MTY2M3xEdi1CQkFFQ180SUFBUkFCRUFBQUJQLUNBQUE9fHrFyNv2wJQs6sf8KVTzIkDOD7FyU3ARtWiAi5BJWPzw
.owneriq.net/ Name: si
Value: Q7043280631636501034
.owneriq.net/ Name: p2
Value: cc
.fiftyt.com/ Name: fppm
Value: 20220427064103
.yieldlift.com/ Name: xuids
Value: eyJ4dWlkIjoiYWY2YzgwOWItNzFhOC00OGRmLWI2YWUtMDViNTU3ZmQwYjU5IiwiZHAiOnsicHVibWF0aWMiOnsidWlkIjoiNDczQTcwQjEtOTdCQy00RDFGLUI0MDEtNDUwMTc5QzEzRTE5IiwiZXhwaXJlcyI6IjIwMjItMDUtMTFUMDY6NDE6MDMuNDM3MDM3WiJ9fSwiYmRheSI6IjIwMjItMDQtMjdUMDY6NDE6MDAuNDYyNTM1WiJ9
.semasio.net/ Name: SEUNCY
Value: 6AF3B14652BB6AD9
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 9
.pubmatic.com/ Name: pi
Value: 0:4
.pubmatic.com/ Name: DPSync3
Value: 1651104000%3A174%7C1652227200%3A197_221_219_241_201_226_227_235_245
.ads.pubmatic.com/ Name: pubsyncexp
Value: 1651063263532
.brand-display.com/ Name: _knxq_
Value: 16d57df4-f577-73ba-c87a937a.1651041663.0.1651041663.1651041663
beacon.lynx.cognitivlabs.com/ Name: UID
Value: 46b51b4d-bbf7-4096-81db-1df1f4ee4803
beacon.lynx.cognitivlabs.com/ Name: ss
Value: HJNO5St5wCfdvyt8RBMgFnKsTNlHiXwsTxEZEwOZxCDg9TzvCoGH4YnzWYXeYcews2y5fa796J6bFiSycNmvQA%3D%3D
.company-target.com/ Name: tuuid
Value: c11e4a48-4743-4a4a-baa1-af50315103a6
.company-target.com/ Name: tuuid_lu
Value: 1651041663
.casalemedia.com/ Name: CMRUM3
Value: be6268e57c05a0&116268e57f2760Oc2Stf5sMtY6CvvACRw9&bf6268e57f000116d57df4-f577-73ba-c87a937a&406268e57f05a0&f16268e57c05a0&bc6268e57c05a00&dd6268e57c2760&586268e57f05a0&396268e57f05a0&ce6268e57c05a0&6f6268e57c05a0&1f6268e57f05a00&276268e57a0b40&046268e57c27604177690674198123042&826268e57b2760AACpnk7E0csAADZj0efulg&0a6268e57c2760665800460170&986268e57c2760956c06c7-d18f-417d-b6cc-da1115f6fb4f&2d6268e57a05a0CAESEIKti-wuA3zjx961IRuf9kE&9c6268e57a05a00&036268e57c2760671e6268-e579-4a00-9b31-03aa76d871a7&296268e57f05a0&6d6268e57f276007430fd5c7ca4fa58645fcbbba2d4104&b06268e57f05a00&126268e57f2760c11e4a48-4743-4a4a-baa1-af50315103a6&516268e57b2760PvQsF23zLRcl9yJNP_E3Gz-nexol8ysebqepOrxv&696268e57b05a00&2e6268e57c05a0&e66268e57a2760&2f6268e57f2760iOlBJwNX1NJBmb5&416268e57c05a0&496268e57c05a0
.audrte.com/ Name: arcki2_pubmatic
Value: 473A70B1-97BC-4D1F-B401-450179C13E19!20210804!1651041663730
.audrte.com/ Name: arcki2_TTT
Value: 1651041663731!59cXRq-wk4mTJKtcohNj-8mSA!H4sIAAAAAAAAAEWWOY5lNwxFF6OYACVREhU6cGAY7sDwBjRx/0vweQUDDhpVv1pfwx2p/ZV615Fb3pQae8ksecme9dxWb4m80+hu2eOIv2dSzwiZtpasaPHmmGWVlea4sxUrMvLrYnMVmWuo1Gn7nvP8vpGmuWnLT9rqT+pobHL3kHL3WuonTq+p9tKjL5P3Dt+v+8qOGjL6ZLO7bp0lDd/rTcuidV0WReY62sR3hFuMMe9I57pvPV2anSd2vMr2KFK2z6i3zdJn2vqK+XS5qzaxzPK5dhW3Vfvknl4i9dPjdWcTnbyuWJPVwsSitHyy6l6WyvG58m1y991idp/MvrfsYadPU8vRUn/vAtOQ5vOKte0yzx3iterbT6/uw+u8vKH8ld9YdEG8tCO52oxbdq4vJ7vbln2vG4ebGBD5LFD53jqRx13hKcd6T1sV/pLF+lKBpipqZWtv+t4YKZfW585T3jUILmyynDsdXVrb0dBT0x+//vrt7z9//0fKKF2KqkF9Wjt60fXgoajYOCFrlCUvSiwYCnstvZkVKZmsVbnpWPCUTWVphn4e6s5OOXcLHzK3F1T2acPPEledNVe+Gjs1h8rsJrtWl3o/RvM10RK379IUuaQ4raxuVRpQi/Fn2aepvKnbmgP/bqBnDtxZSvkEdLUj+rmQbx4PKZ5bchrfMaN9Uq68DrhZxJ1av/OYY52ItD4HXQ/ZFkvsZSAIO7LX5FYXQdZIs9lAz1deXSF2Gzt5a6hAi8L/yqOl07evMio8ncOiwsFjQ0tce+Y11DxVq70F1z2n/CzCHnWjzNmLv7mi5kilgWrpPKz3wcUn2rjKmV2771JqHTVhxfZqCe4UiFozEHhuUh+qr77Q+0l93jP4KJdXsugNWXWjx/m9rfgattPyF09tyemY27bjoXtgUXO80fct/Vvk6xSO69O5+N4FPeiW1UPvMlOfO/Wa7YSj0gXLBqni0aZ4by+y9uGZO2kP/8ia4yHqn9RSYHNWzcgXBd6kr4010EbMAQQDPcDUhEB+7Fx6XS+RAwTbvUJAAUEeBd+TKkSi7XG1nQYtAHX4BoGFKcC/4cbLTpnAAxXouCkaZ826pW/AslY/AXCxDKUf6vhrpDr8u9UUTA4EHp9o8PWpu/m7r9zmqUw1G3ql5V4hELds+8H2rLbxhIclt3EJuiI3f3rSknkYavZFHtWjYx7ku+bNrR8CD6lUUlJwGdFDGLxqqGCtdJDJLDYkvuCvX3rPPi42b206PnWM8Mcv+c/9PrGMsis3hfV90ICUL+5t9wmZ80leufio3nodqAyhrrwRUPmAoUJIPmitejdPzH7sc+OrDbK6Ifq60bPzWSgEq2W2zFGJHmllkjB1fMq+GcYbRpiqBVuCRi7JTu1KKmP+RXQuwMZSWVrUPfmlKWV17XrPhUPiZqnNiRnr2OO+OolkRKHpowehoHwCEAF9DleUiY0B0HrfdbGoRVwopGHWJ6APYns8NtzHyQf/JtKoZvpNxpzsdGb9eJqY/1YjXPc7tOyoSxeywGL9uzjR1hFI722PtYIE6oga2gayQuPk39GP9ouALoy3cgOg/k/qmlF+IWB4eDq+nrWGQBEj/4XlCUk+OnlPpdYRdO8DyQvwJX/O+mpxOu0zdj+ZW1iJiWnmjQ0SDA+QwRjAPEA3kguzE3TBVJDooK1fBnT6Atqxz5qPYnmrdPKCQK60U1diLX5SV6pDK4t4XZRL67neqWkFsXg74YSMebPBQwdnxY6Ebex3e6IeVZ0y5R+5URvzAP0DY9MLes7bNL2zOkldpM39xdxAio1MnjGC/MBJ7HSOYgnmhdI/lWFJ8bI+bksNAsT6taQwNYlVHs7kAaPspPF5dFNvZ5JWntpu8+VsCLTCqDPobGaAL7CYd6j+dzV5P1Qn8waNwiI45DikFuuMW6purQfEh9K0JPX9coNMJYEY2OjNAagMTNWTdXo4eJ0pQ4eVizMKy19eXg6iJtWJTiADNsJrI8VuIJ6DSJj4DDX+9NB4VFb9pB4fmIVwQczxXSxz58+4wevGNxS2D+dPKrTkOrhRM71wTnRqIxFlFCn22otDTDGiDwaNTCXcWIwgl2I4Z3qvzCiloEwbwHqDIZH+Jnmt1twSpxwiX2V8gxBjIMVBYIoGY1Bg2ms5lcy0ctG4b6Rg/VMBdSKZpgJeRaqKG79szwSiN+7EwCX7y8dSBqd5fLpIrWbi9HzT0pkUKGPYDoqhEqyFuTa/0H8BGFlThj0LAAA=
.audrte.com/ Name: arcki2
Value: 59cXRq-wk4mTJKtcohNj-8mSA!20210804!1651041663866
.realestate.com.au/ Name: External
Value: %2FTRIPLELIFT%3D4082658486579978729870%2F_exp%3D1682577663
.realestate.com.au/ Name: mid
Value: 7885895217376680706

40 Console Messages

Source Level URL
Text
network error URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/mraid.js
Message:
Failed to load resource: the server responded with a status of 404 ()
other warning URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Message:
Unrecognized feature: 'vr'.
other warning URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Message:
Unrecognized feature: 'speaker'.
other warning URL: https://rumcdn.geoedge.be/da26078b-d3cf-4550-a9ce-c4de7c009cbc/grumi.js
Message:
Unrecognized feature: 'ambient-light-sensor'.
network error URL: chrome-error://chromewebdata/
Message:
Failed to load resource: the server responded with a status of 403 ()
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://biddr.brealtime.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
network error URL: https://sync.adaptv.advertising.com/gg_pixel?google_gid=CAESECQZ6_xndkP-os5a5Gr-RY4&google_cver=1&google_push=AYg5qPKVs65G6GNoW_nr-gvVOE6xBmSmFX4rkVSqBioYv4WqzeC9-dHBeYz4u0HdrAG_1YkZtAy7npjLtp98hQYozqMFG6Q7OPk
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com/safeframe/1-0-38/html/mraid.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://id.rlcdn.com/709414.gif?gdpr=1&us_privacy=1---
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=1434
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1
Message:
Failed to load resource: the server responded with a status of 503 ()
network error URL: https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=
Message:
Failed to load resource: the server responded with a status of 503 ()
network error URL: https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
Message:
Failed to load resource: the server responded with a status of 503 ()
network error URL: https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1
Message:
Failed to load resource: the server responded with a status of 503 ()
network error URL: https://c1.adform.net/serving/cookie/match?party=29&gdpr=1
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&gdpr=1
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: https://id.rlcdn.com/711916.gif?ct=4&cv=
Message:
Failed to load resource: the server responded with a status of 400 ()
network error URL: https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D1%26gdpr_consent%3D
Message:
Failed to load resource: the server responded with a status of 503 ()
network error URL: https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=1&gdpr_consent=
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=1&gdpr_consent=
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: chrome-error://chromewebdata/
Message:
Failed to load resource: the server responded with a status of 403 ()
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://biddr.brealtime.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
network error URL: chrome-error://chromewebdata/
Message:
Failed to load resource: the server responded with a status of 403 ()
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://biddr.brealtime.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
network error URL: chrome-error://chromewebdata/
Message:
Failed to load resource: the server responded with a status of 403 ()
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://biddr.brealtime.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
network error URL: chrome-error://chromewebdata/
Message:
Failed to load resource: the server responded with a status of 403 ()
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://biddr.brealtime.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
network error URL: chrome-error://chromewebdata/
Message:
Failed to load resource: the server responded with a status of 403 ()
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://biddr.brealtime.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
network error URL: https://ib.adnxs.com/prebid/setuid?bidder=triplelift&gdpr=1&gdpr_consent=&uid=4082658486579978729870
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: https://ib.adnxs.com/prebid/setuid?bidder=triplelift_native&gdpr=1&gdpr_consent=&uid=4082658486579978729870
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: https://ib.adnxs.com/prebid/setuid?bidder=triplelift_native&gdpr=1&gdpr_consent=&uid=4082658486579978729870
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: https://sync-tm.everesttech.net/upi/pid/RVF22VSl?redir=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3657%26xuid%3D%24%7BTM_USER_ID%7D%26dongle%3D3c0a%26gdpr=1%26gdpr_consent=
Message:
Failed to load resource: the server responded with a status of 503 ()
network error URL: https://ib.adnxs.com/prebid/setuid?bidder=triplelift&gdpr=1&gdpr_consent=&uid=4082658486579978729870
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: https://sync-tm.everesttech.net/upi/pid/RVF22VSl?redir=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3657%26xuid%3D%24%7BTM_USER_ID%7D%26dongle%3D3c0a%26gdpr=1%26gdpr_consent=
Message:
Failed to load resource: the server responded with a status of 503 ()
network error URL: https://c1.adform.net/serving/cookie/match?party=1245&gdpr=1&gdpr_consent=
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1
Message:
Failed to load resource: the server responded with a status of 503 ()
network error URL: https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1
Message:
Failed to load resource: the server responded with a status of 503 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests; default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1f2e7.v.fwmrm.net
3a3e76eec635cf49455e44b57dbb987a.safeframe.googlesyndication.com
60687.publishers.tremorhub.com
a.audrte.com
a.pub.network
a.teads.tv
a.tribalfusion.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad-delivery.net
ad.360yield.com
ad.turn.com
ad1.adfarm1.adition.com
ade.googlesyndication.com
ads.avct.cloud
ads.betweendigital.com
ads.playground.xyz
ads.pubmatic.com
ads.servenobid.com
ads.stickyadstv.com
ads.yahoo.com
ads.yieldmo.com
adservice.google.com
adservice.google.de
adx.adform.net
ap.lijit.com
api.btloader.com
api.floors.dev
api.rlcdn.com
ats.rlcdn.com
aud.pubmatic.com
b-code.liadm.com
b1sync.zemanta.com
bbnaut.ibillboard.com
beacon.lynx.cognitivlabs.com
bh.contextweb.com
bid.g.doubleclick.net
bidder.criteo.com
biddr.brealtime.com
btloader.com
btlr.sharethrough.com
bttrack.com
c.amazon-adsystem.com
c.bing.com
c.deployads.com
c.pub.network
c1.adform.net
c2shb.pubgw.yahoo.com
c2shb.ssp.yahoo.com
casale-match.dotomi.com
ccpa-wrapper.privacymanager.io
ccpa.privacymanager.io
cdn.id5-sync.com
cdn.keywee.co
ce.lijit.com
check.analytics.rlcdn.com
cm.adform.net
cm.adgrx.com
cm.ctnsnet.com
cm.g.doubleclick.net
cms.quantserve.com
connect-metrics-collector.s-onetag.com
connect.facebook.net
contextual.media.net
core.iprom.net
cr.frontend.weborama.fr
creativecdn.com
cs.admanmedia.com
cs.emxdgt.com
csi.gstatic.com
cstatic.weborama.fr
csync.loopme.me
d.adroll.com
d.pub.network
d5p.de17a.com
daily-voice-res.cloudinary.com
dailyvoice.com
dau-prod.launch.liveramp.com
deptagencynl1.solution.weborama.fr
dis.criteo.com
dmp.adform.net
dmp.brand-display.com
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
eb2.3lift.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
freestar-d.openx.net
freestar-io.videoplayerhub.com
g2.gumgum.com
gcdn.2mdn.net
gcm.ctnsnet.com
geo.privacymanager.io
get.s-onetag.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
green.erne.co
grid.bidswitch.net
gu.dyntrk.com
gum.criteo.com
gw.geoedge.be
hb.emxdgt.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.liadm.com
i6.liadm.com
ib.adnxs.com
id.crwdcntrl.net
id.rlcdn.com
id5-sync.com
idsync.frontend.weborama.fr
idx.liadm.com
ih.adscale.de
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
image8.pubmatic.com
imagesrv.adition.com
imasdk.googleapis.com
jadserve.postrelease.com
js-sec.indexww.com
js.adscale.de
live.primis.tech
loada.exelator.com
maps.googleapis.com
match.360yield.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.bnmla.com
match.deepintent.com
match.prod.bidr.io
match.taboola.com
matching.truffle.bid
media.adrcdn.com
mug.criteo.com
mwzeom.zeotap.com
nep.advangelists.com
odr.mookie1.com
onetag-geo.s-onetag.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pba.aws.lijit.com
pghub.io
pixel-eu.onaudience.com
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel.33across.com
pixel.advertising.com
pixel.keywee.co
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
pm.w55c.net
portal.o2online.de
pr-bh.ybp.yahoo.com
pre.ads.justpremium.com
prebid-server.rubiconproject.com
prebid.a-mo.net
prebid.media.net
prebid.s-onetag.com
prg.smartadserver.com
primis-d.openx.net
public.servenobid.com
pubmatic-match.dotomi.com
px.ads.linkedin.com
px.owneriq.net
r3---sn-4g5e6nsk.c.2mdn.net
res.cloudinary.com
rp.liadm.com
rp4.liadm.com
rr5---sn-n02xgoxufvg3-2gbs.googlevideo.com
rtb-csync.smartadserver.com
rtb.adentifi.com
rtb.gumgum.com
rtb.mfadsrvr.com
rtb.openx.net
rules.quantcount.com
rumcdn.geoedge.be
s.amazon-adsystem.com
s.company-target.com
s.console.adtarget.com.tr
s.ntv.io
s.tribalfusion.com
s.youtube.com
s0.2mdn.net
s7.addthis.com
sasinator.realestate.com.au
sb.scorecardresearch.com
secure-assets.rubiconproject.com
secure.adnxs.com
secure.cdn.fastclick.net
secure.quantserve.com
securepubads.g.doubleclick.net
signal-beacon.s-onetag.com
signal-metrics-collector-beta.s-onetag.com
simage2.pubmatic.com
simage4.pubmatic.com
sli.dailyvoice.com
spl.zeotap.com
ssbsync-global.smartadserver.com
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
stags.bluekai.com
static.criteo.net
static.doubleclick.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.adaptv.advertising.com
sync.adotmob.com
sync.console.adtarget.com.tr
sync.crwdcntrl.net
sync.extend.tv
sync.go.sonobi.com
sync.hgrtb.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.search.spotxchange.com
sync.srv.stackadapt.com
sync.teads.tv
sync.technoratimedia.com
tg.socdm.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
tr.blismedia.com
track.adform.net
tracking.m6r.eu
trc.taboola.com
triplelift-match.dotomi.com
u.openx.net
uipglob.semasio.net
um.simpli.fi
ums.acuityplatform.com
ups.analytics.yahoo.com
us-u.openx.net
us.creativecdn.com
usersync.getpublica.com
usersync.gumgum.com
video.primis.tech
visitor.fiftyt.com
web.hb.ad.cpe.dotomi.com
www.facebook.com
www.google-analytics.com
www.google.co.uk
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.storygize.net
x.bidswitch.net
x.dlx.addthis.com
x.yieldlift.com
z.moatads.com
sync.1rx.io
sync.adaptv.advertising.com
104.111.215.191
104.111.242.245
104.17.120.107
104.75.88.126
108.128.72.205
108.177.15.156
124.146.215.45
130.211.23.194
135.125.160.160
141.94.170.77
141.94.73.195
141.95.3.9
142.250.184.194
142.250.184.226
142.250.185.130
142.250.186.66
143.204.202.23
143.204.202.50
143.204.202.99
145.40.89.200
15.235.15.221
150.136.156.92
151.101.129.44
151.101.130.49
151.101.193.108
154.59.122.79
169.197.150.8
169.50.137.184
178.162.133.149
178.250.0.157
178.250.2.131
178.250.2.151
178.62.202.251
18.134.84.22
18.156.0.31
18.156.195.47
18.158.238.206
18.184.64.118
18.193.50.241
18.195.0.245
18.195.155.181
18.196.86.25
18.200.109.242
18.215.81.12
18.224.78.125
185.183.112.148
185.184.10.30
185.184.8.90
185.33.221.14
185.33.221.90
185.64.189.110
185.64.189.112
185.64.190.78
185.64.190.80
185.64.190.81
185.86.139.103
185.86.139.104
185.86.139.89
185.94.180.125
188.42.29.168
192.132.33.46
193.0.160.128
195.5.165.20
198.148.27.139
198.47.127.18
2.18.232.7
2.18.234.233
2001:678:cb4:bbbb::11
204.237.133.247
213.155.156.169
213.19.147.45
216.200.232.249
216.52.2.19
216.52.2.39
217.79.188.10
217.79.188.2
23.205.235.133
23.206.210.112
23.21.79.77
23.22.109.120
23.227.139.243
23.32.59.34
23.35.228.23
23.35.236.201
23.35.236.247
23.35.237.151
23.35.237.64
23.75.246.168
23.88.75.186
2600:1f18:444a:4602:2c20:3113:5c28:1366
2600:1f18:612b:4200:5e70:34f8:9284:341c
2600:1f18:730:b110:6bc4:b288:af66:f0fb
2600:9000:2057:5400:e:ec66:e40:93a1
2600:9000:2057:6800:1a:5235:f980:93a1
2600:9000:2057:a800:8:8845:1500:93a1
2600:9000:2057:f200:9:dc53:cc00:93a1
2600:9000:206f:3800:4:b37b:9440:93a1
2600:9000:206f:5200:6:44e3:f8c0:93a1
2600:9000:206f:9c00:e:16bc:8080:93a1
2600:9000:206f:c200:f:4f64:8940:93a1
2600:9000:206f:ee00:3:f9b0:4040:93a1
2602:803:c003:200::31
2606:4700:10::6816:1857
2606:4700:20::681a:18b
2606:4700:20::681a:246
2606:4700:20::681a:78b
2606:4700:20::681a:932
2606:4700:4400::ac40:98f5
2607:f8b0:4023:1009::5e
2620:116:800d:21:36a9:ecb:e518:b308
2620:1ec:22::14
2620:1ec:bdf::45
2620:1ec:c11::200
2a00:1288:80:807::1
2a00:1450:4001:62::8
2a00:1450:4001:800::2002
2a00:1450:4001:800::2003
2a00:1450:4001:801::200a
2a00:1450:4001:810::2002
2a00:1450:4001:810::2004
2a00:1450:4001:810::200a
2a00:1450:4001:811::2002
2a00:1450:4001:812::2006
2a00:1450:4001:812::200a
2a00:1450:4001:828::200e
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2003
2a00:1450:4001:82a::2006
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2008
2a00:1450:4001:830::2002
2a00:1450:4001:831::200e
2a00:1450:400c:c00::9d
2a00:1450:400c:c02::8b
2a01:28:cb6:3::10
2a02:2638:1::13
2a02:2638:1::3
2a02:fa8:8806:12::1400
2a02:fa8:8806:13::1460
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:400::300
2a04:4e42::393
2a05:d018:d29:3602:54d1:782f:29ca:abc0
2a06:8640:476:0:ec4:7aff:fe7e:de5e
3.121.19.101
3.217.136.163
34.102.253.54
34.107.148.139
34.111.129.221
34.111.151.213
34.120.133.55
34.200.28.249
34.223.145.238
34.233.31.154
34.234.148.240
34.237.23.137
34.241.76.6
34.246.109.130
34.248.76.8
34.96.105.8
34.98.64.218
34.98.67.61
35.156.14.215
35.158.59.51
35.169.18.93
35.170.66.104
35.172.159.73
35.186.193.173
35.201.71.192
35.201.81.244
35.201.96.126
35.211.165.199
35.227.238.208
35.227.252.103
35.241.45.217
35.244.174.68
37.157.3.28
37.157.6.242
38.27.122.158
44.194.206.200
46.105.202.126
5.161.54.172
51.75.86.98
52.17.151.21
52.200.145.253
52.210.7.127
52.223.40.198
52.28.203.152
52.30.28.241
52.46.130.91
52.57.69.5
52.58.249.203
52.70.185.145
52.95.126.160
54.158.72.110
54.159.94.231
54.205.113.20
54.220.157.118
54.227.185.17
54.66.168.86
54.78.254.47
62.209.227.211
63.250.60.65
63.32.224.74
65.9.66.173
65.9.68.105
65.9.68.93
66.155.71.25
67.202.105.24
68.232.34.163
69.173.144.138
70.42.32.31
70.42.32.63
72.251.244.140
72.251.245.181
76.223.111.18
77.243.60.138
8.2.111.142
81.17.55.161
82.113.101.132
85.114.159.93
91.216.195.18
93.184.221.133
96.16.141.156
99.80.41.206
99.83.181.31
99.86.7.38
99.86.7.66
99.86.7.67
99.86.7.73
001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343
005a6abf772f5a71490186676d5a0f3a3e5360a2445f06c8f53dce0f72eabe8e
0095e54a146b2f4c601ba603521e3918e4e75726291d05e5a7d6e92f16b11a55
01284adf0039080c4d89732ef83440fd31b310a7bf3867b83b030f99ffd1f1c1
01fe06963157ad4b6b55e18163fdd345d326dd0479d4036cf9a1bca439aeb5dd
022df85e302d76490edf39d56b06a5aa1563edcf9da60ba16c2c722758a5c06f
03884282898321524ba5cda546d71a38ae87704bcf092d9457ba739060528908
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
076afb2bba2f1a7ba1afdc0baf4f3cca4e75cafb531532118e1aff120058c05f
07b7cbb147b715741f9bcd1d9586e83fe9cae4af6e9a443d3f8de830465d2b8c
07ba064a74893db28c7b856f705363ee06e1b3e0f56dfb8c93277762873d932f
07da28929f6d4cb8894de074ff1ae095860bf6686c7bb3024168c6c8e5e65ad8
086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e
08a00ccb9b5f769641458349396bbd89d0d0b3248f0e1a2babb47ff0b25a78e5
0a1bc6b6090092688fb1c545eb68496d8b4831b03185b348c05143a69d22557a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ba1b72b723f378698972f0419f2280b088eb36aa814db4e6f7eb36bec2a494f
0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94
0db96ad8c255629a43abedbe219e2851dafa18a6b0e0d35c99b5384e7ac2abd2
0e2751d050bf16c31e60456618e144ca43a9422453e43a57000821373157032d
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0ebdfd9b32ab6e8054d916fcdf5fd2c9d539d0e743a5a1a49f1b66557271b7e2
0f84771bafa571f25475772cc485457c61d8cc6ef83f4496c7426c796ce892af
0f896eb296ca683fdd6cfa0c085fbb867c45c2a47130c32c1f00878c5ff4fa01
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1104924cb36156fb19b90a6d9d8ba0a75e14275c5406069b88b6f86f78967ebf
115d0ed8e5977aaffd686d66e65d19f79976afa066ff494748ed9d880f8d0d45
116f7935246ff5165fe0318ca0cf95a3c0114de9adf83dd75a406bec2fbd883c
1183307783cf23654d3a290fdd33a2387be5d4651145b67f5527da2729bec0bc
12299fde61e7f4c818100b910418e854e256d46c042b795447fb556ff44c6dab
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12eb2bc0ae6531a7e14a1db935b87ab3cb19af9fc097ada63afb42d0c12a9cb2
148478606d25d638e8f415e457cea6d2f004a33dbff0036206bc5d2d7d6707a9
154212eb976f7df7c79f5844fcb356740bcb6c51edacb2e8515108e2d7effa67
15dcaa495dc7f16f3bf7cf94dfd9ed6b5f5c670457e4643d6528e3d33a18c780
15ff5575a368e8c6c54e5efefbd6d9b60929a48d153ecfbcb04d9c631ba421b5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1861be112f102bad82665111ac62b8cf330941573f9005b3d309c9ac4735a63b
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
18e1cf62da03604a77fdc1fa50a09b34326c1134ae56df69e660a9c6c7502064
1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0
19a2f0e55b8b27b0b2f46e821abd2ed91a355e086a5ed756bee99ec62ecf34ef
19ede6d9e804c8651d1a03850401c29716427827ad0aa2308ce140c076d2c566
1b89cef3848e760783d29069642f63944d24e51f6de32ba7c772d09beb24bc92
1bab245024806397dc618d3885f6b8d19bf28d55dfec3d5df4a9266ce63f8603
1c21ccd362b8f14a77565f498d83db5ae20bdb9938c91189768bbd6e299326e4
1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3
1d6ef0102642400680819f4ed5093b4a3f2fbefd7f4c22b8ec0479eba4fe4772
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1e34fc30bf2e34bada75d32fbf47eafc5a603d898ff7aaaddd405f150147742b
1ece651cbffa6a7e4d2dbb92ba362a89ad6e7a980b0c9b5a43da68b4062b72c1
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
1f1fe3cbc67f1439fde595eb8a23c66a3c601ec24f64b573b2d046bb20692662
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
201877ad1738da2fbd56ee26e25a82730e56e1dbdd4fad1d9ff98aa718b5ecd7
214fa7c2b74dcea00e6be1f471e962a3b170d5eb59d95e3163ac61935f48b700
2257d825aa332b051f8c285b78ebd7a82e9136c7c49e3b9d6d734b1b38573d0d
23809ea0e8d21231d20360000aa8e279e133891bea0a32f63682293c95db2d6e
269d04418844c90b2e3843917371c34228a1b080a60e4e6b35b6501c4957963a
27b5f8b16836c70e7b6a64849706d30b3585305498281406a9102e67ae4947c7
28ce38018c278f3ccdb64280656ef416294c4b999d2fd6eb1bd6c9c3e07666c7
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe
297286161ace21782b6e45b0735d9deae64f5217e5859a7e7b7040a512dbc37b
2a30d597b887245f03e9b93c73beb736bb3ea5f96bd26b041540dfffa81246cb
2a84b8de0a98399eb164bf45b8a5af6b0d9ef50c1d8b6747e585f0ca48ee052b
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2b174c2de49f6aa7f8b72125c63c163012b9ff34afdbdaea39b4c499e1d16df8
2bbaa677bc99423ca91d12e93b66a8e96defc6e9a5a2510e0a3963bf3c71a45e
2ce9cd7dcb7f38ae802b0abb181c86cf4fcaf0eec1ac25cde85b3a3f2e609cf7
2d872ff0d2ad9d34546ccd9e2576ee43ebc6e11342e8f9933b83c4fc1caf7dfa
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
300f74eff2336007e7a5107935298fcefaf47213e41f01231de59a77ed965ab8
3048dc193a1dc9b41386eaff31ed0a6909ec7c9109674fce25bd59d775a1c080
30d8b2e4c2684715253541f07e7bfb48918ecb745c20753ad5ca400b4919291b
3117f031f71e77fbdc0bf40c3ba81421259a24a26cda1cdc524855d428b81e8a
3123fd4cb3416d8d1e92ed1c84f73912119f61de8cc4839ca4601445bda57274
320cc0834b1ee423c53956a1f587fedc32bc909fc9ed55521cb918d567cf3065
3260ba689558df2cd864c9d118cceeaaeb2410cfd9e911d46adc7ee370d2184e
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7
3376dca60a13acb10866799527b6127e3fa7a9ff6f194bbab9c63a2fd3481f48
33772f987f047ae816d4f0573bbe1a1d5730abea44e57140c95146e895bf2088
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
3516496d97f72bf509cf5d6902b5deebf53355ccb21127dc777d265cd96ca2d8
36998456859e35cf76812894575b0203d48ad8ac11d3165c5449d1fa73f19800
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
3b2ea1c9f3587781b58285cf64279e67f6329a3924fb93f81529f1826e2f4d16
3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3
3d510e16e6e569e573980fd67a55221795d539fd56688ecaca8d284255e86ee6
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3dcff22576afe55b8b9f2f2b9be42b5fe5b41e2c72b5f61c7441f84c64ed8815
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
41a5d8252e3ba2341f977e01b565d838a5eee262bcc85a812cdb5e360dfe7bce
4284cc65b5c2012f3d56712579aedd1d4e19227894242f9f98cd29b22e4c5277
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
43015d6d57b5dbb045a694ab7ccbb8b86442afe5c11d153013dd2d17a6adfca1
4396b65e0a15cf7c9360d435cff94fa1a79c2ce49e11656affdfcb2e4aad5daa
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
446043a7ceb4b6eb563bebdd3ed0510fd5280567a053939591c0ca57dc5f7a80
446c9ce73a9ae2daf640290905f469b196e1a8bec5535afb23ec691b139f696d
452848debb4bb4cf1e26c95ee48efed325dec430904bda12bd9ce5adbf307ffa
4538cc4177df7a0c047d9a66622403ff7557e34b1d05fd0f66b3d8544cff880b
45767d3452a56be0180eed18ff44acd5e688dc5bbde2b77e1da29b326a180416
45c432c16a068645114767942ab1d37d492d21e4407927dd39e380ed912c944f
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7
49d0d9d2f29e5f79fefae695b1a1608fa2bab8a2138f13655ea3e15fe2e278d1
4a3f2b93226d6d0a20204d8b66333d244216fd3919e4c94bcdc0466213b72ded
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b8e197f5712a6e8c11c449b5b1ce249629393eebf0452f77a9dc4869fac6cc2
4c8162a2e137a756d51b6e40cd02a736efcd29dcb461fb48b4b31743b17efbaa
4c8a766813fc2edef6aef58ebbac6642929a85974d537faef5d3dae566abf302
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4dc60f217a4619abae70e8b6c2cb9b6faf9bd32d5e7b01f552292ed08d792f6b
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ede5772d970131c333789f8ed75d1d274002894a907fcdf9f9d42935b471c23
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
50223a68bd5fdf00d4bd4daaf5c2395741b4c486453db72eb356efbcc53dc340
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50bbe6317c2bfabf7a41b037db24db1df8bba5781f9c9338d011adcbd1750f85
50e14c7dc3e3d56e997e61f3d3b0d630a0fb9c9edaa32c6de1cf7206f6dd1e17
513eac1c9df53dc09a19720d714f7afd58590025d2d57ce16be83bc5f0663f66
51cb6b458d4548438ace3dab2118391f6e80eadab708677560f8548abfe46629
52835a5de13027c91e4709a82eb02b19905042d852e9cbc148a5b57e44d3827b
52a97fe62f9427bf1a41f8837215605126c58f4f144a8c39655c317464c9c29a
538ed9d8c563eca08780be8790440c3d8e3ca397c255afbed9c851e42d91d8ac
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
57d26dc350cc8c10af56460f5a6b067565c2cf5bea3eac710944814cc9ee4fa3
57d93c30e52cd710b2dee2770b50b65e4cbc5964d2883e3df12babd136a2dc69
57e51a2a636d1f22b08f8dd5d63a6368ebdd5fda36bdaf4d31fa398c18117290
585844c418b0381b3de661eb546493fb87463c2333bddb5ca36ead0aafc583e4
585eac76ebafa3fd2bd62e2e5a38798e0d5705b4e8c332a91d63e5bd0924e025
58a07739b05fec4d319e4d5c6b1fa4ac79e2a625e08ab3f303929b77fde5bdf4
59c27e82ed2313402709eb044ba09d8f1476118ba297a2f71548f5292529baab
5a0cecf509251de7b796c7c34ca1374bbb3fabe582e9e9394f1a1ebd9d421997
5a20d2457913a3aa6c2fe7aa0bcf711a7f7dbd81a1dc1c3006a8ae19f9c64a28
5ad06a354ad401211a519d32b2d156b88a0ac240b0b96dfe5c706d54c087e84e
5aef37c7abe75530fac92a34f337cd7f558956e9800f5b0e05094fb83e963be6
5ba644f0fddbedd145f222319852b63c370c3cb827de34c21e5f0823e6d33057
5bb08412d18881e3fc69fdb44226bfc6f66a77d45dfff3f10b98a100c09bc970
5c11a0bd7f6d0da58ce9caac28f6ba0687f3285f575a69d8d6bb1aee8f67853f
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c691bfbaca0ce68d48828de40ed11ca48cebbb214d7883a74faf4e3c0cdd93f
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
61044fc0d23ba36784d5967cea5f672a24bc4f24912cc3359136c9778a577407
6139dddd3b6b6b847bccd476918dc8fb4f4f5a10908e5707c704f155e0918e84
61491b6097e87e569b67268b405e9f7a1fdc36750e39c684fa505e8e10ec8db4
616f41fbbcf44ba72bb9c97132871526164c81d78f56a15e04ece1a44eb5606a
617124d1b85f766b1690908b346c33c8b7a42e33b05aadb335b452f86eb0d7e1
61b2100a8748346132ab227b5cbb6710c66aa8ed5c6caf241e1d85e7bcc049bf
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62385f6dc711131ce28a1d4e42e59ba5e03552ed436c17b114253657152a7c9f
64877dce73b97b31f263f6772a900097cf4f8ece93b9d494016af73514ff3f70
649fc78f0d874b4e2e7cde4d0ee7255fe6c6a8ed2e909566752e4ac82d7abd03
65577c6e520bcca09ad7f2603844e41c9b7d609996b307585b0dee69b06b81ca
67777c185d8f2f8ec9f2e8b400852aea4e7b482d4cea0fa8b0169787144c65e8
68090e7137958f12beb2351e31aca4989722b3da9d7ce0b7ef6f42cbcf4f7555
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17
693c1303fe6948a71ac932631114946859bcbde2da431e504f9dd7a9173332fc
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6bf43be58a29c016e721a86d5c5efb03377e225af9d7b3b48b5abd0a873ec13e
6c9eaf1d10571c95ba64034a7d243bed717c5bf699ceb43c664039602bba1b60
6d11dcfb7b6db9185287ff03176c204852b3a8f86d4437af34a56fa3b780fade
6ed0cf55e194ca27241e46e1a34ea1d6eff8ee45636d6f3d18a2f2b5beb2a471
6ee816398ac59bd1a1fddcb80037e7fd618f481fe467ad65e73afb4daff29095
6f522fbbba8abd42e7a27c37138ae40a42beca58f750deb37102717d22e8bbd5
72e852ed343dfc6e04d15025c3be8f7d8a742d3acaacee8f335d718ac18c2063
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658
7383a0e8f344704002797c756d99471f2f51cc4604e05605ed2778cac4ff6662
73db83bdb7e08a381b9c55c7d9bb0b6665856fcb42df8a0ab14a6e903b0abd5b
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
7592419527acd1138547790e32f40cc96a3c2d49fb14fd6c3648130c81b44c83
77bfd7289f3f787d708f0eaa70b730fd09ea31464eb83c8539a81c4dc4f5ced7
77f5e031eefff035f726c707969ba6071cce707aa502d58aa7be42bb4af7fc8e
78296ffe65e27692e7b1cc854a582f3e96967045c68276297c243acdaa990005
78da514c9f16a47d8e2374012619445409c56fd4da464e9cbd7b581cbf809b08
796b862c4ecfa4c43c22c9b6995818d5524f58feccaed3d467222f7d287fb6a4
7a43fc8ce2b71de1e59d34ca62f0c692866b0255148d0adafe3c11ba644178a3
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
7a7613de51bf713b2eb2780e8a79c101d887560f1b6ee0a655300bd3ad2bc412
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7f0133854d49c393c55e25e41e53881a9d5a66c57966437aef896c1013643203
7f4ccb6451f5796f0d140b7ecb587a14c9af6f234259d056a45f61f4373ddfe4
802457a9c0463c88d904a59b49bef6d759e31f6f339dc9845045412d8b5b8213
82e400c090fb5260267fa339b115e8fe2cb3171303e252844d9756f252f39099
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8393b0f49cbaac879bc0a89a8d6fc918081a21fd4b13e5ae4416d2c1afbcca92
83b2d381acf4605fabb7303a687ad0f02335c3f0adcb7d43f13a5b4c75c9c271
8516f3bacba504d2453300a736341c9414df397c954ff91af67a5f013d427e01
861aed070db50ce0da9928455deff784c115b44540b09450f225ff7cff0c7429
87da4a4debade20b4cacf0bae1509ad8a8f73e77f6c397b397a873f19fc5f021
87e7fd5a829817f60378560aef0672a0c075913759721eb51042c6a08763d588
893813e610ccf9b5af45ad55e64a7d9e7536df4d34bab43d26a99d45dd085ba1
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
89c135feacd515d13a0ba0cb46408b00db8c18ecbca95baaa851f7f08be441e1
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a9ba7bbc88ec23d81a2d63845638a3b6603de473261872f301803cef84ef335
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8ad957070bc5539c98cf10849dbdf10a2dbe0f216f836cb1084167d68796ce7b
8ae5b95f24ba3bf0fa5b9b21ffca4ef8a683558ae0a4985abf835f7b71ad0579
8c0397e0c10774c4c5a149e4aa54e2633f55b0700c7a797040eb786939e52010
8c4967c13572e41e718dfbb3d84dddeacc748aa14cb2d65ad91ecdde60f50664
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8db9d590a4006f3b61f3a3b72c9ec3bb105adad0cb7b87e79de4c12247d37c1b
8eb7099cbb3a71d7aac7b13e9bba617caa98ef7b9aea6dea37127204d5b33143
8ecb65a128ee341cc58f4bcfb7682900e31f1be26eb6c169aa2bbe26e468f57e
8edd630d5170e53043d226f5d53fe4e01d29039339ff31533183e385be7b2eb7
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
8f6f8941c721c6f3ed83adaf973dd32d824eb440f5f6a20cb79e9df245d0978c
8fb8fc201a6f570ebfce0b3504f6da40f0976cd36c20e2983b6e5b172ebf56a0
8fd00834c70b3b11f829c118bb66bea7c7593452dbae25debefcefab12d69b1f
900b8cf7fd4b77591295bf24195fcc10f39a1c547a3adf383feed312c89a1c81
90dceba28c9deb5f89e7a14eb8292c0272a93910e13858376de0fa95a5105593
91977b0f9d0f87ecfd027fb262155f234c4f28a3da7672c3e0d029c02dc0e122
921cc97818803e09579f28dd741626123534b998e325862eab059328de5f0105
92252f56b2f1ed83e4e4ada222d0074846d5efc9ae54d93a0de1100329e528a5
932376e026d5cf24ae61b65e0e0598e52fc850214a030a5327e7bd1eebad99b5
9373556c315280b756fbe5e357153b8b34d73c3da1a92367a1018561912d4a3a
93e96722ec4a84a6966275711a65c1f25cac57c3f3c4bd156dbfb26e9b1210d4
9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068
96bdf7b1036a1ba412b252f15f9bb814e1a208c929447ff7dc1de78ce96a46c1
96e6f6c4f2a190d7b49775a9ab0a5bf1a1dc0dcde38d71a7cc982142c5932d8b
9741ec0d2cd44e302898427aa2a5c57d85d29d9a246014bb3f0894713c27f5fd
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
98f1c155503227f25beb8f627d9d177de5a9f52f8e5dd0604bec8b2a51262054
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9cc352f8e5a6bc41a53aae54efb6ba423d9620049d53e9cb4dd0bef618e0f2af
9d8136095fa1dfbdb9c5465f58f704e70ef92f05a49177c027d4a66dfcc777ca
9e2354e52e84b91d12de333308ec7da1795c6b367e380263207c9a3cc1c3e7cf
9e2a25989e4acd3937afeafe7a29b788137effe9b86bea663c7ce3010d673521
9ee7d9f8e5d3c6dfa344ba2cd352da17acf8f5c6a8065349b094caf6a2a0ccfe
9f5a0ed852a4e79d94e048b758b49a22c55f7a1efe66654c24a9eacc66a29f28
9fb631e2f7a02408c35a7c38d66b604ce5b3a056cd3e4744f744375bf949d742
9fb842b8a368c68bed4d30c200070a8851ae7697ac2e5f59d381bae5850a46b1
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0b374cb5be30cf745d18c8403fcf6d68c68720a8b72f6205960a38231056bc3
a0cd05b114ec7828635e6c8954512f94927c3445564b1d6ecbfc43a94bbcfa85
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a20010b26bce05ea3cfc83cf3a162b7c16b5d2fa2bcf2253b0394b0eb322347a
a22d01c890713e815890b34eabf20d24ed04f3692fa6308d3845a006f251edbb
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ce81d2be1292608446ea1fc02ade6a58f1b20ef6c9483c03e1c272f57f708a
a5e0c8bd0458bdbc7313d1f28a901a9bca0be80c85f19073ddcb5b64b2da778c
a6175d081940061cb96a2e8c9c90887b6f603361fe584bb053761581a36cb908
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
acbdc35b3ceac473725838d9e590eedd4eb35a7263237d8fc591f79d70e016f2
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
adae9d2f4c09e86a997123a680fa0b592f097488c0a7ea012b03f0e0c75614f0
ae3eb795ab75acfbed9f530ee953c4a30dd572673a6acd31e2b3a7f46d5881ce
aed88869f49a09c92a20bec456e4b03d0854d4c4293b621174031046585c974c
aedf3dff6e3596bea2ed1f9bb489aca220ac62eb0f0eb2ec34306f215388a1c7
b10f211ff9cd977bb691756967e2f6cf97d510186a14d36d28bc373342acf991
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3e57eb372e8b405c816875571e184854b2846261c7477c6c9bdb7782faa1a30
b516f1c44bec0eb8ef8dd858d01e1b684f8353b7f6839a85bb9b16e9a5d49930
b60030b1128df160435124336350a9c36b86e62b67e865b4290c1754ee0adc47
b6074a1f9d6996c9ec01f6a9294f5e966c9768a26e39c7600dddb217fb08e8f6
b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290
b83149463619a5f4bbee21909e8a99a085f15713e48d6522d0a3173b94a20e1e
b86e678f724241714425a98d49c80fcdee4cf52b93c913b56ae403d2e423d3e4
b99718ab28a7cd0815479f21717f5ff0513b5be0890e7ad441bb631cd26ce6ae
b99af1bb0d9ab5b7cc8b6e98f0070ff9ea21ccbd7c83656aaa845449c7b6491d
ba75bb0f7cf103ef67fd0b1076274deaf138220eef562c36a9dc108bbce6f0ff
baa7346a51ac22b01b0f63ef8be8a7b0946a67fbe68ccf2c8a783a769bad8870
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb74d4e30c15d92bc50119640af893ad2409af88dac09f6d59dcea529a81fdf6
bc729e23c41e4d98cf02db3c5a1fc7fd99fd60df75222b407ff886996d6d49dd
bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f
be362e9725125d8db35fdef71f004f53f8cf70a87dcd14e689daa4c5029b61d1
be5280cb8d1127f788590d8729622d7b91e4eac3f21981a6878011a24565bbac
bffcb82efcd59cbfd224b68053cb4dde6fe427d0f074f05d17c3431b086ecdbf
c07bd38f949e296b810023e25f2700973c07832c0ab48ca83b82a3cf2e28d06a
c110419995948214e5b16d9d0df8f7d91536cc42783edd90c7fc1810308309ac
c1cb884cdeed5a135dd9c243e60c613830ddf720e61621a2ccce249436bf3ad3
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
c2f33fcb598144487e211048ff19173f4aa9cd3531f06428367ce9f7883a4f15
c32c1f1aeb37aa15f1a29d8685d0c47b9ec1a3d910eeae55b378a14c7d47e226
c3c1f8b592f2fcde68d5eed834f7999cac05bc34e2a8651bd05e05c64e793e1f
c5559fc86338c82a7b56b591cf08118bade233b634dd2fb242d63404843aceeb
c68190b90f8c0ea70a1318124b25f5d336986cfc79fdbda01ba6e525280f4633
c787b960ead3afb475a27ea8e6712e408b2247a06659762750c6907aa4f42f35
c82fab08e93db8934a27f5b26ddf48c8a013a92a21ea15b7fa8b675b0d866040
c9cdb84282807a2bb464f3c0e957ac1e5f73ad4b5e1b1becfa590c0b9b03d948
ca38ab561201a1a68867f61d4fb3df9682756c8927fe80f047624e7ef662f0f3
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca45cdd891a26581651763d6204ba40be430bd94abe31e9e832822674bb3c4b4
ca64658153ae700c74647f48382042a71adcfe5baf099a9f615ef9b6a54faa23
ca98d28bf4bf85850aa6731d4c1444f2d9861b51c343e1009224008325d1f315
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cad4b863d420705b9f76cc7ed55d19290db1381081664c929d3e1e424e1b0ac4
cb260fbfa3add6553864bf1c8dd753a45d7a1504b159c8aa6cbec89f9223a89d
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ced9843b2ba0bc9b47033d319214c7ba742e6cf58afe60e35a1d2c033484eeb2
cedca2b42e4f5828c7e8e51358aeb7a589a62ed827f2816c9ec962e6ca864c0b
cf1c40fd82d4383416e5ca553fa435b17f478b17f6f111aca96aa9141e8aea12
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d134f8640a1efeb4bb5df2217fcab4bceca8bc6e2a8422144c408b3c1a6f6076
d1ab5f49d9228ed3ab50e673c384b3027165790b0195dcc9a66e843cfd5fc926
d22e287bccda3b35ab308c7f0d73813c7863d1f2a04d3899be59711bb70621e0
d29d84e698eb10452f97d8a6f249b73496beb844cef58e920e3832bd321d64a2
d331ee57bddede9f3bf8953f1a8e9f5f51efa005e0149011c61c8d512f798594
d3930b53bd72158e298e924a7585ea73a091f19d3a9294c6b12d23cbfcfc9319
d5348b4c8cd994e2139bc9a815a9afd2a8fea57feb64bd73c5f04ca9c13f9623
d577257aee17f276c14925a8ad6bc548c586bfb77941e04cec1b12d3f22179f4
d91e2b9b2e3c069838da675a04baba50c6d7e761cfdd6fb372b43335e2dea788
d96489e10b60260ccdf894f24037d46b670d706117afb5dd73ed7a5f944d05e8
d9b8b871df7975e9ac99e384f239bbdc7625ca62f71c0b8b73f636633f7ce4a8
da9ee7fc0ed74c1e32752a1e09a78c7b991499fd9182767afa72bdc262acb1c7
daffdd6f62e491d3b2ab8012fb6c886e904863487f503e76a4fc6281594d533b
db6c86cd4d63a343dd7017596980658ef0c020301971e7b194efb20a55a183ee
dbe8bf249a4d3f250af2b680ab12bf6b3bffb97d763a431ca32d524795f61489
ddff2fc030e835a876bfe0c87adb7f984644d0a76b277a299766ebe70163321b
de4dc8dca28a76c05fcbf667889027eed583a53dc45b1219e5c3f44d24b768f2
e0aacbcd75f50159e9980ad15bb8c07672a3da851b9cc56f27267f67bfa3551d
e0df6019a770e4c176a897bee0fd492858f0028488a529edc70abc076855202e
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e257df7266563e157bb7df93fd09c6d13afb1c9554468b21c7378e09a94d3250
e2aa214c8efb2d342afa0da35883bedc9f93f10926fe76548d6a29c3984aadb5
e2d037a027cbc47a55a7c1f1851dbde0a699cdf08a727160789c252e48cf3492
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
e34b3bcf06d0c366c063abde04d02d3ce08d8a44e2bb522ca4581bb82dde9125
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e68d41b14c69a89181e12e6e73f48f80934e1339e1e0f5e321699d699328b810
e6969b69570c743952ab51b9fba22410be503db91b0566753d6da10894e76dad
e6ac25d541d15d00d8ac79cbb7e6f917732a768e2a187f5cf1ce2c255c7cec07
e6d48b5955f17f3c211246d9d639b53924dde5186f62d93002558e57e974bec4
e7b5f81e362407f407330379b0cd9391ea4cbe59e37d5cc0353292833bb9aa13
e877b423181eec5220876224daff0a9a5b521976e91a2f6f2a783526e880011f
e963e7196beb9123059ec3534b042ebcd1ef0a470fa568bfbebfeab2f33c4fda
e969efa774a77d322a698c37ee681f6967078b0765d25da87cd6b5fb4862fe67
ea317dc06808b696968c801c9b00b3989d048069d229f97e7d156baabd6edb08
eaf6aefe98e6c4fa07558a4739694013c88309d2a12cc1766b7804028ae1b1c0
eb183b6343ad18a35e18560016920a43c5892031be3196fc65b4f193ba986642
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ecc20ed3c5dedbe5bbe73d1e7b14270c65a85f7d0ec4c94c4f0c9f0071e471a2
ed26da99e12f078fc40ee649feb05f65d9f0dc641714abd5c987d69a71448403
eedd403439065a3493fdae09f61c38fab32a5f98162d868b5c5d6f5457c36c18
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef2e3293c1558e5b49e30e1e094cfc3412ec386a68067aee04a92fc913f2c2ce
ef5f713442a86de7325c82331583a744301840e70fb74b7df4e0c33a55263b9b
f0b4c1ab8f62f3dc63f5c0f4a361e7192f328d729ce7fade50ff01f29252ae97
f0d19e7d56aa281565beef26a0f1c99a292b9246f806ce2e6f76dca3e3f35ec1
f12c6133a12eead81c368fe146cb489bdb7331b5e3b5ceb9ea52eac1e3feb815
f18ad917d75c5f23c8d72876d43e328d4f6ddaeb2f198ddfbb0fa103d8a7bf83
f29f2c00439d44a6c50b87d60997fcbd9f6357eee149698f47f9d8c7671ccf8b
f329da22a54771557474b6516537b3314b710f8145cb5cef2522d344425d429b
f51938710e179807bbf1be9a1e9d7e3441fa74e7dfe9f46841914fb12ca7de3c
f674914b32582ab3d73cf53b262be3379116ac9a744c1b707e51f4a2f55144a1
f6fb3b7b52110b314bb3c3a297baf08745f27b5b8690656bc4ae3fc7fc994d32
f7156b45752a71503d0c62be49c8108aa203626ae44dd1c8addd658881f848f8
f7cecedaaf4ae3489bf9ae2bc4a7ea12cb7e89d05598153a89b644745d004aa7
f813bab93e06a38f21ef91e7f0e3e04db644bd92e509e27d977cd9cf8671ed91
f84500d91daa1c48f00f1f068bd435a201de74bb6b343ffe1af18967da6eeb8c
f9a97ced4016a990957c372e591a614d374d5c168e0af576c8922bcb0877e855
fa3472e85ca86bf36849fee11b26eab7d335a70c38c81bfbefb2f8c0dfb3c0c8
fa4ae93330f3a0b8e253e34bc6d66018d996fb5d56ef0802e6def0d91fd035c0
fac0758eb8842033e1cd0fc5d17184454278e1c0ecf8d550273acbb637d24e95
faec7bcab6bb94b28f5e13877fb5439f2a0e3b819558bd824b779c95ba9a37d3
fd5dc39e7e8c3e52dd51f848aa140401de17ec1f545e4595b03923b1f836021a
fd9e0785965a3881b1e79bfc260f97a61906bd1917b6c812c0cdb62bac45896c
fe89b1819788633045d05c4f1d086cf94f3f2808c54be6c81687007a3ff74851
ff109d38c206c434f4f363030d0c90d201bc332b2d27d7dead097b7fc075d03e
ff4be6ca48385b83c38c0a4a4614783421ce31164a3f81a3232f4e775e0f8bff
ff80a1781c1875505c9093621a82a7701d8e40bbded69f5c10bda3013eb6fa6b
ff9ad0e0d2bfaa4f516850923cce2eb0246ac4e0c4d9d573e47dd0b18c7c0026