Submitted URL: https://www.se-faire-rembourser.fr/
Effective URL: https://se-faire-rembourser.fr/
Submission: On June 11 via automatic, source certstream-suspicious

Summary

This website contacted 63 IPs in 11 countries across 79 domains to perform 322 HTTP transactions. The main IP is 52.47.187.175, located in Paris, France and belongs to AMAZON-02, US. The main domain is se-faire-rembourser.fr.
TLS certificate: Issued by R3 on April 20th 2021. Valid for: 3 months.
This is the only time se-faire-rembourser.fr was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
61 52.47.187.175 16509 (AMAZON-02)
13 142.250.185.130 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
4 13.32.5.125 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
12 2.18.234.190 16625 (AKAMAI-AS)
4 3.66.136.156 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
1 3 2620:116:800d... 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
4 2.18.232.28 16625 (AKAMAI-AS)
1 2600:9000:211... 16509 (AMAZON-02)
4 5 70.42.32.31 22075 (AS-OUTBRAIN)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 151.101.14.132 54113 (FASTLY)
1 9 52.95.123.167 16509 (AMAZON-02)
6 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 50.31.142.191 23352 (SERVERCEN...)
10 11 213.19.147.44 26120 (RHYTHMONE)
11 12 76.223.111.131 16509 (AMAZON-02)
22 185.64.190.80 62713 (AS-PUBMATIC)
2 19 34.254.122.11 16509 (AMAZON-02)
6 17 2.18.234.21 16625 (AKAMAI-AS)
6 2.18.233.180 16625 (AKAMAI-AS)
1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
3 3 185.33.221.53 29990 (ASN-APPNEX)
1 2 72.251.249.13 29791 (VOXEL-DOT...)
2 2 3.66.22.42 16509 (AMAZON-02)
1 3 99.86.241.40 16509 (AMAZON-02)
4 4 142.250.186.70 15169 (GOOGLE)
34 2a00:1450:400... 15169 (GOOGLE)
1 3 185.64.190.78 62713 (AS-PUBMATIC)
1 2 159.253.128.183 36351 (SOFTLAYER)
1 6 216.52.2.39 29791 (VOXEL-DOT...)
8 8 3.120.242.149 16509 (AMAZON-02)
2 2 193.0.160.129 54312 (ROCKETFUEL)
1 1 69.173.144.165 26667 (RUBICONPR...)
1 1 54.163.239.172 14618 (AMAZON-AES)
5 5 66.155.71.25 13768 (COGECO-PEER1)
2 3 18.198.69.109 16509 (AMAZON-02)
2 2 35.227.248.159 15169 (GOOGLE)
4 4 37.252.172.45 29990 (ASN-APPNEX)
1 1 47.252.78.131 45102 (CNNIC-ALI...)
3 4 64.202.112.95 22075 (AS-OUTBRAIN)
2 2 35.244.159.8 15169 (GOOGLE)
1 1 34.205.3.24 14618 (AMAZON-AES)
1 3 2a00:1288:110... 34010 (YAHOO-IRD)
1 1 54.175.176.13 14618 (AMAZON-AES)
1 193.122.174.27 31898 (ORACLE-BM...)
1 169.197.150.7 398989 (DEEPINTENT)
2 2 52.57.251.82 16509 (AMAZON-02)
3 3 198.148.27.139 19189 (PULSEPOINT)
3 3 185.29.135.234 30419 (MEDIAMATH...)
4 4 151.101.14.49 54113 (FASTLY)
15 30 142.250.185.162 15169 (GOOGLE)
1 67.202.110.24 32748 (STEADFAST)
1 18.195.155.181 16509 (AMAZON-02)
1 1 124.146.215.47 2514 (INFOSPHER...)
2 2 185.184.8.65 204995 (RTB-HOUSE...)
1 54.239.17.112 16509 (AMAZON-02)
1 1 54.86.120.215 14618 (AMAZON-AES)
7 8 37.157.4.39 198622 (ADFORM)
1 1 185.183.112.148 60350 (VP)
2 2 213.155.156.183 1299 (TELIANET ...)
1 178.250.0.163 44788 (ASN-CRITE...)
1 1 85.114.159.118 24961 (MYLOC-AS ...)
5 5 52.49.40.147 16509 (AMAZON-02)
1 1 185.86.137.131 201081 (SMARTADSE...)
1 1 162.55.6.211 24940 (HETZNER-AS)
3 185.64.189.114 62713 (AS-PUBMATIC)
2 2 146.59.148.16 16276 (OVH)
1 3 2606:4700:10:... 13335 (CLOUDFLAR...)
3 3 18.156.0.31 16509 (AMAZON-02)
2 2 188.42.196.115 7979 (SERVERS-COM)
2 3 2001:678:cb4:... 56396 (TURN)
1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
2 2 178.62.202.251 14061 (DIGITALOC...)
21 2a00:1450:400... 15169 (GOOGLE)
12 2a00:1450:400... 15169 (GOOGLE)
1 1 188.165.4.142 16276 (OVH)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 72.251.241.196 29791 (VOXEL-DOT...)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
1 1 199.232.137.44 54113 (FASTLY)
1 151.101.13.44 54113 (FASTLY)
2 2 35.201.96.126 15169 (GOOGLE)
1 185.64.190.87 62713 (AS-PUBMATIC)
1 2 77.243.60.138 42697 (NETIC-AS)
1 1 34.98.107.212 15169 (GOOGLE)
4 142.250.74.194 15169 (GOOGLE)
1 1 52.208.100.147 16509 (AMAZON-02)
1 1 2.18.235.93 16625 (AKAMAI-AS)
1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
2 2 72.251.244.140 29791 (VOXEL-DOT...)
1 142.250.181.226 15169 (GOOGLE)
322 63
Apex Domain
Subdomains
Transfer
62 se-faire-rembourser.fr
www.se-faire-rembourser.fr
se-faire-rembourser.fr
962 KB
51 doubleclick.net
securepubads.g.doubleclick.net
stats.g.doubleclick.net
ad.doubleclick.net
cm.g.doubleclick.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
231 KB
37 googlesyndication.com
258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
ade.googlesyndication.com
161 KB
35 pubmatic.com
simage2.pubmatic.com
ads.pubmatic.com
image6.pubmatic.com
image2.pubmatic.com
image4.pubmatic.com
simage4.pubmatic.com
aud.pubmatic.com
70 KB
34 2mdn.net
s0.2mdn.net
2 MB
19 gumgum.com
rtb.gumgum.com
6 KB
18 outbrain.com
widgets.outbrain.com
widget-pixels.outbrain.com
odb.outbrain.com
mcdp-chidc2.outbrain.com
sync.outbrain.com
92 KB
17 casalemedia.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
18 KB
14 amazon-adsystem.com
c.amazon-adsystem.com
aax-eu.amazon-adsystem.com
s.amazon-adsystem.com
42 KB
12 adsrvr.org
match.adsrvr.org
5 KB
8 adform.net
c1.adform.net
4 KB
8 bidswitch.net
x.bidswitch.net
3 KB
8 lijit.com
ap.lijit.com
ce.lijit.com
7 KB
8 google.com
www.google.com
adservice.google.com
2 KB
7 adnxs.com
ib.adnxs.com
secure.adnxs.com
6 KB
7 1rx.io
sync.1rx.io
4 KB
6 yahoo.com
pr-bh.ybp.yahoo.com
ups.analytics.yahoo.com
4 KB
5 bidr.io
match.prod.bidr.io
2 KB
5 sitescout.com
pixel-sync.sitescout.com
3 KB
5 outbrainimg.com
tcheck.outbrainimg.com
log.outbrainimg.com
images.outbrainimg.com
232 KB
4 everesttech.net
sync-tm.everesttech.net
1 KB
4 zemanta.com
b1sync.zemanta.com
2 KB
4 unrulymedia.com
sync.targeting.unrulymedia.com
2 KB
4 google.ch
adservice.google.ch
1 KB
4 ezoic.net
g.ezoic.net
750 B
3 googletagservices.com
www.googletagservices.com
102 KB
3 turn.com
ad.turn.com
r.turn.com
1 KB
3 zeotap.com
spl.zeotap.com
mwzeom.zeotap.com
1 KB
3 mathtag.com
sync.mathtag.com
2 KB
3 contextweb.com
bh.contextweb.com
2 KB
3 exelator.com
loadm.exelator.com
4 KB
3 scorecardresearch.com
sb.scorecardresearch.com
3 KB
3 dotomi.com
amazon-tam-match.dotomi.com
pubmatic-match.dotomi.com
dclk-match.dotomi.com
208 B
3 quantserve.com
secure.quantserve.com
pixel.quantserve.com
10 KB
3 gstatic.com
fonts.gstatic.com
56 KB
2 m6r.eu
tracking.m6r.eu
1 KB
2 semasio.net
uipglob.semasio.net
1 KB
2 fiftyt.com
visitor.fiftyt.com
1 KB
2 taboola.com
trc.taboola.com
match.taboola.com
654 B
2 tribalfusion.com
a.tribalfusion.com
s.tribalfusion.com
1 KB
2 bidtheatre.com
match.adsby.bidtheatre.com
1 KB
2 betweendigital.com
ads.betweendigital.com
1019 B
2 onaudience.com
pixel.onaudience.com
812 B
2 de17a.com
d5p.de17a.com
637 B
2 creativecdn.com
creativecdn.com
695 B
2 360yield.com
ad.360yield.com
617 B
2 openx.net
us-u.openx.net
637 B
2 tapad.com
pixel.tapad.com
985 B
2 rfihub.com
p.rfihub.com
1 KB
2 simpli.fi
um.simpli.fi
1010 B
2 3lift.com
eb2.3lift.com
747 B
2 google-analytics.com
www.google-analytics.com
19 KB
2 googleapis.com
fonts.googleapis.com
10 KB
1 media.net
cs.media.net
1 KB
1 yieldmo.com
ads.yieldmo.com
465 B
1 playground.xyz
ads.playground.xyz
485 B
1 adgrx.com
cm.adgrx.com
408 B
1 ad4m.at
ad4m.at
1009 B
1 erne.co
green.erne.co
326 B
1 loopme.me
csync.loopme.me
212 B
1 smartadserver.com
rtb-csync.smartadserver.com
762 B
1 adition.com
dsp.adfarm1.adition.com
501 B
1 criteo.com
dis.criteo.com
347 B
1 adotmob.com
sync.adotmob.com
682 B
1 advangelists.com
nep.advangelists.com
234 B
1 socdm.com
tg.socdm.com
829 B
1 emxdgt.com
cs.emxdgt.com
1 33across.com
ssc-cms.33across.com
1 deepintent.com
match.deepintent.com
44 B
1 technoratimedia.com
sync.technoratimedia.com
294 B
1 ipredictive.com
sync.ipredictive.com
428 B
1 stackadapt.com
sync.srv.stackadapt.com
610 B
1 clientgear.com
event.clientgear.com
263 B
1 clickagy.com
aorta.clickagy.com
665 B
1 rubiconproject.com
pixel-eu.rubiconproject.com
799 B
1 google.de
www.google.de
107 B
1 quantcount.com
rules.quantcount.com
428 B
1 googletagmanager.com
www.googletagmanager.com
35 KB
1 ezodn.com
go.ezodn.com
76 KB
322 79
Domain Requested by
61 se-faire-rembourser.fr se-faire-rembourser.fr
34 s0.2mdn.net widgets.outbrain.com
se-faire-rembourser.fr
s0.2mdn.net
258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
30 cm.g.doubleclick.net 15 redirects rtb.gumgum.com
googleads.g.doubleclick.net
258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
21 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
googleads.g.doubleclick.net
s0.2mdn.net
www.googletagservices.com
19 rtb.gumgum.com 2 redirects aax-eu.amazon-adsystem.com
rtb.gumgum.com
ads.pubmatic.com
14 dsum-sec.casalemedia.com 5 redirects ssum-sec.casalemedia.com
googleads.g.doubleclick.net
258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
14 simage2.pubmatic.com aax-eu.amazon-adsystem.com
ads.pubmatic.com
12 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
s0.2mdn.net
12 match.adsrvr.org 11 redirects ssum-sec.casalemedia.com
11 widgets.outbrain.com se-faire-rembourser.fr
widgets.outbrain.com
9 aax-eu.amazon-adsystem.com 1 redirects c.amazon-adsystem.com
aax-eu.amazon-adsystem.com
ap.lijit.com
rtb.gumgum.com
ssum-sec.casalemedia.com
ads.pubmatic.com
8 image2.pubmatic.com ads.pubmatic.com
8 c1.adform.net 7 redirects ads.pubmatic.com
8 x.bidswitch.net 8 redirects
8 securepubads.g.doubleclick.net se-faire-rembourser.fr
securepubads.g.doubleclick.net
7 sync.1rx.io 7 redirects
6 ce.lijit.com 1 redirects ap.lijit.com
6 ads.pubmatic.com aax-eu.amazon-adsystem.com
ads.pubmatic.com
rtb.gumgum.com
5 match.prod.bidr.io 5 redirects
5 pixel-sync.sitescout.com 5 redirects
4 googleads4.g.doubleclick.net se-faire-rembourser.fr
4 googleads.g.doubleclick.net 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
se-faire-rembourser.fr
4 sync-tm.everesttech.net 4 redirects
4 b1sync.zemanta.com 4 redirects
4 sync.outbrain.com 3 redirects rtb.gumgum.com
4 secure.adnxs.com 4 redirects
4 ad.doubleclick.net 4 redirects
4 sync.targeting.unrulymedia.com 3 redirects rtb.gumgum.com
4 adservice.google.com securepubads.g.doubleclick.net
4 adservice.google.ch securepubads.g.doubleclick.net
4 www.google.com se-faire-rembourser.fr
tpc.googlesyndication.com
258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
4 g.ezoic.net se-faire-rembourser.fr
4 c.amazon-adsystem.com se-faire-rembourser.fr
c.amazon-adsystem.com
3 www.googletagservices.com securepubads.g.doubleclick.net
258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
3 ups.analytics.yahoo.com 3 redirects
3 sync.mathtag.com 3 redirects
3 bh.contextweb.com 3 redirects
3 pr-bh.ybp.yahoo.com 1 redirects ssum-sec.casalemedia.com
ads.pubmatic.com
3 loadm.exelator.com 2 redirects ads.pubmatic.com
3 image6.pubmatic.com 1 redirects ads.pubmatic.com
3 sb.scorecardresearch.com 1 redirects widgets.outbrain.com
3 ib.adnxs.com 3 redirects
3 ssum-sec.casalemedia.com 1 redirects aax-eu.amazon-adsystem.com
ssum-sec.casalemedia.com
3 images.outbrainimg.com
3 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com securepubads.g.doubleclick.net
3 fonts.gstatic.com fonts.googleapis.com
2 tracking.m6r.eu 2 redirects
2 uipglob.semasio.net 1 redirects ads.pubmatic.com
2 visitor.fiftyt.com 2 redirects
2 match.adsby.bidtheatre.com 2 redirects
2 ad.turn.com 2 redirects
2 ads.betweendigital.com 2 redirects
2 mwzeom.zeotap.com ads.pubmatic.com
2 pixel.onaudience.com 2 redirects
2 image4.pubmatic.com ads.pubmatic.com
2 d5p.de17a.com 2 redirects
2 creativecdn.com 2 redirects
2 ad.360yield.com 2 redirects
2 us-u.openx.net 2 redirects
2 pixel.tapad.com 2 redirects
2 p.rfihub.com 2 redirects
2 um.simpli.fi 1 redirects ads.pubmatic.com
2 eb2.3lift.com 2 redirects
2 ap.lijit.com 1 redirects aax-eu.amazon-adsystem.com
2 pixel.quantserve.com 1 redirects se-faire-rembourser.fr
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 fonts.googleapis.com se-faire-rembourser.fr
1 ade.googlesyndication.com
1 dclk-match.dotomi.com 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
1 r.turn.com 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
1 cs.media.net 1 redirects
1 ads.yieldmo.com 1 redirects
1 ads.playground.xyz 1 redirects
1 aud.pubmatic.com ads.pubmatic.com
1 match.taboola.com ads.pubmatic.com
1 trc.taboola.com 1 redirects
1 s.tribalfusion.com ads.pubmatic.com
1 a.tribalfusion.com 1 redirects
1 cm.adgrx.com ads.pubmatic.com
1 ad4m.at ads.pubmatic.com
1 green.erne.co 1 redirects
1 simage4.pubmatic.com ads.pubmatic.com
1 pubmatic-match.dotomi.com ads.pubmatic.com
1 spl.zeotap.com 1 redirects
1 csync.loopme.me 1 redirects
1 rtb-csync.smartadserver.com 1 redirects
1 dsp.adfarm1.adition.com 1 redirects
1 dis.criteo.com ads.pubmatic.com
1 sync.adotmob.com 1 redirects
1 nep.advangelists.com 1 redirects
1 s.amazon-adsystem.com ssum-sec.casalemedia.com
1 tg.socdm.com 1 redirects
1 cs.emxdgt.com rtb.gumgum.com
1 ssc-cms.33across.com rtb.gumgum.com
1 match.deepintent.com rtb.gumgum.com
1 sync.technoratimedia.com rtb.gumgum.com
1 sync.ipredictive.com 1 redirects
1 sync.srv.stackadapt.com 1 redirects
1 event.clientgear.com 1 redirects
1 aorta.clickagy.com 1 redirects
1 pixel-eu.rubiconproject.com 1 redirects
1 amazon-tam-match.dotomi.com aax-eu.amazon-adsystem.com
1 mcdp-chidc2.outbrain.com se-faire-rembourser.fr
1 odb.outbrain.com widgets.outbrain.com
1 www.google.de se-faire-rembourser.fr
1 stats.g.doubleclick.net www.google-analytics.com
1 log.outbrainimg.com widgets.outbrain.com
1 rules.quantcount.com secure.quantserve.com
1 widget-pixels.outbrain.com se-faire-rembourser.fr
1 tcheck.outbrainimg.com widgets.outbrain.com
1 secure.quantserve.com se-faire-rembourser.fr
1 www.googletagmanager.com se-faire-rembourser.fr
1 go.ezodn.com se-faire-rembourser.fr
1 www.se-faire-rembourser.fr 1 redirects
322 114
Subject Issuer Validity Valid
se-faire-rembourser.fr
R3
2021-04-20 -
2021-07-19
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2021-05-17 -
2021-08-09
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-08-05 -
2021-08-05
a year crt.sh
c.amazon-adsystem.com
Amazon
2020-08-04 -
2021-08-02
a year crt.sh
upload.video.google.com
GTS CA 1O1
2021-05-17 -
2021-08-09
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2021-05-17 -
2021-08-09
3 months crt.sh
*.outbrain.com
DigiCert SHA2 Secure Server CA
2021-05-25 -
2022-06-01
a year crt.sh
ezoic.net
R3
2021-05-23 -
2021-08-21
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2021-05-17 -
2021-08-09
3 months crt.sh
*.quantserve.com
DigiCert SHA2 High Assurance Server CA
2020-10-02 -
2021-10-07
a year crt.sh
*.outbrainimg.com
DigiCert SHA2 Secure Server CA
2021-05-04 -
2022-05-09
a year crt.sh
www.google.com
GTS CA 1C3
2021-05-17 -
2021-08-09
3 months crt.sh
www.google.de
GTS CA 1C3
2021-05-17 -
2021-08-09
3 months crt.sh
aax-eu.amazon-adsystem.com
Amazon
2021-04-09 -
2022-03-20
a year crt.sh
*.google.ch
GTS CA 1C3
2021-05-17 -
2021-08-09
3 months crt.sh
*.google.com
GTS CA 1C3
2021-05-17 -
2021-08-09
3 months crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1
2020-12-07 -
2021-12-14
a year crt.sh
*.gumgum.com
Amazon
2021-06-05 -
2022-07-04
a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018
2021-02-05 -
2022-02-09
a year crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018
2019-06-19 -
2021-08-31
2 years crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2
2021-03-11 -
2022-04-12
a year crt.sh
*.scorecardresearch.com
Amazon
2021-02-28 -
2022-03-29
a year crt.sh
*.doubleclick.net
GTS CA 1C3
2021-05-17 -
2021-08-09
3 months crt.sh
*.technoratimedia.com
DigiCert SHA2 High Assurance Server CA
2020-07-28 -
2021-10-01
a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2
2020-04-09 -
2022-06-08
2 years crt.sh
*.targeting.unrulymedia.com
DigiCert SHA2 Secure Server CA
2020-05-04 -
2022-05-09
2 years crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA
2020-06-01 -
2021-09-30
a year crt.sh
*.emxdgt.com
Go Daddy Secure Certificate Authority - G2
2021-05-18 -
2022-06-19
a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2021-03-18 -
2022-04-19
a year crt.sh
s.amazon-adsystem.com
Amazon
2020-08-28 -
2021-08-20
a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2021-03-29 -
2021-09-22
6 months crt.sh
track.adform.net
DigiCert SHA2 Secure Server CA
2019-09-16 -
2021-09-20
2 years crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2021-04-14 -
2021-07-12
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2021-05-17 -
2021-08-09
3 months crt.sh
public1.adgear.com
Sectigo RSA Domain Validation Secure Server CA
2021-02-24 -
2022-03-26
a year crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1
2020-11-25 -
2021-12-26
a year crt.sh
*.semasio.net
GlobalSign GCC R3 DV TLS CA 2020
2021-03-09 -
2022-04-10
a year crt.sh
*.exelator.com
Go Daddy Secure Certificate Authority - G2
2019-05-17 -
2021-06-25
2 years crt.sh
*.simpli.fi
DigiCert SHA2 Secure Server CA
2019-09-18 -
2021-12-12
2 years crt.sh
*.turn.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1
2021-03-31 -
2022-03-31
a year crt.sh

This page contains 56 frames:

Primary Page: https://se-faire-rembourser.fr/
Frame ID: CDF7125E9C0ED5D739F2BEB9CD5AB19F
Requests: 126 HTTP requests in this frame

Frame: https://widgets.outbrain.com/nanoWidget/externals/cookie/test.html
Frame ID: DF28B3CF232399FCD5664B866B798680
Requests: 2 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-index_pm-db5_rx_cnv_an-db5_sovrn_3lift&dcc=t
Frame ID: 979977DE3AFC3DC897AC8652ACEBAB02
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rx_cnv_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Frame ID: AC7ACC38306A4915C8FD383E427C66ED
Requests: 2 HTTP requests in this frame

Frame: https://widgets.outbrain.com/nanoWidget/externals/obUserFrame/test.html?lsd=c93ec685-b0c7-4730-928b-9c895fae57a0
Frame ID: 640F0B37ABE3B1425EFA4DCE524B2CC1
Requests: 1 HTTP requests in this frame

Frame: https://widgets.outbrain.com/nanoWidget/externals/obPixelFrame/obPixelFrame.htm
Frame ID: CADE682626DB76E5671D1C3034020530
Requests: 3 HTTP requests in this frame

Frame: https://widgets.outbrain.com/nanoWidget/externals/obPixelFrame/obPixelFrame.htm
Frame ID: B9AC4CE4C9CC72B96EC23E51F0E98F10
Requests: 3 HTTP requests in this frame

Frame: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Frame ID: C92C968253939B77D66A86CF2607D98E
Requests: 3 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Frame ID: 3459467B61F79884B4F01BEFCAB5A4E1
Requests: 15 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Frame ID: 0A7E12AA9DEA61E33001A02AF55ED342
Requests: 10 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Frame ID: 499540CC7663FFC4CD23335906CF014F
Requests: 1 HTTP requests in this frame

Frame: https://amazon-tam-match.dotomi.com/match/bounce/current?networkId=31082&version=1&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcnv.com%26id%3D
Frame ID: 47A37F0BD941CE02353FE948CB713B25
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/ecm3?id=2704169103602060831&ex=appnexus.com
Frame ID: 47BE114CD0B8CAE1C16264E05D4DB8B4
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Frame ID: FE27A072EF8A8C1ABE1B75A52F138C3C
Requests: 7 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=15712933166483665968
Frame ID: 6753C97B13A51A13500D5D2845B445DB
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 1C46F621C5AA236CDA606CD97976E6FB
Requests: 20 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=ee4160c3-f306-4f00-9e4c-9ead70fd3f1a&gdpr=&gdpr_consent=
Frame ID: 6624528665254448546056EF28959FB6
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=atm&i=YMPzBgABfVlXLwBg&gdpr=&gdpr_consent=&_test=YMPzBgABfVlXLwBg
Frame ID: 52673BBEB7BA36DE43599E527EBAF312
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8wZTliNmFiOS00MzMzLTQ4NTQtYjQ0MS03MDUyNGJiMDk3NjQ=&gdpr=&gdpr_consent=&google_tc=
Frame ID: 7832D4F0236F39A919738F37ADE1B631
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=&gdprConsent=
Frame ID: D218F376D6624AF887F10B2F97A708EC
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Frame ID: 080A964F86D2C94A8A348AAA7E876071
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=ttd&i=77b35e64-c047-4bd2-9143-c67bec6afe36&t=1626046467
Frame ID: D2652B091B11AEA086F71D2416762773
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Frame ID: 1DF068535B3C1B341BE9DE8B9209020A
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YMPzB8Co8XYAAAqjbeAAAAAA
Frame ID: EC770578603158C7FC97689AD2AC7376
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=zet&i=875739027505389897
Frame ID: BF47AFA024FF2EEECE84BCC30F36CEC3
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=NvdZm5dqkCHCSKHsg2Ar&pi=gumgum&tc=1
Frame ID: 70F6BCBF7819FE8941709D875BFF2DCC
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: D3359885DDFBD39E805599A3B209240B
Requests: 11 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=CC18DE48-720C-4EAB-9594-EF53DDE728DB
Frame ID: 55DDC5C762C17F62784C8E80C0DBEDFC
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4707865020089780405
Frame ID: AFBDC731D819EC4C4F1E1E57672C20ED
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: A0540CFA3A2EC60ABB6854CCE07C5C50
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6972683855199860881
Frame ID: E4754297DEA95B45744B238F54FC42EA
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AABtmk7Bh-YAADJYgSTr6w
Frame ID: 1D0F767EF42DFB3C1AA502D6F3479F80
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003
Frame ID: E981AFC7BAC765C610E3C7976FBD7906
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie=$UID&gdpr=0
Frame ID: 419C6CD149C75ED253AA1CE8AFDC0D8F
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/ecm3?id=CC18DE48-720C-4EAB-9594-EF53DDE728DB&ex=pubmatic.com
Frame ID: 66CBC32328D3B7FF3307EFF22AD04A5E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html
Frame ID: FACE4CE9EDD4DD481502EA500333CB02
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 00C84AF3F2087F1FE7DF6A217E45445B
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=DOttQozx3RZCkela8jwRW9hm
Frame ID: 8C399BCD680C2716C5E0F8A81A2FF364
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Frame ID: 75B145AA58D613496FD5594FD666CF77
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: 8B0B0347BDF97CF79BDD063152996B07
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: B72A0308775310D4A1BB8C4A03A3D399
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=v5oUkGZdsq2x&pid=557219
Frame ID: 6785854E76EBF73FBEDC764F012264BA
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=0df1c988-1a3c-4fb9-bea1-3502b2691d1c-tuct7bd7886&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: A10FA3038EAB2B5EDA29E101FC8095F0
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=pbm&i=CC18DE48-720C-4EAB-9594-EF53DDE728DB
Frame ID: E5A063E74611E2028CFA9685516880A2
Requests: 1 HTTP requests in this frame

Frame: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 3028A7E0BE74E52BEC0AF18CCD234A7F
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK3--rICEPyJ1cACGMPTzqIBMAE&v=APEucNWQWIN2-H0BX8zidghPwhpWWuKLzzQsMeQk_Ys_V_Cb0XOaIc6AvVb26FTH9i-vOy_j0ndomFjlMymSuKRuFew8SgPgLw
Frame ID: D6DC5106411E8ED2A07013DA7C64D0C9
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E61A80A5136AD2115E686FFC1B6FC689
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 9BE9B3E7C4D89071127CAF2DC44C94CC
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17071967268029595648/index.html?e=69&leftOffset=0&topOffset=0&c=hZMvZ7ipRe&t=1&renderingType=2
Frame ID: BCB847983ECF147632B1455D8C9ED91A
Requests: 16 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js
Frame ID: C8D1E41DB81E16F43E8FBD85D71FC7D0
Requests: 1 HTTP requests in this frame

Frame: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B9737F478A38F83828B1DC6C5A3315BE
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK3--rICEPyJ1cACGOLlpKQBMAE&v=APEucNU6CkY7U-Q8g9vseXOwh6gLBjbmIsy226uvd33m7CVzX2cWQKVOHL2H_0AXb-4joIamGE8qmEfYhtUleJe8dXAS5IGnCA
Frame ID: 61B58B5B17908499D9468BE55B8CE78E
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: EADD5B28C936534B3CA29845B8E3C4D1
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F17C670AE84C007CC823AA0819676D90
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
Frame ID: BB9DF0BD45F9E3CC587189F3A04884E6
Requests: 17 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js
Frame ID: 790183645415ACA0F265846ED40CC827
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://www.se-faire-rembourser.fr/ HTTP 301
    https://se-faire-rembourser.fr/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • script /\.quantserve\.com\/quant\.js/i

Page Statistics

322
Requests

100 %
HTTPS

25 %
IPv6

79
Domains

114
Subdomains

63
IPs

11
Countries

4449 kB
Transfer

6999 kB
Size

21
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.se-faire-rembourser.fr/ HTTP 301
    https://se-faire-rembourser.fr/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 71
  • https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-index_pm-db5_rx_cnv_an-db5_sovrn_3lift HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-index_pm-db5_rx_cnv_an-db5_sovrn_3lift&dcc=t
Request Chain 92
  • https://sync.1rx.io/usersync2/rmpssp?sub=amazon&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%5BRX_UUID%5D%26ex%3Drhythmone.com HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2047477351 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2047477351 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/77b35e64-c047-4bd2-9143-c67bec6afe36 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003
Request Chain 94
  • https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Request Chain 97
  • https://ib.adnxs.com/getuid?https://aax-eu.amazon-adsystem.com/s/ecm3?id=$UID&ex=appnexus.com HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID%26ex%3Dappnexus.com HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?id=2704169103602060831&ex=appnexus.com
Request Chain 98
  • https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com HTTP 302
  • https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Request Chain 99
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
  • https://eb2.3lift.com/getuid?ld=1&gdpr=1&cmp_cs=&us_privacy=&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=15712933166483665968
Request Chain 101
  • https://ad.doubleclick.net/ddm/ad/N105603.3353239OUTBRAIN.CH/B24707357.305106724;sz=1x1;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?&obRequestId=_6ep4fvbpwKyXXon4xb5o8MDzmdrDxAkLgJGBavPW5N-Cm6cXJnutISnafjFZZGH&obTimestamp=1623454467055 HTTP 302
  • https://ad.doubleclick.net/ddm/ad/N105603.3353239OUTBRAIN.CH/B24707357.305106724;dc_pre=CITe0pbfkPECFUw74AodK0cHzA;sz=1x1;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?&obRequestId=_6ep4fvbpwKyXXon4xb5o8MDzmdrDxAkLgJGBavPW5N-Cm6cXJnutISnafjFZZGH&obTimestamp=1623454467055 HTTP 302
  • https://s0.2mdn.net/8187539/02122019-013444069-1x1pix.png
Request Chain 102
  • https://ad.doubleclick.net/ddm/ad/N105603.3353239OUTBRAIN.CH/B24707357.305108365;sz=1x1;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?&obRequestId=_6ep4fvbpwKyXXon4xb5o8MDzmdrDxAkLgJGBavPW5N-Cm6cXJnutISnafjFZZGH&obTimestamp=1623454467055 HTTP 302
  • https://ad.doubleclick.net/ddm/ad/N105603.3353239OUTBRAIN.CH/B24707357.305108365;dc_pre=CJLg0pbfkPECFRMO4AodfFQDoQ;sz=1x1;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?&obRequestId=_6ep4fvbpwKyXXon4xb5o8MDzmdrDxAkLgJGBavPW5N-Cm6cXJnutISnafjFZZGH&obTimestamp=1623454467055 HTTP 302
  • https://s0.2mdn.net/8187539/02122019-013444069-1x1pix.png
Request Chain 104
  • https://sb.scorecardresearch.com/b?c1=7&c2=14320224&c3=6420&cs_ucfr=1&ns__t=1623454467289&ns_c=UTF-8&ns_if=1&cv=3.5&c8=OB%20user%20sync&c7=https%3A%2F%2Fwidgets.outbrain.com%2FwidgetOBUserSync%2FobUserSync.html%23pid%3D6420%26dmpenabled%3Dtrue%26filterDMP%3D%26csenabled%3Dtrue%26d%3D8fNUIDb_rsGVQujVmdQlcpShRetPLBWm5o-RZETb3KW6pybQ9cNe14xryyMP1SSU%26gdpr%3D0%26cmpNeeded%3Dfalse%26gdprVer%3Dnull%26ccpa%3D1---%26country%3DCH&c9=https%3A%2F%2Fse-faire-rembourser.fr%2F HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=7&c2=14320224&c3=6420&cs_ucfr=1&ns__t=1623454467289&ns_c=UTF-8&ns_if=1&cv=3.5&c8=OB%20user%20sync&c7=https%3A%2F%2Fwidgets.outbrain.com%2FwidgetOBUserSync%2FobUserSync.html%23pid%3D6420%26dmpenabled%3Dtrue%26filterDMP%3D%26csenabled%3Dtrue%26d%3D8fNUIDb_rsGVQujVmdQlcpShRetPLBWm5o-RZETb3KW6pybQ9cNe14xryyMP1SSU%26gdpr%3D0%26cmpNeeded%3Dfalse%26gdprVer%3Dnull%26ccpa%3D1---%26country%3DCH&c9=https%3A%2F%2Fse-faire-rembourser.fr%2F
Request Chain 107
  • https://um.simpli.fi/lj_match?r=1623454467292&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=2&3pid=BC90F57C8C16460E9D5AC227F5921EFB
Request Chain 108
  • https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=fmx&gdpr=0&gdpr_consent= HTTP 302
  • https://p.rfihub.com/cm?in=1&pub=20513&ssp=fmx HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=119&user_id=1875819620527381906&expires=30&ssp=fmx HTTP 302
  • https://ce.lijit.com/merge?pid=26&3pid=161a6eb2-1263-45fc-a644-3e137bdabb83
Request Chain 109
  • https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=83&3pid=KPSYVGAD-V-82NB&gdpr=0
Request Chain 110
  • https://aorta.clickagy.com/pixel.gif?ch=185&cm=dd5cd04597cc0072cafd5326&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=84&3pid=c:d5ac9bc0c9bcc03f34ac847e4ba7f3ed
Request Chain 111
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=23&gdpr=0&gdpr_consent= HTTP 302
  • https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3D935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348%26partner_url%3Dhttps%253A%252F%252Fce.lijit.com%252Fmerge%253Fpid%253D16%25263pid%253D935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348%2526gdpr%253D0%2526gdpr_consent%253D HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348&partner_url=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D16%263pid%3D935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348&partner_url=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D16%263pid%3D935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://ce.lijit.com/merge?pid=16&3pid=935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=16&3pid=935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348&gdpr=0&gdpr_consent=&dnr=1
Request Chain 112
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://rtb.gumgum.com/usersync?b=apn&i=2704169103602060831
Request Chain 113
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_0e9b6ab9-4333-4854-b441-70524bb09764&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_0e9b6ab9-4333-4854-b441-70524bb09764&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://event.clientgear.com/cookie/bidswitch?partner=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=161a6eb2-1263-45fc-a644-3e137bdabb83 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=257&user_id=mkeb018c65-f9d4-4c35-9af8-bb8fb45ccde6&expires=7&user_group=5&ssp=gumgum2&bsw_param=161a6eb2-1263-45fc-a644-3e137bdabb83 HTTP 302
  • https://rtb.gumgum.com/usersync?b=bsw&i=161a6eb2-1263-45fc-a644-3e137bdabb83
Request Chain 114
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%288fNUIDb_rsGVQujVmdQlcpShRetPLBWm5o-RZETb3KW6pybQ9cNe14xryyMP1SSU%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%288fNUIDb_rsGVQujVmdQlcpShRetPLBWm5o-RZETb3KW6pybQ9cNe14xryyMP1SSU%29 HTTP 302
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_0e9b6ab9-4333-4854-b441-70524bb09764&obuid=ENC(8fNUIDb_rsGVQujVmdQlcpShRetPLBWm5o-RZETb3KW6pybQ9cNe14xryyMP1SSU) HTTP 302
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
  • https://b1sync.zemanta.com/usersync/outbrain/?puid=8fNUIDb_rsGVQujVmdQlcpShRetPLBWm5o-RZETb3KW6pybQ9cNe14xryyMP1SSU HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=zemanta&uid=
Request Chain 115
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=opx&i=6781fbee-26ac-4ec9-9806-cf43b3ebb7dd
Request Chain 116
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=sta&i=0-a1fef4e9-52da-481a-6dc4-a68bd6081de1$ip$185.156.175.116
Request Chain 117
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=oth&i=y-bD72qrNE2pdpTdH.1ZPCCzuMpDW_BUftDyp3~A
Request Chain 118
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=vnt&i=90179557-cb0d-11eb-826e-51cf6ac71075
Request Chain 121
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_0e9b6ab9-4333-4854-b441-70524bb09764&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://rtb.gumgum.com/usersync?b=zem&i=
Request Chain 122
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://rtb.gumgum.com/usersync?b=idi&i=28a0d9cc-0f85-4226-841b-ab8df5c1c6ac
Request Chain 123
  • https://sync.1rx.io/usersync2/floor6&gdpr=&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6624470356 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6624470356 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/9232594b-cec3-414e-aaf7-05bd3dd2a73e HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003
Request Chain 124
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://rtb.gumgum.com/usersync?b=pln&i=v5oUkGZdsq2x&ev=1&pid=558355
Request Chain 126
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
  • https://rtb.gumgum.com/usersync?b=mmh&i=ee4160c3-f306-4f00-9e4c-9ead70fd3f1a&gdpr=&gdpr_consent=
Request Chain 127
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=&gdpr_consent= HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=&gdpr_consent=&_test=YMPzBgABfVlXLwBg HTTP 302
  • https://rtb.gumgum.com/usersync?b=atm&i=YMPzBgABfVlXLwBg&gdpr=&gdpr_consent=&_test=YMPzBgABfVlXLwBg
Request Chain 128
  • https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8wZTliNmFiOS00MzMzLTQ4NTQtYjQ0MS03MDUyNGJiMDk3NjQ=&gdpr=&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8wZTliNmFiOS00MzMzLTQ4NTQtYjQ0MS03MDUyNGJiMDk3NjQ=&gdpr=&gdpr_consent=&google_tc=
Request Chain 131
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=ttd&i=77b35e64-c047-4bd2-9143-c67bec6afe36&t=1626046467
Request Chain 133
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=sus&i=YMPzB8Co8XYAAAqjbeAAAAAA
Request Chain 134
  • https://p.rfihub.com/cm?pub=42796&in=1 HTTP 302
  • https://rtb.gumgum.com/usersync?b=zet&i=875739027505389897
Request Chain 135
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
  • https://rtb.gumgum.com/usersync?b=rth&i=NvdZm5dqkCHCSKHsg2Ar&pi=gumgum&tc=1
Request Chain 137
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YMPzA1V6Z1bsuLCxWCmx9QAABIIAAAAB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YMPzA1V6Z1bsuLCxWCmx9QAABIIAAAAB&gdpr_consent=&us_privacy=&gdpr=&google_tc= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEHUkOiYvYt3g-zvOwhKHp8M&google_cver=1
Request Chain 139
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YMPzA1V6Z1bsuLCxWCmx9QAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEPQY-jIH09uRKC7NWbtoJs0&google_cver=1
Request Chain 140
  • https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-eb8fa87d-e6cf-4bfd-9463-3cc3da483509
Request Chain 141
  • https://c1.adform.net/serving/cookie/match?party=29 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=29 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=4598055967431559312&expiration=1624664068
Request Chain 142
  • https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=0657220400b6d4669c390716&expiration=[EXPIRATION]
Request Chain 146
  • https://c1.adform.net/serving/cookie/match?party=14&cid=CC18DE48-720C-4EAB-9594-EF53DDE728DB HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=CC18DE48-720C-4EAB-9594-EF53DDE728DB
Request Chain 147
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4707865020089780405
Request Chain 149
  • https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6972683855199860881
Request Chain 150
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFCdG1rN0JoLVlBQURKWWdTVHI2dw&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AABtmk7Bh-YAADJYgSTr6w&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID HTTP 302
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp%2Cpm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=2&userid=1626073076566976167 HTTP 303
  • https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AABtmk7Bh-YAADJYgSTr6w&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fuserid%3D1626073076566976167%26bee_sync_partners%3Dpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3 HTTP 302
  • https://match.prod.bidr.io/cookie-sync?userid=1626073076566976167&bee_sync_partners=pm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AABtmk7Bh-YAADJYgSTr6w&pid=558502&do=add HTTP 303
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AABtmk7Bh-YAADJYgSTr6w
Request Chain 151
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5231786627 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/77b35e64-c047-4bd2-9143-c67bec6afe36 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003
Request Chain 152
  • https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 307
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie=$UID&gdpr=0
Request Chain 154
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=zBjeSHIMTquVlO9T3eco2w%3D%3D HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Request Chain 155
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=543660c3-f306-4b00-a63e-89d09c928fc9
Request Chain 156
  • https://pixel.onaudience.com/?partner=214&mapped=CC18DE48-720C-4EAB-9594-EF53DDE728DB HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=xksw9la&ttd_tpi=1 HTTP 302
  • https://pixel.onaudience.com/?partner=147&mapped=ee96c5f7-5169-48b3-a672-bc480f34c111&icm HTTP 302
  • https://spl.zeotap.com/?zdid=1332&zcluid=e3fd39d38416d5ac HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=fd77f8de-96e9-4ee5-7d5e-3b22ea9f49b9&reqId=7d499e44-6b4e-431b-4522-00dc6f34ea56&zcluid=e3fd39d38416d5ac&zdid=1332 HTTP 302
  • https://mwzeom.zeotap.com/mw?google_gid=CAESEKtEvUmA9Pz2Ox6NIg5Vkeg&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=fd77f8de-96e9-4ee5-7d5e-3b22ea9f49b9&reqId=7d499e44-6b4e-431b-4522-00dc6f34ea56&zcluid=e3fd39d38416d5ac&zdid=1332
Request Chain 157
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:b7e460c3-f306-4f00-978e-6e0b28012d4d&gdpr=0&gdpr_consent=
Request Chain 158
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=8807254954247102491
Request Chain 159
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEKT3UG2L1bUFv0_qbm6g4ZQ&google_cver=1
Request Chain 160
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=77b35e64-c047-4bd2-9143-c67bec6afe36
Request Chain 161
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2704169103602060831&gdpr=0&gdpr_consent=
Request Chain 163
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=CC18DE48-720C-4EAB-9594-EF53DDE728DB&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-51n8RQtE2uW6vSJw_LvWoqzbIftR0XA-~A&gdpr=0&gdpr_consent=
Request Chain 164
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=upL49uqRq_ehw6P36MS2_L2Tr_ShlKPx6pI4v68u
Request Chain 165
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.betweendigital.com/match?bidder_id=43092&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dpubmatic%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D HTTP 302
  • https://ads.betweendigital.com/match?bidder_id=43092&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dpubmatic%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D&crf=1 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=429&user_id=d7dd45ae-3f61-52a3-8bc6-08a0eb05fba4&ssp=pubmatic&expires=30&user_group=1 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=161a6eb2-1263-45fc-a644-3e137bdabb83&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 166
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YMPzBgABfXJXKwBg HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YMPzBgABfXJXKwBg&gdpr=0&gdpr_consent=&_test=YMPzBgABfXJXKwBg
Request Chain 167
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3837251083400129601&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 169
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:d97656d8-ef9c-40bd-a05d-d9b6967f2f24&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Request Chain 170
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348&gdpr=0&gdpr_consent=
Request Chain 187
  • https://green.erne.co/pubmatic/cm HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=DOttQozx3RZCkela8jwRW9hm
Request Chain 190
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Request Chain 191
  • https://bh.contextweb.com/bh/rtset?pid=557219&ev=1&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&piggybackCookie=%%VGUID%% HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=v5oUkGZdsq2x&pid=557219
Request Chain 192
  • https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
  • https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=0df1c988-1a3c-4fb9-bea1-3502b2691d1c-tuct7bd7886&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Request Chain 194
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=CC18DE48-720C-4EAB-9594-EF53DDE728DB&gdpr= HTTP 302
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=CC18DE48-720C-4EAB-9594-EF53DDE728DB&gdpr=&fbounce=1 HTTP 302
  • https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=CC18DE48-720C-4EAB-9594-EF53DDE728DB&addseg=31
Request Chain 195
  • https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=CC18DE48-720C-4EAB-9594-EF53DDE728DB&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
  • https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=CC18DE48-720C-4EAB-9594-EF53DDE728DB&sInitiator=external&gdpr=0&gdpr_consent=
Request Chain 197
  • https://loadm.exelator.com/load/?p=204&g=71&buid=CC18DE48-720C-4EAB-9594-EF53DDE728DB&gdpr=0&gdpr_consent=&j=0 HTTP 302
  • https://loadm.exelator.com/load/?p=204&g=71&buid=CC18DE48-720C-4EAB-9594-EF53DDE728DB&gdpr=0&gdpr_consent=&j=0&xl8blockcheck=1
Request Chain 198
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=Q0MxOERFNDgtNzIwQy00RUFCLTk1OTQtRUY1M0RERTcyOERC&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 200
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=5583517991533504365
Request Chain 201
  • https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_0e9b6ab9-4333-4854-b441-70524bb09764
Request Chain 217
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_dbm=&google_tc= HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEADrjaEshyuiR1CI0_xcnmg&google_cver=1
Request Chain 218
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMPzBrmcVDBbyJnR4TnCHAAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEADrjaEshyuiR1CI0_xcnmg&google_cver=1
Request Chain 229
  • https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEIW-RiXVQ_mA86UL1WxM9Ng&google_cver=1&google_push=AYg5qPKeVBEZO-K4PKDEmyqqEZpZPmXi3seTBW-lJV-G5_OQbyMho2vcyOSnlulD-3oJ0BBXkkPY9ghrsz--3GwC-9ejqdU-Yh-z9g HTTP 302
  • https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEIW-RiXVQ_mA86UL1WxM9Ng&google_push=AYg5qPKeVBEZO-K4PKDEmyqqEZpZPmXi3seTBW-lJV-G5_OQbyMho2vcyOSnlulD-3oJ0BBXkkPY9ghrsz--3GwC-9ejqdU-Yh-z9g&s=2 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPKeVBEZO-K4PKDEmyqqEZpZPmXi3seTBW-lJV-G5_OQbyMho2vcyOSnlulD-3oJ0BBXkkPY9ghrsz--3GwC-9ejqdU-Yh-z9g&google_hm=TnNBcHlJR0EwbmZTRWp2YkczY04=
Request Chain 230
  • https://dsum-sec.casalemedia.com/cma?gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_10}&google_gid=CAESEHUkOiYvYt3g-zvOwhKHp8M&google_cver=1&google_push=AYg5qPJwz94egkw2derLVlhcB31K8ltTmYgN41WHmjAyJk8TT61I7rd6jcclUnyvG70lazHTvJZcQDhFsnfPTgFKOZZbfi6kLBMoGg HTTP 302
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D46%26external_user_id%3D%24UID HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=5583517991533504365
Request Chain 231
  • https://ads.yieldmo.com/exptsync?google_gid=CAESEFwLIbPwuc9q23dhEk9Xf9k&google_cver=1&google_push=AYg5qPJz_CwGtsOCAcFy370HBIpdvv2j3hvrQpy1RFPj_TODGUx7vhFlhwPv47rRNMLidp4u39m33w2kSNBINi-DMgJMGstB0YjnMA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AYg5qPJz_CwGtsOCAcFy370HBIpdvv2j3hvrQpy1RFPj_TODGUx7vhFlhwPv47rRNMLidp4u39m33w2kSNBINi-DMgJMGstB0YjnMA&google_hm=Z2YwNTAzMTJlZmJlZDliNDJlMGQ=
Request Chain 232
  • https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEFPSbxMfJk4Am9n5qupbtJg&google_cver=1&google_push=AYg5qPJ--okPkAmQXsD4XjRanwGWr1ndNpulmqOPcVtnOnOz9vW1UUvT0NZN8eRAb5ix-wdJTlAG0GSwPC1BUrG91d9786PVGm4EWw HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-35e35e84-da95-4997-a6ae-98d2b919a9dc-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPJ--okPkAmQXsD4XjRanwGWr1ndNpulmqOPcVtnOnOz9vW1UUvT0NZN8eRAb5ix-wdJTlAG0GSwPC1BUrG91d9786PVGm4EWw%26google_hm%3DAzXjXoTalUmXpq6Y0rkZqdw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPJ--okPkAmQXsD4XjRanwGWr1ndNpulmqOPcVtnOnOz9vW1UUvT0NZN8eRAb5ix-wdJTlAG0GSwPC1BUrG91d9786PVGm4EWw&google_hm=AzXjXoTalUmXpq6Y0rkZqdw
Request Chain 233
  • https://cs.media.net/cksync?type=g&google_gid=CAESEIP0Xy4spPJiV5AMYzI58EU&google_cver=1&google_push=AYg5qPKEO-CaHj-OpsmGXT8-LHOIxzC4y5l1pOuoqMmrX1JS0yiTanPLIY7ThopPjwW8deQOZ9gwDMn8Sksrw8POIEeFQHQL1YT0Zw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjY2NDU2MDcxNTM0OTI1NjAwMFYxMA%3d%3d&mn_hm=MjY2NDU2MDcxNTM0OTI1NjAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPKEO-CaHj-OpsmGXT8-LHOIxzC4y5l1pOuoqMmrX1JS0yiTanPLIY7ThopPjwW8deQOZ9gwDMn8Sksrw8POIEeFQHQL1YT0Zw&gdpr=&gdpr_consent=
Request Chain 234
  • https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEBUi8aMQrx18JntvCZrynfo&google_cver=1&google_push=AYg5qPJrCTXZfmXVoP7PhM98lzl6g8fNDZ64XAyCg3euj61Pj5VqVz1oCbvNJ-6ln8ZY7kwYsX846YJG7ydsVmd58KZTY-ar6COYMPY HTTP 302
  • https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEBUi8aMQrx18JntvCZrynfo&google_cver=1&google_push=AYg5qPJrCTXZfmXVoP7PhM98lzl6g8fNDZ64XAyCg3euj61Pj5VqVz1oCbvNJ-6ln8ZY7kwYsX846YJG7ydsVmd58KZTY-ar6COYMPY&verify=true HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1WYUttTkR4RTJ1RTJiTEVpWlhUcmJfU3BKTHdyenduWX5B&google_push=AYg5qPJrCTXZfmXVoP7PhM98lzl6g8fNDZ64XAyCg3euj61Pj5VqVz1oCbvNJ-6ln8ZY7kwYsX846YJG7ydsVmd58KZTY-ar6COYMPY
Request Chain 289
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEADrjaEshyuiR1CI0_xcnmg&google_cver=1
Request Chain 290
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMPzBrmcVDBbyJnR4TnCHAAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEADrjaEshyuiR1CI0_xcnmg&google_cver=1
Request Chain 300
  • https://ad.turn.com/r/cs?pid=3&google_gid=CAESEMITOJDe7iudWZxHMSpSv4Y&google_cver=1&google_push=AYg5qPICKK_WZUrmpVoFzzCtGUzERf6We8pUCqWEbh5YTN_36MohcMmKkenf-OncBkz0U4xyiA-SaUOIo2zgetcCxCU_fQCcCy8HMA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzM1NjI1MTI0MjIzNjc1MDkxMw== HTTP 302
  • https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEMITOJDe7iudWZxHMSpSv4Y&google_cver=1
Request Chain 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEMOw_bMVniEjdt8CLWhMgyo&google_cver=1&google_push=AYg5qPJAgvrxVFR6hznrDUMWeN-sHV3LO-IKoe48nGMxSgsr06xh4pKfIVDI6OvIYCCEmYyQINAeDp-6BVr-qNoWBoGBUXWQyDV5Wg HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=8&google_gid=CAESEMOw_bMVniEjdt8CLWhMgyo&google_cver=1&google_push=AYg5qPJAgvrxVFR6hznrDUMWeN-sHV3LO-IKoe48nGMxSgsr06xh4pKfIVDI6OvIYCCEmYyQINAeDp-6BVr-qNoWBoGBUXWQyDV5Wg HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=HeP9MWy6QNmvC4Y--QHKxmDD8wg
Request Chain 303
  • https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEPylaMAY5jAUm4rYLLRKWpE&google_cver=1&google_push=AYg5qPIHcKdE8Red_NwWLN4mC-TWVlFneDpvtk7yz0-kAY39W72KKATIoYvpX7tuZYeCDlg0O3Th78msbwmQOtggkq4rWeKK0Kry9g HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPIHcKdE8Red_NwWLN4mC-TWVlFneDpvtk7yz0-kAY39W72KKATIoYvpX7tuZYeCDlg0O3Th78msbwmQOtggkq4rWeKK0Kry9g
Request Chain 304
  • https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEJNn_k5dvteN2SxKwn5ukOc&google_cver=1&google_push=AYg5qPLpNC_x4z4QJruwj66Bi4ayhA1mPmnxyZzdlaPM1NHjTizsAWvGo8ZKTzZvBWgqMCJR2Si-RMI5i0IqaJu4mL9sNq_27Pis HTTP 302
  • https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEJNn_k5dvteN2SxKwn5ukOc&google_cver=1&google_push=AYg5qPLpNC_x4z4QJruwj66Bi4ayhA1mPmnxyZzdlaPM1NHjTizsAWvGo8ZKTzZvBWgqMCJR2Si-RMI5i0IqaJu4mL9sNq_27Pis&checkcookies=true HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=lc3G7rPaE7v3ZtwR6_vDTA&google_push=AYg5qPLpNC_x4z4QJruwj66Bi4ayhA1mPmnxyZzdlaPM1NHjTizsAWvGo8ZKTzZvBWgqMCJR2Si-RMI5i0IqaJu4mL9sNq_27Pis
Request Chain 305
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEJjgauLGlaa7GrwalaGRBag&google_cver=1&google_push=AYg5qPLoiLydcfBYZ-5cuHZ5P1Vm4IaXUpRLNYceM1IbMY5rK0um5LXaz7l9xL1mjj-P6WOrj6HeShyJagQGLs5u4XgHz5Arr7bzkg HTTP 302
  • https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEJjgauLGlaa7GrwalaGRBag&google_cver=1&google_push=AYg5qPLoiLydcfBYZ-5cuHZ5P1Vm4IaXUpRLNYceM1IbMY5rK0um5LXaz7l9xL1mjj-P6WOrj6HeShyJagQGLs5u4XgHz5Arr7bzkg HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTg3Nzk1OTQzNDM3MDI3MDk4MA&google_push=AYg5qPLoiLydcfBYZ-5cuHZ5P1Vm4IaXUpRLNYceM1IbMY5rK0um5LXaz7l9xL1mjj-P6WOrj6HeShyJagQGLs5u4XgHz5Arr7bzkg
Request Chain 306
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEMC3RV2bc9TayiNL8ps3DNc&google_cver=1&google_push=AYg5qPL-sDA2pc-PNlGHpfepX71I4HC63A6HhUZxxB8ppq6YU7rB1usw54G02yb13VynJlu51kgUkDciVVFkk_HF-tMDofWlyTzzHg HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=IvVnK1rEQrSK29SSf2BL_w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPL-sDA2pc-PNlGHpfepX71I4HC63A6HhUZxxB8ppq6YU7rB1usw54G02yb13VynJlu51kgUkDciVVFkk_HF-tMDofWlyTzzHg

322 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
se-faire-rembourser.fr/
Redirect Chain
  • https://www.se-faire-rembourser.fr/
  • https://se-faire-rembourser.fr/
141 KB
32 KB
Document
General
Full URL
https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
6374127776c7f3622a3b34499563bccc2ba71c28f3d1a497aea25a7ed0542339

Request headers

:method
GET
:authority
se-faire-rembourser.fr
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cache-control
max-age=0, must-revalidate, no-cache, no-store
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 11 Jun 2021 23:34:26 GMT
display
pub_site_sol
expires
Thu, 10 Jun 2021 23:34:26 GMT
link
<https://se-faire-rembourser.fr/wp-json/>; rel="https://api.w.org/", <https://se-faire-rembourser.fr/wp-json/wp/v2/pages/7445>; rel="alternate"; type="application/json", <https://se-faire-rembourser.fr/>; rel=shortlink
pagespeed
off
response
200
server
nginx/1.16.0
set-cookie
ezoadgid_134878=-1; Path=/; Domain=se-faire-rembourser.fr; Expires=Sat, 12 Jun 2021 00:04:25 UTC ezoref_134878=; Path=/; Domain=se-faire-rembourser.fr; Expires=Sat, 12 Jun 2021 01:34:25 UTC ezoab_134878=mod1; Path=/; Domain=se-faire-rembourser.fr; Expires=Sat, 12 Jun 2021 01:34:25 UTC active_template::134878=pub_site.1623454465; Path=/; Domain=se-faire-rembourser.fr; Expires=Sun, 13 Jun 2021 23:34:25 UTC ezopvc_134878=1; Path=/; Domain=se-faire-rembourser.fr; Expires=Sat, 12 Jun 2021 00:04:26 UTC ezepvv=0; Path=/; Domain=se-faire-rembourser.fr; Expires=Sat, 12 Jun 2021 23:34:26 UTC ezovid_134878=157736985; Path=/; Domain=se-faire-rembourser.fr; Expires=Sat, 12 Jun 2021 00:04:26 UTC lp_134878=https://se-faire-rembourser.fr/; Path=/; Domain=se-faire-rembourser.fr; Expires=Sat, 12 Jun 2021 00:04:26 UTC ezovuuidtime_134878=1623454466; Path=/; Domain=se-faire-rembourser.fr; Expires=Sun, 13 Jun 2021 23:34:26 UTC ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; Path=/; Domain=se-faire-rembourser.fr; Expires=Sat, 12 Jun 2021 00:04:26 UTC ezCMPCCS=true; Path=/; Domain=se-faire-rembourser.fr; Expires=Sat, 11 Jun 2022 23:34:26 GMT
vary
Accept-Encoding Accept-Encoding,User-Agent
x-ezoic-cdn
Hit ds;mm;d144ac8b098a14bfc224c7b2655c3343;2-134878-165;56e497a9-0980-41ef-6181-2ab8af158eab
x-middleton-display
pub_site_sol
x-middleton-response
200
x-sol
pub_site

Redirect headers

date
Fri, 11 Jun 2021 23:34:25 GMT
content-type
text/html; charset=UTF-8
cache-control
public, max-age=2592000
display
staticcontent_sol
location
https://se-faire-rembourser.fr/
pagespeed
off
response
301
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
x-ezoic-cdn
Miss
x-middleton-display
staticcontent_sol
x-middleton-response
301
x-redirect-by
WordPress
x-sol
pub_site
cf-cache-status
DYNAMIC
cf-request-id
0a9f0653790000d6f9208b2000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=poW3PqaK9NzqpQQ2g2vL%2BPTLiYyE%2B2WPmOb1QuxHKq%2BchzvZbyDXO2maaEyGAKZHptCnlBq%2F4OxJyKyDR9%2BBEdxBX7vCYcKwLbTHFmYPzKvBDNb5O4QFXF71nxR3tn72hv7MyYom%2FQCBBjpzvQsvVBCtyuU%3D"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
65dea6658a7dd6f9-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
gpt.js
securepubads.g.doubleclick.net/tag/js/
62 KB
21 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
sffe /
Resource Hash
9d9fe401b65d8cc512a532c1f704d749b522980f11d460733e78eb3589ba971b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"900 / 828 of 1000 / last-modified: 1623449396"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21410
x-xss-protection
0
expires
Fri, 11 Jun 2021 23:34:26 GMT
dall.js
go.ezodn.com/hb/
260 KB
76 KB
Script
General
Full URL
https://go.ezodn.com/hb/dall.js?b=amx,appnexus,criteo,ix,oftmedia,onetag,openx,pulsepoint,rhythmone,sharethrough,unruly&cb=195-2-22
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:b890 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d75f1b225eba7fb931e5e6a7bfd9efa6998c92d9820b39f4865e3911d71ab2c

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=sNcIADAsHgUncDkRYnRzhWV2dnWS011T59OIvZVy%2FsbXF8%2FHhrn5%2B3ytFroelDqB5HncQdbdXRpCnrugGP0gIjvMp3Td1GlSj5%2BXBB1Kl1iRgII05MbN7P%2Bnl%2B%2BQufwGq%2F3OFIuZ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
65dea66d6ed41752-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0a9f06585e00001752b7969000000001
apstag.js
c.amazon-adsystem.com/aax2/
123 KB
33 KB
Script
General
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.5.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-5-125.vie50.r.cloudfront.net
Software
Server /
Resource Hash
0f4b08d07ecca9f8fcaf108ea78bb163fc98cfc19a844bd0f87412ab34a41873

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
sWCsRsvwWkSFZMQxDYXuCmbidBHsB_Lq
content-encoding
gzip
server
Server
age
732
etag
c457e964d47ff007ca9e04843536c474
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 dcb9765526b3272617b95932c8fefee2.cloudfront.net (CloudFront)
cache-control
public, max-age=900
date
Fri, 11 Jun 2021 23:22:14 GMT
x-amz-cf-pop
VIE50-C2
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
2CS1sVHtVMvnApLYjFhkkXf7PgkhbWmmYs0P9uHQY8g5qXGKfW2cGw==
cv.css
se-faire-rembourser.fr/wp-content/plugins/content-views-query-and-display-post-page/public/assets/css/
76 KB
10 KB
Stylesheet
General
Full URL
https://se-faire-rembourser.fr/wp-content/plugins/content-views-query-and-display-post-page/public/assets/css/cv.css?ver=2.4.0.1
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
7c9683afc486e6b2c3276cbf3291b887c7589162776280ceeae0e05d822f63c3

Request headers

:path
/wp-content/plugins/content-views-query-and-display-post-page/public/assets/css/cv.css?ver=2.4.0.1
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
public
date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
display
staticcontent_sol, orig_site_sol
x-middleton-response
200
x-ezoic-cdn
Hit ds;mm;ffbd25c57938266fa6d71b178738a23e;2-134878-165;586a4ac5-3658-4285-4790-81075db08b81
content-type
text/css
x-middleton-display
staticcontent_sol, orig_site_sol
cache-control
public, max-age=31536000
x-ez-minify-css
0.10% 78004 / 78080
x-sol
orig
css
fonts.googleapis.com/
9 KB
961 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Cabin:300,400,400i,600,700,900|Roboto+Condensed:400,700,900&display=optional
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6cd06e07070780dec137084762850d100ab69bff9c72f12ebd95443185f321c0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 11 Jun 2021 23:34:26 GMT
server
ESF
date
Fri, 11 Jun 2021 23:34:26 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 11 Jun 2021 23:34:26 GMT
fontawesome-all.css
se-faire-rembourser.fr/wp-content/themes/sfr/assets/font-awesome/css/
36 KB
8 KB
Stylesheet
General
Full URL
https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/font-awesome/css/fontawesome-all.css?ver=1.1.0
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
f2a908224fc8625c4a92c46fcad6da1c1eef42089b5d5bd62d99866647e73ad9

Request headers

:path
/wp-content/themes/sfr/assets/font-awesome/css/fontawesome-all.css?ver=1.1.0
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
public
date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
display
staticcontent_sol, orig_site_sol
x-middleton-response
200
x-ezoic-cdn
Hit ds;mm;4868635c2a19452cabdcab1aada733e8;2-134878-165;e0d566ab-6007-4a74-6bdc-48896705da94
content-type
text/css
x-middleton-display
staticcontent_sol, orig_site_sol
cache-control
public, max-age=31536000
x-ez-minify-css
19.45% 37255 / 46249
x-sol
orig
bootstrap.min.css
se-faire-rembourser.fr/wp-content/themes/sfr/assets/bootstrap/css/
155 KB
21 KB
Stylesheet
General
Full URL
https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/bootstrap/css/bootstrap.min.css?ver=1.1.0
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
ad83cd7b5cd167c75b91103363edadbd82fb731a1a5e06bca7e5a001b905d406

Request headers

:path
/wp-content/themes/sfr/assets/bootstrap/css/bootstrap.min.css?ver=1.1.0
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
public
date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
display
staticcontent_sol, orig_site_sol
x-middleton-response
200
x-ezoic-cdn
Hit ds;mm;650b71b881add8401fff4860a5acc39b;2-134878-165;61a9c987-74f7-4318-53ae-13653dddf55c
content-type
text/css
x-middleton-display
staticcontent_sol, orig_site_sol
cache-control
public, max-age=31536000
x-ez-minify-css
0.26% 159098 / 159515
x-sol
orig
style.css
se-faire-rembourser.fr/wp-content/themes/sfr/
23 KB
5 KB
Stylesheet
General
Full URL
https://se-faire-rembourser.fr/wp-content/themes/sfr/style.css?ver=1.1.0
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
557874c0d05a6e45197ae1660fdc76b7b762c08788f698c8ab402088746c7ed2

Request headers

:path
/wp-content/themes/sfr/style.css?ver=1.1.0
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
public
date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
display
staticcontent_sol, orig_site_sol
x-middleton-response
200
x-ezoic-cdn
Hit ds;mm;d8e75313097ca4850cec9967751dc12c;2-134878-165;27579666-8659-4377-5304-defa403e7384
content-type
text/css
x-middleton-display
staticcontent_sol, orig_site_sol
cache-control
public, max-age=31536000
x-ez-minify-css
33.33% 23506 / 35257
x-sol
orig
header.css
se-faire-rembourser.fr/wp-content/themes/sfr/assets/css/
9 KB
2 KB
Stylesheet
General
Full URL
https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/css/header.css?ver=1.1.0
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
2bf7551b8beb152f8bfe5cfb4037e46f0a509ac23839dc68eda612c0c6345736

Request headers

:path
/wp-content/themes/sfr/assets/css/header.css?ver=1.1.0
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
x-sol
orig
display
staticcontent_sol, orig_site_sol
x-ezoic-cdn
Hit ds;mm;80d330d20e729f50dee88484c569167b;2-134878-165;90d8fef5-92a8-4ffe-5d10-ac00a1e88393
x-middleton-display
staticcontent_sol, orig_site_sol
x-middleton-response
200
content-length
2122
pragma
public
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
x-ez-minify-css
24.55% 9453 / 12528
content-type
text/css
cache-control
public, max-age=31536000
content.css
se-faire-rembourser.fr/wp-content/themes/sfr/assets/css/
8 KB
2 KB
Stylesheet
General
Full URL
https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/css/content.css?ver=1.1.0
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
ef8f413b642a6e5727c976b3ab998b24ab4ad2a45e6c1ffd8ceff3f4c0ca8dec

Request headers

:path
/wp-content/themes/sfr/assets/css/content.css?ver=1.1.0
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
x-sol
orig
display
staticcontent_sol, orig_site_sol
x-ezoic-cdn
Hit ds;mm;08e12374e8c74192f39b4c9295959ecf;2-134878-165;3469e6c8-8679-4d4a-6bdb-2d575e663924
x-middleton-display
staticcontent_sol, orig_site_sol
x-middleton-response
200
content-length
2218
pragma
public
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
x-ez-minify-css
31.40% 8203 / 11958
content-type
text/css
cache-control
public, max-age=31536000
mrdev_faq.css
se-faire-rembourser.fr/wp-content/themes/sfr/assets/css/
493 B
516 B
Stylesheet
General
Full URL
https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/css/mrdev_faq.css?ver=5.7.2
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
12f34d4eeed04ece92a44207714251bd462b3dc2380d2d0e0fc635239e7a937a

Request headers

:path
/wp-content/themes/sfr/assets/css/mrdev_faq.css?ver=5.7.2
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
x-sol
orig
display
staticcontent_sol, orig_site_sol
x-ezoic-cdn
Hit ds;mm;e318ae13401acf544563599e08a61f48;2-134878-165;3f46c7be-f120-4477-4c8a-07afafb71b70
x-middleton-display
staticcontent_sol, orig_site_sol
x-middleton-response
200
content-length
266
pragma
public
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
x-ez-minify-css
26.31% 493 / 669
content-type
text/css
cache-control
public, max-age=31536000
mrdev_toc.css
se-faire-rembourser.fr/wp-content/themes/sfr/assets/css/
3 KB
1 KB
Stylesheet
General
Full URL
https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/css/mrdev_toc.css?ver=1.1.0
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
18e79d6a5c30ec774fe3b61069ddf3c8a1b175e276aea75fe43222fd12839db5

Request headers

:path
/wp-content/themes/sfr/assets/css/mrdev_toc.css?ver=1.1.0
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
x-sol
orig
display
staticcontent_sol, orig_site_sol
x-ezoic-cdn
Hit ds;mm;78ff73904c420bd272c80b900f363145;2-134878-165;20dfb12c-1452-4740-5511-ecafa2e18586
x-middleton-display
staticcontent_sol, orig_site_sol
x-middleton-response
200
content-length
956
pragma
public
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
x-ez-minify-css
24.27% 3242 / 4281
content-type
text/css
cache-control
public, max-age=31536000
js
www.googletagmanager.com/gtag/
89 KB
35 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-102382503-1
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e8294f18a50ce3d652e79eb3d6b5ae3f5e593fd3b098f67050c0ff5f2c58a5b2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36075
x-xss-protection
0
last-modified
Fri, 11 Jun 2021 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 11 Jun 2021 23:34:26 GMT
cookieconsent.min.js
se-faire-rembourser.fr/ezoic/
4 KB
2 KB
Script
General
Full URL
https://se-faire-rembourser.fr/ezoic/cookieconsent.min.js
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0

Request headers

:path
/ezoic/cookieconsent.min.js
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
etag
"11a4-5c3cf8fc12640-gzip"
vary
Accept-Encoding Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000, public
accept-ranges
bytes
x-robots-tag
noindex
content-length
1707
expires
Sat, 11 Jun 2022 23:34:26 GMT
banger.js
se-faire-rembourser.fr/porpoiseant/
43 KB
10 KB
Script
General
Full URL
https://se-faire-rembourser.fr/porpoiseant/banger.js?cb=195-2&bv=19&v=51&PageSpeed=off
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e585da4fe75d0c301c6ae14f1b9026f4555231f42622c5502f809035bb38c162

Request headers

:path
/porpoiseant/banger.js?cb=195-2&bv=19&v=51&PageSpeed=off
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
application/javascript
x-middleton-display
sol-js
cache-control
max-age=31536000, public
x-robots-tag
noindex
outbrain.js
widgets.outbrain.com/
175 KB
58 KB
Script
General
Full URL
https://widgets.outbrain.com/outbrain.js
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-190.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
076c63f713871e395188ffb1a8205e7c0a50a1e318220154f4c2b0cb6e96c887

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
gzip
last-modified
Mon, 07 Jun 2021 05:49:32 GMT
etag
W/"2ba2f-O6yroDXPX5qnr291D402M/nC6Io"
vary
Accept-Encoding
edge-cache-tag
widget-cheetah
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
access-control-allow-credentials
false
access-control-allow-methods
GET,POST
x-traceid
af90f6b8021ea721d39e93f426c5afe9
timing-allow-origin
*, *
content-length
59189
expires
Sat, 12 Jun 2021 03:34:26 GMT
ezosuigeneris.js
g.ezoic.net/
555 B
563 B
Script
General
Full URL
https://g.ezoic.net/ezosuigeneris.js
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
d68b415aff54e01441bd15c2113d6cd5565616968c498a1dc4267319ec501f47

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
etag
251b488d40df53af8010083a8c3b159f
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cache-control
max-age=999999, private
content-length
276
expires
Mon, 29 Apr 2020 21:44:55 GMT
cmbv2.js
se-faire-rembourser.fr/detroitchicago/
149 KB
38 KB
Script
General
Full URL
https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
28f4dd480a7c5eb19c0a7754803758f2a2a19473b3b087132f6d6847ccf81e43

Request headers

:path
/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
application/javascript
x-middleton-display
sol-js
cache-control
max-age=31536000, public
x-robots-tag
noindex
truncated
/
70 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ee07b09c7d212fc29ceefa7da934f3ccd93e495257ea6e5edeb8269ecb7c33c7

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
71 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a073f91e3318d097b4094c9ada42ac168848dd871ebb9d4e08f72f599fa5850a

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
fonts.gstatic.com/s/robotocondensed/v19/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/robotocondensed/v19/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Cabin:300,400,400i,600,700,900|Roboto+Condensed:400,700,900&display=optional
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
53b907326f7c21a04f6d39cc32ff471aafec57d887feabfabb53394f378c659f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://se-faire-rembourser.fr
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 12:42:53 GMT
x-content-type-options
nosniff
age
39093
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15720
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 18:08:56 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 11 Jun 2022 12:42:53 GMT
u-4i0qWljRw-PfU81xCKCpdpbgZJl6Xvqdns.woff2
fonts.gstatic.com/s/cabin/v18/
25 KB
26 KB
Font
General
Full URL
https://fonts.gstatic.com/s/cabin/v18/u-4i0qWljRw-PfU81xCKCpdpbgZJl6Xvqdns.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Cabin:300,400,400i,600,700,900|Roboto+Condensed:400,700,900&display=optional
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4632f2a6b880931a9a2468fe53828f3a5a4b0934d9f4f6f37d6831214469a07e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://se-faire-rembourser.fr
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 08 Jun 2021 15:30:32 GMT
x-content-type-options
nosniff
age
288234
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26104
x-xss-protection
0
last-modified
Thu, 28 Jan 2021 20:56:38 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 15:30:32 GMT
ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
fonts.gstatic.com/s/robotocondensed/v19/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Cabin:300,400,400i,600,700,900|Roboto+Condensed:400,700,900&display=optional
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c867104326e3c4b658209d8e5bcea0900aaf7fbc2bbc181ca01c482cac2810f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://se-faire-rembourser.fr
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 10:31:37 GMT
x-content-type-options
nosniff
age
46969
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15640
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 18:08:37 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 11 Jun 2022 10:31:37 GMT
truncated
/
72 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
eb54ca86698de7bdb4dcde4b186145f2376d43d3bab896e533ad0cbedf737b35

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
71 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b83a51957a6cd576bbf1d599207ee1a646e533f87bf1aaa7d3e7fcf7b6db9ea0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
72 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fce5822409c38e996bac0e0d3a51464953aa0ea66c4b19e19b5a4df2bb95a6d2

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
71 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9f7f51e9cef3384b695cc4e54985f69afc57975c7a6902fad10b8e1bd0ee50c2

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
71 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b50d2212a6d1c03bba771a50cf306825856a1265bca6ca72e17ad5077e048abd

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
71 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d25f3b9ca280f29b9e92ef327d66a64500bb313f967ce3e8145133329126e852

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
71 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
716cf93f71a94d792a4cb35dddf57d7fd7d0e2b59cffa60459591c319e3397a0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
fa-solid-900.woff2
se-faire-rembourser.fr/wp-content/themes/sfr/assets/font-awesome/webfonts/
72 KB
72 KB
Font
General
Full URL
https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/font-awesome/webfonts/fa-solid-900.woff2
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/font-awesome/css/fontawesome-all.css?ver=1.1.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
7798165ee5a3c6809310d8261dcbe7c8d0c12d795b7b09a71af3eb86ec8f33f2

Request headers

sec-fetch-mode
cors
origin
https://se-faire-rembourser.fr
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
font
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true
:path
/wp-content/themes/sfr/assets/font-awesome/webfonts/fa-solid-900.woff2
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/font-awesome/css/fontawesome-all.css?ver=1.1.0
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://se-faire-rembourser.fr
Referer
https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/font-awesome/css/fontawesome-all.css?ver=1.1.0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
display
staticcontent_sol, staticcontent_sol
x-ezoic-cdn
Hit ds;mm;0e8c1f9270e44fc511b14eebf70a43f8;2-134878-165;693cfb7b-48cf-4d92-4c8f-1b15939e8efa
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
pragma
public
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
access-control-max-age
1728000
access-control-allow-methods
POST, GET, OPTIONS
content-type
font/woff2
access-control-allow-origin
https://se-faire-rembourser.fr
cache-control
public, max-age=31536000
mask.svg
se-faire-rembourser.fr/wp-content/themes/sfr/images/
585 B
482 B
Image
General
Full URL
https://se-faire-rembourser.fr/wp-content/themes/sfr/images/mask.svg
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/wp-content/themes/sfr/style.css?ver=1.1.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
f3a0f785fbc1b38f34416a64a68d31eb6c646e29b273a81709629670889c3f96

Request headers

sec-fetch-mode
cors
origin
https://se-faire-rembourser.fr
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
image
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true
:path
/wp-content/themes/sfr/images/mask.svg
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/wp-content/themes/sfr/style.css?ver=1.1.0
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://se-faire-rembourser.fr
Referer
https://se-faire-rembourser.fr/wp-content/themes/sfr/style.css?ver=1.1.0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
display
staticcontent_sol, staticcontent_sol
x-ezoic-cdn
Hit ds;mm;282f2585f81b1ba25a182d6518e8c138;2-134878-165;acd7eeb9-3480-41e5-4935-4835d6bfd025
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
348
pragma
public
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
access-control-max-age
1728000
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/svg+xml
access-control-allow-origin
https://se-faire-rembourser.fr
cache-control
public, max-age=31536000
fa-brands-400.woff2
se-faire-rembourser.fr/wp-content/themes/sfr/assets/font-awesome/webfonts/
68 KB
68 KB
Font
General
Full URL
https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/font-awesome/webfonts/fa-brands-400.woff2
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/font-awesome/css/fontawesome-all.css?ver=1.1.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
05dbc51654b96590d176c27efbcef2cf4ac0497499a9f28b731b73eea399070c

Request headers

sec-fetch-mode
cors
origin
https://se-faire-rembourser.fr
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
font
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true
:path
/wp-content/themes/sfr/assets/font-awesome/webfonts/fa-brands-400.woff2
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/font-awesome/css/fontawesome-all.css?ver=1.1.0
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://se-faire-rembourser.fr
Referer
https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/font-awesome/css/fontawesome-all.css?ver=1.1.0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
display
staticcontent_sol, staticcontent_sol
x-ezoic-cdn
Hit ds;mm;a5f40151b9a49d40f5f11f93c482cf53;2-134878-165;28f294b1-b9e1-4eaa-6b72-aff66c7f85bc
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
pragma
public
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
access-control-max-age
1728000
access-control-allow-methods
POST, GET, OPTIONS
content-type
font/woff2
access-control-allow-origin
https://se-faire-rembourser.fr
cache-control
public, max-age=31536000
pubads_impl_2021060901.js
securepubads.g.doubleclick.net/gpt/
326 KB
114 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
sffe /
Resource Hash
3dc0b6e4edbfc8d6d8446e112130624fd05d7b8a8cfe62839046fc733c8b19a8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 09 Jun 2021 08:43:05 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
116890
x-xss-protection
0
expires
Fri, 11 Jun 2021 23:34:26 GMT
houston.js
se-faire-rembourser.fr/detroitchicago/
3 KB
1 KB
Script
General
Full URL
https://se-faire-rembourser.fr/detroitchicago/houston.js?gcb=2&cb=36
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
1d6f7818a09adfc9c11ff7110eb866179ef9d36a3625cd1c02e23292d315daaa

Request headers

:path
/detroitchicago/houston.js?gcb=2&cb=36
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
application/javascript
x-middleton-display
sol-js
cache-control
max-age=31536000, public
x-robots-tag
noindex
content-length
1163
imp.gif
se-faire-rembourser.fr/detroitchicago/
43 B
128 B
XHR
General
Full URL
https://se-faire-rembourser.fr/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A1%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A4%2C%22ad_load_version%22%3A1%2C%22ad_location_ids%22%3A%225%2C95%2C30%2C1%2C3%2C36%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A5%2C%22bidder_method%22%3A3%2C%22bidder_version%22%3A5%2C%22city%22%3A%22Zurich%22%2C%22country%22%3A%22CH%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A134878%2C%22domain_test_group%22%3A20210302%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A2%2C%22ezcache_skip_code%22%3A0%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22iab_category_0%22%3A%22239%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A4%2C%22page_ad_positions%22%3A%221100%2C1121%2C1125%2C1133%2C1134%2C1136%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%226849a8fa-5f66-421b-76c3-e9dec216cc9f%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%228010%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A45690%2C%22response_time_orig%22%3A6%2C%22serverid%22%3A%2252.47.126.216%3A7849%22%2C%22state%22%3A%22ZH%22%2C%22sub_page_ad_positions%22%3A%221100%2C1121%2C1125%2C1133%2C1134%2C1136%22%2C%22t_epoch%22%3A1623454465%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fse-faire-rembourser.fr%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A674%2C%22worst_bad_word_level%22%3A0%7D
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

:path
/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A1%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A4%2C%22ad_load_version%22%3A1%2C%22ad_location_ids%22%3A%225%2C95%2C30%2C1%2C3%2C36%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A5%2C%22bidder_method%22%3A3%2C%22bidder_version%22%3A5%2C%22city%22%3A%22Zurich%22%2C%22country%22%3A%22CH%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A134878%2C%22domain_test_group%22%3A20210302%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A2%2C%22ezcache_skip_code%22%3A0%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22iab_category_0%22%3A%22239%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A4%2C%22page_ad_positions%22%3A%221100%2C1121%2C1125%2C1133%2C1134%2C1136%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%226849a8fa-5f66-421b-76c3-e9dec216cc9f%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%228010%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A45690%2C%22response_time_orig%22%3A6%2C%22serverid%22%3A%2252.47.126.216%3A7849%22%2C%22state%22%3A%22ZH%22%2C%22sub_page_ad_positions%22%3A%221100%2C1121%2C1125%2C1133%2C1134%2C1136%22%2C%22t_epoch%22%3A1623454465%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fse-faire-rembourser.fr%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A674%2C%22worst_bad_word_level%22%3A0%7D
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
image/gif
x-middleton-display
imp_sol
cache-control
no-cache, no-store, must-revalidate, max-age=0
content-length
47
quant.js
secure.quantserve.com/
24 KB
9 KB
Script
General
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
gzip
etag
"WhyxmPkT7L77qVDcrjxwGw=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
expires
Fri, 18 Jun 2021 23:34:26 GMT
truncated
/
42 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/webp
cv.css
se-faire-rembourser.fr/wp-content/plugins/content-views-query-and-display-post-page/public/assets/css/
64 KB
64 KB
Image
General
Full URL
https://se-faire-rembourser.fr/wp-content/plugins/content-views-query-and-display-post-page/public/assets/css/cv.css?ver=2.4.0.1
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/wp-content/plugins/content-views-query-and-display-post-page/public/assets/css/cv.css?ver=2.4.0.1
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
public
date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
display
staticcontent_sol, orig_site_sol
x-middleton-response
200
x-ezoic-cdn
Hit ds;mm;ffbd25c57938266fa6d71b178738a23e;2-134878-165;586a4ac5-3658-4285-4790-81075db08b81
content-type
text/css
x-middleton-display
staticcontent_sol, orig_site_sol
cache-control
public, max-age=31536000
x-ez-minify-css
0.10% 78004 / 78080
x-sol
orig
css
fonts.googleapis.com/
9 KB
9 KB
Image
General
Full URL
https://fonts.googleapis.com/css?family=Cabin:300,400,400i,600,700,900|Roboto+Condensed:400,700,900&display=optional
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 11 Jun 2021 23:34:26 GMT
server
ESF
date
Fri, 11 Jun 2021 23:34:26 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 11 Jun 2021 23:34:26 GMT
fontawesome-all.css
se-faire-rembourser.fr/wp-content/themes/sfr/assets/font-awesome/css/
36 KB
36 KB
Image
General
Full URL
https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/font-awesome/css/fontawesome-all.css?ver=1.1.0
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/wp-content/themes/sfr/assets/font-awesome/css/fontawesome-all.css?ver=1.1.0
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
public
date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
display
staticcontent_sol, orig_site_sol
x-middleton-response
200
x-ezoic-cdn
Hit ds;mm;4868635c2a19452cabdcab1aada733e8;2-134878-165;e0d566ab-6007-4a74-6bdc-48896705da94
content-type
text/css
x-middleton-display
staticcontent_sol, orig_site_sol
cache-control
public, max-age=31536000
x-ez-minify-css
19.45% 37255 / 46249
x-sol
orig
bootstrap.min.css
se-faire-rembourser.fr/wp-content/themes/sfr/assets/bootstrap/css/
64 KB
64 KB
Image
General
Full URL
https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/bootstrap/css/bootstrap.min.css?ver=1.1.0
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/wp-content/themes/sfr/assets/bootstrap/css/bootstrap.min.css?ver=1.1.0
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
public
date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
display
staticcontent_sol, orig_site_sol
x-middleton-response
200
x-ezoic-cdn
Hit ds;mm;650b71b881add8401fff4860a5acc39b;2-134878-165;61a9c987-74f7-4318-53ae-13653dddf55c
content-type
text/css
x-middleton-display
staticcontent_sol, orig_site_sol
cache-control
public, max-age=31536000
x-ez-minify-css
0.26% 159098 / 159515
x-sol
orig
style.css
se-faire-rembourser.fr/wp-content/themes/sfr/
23 KB
23 KB
Image
General
Full URL
https://se-faire-rembourser.fr/wp-content/themes/sfr/style.css?ver=1.1.0
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/wp-content/themes/sfr/style.css?ver=1.1.0
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
public
date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
display
staticcontent_sol, orig_site_sol
x-middleton-response
200
x-ezoic-cdn
Hit ds;mm;d8e75313097ca4850cec9967751dc12c;2-134878-165;27579666-8659-4377-5304-defa403e7384
content-type
text/css
x-middleton-display
staticcontent_sol, orig_site_sol
cache-control
public, max-age=31536000
x-ez-minify-css
33.33% 23506 / 35257
x-sol
orig
header.css
se-faire-rembourser.fr/wp-content/themes/sfr/assets/css/
9 KB
9 KB
Image
General
Full URL
https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/css/header.css?ver=1.1.0
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/wp-content/themes/sfr/assets/css/header.css?ver=1.1.0
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
x-sol
orig
display
staticcontent_sol, orig_site_sol
x-ezoic-cdn
Hit ds;mm;80d330d20e729f50dee88484c569167b;2-134878-165;90d8fef5-92a8-4ffe-5d10-ac00a1e88393
x-middleton-display
staticcontent_sol, orig_site_sol
x-middleton-response
200
content-length
2122
pragma
public
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
x-ez-minify-css
24.55% 9453 / 12528
content-type
text/css
cache-control
public, max-age=31536000
content.css
se-faire-rembourser.fr/wp-content/themes/sfr/assets/css/
8 KB
8 KB
Image
General
Full URL
https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/css/content.css?ver=1.1.0
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/wp-content/themes/sfr/assets/css/content.css?ver=1.1.0
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
x-sol
orig
display
staticcontent_sol, orig_site_sol
x-ezoic-cdn
Hit ds;mm;08e12374e8c74192f39b4c9295959ecf;2-134878-165;3469e6c8-8679-4d4a-6bdb-2d575e663924
x-middleton-display
staticcontent_sol, orig_site_sol
x-middleton-response
200
content-length
2218
pragma
public
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
x-ez-minify-css
31.40% 8203 / 11958
content-type
text/css
cache-control
public, max-age=31536000
mrdev_faq.css
se-faire-rembourser.fr/wp-content/themes/sfr/assets/css/
493 B
493 B
Image
General
Full URL
https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/css/mrdev_faq.css?ver=5.7.2
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/wp-content/themes/sfr/assets/css/mrdev_faq.css?ver=5.7.2
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
x-sol
orig
display
staticcontent_sol, orig_site_sol
x-ezoic-cdn
Hit ds;mm;e318ae13401acf544563599e08a61f48;2-134878-165;3f46c7be-f120-4477-4c8a-07afafb71b70
x-middleton-display
staticcontent_sol, orig_site_sol
x-middleton-response
200
content-length
266
pragma
public
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
x-ez-minify-css
26.31% 493 / 669
content-type
text/css
cache-control
public, max-age=31536000
mrdev_toc.css
se-faire-rembourser.fr/wp-content/themes/sfr/assets/css/
3 KB
3 KB
Image
General
Full URL
https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/css/mrdev_toc.css?ver=1.1.0
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/wp-content/themes/sfr/assets/css/mrdev_toc.css?ver=1.1.0
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
x-sol
orig
display
staticcontent_sol, orig_site_sol
x-ezoic-cdn
Hit ds;mm;78ff73904c420bd272c80b900f363145;2-134878-165;20dfb12c-1452-4740-5511-ecafa2e18586
x-middleton-display
staticcontent_sol, orig_site_sol
x-middleton-response
200
content-length
956
pragma
public
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
x-ez-minify-css
24.27% 3242 / 4281
content-type
text/css
cache-control
public, max-age=31536000
ezosuigenerisc.js
g.ezoic.net/
0
54 B
Script
General
Full URL
https://g.ezoic.net/ezosuigenerisc.js?nogen=1
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
cache-control
max-age=300, private
server
nginx/1.16.0
content-length
0
vary
Accept-Encoding, Accept-Encoding
content-type
text/plain; charset=utf-8
analytics.js
www.google-analytics.com/
48 KB
19 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-102382503-1
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 09 Apr 2021 23:59:54 GMT
server
Golfe2
age
6032
date
Fri, 11 Jun 2021 21:53:54 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19569
expires
Fri, 11 Jun 2021 23:53:54 GMT
nmash.js
se-faire-rembourser.fr/porpoiseant/
33 KB
9 KB
Other
General
Full URL
https://se-faire-rembourser.fr/porpoiseant/nmash.js?v=19
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
0b9a8a3f27fa969797b4fbec0716dcacd5aaa38202277691d7baf41a540963fd

Request headers

:path
/porpoiseant/nmash.js?v=19
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
same-origin
accept
*/*
cache-control
no-cache
sec-fetch-dest
worker
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
etag
"854d-5c3cf8fc12640;5c3cf8fc12640-gzip"
vary
Accept-Encoding Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000, public
accept-ranges
bytes
x-robots-tag
noindex
greenoaks.gif
se-faire-rembourser.fr/detroitchicago/
0
104 B
XHR
General
Full URL
https://se-faire-rembourser.fr/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2ODQ5YThmYS01ZjY2LTQyMWItNzZjMy1lOWRlYzIxNmNjOWYiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNjg0OWE4ZmEtNWY2Ni00MjFiLTc2YzMtZTlkZWMyMTZjYzlmIiwiZG9tYWluX2lkIjoiMTM0ODc4IiwidF9lcG9jaCI6MTYyMzQ1NDQ2NSwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDYtMTIifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxIn0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjYifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV90YWciLCJ2YWwiOiJlbi1VUyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV9wcmltYXJ5X3N1YnRhZyIsInZhbCI6ImVuIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNjg0OWE4ZmEtNWY2Ni00MjFiLTc2YzMtZTlkZWMyMTZjYzlmIiwiZG9tYWluX2lkIjoiMTM0ODc4IiwidF9lcG9jaCI6MTYyMzQ1NDQ2NSwiZGF0YSI6W3sibmFtZSI6InVuaXZlcnNhbF91c2VyX2lkIiwidmFsIjoiMjUxYjQ4OGQ0MGRmNTNhZjgwMTAwODNhOGMzYjE1OWYifV19XQ==
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2ODQ5YThmYS01ZjY2LTQyMWItNzZjMy1lOWRlYzIxNmNjOWYiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNjg0OWE4ZmEtNWY2Ni00MjFiLTc2YzMtZTlkZWMyMTZjYzlmIiwiZG9tYWluX2lkIjoiMTM0ODc4IiwidF9lcG9jaCI6MTYyMzQ1NDQ2NSwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDYtMTIifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxIn0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjYifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV90YWciLCJ2YWwiOiJlbi1VUyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV9wcmltYXJ5X3N1YnRhZyIsInZhbCI6ImVuIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNjg0OWE4ZmEtNWY2Ni00MjFiLTc2YzMtZTlkZWMyMTZjYzlmIiwiZG9tYWluX2lkIjoiMTM0ODc4IiwidF9lcG9jaCI6MTYyMzQ1NDQ2NSwiZGF0YSI6W3sibmFtZSI6InVuaXZlcnNhbF91c2VyX2lkIiwidmFsIjoiMjUxYjQ4OGQ0MGRmNTNhZjgwMTAwODNhOGMzYjE1OWYifV19XQ==
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 10 Jun 2021 23:34:25 UTC
put.html
widgets.outbrain.com/nanoWidget/externals/cookie/ Frame DF28
416 B
799 B
Document
General
Full URL
https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-190.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
4f3b933077b738b503f7543ffc82fa0a061f0fe7d0ff1470865fde561a324bcc

Request headers

:method
GET
:authority
widgets.outbrain.com
:scheme
https
:path
/nanoWidget/externals/cookie/put.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://se-faire-rembourser.fr/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://se-faire-rembourser.fr/

Response headers

accept-ranges
bytes
content-type
text/html
etag
"c0311cf15c21ddda054005e92fad3f9e:1623046241.263845"
last-modified
Mon, 07 Jun 2021 05:48:59 GMT
server
AkamaiNetStorage
content-length
416
cache-control
max-age=345600
date
Fri, 11 Jun 2021 23:34:26 GMT
timing-allow-origin
* *
access-control-allow-credentials
false
access-control-allow-methods
GET,POST
access-control-allow-origin
*
set-cookie
akacd_widgets_routing=1623454466~rv=33~id=6661f3e4facf01ab006b1d627c150804; path=/; Expires=Fri, 11 Jun 2021 23:34:26 GMT; Secure; SameSite=None
c2UtZmFpcmUtcmVtYm91cnNlci5mcg==
tcheck.outbrainimg.com/tcheck/check/
16 B
464 B
XHR
General
Full URL
https://tcheck.outbrainimg.com/tcheck/check/c2UtZmFpcmUtcmVtYm91cnNlci5mcg==
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.18.232.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-232-28.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
929701ed632814943e3df803ddd9e3f179ccf889c0ad7b7f3392bd8d109b174f

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 11 Jun 2021 23:34:26 GMT
ETag
W/"10-us8lSJutAxKqLzf8c1+n5XstcwY"
Access-Control-Max-Age
43200
Access-Control-Allow-Methods
GET,POST
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=31828
Access-Control-Allow-Credentials
false
Connection
keep-alive
X-TraceId
ad057252d6621457afa09ecc5554b72b
Content-Length
16
Expires
Sat, 12 Jun 2021 08:24:54 GMT
px.gif
widget-pixels.outbrain.com/widget/detect/
43 B
452 B
Image
General
Full URL
https://widget-pixels.outbrain.com/widget/detect/px.gif?ch=1&rn=1.3064720968866708
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-190.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
last-modified
Wed, 30 Sep 2020 14:22:29 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1601475749.911431"
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=2592000
access-control-allow-credentials
false
accept-ranges
bytes
timing-allow-origin
*, *
content-length
43
expires
Sun, 11 Jul 2021 23:34:26 GMT
logo-se-faire-rembourser-white-350x111.png
se-faire-rembourser.fr/wp-content/uploads/2020/02/
10 KB
10 KB
Image
General
Full URL
https://se-faire-rembourser.fr/wp-content/uploads/2020/02/logo-se-faire-rembourser-white-350x111.png?ezimgfmt=ng:webp/ngcb145
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
c9053db3b244c7a3b93534429221550d6d1423e728c8c3b80ae186fb840614f1

Request headers

:path
/wp-content/uploads/2020/02/logo-se-faire-rembourser-white-350x111.png?ezimgfmt=ng:webp/ngcb145
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0; ezosuigeneris=251b488d40df53af8010083a8c3b159f
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
display
staticcontent_sol, staticcontent_sol
x-amzn-requestid
b1e534e8-6010-4c21-af18-46632083b4b5
x-ezoic-cdn
Hit ds;mm;47e37ae7dc30f68888d9857bb96806b3;2-134878-165;41a82538-ad0a-448d-5197-610b4c3ed64a
x-cache
Miss from cloudfront
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
x-amz-apigw-id
f5vJyGTkIAMF08g=
response
200
server
nginx/1.16.0
x-amzn-trace-id
Root=1-60ad5f0b-5ab0c37b0c0549ff3e13a219;Sampled=0
vary
Accept-Encoding User-Agent,Origin,Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
via
1.1 f1a0d076bd803c49a08dd5907cff82b0.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
CDG53-C1
access-control-allow-headers
Content-Type, Authorization
x-amz-cf-id
hSN07hoxwgOliyc7IMLIcVmpcHyx1Vo9sLIy5OlNOssq7m8C9lavNQ==
6564c39bef8d218dd7c45306d20e3a05-1024x682.jpg
se-faire-rembourser.fr/wp-content/uploads/2021/05/
281 KB
282 KB
Image
General
Full URL
https://se-faire-rembourser.fr/wp-content/uploads/2021/05/6564c39bef8d218dd7c45306d20e3a05-1024x682.jpg?ezimgfmt=ng:webp/ngcb145
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
6dff2d7c816efa9ec2f57e0ec117eae40221bf537ee7005378bb035f6c4ade33

Request headers

:path
/wp-content/uploads/2021/05/6564c39bef8d218dd7c45306d20e3a05-1024x682.jpg?ezimgfmt=ng:webp/ngcb145
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0; ezosuigeneris=251b488d40df53af8010083a8c3b159f
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
display
staticcontent_sol, staticcontent_sol
x-amzn-requestid
5335fffb-d319-47c8-9fef-c79955977def
x-ezoic-cdn
Hit ds;mm;6737841897167483edeceb08f83b562e;2-134878-165;fc42f44a-f6db-4458-42cd-9e13da8d9c35
x-cache
Miss from cloudfront
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
x-amz-apigw-id
f5vJxEN0oAMFlEw=
response
200
server
nginx/1.16.0
x-amzn-trace-id
Root=1-60ad5f0b-0a0adb9e647650893c357a92;Sampled=0
vary
Accept-Encoding User-Agent,Origin,Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
via
1.1 9f63706579db7391acaa39a0dddcff5e.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
CDG3-C2
access-control-allow-headers
Content-Type, Authorization
x-amz-cf-id
Pjs2amsMrFEuYp4fM3RsD1zv_UsRPxnAzJKnwqyL3bJ1xWaij06ZWQ==
config
c.amazon-adsystem.com/cdn/prod/
0
316 B
XHR
General
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=aa05931b-5308-4ea3-95a2-adf84f4ffde4&u=https%3A%2F%2Fse-faire-rembourser.fr%2F
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.5.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-5-125.vie50.r.cloudfront.net
Software
Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 11:22:23 GMT
via
1.1 dcb9765526b3272617b95932c8fefee2.cloudfront.net (CloudFront)
server
Server
age
43923
x-cache
Hit from cloudfront
access-control-allow-origin
https://se-faire-rembourser.fr
cache-control
max-age=86087, s-maxage=86400
access-control-allow-credentials
true
x-amz-cf-pop
VIE50-C2
x-amz-cf-id
bb63wDRvVH-6wyazxu05eD_wixJqAhzDVmpPt3F0ImX-fprWurPVMQ==
bid
c.amazon-adsystem.com/e/dtb/
145 B
527 B
XHR
General
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fse-faire-rembourser.fr%2F&pid=nqHx4jRNCuyYE&cb=0&ws=1600x1200&v=7.66.00&t=2000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F21732118914%2Fse_faire_rembourser_fr-medrectangle-2%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F21732118914%2Fse_faire_rembourser_fr-banner-1%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F21732118914%2Fse_faire_rembourser_fr-box-2%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22580x400%22%2C%22336x280%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F21732118914%2Fse_faire_rembourser_fr-box-4%22%7D%2C%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F21732118914%2Fse_faire_rembourser_fr-large-leaderboard-2%22%7D%5D&cfgv=0&schain=1.0%2C1!ezoic.ai%2C3933b40dce1e53516c6a8dc5af18362b%2C1%2C%2C%2C&pubid=aa05931b-5308-4ea3-95a2-adf84f4ffde4&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.5.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-5-125.vie50.r.cloudfront.net
Software
Server /
Resource Hash
4ba31f51e4f6c8f7cdb5c1a110f139f726b0c6c4795ad4c9cf2bcf93580d85ac

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
gzip
server
Server
x-amz-cf-pop
VIE50-C2
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://se-faire-rembourser.fr
access-control-allow-credentials
true
timing-allow-origin
*
content-length
145
via
1.1 dcb9765526b3272617b95932c8fefee2.cloudfront.net (CloudFront)
x-amz-cf-id
yBwcPIUY9KOlix5dKlpWuNuJecdo4VfiQ5pNm266KD0ERkOeZ_8v4A==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/
6 KB
3 KB
XHR
General
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.5.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-5-125.vie50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
eEYYOb32LZFr6yGAi8hXG4401uAIPew2
content-encoding
gzip
etag
W/"a4d296427fc806b21335359e398c025c"
age
42674
x-cache
Hit from cloudfront
access-control-max-age
3000
access-control-allow-origin
*
last-modified
Wed, 07 Apr 2021 05:49:36 GMT
server
AmazonS3
date
Fri, 11 Jun 2021 11:43:13 GMT
vary
Origin
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 5d650f4d20204610aaf075ff8f6494c7.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
VIE50-C2
x-amz-cf-id
Y3hJvuI0HQMScM5fdfknkEEXJKjCcq_HU4d6BDdZjmxUD5wGxPioVQ==
rules-p-31iz6hfFutd16.js
rules.quantcount.com/
3 B
428 B
Script
General
Full URL
https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:a600:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 18:24:17 GMT
via
1.1 444dde5644fa29b8d8dfac109693e2a2.cloudfront.net (CloudFront)
age
30236
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
3
last-modified
Sat, 04 Mar 2017 19:50:24 GMT
server
AmazonS3
etag
"8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-cf-pop
VIE50-C2
accept-ranges
bytes
x-amz-cf-id
VxY0m7OQ2_sg0njyUy3kx-w15_7z1NYJb90eRm1uUVt88uZz9QK5lA==
collect
www.google-analytics.com/j/
2 B
22 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1472409148&t=pageview&_s=1&dl=https%3A%2F%2Fse-faire-rembourser.fr%2F&ul=en-us&de=UTF-8&dt=Se%20Faire%20Rembourser%20%E2%80%93%20Le%20remboursement%20simple%20et%20facile%20!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=104374427&gjid=1159566633&cid=1439056393.1623454467&tid=UA-102382503-1&_gid=475314487.1623454467&_r=1&gtm=2ou690&z=351271743
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:26 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://se-faire-rembourser.fr
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
dwce_cheq_events
log.outbrainimg.com/loggerServices/
4 B
325 B
XHR
General
Full URL
https://log.outbrainimg.com/loggerServices/dwce_cheq_events?timestamp=1623454466616&sessionId=df9bda02-8d4a-3019-57e4-1d755ef142ea&url=se-faire-rembourser.fr&cheqSource=1&cheqEvent=0&exitReason=2
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.42.32.31 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:26 GMT
Access-Control-Allow-Methods
GET,POST
Content-Type
application/json; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
X-TraceId
cafe09ce76b7713041db153e24ebd74e
Content-Length
4
Expires
0
test.html
widgets.outbrain.com/nanoWidget/externals/cookie/ Frame DF28
610 B
992 B
Document
General
Full URL
https://widgets.outbrain.com/nanoWidget/externals/cookie/test.html
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-190.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
6139e1fc0d3709eebbe2b18510cf24361b9f8a538c3529a73c282bafe6c78474

Request headers

:method
GET
:authority
widgets.outbrain.com
:scheme
https
:path
/nanoWidget/externals/cookie/test.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
thirdparty=yes
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html

Response headers

accept-ranges
bytes
content-type
text/html
etag
"48053d50141031b1511dbd30f9a31288:1623046241.955832"
last-modified
Mon, 07 Jun 2021 05:48:59 GMT
server
AkamaiNetStorage
content-length
610
cache-control
max-age=345600
date
Fri, 11 Jun 2021 23:34:26 GMT
timing-allow-origin
* *
access-control-allow-credentials
false
access-control-allow-methods
GET,POST
access-control-allow-origin
*
set-cookie
akacd_widgets_routing=1623454466~rv=17~id=ec66816a9c611777b0847815efd073a1; path=/; Expires=Fri, 11 Jun 2021 23:34:26 GMT; Secure; SameSite=None
collect
stats.g.doubleclick.net/j/
4 B
93 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-102382503-1&cid=1439056393.1623454467&jid=104374427&gjid=1159566633&_gid=475314487.1623454467&_u=YEBAAUAAAAAAAC~&z=969800181
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c04::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 11 Jun 2021 23:34:26 GMT
content-type
text/plain
access-control-allow-origin
https://se-faire-rembourser.fr
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/
42 B
296 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-102382503-1&cid=1439056393.1623454467&jid=104374427&_u=YEBAAUAAAAAAAC~&z=757890468
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:26 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
107 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-102382503-1&cid=1439056393.1623454467&jid=104374427&_u=YEBAAUAAAAAAAC~&z=757890468
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:26 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel;r=2133456321;labels=Domain.se_faire_rembourser_fr%2CDomainId.134878;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fse-faire-rembourser.fr%2F;uht=2;fpan=1;fpa=P0-2059049300-1623454466672;pbcn=u;pbc=...
pixel.quantserve.com/
35 B
371 B
Image
General
Full URL
https://pixel.quantserve.com/pixel;r=2133456321;labels=Domain.se_faire_rembourser_fr%2CDomainId.134878;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fse-faire-rembourser.fr%2F;uht=2;fpan=1;fpa=P0-2059049300-1623454466672;pbcn=u;pbc=;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=0;ref=;d=se-faire-rembourser.fr;je=0;sr=1600x1200x24;dst=1;et=1623454466672;tzo=-120;ogl=
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:26 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
dark-bottom.css
se-faire-rembourser.fr/ezoic/styles/
3 KB
792 B
Stylesheet
General
Full URL
https://se-faire-rembourser.fr/ezoic/styles/dark-bottom.css
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/ezoic/cookieconsent.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3

Request headers

:path
/ezoic/styles/dark-bottom.css
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0; ezosuigeneris=251b488d40df53af8010083a8c3b159f; _ga=GA1.2.1439056393.1623454467; _gid=GA1.2.475314487.1623454467; _gat_gtag_UA_102382503_1=1; __qca=P0-2059049300-1623454466672
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
etag
"bd7-5c3cf8fc12640-gzip"
vary
Accept-Encoding Accept-Encoding
content-type
text/css
cache-control
max-age=31536000, public
accept-ranges
bytes
x-robots-tag
noindex
content-length
725
056bb7ad908bd2fd9f1f00cc66314d42-520x347.jpg
se-faire-rembourser.fr/wp-content/uploads/2021/04/
19 KB
19 KB
Image
General
Full URL
https://se-faire-rembourser.fr/wp-content/uploads/2021/04/056bb7ad908bd2fd9f1f00cc66314d42-520x347.jpg?ezimgfmt=ng:webp/ngcb145
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e086f284556d6286cf162686877537a9e922f313304b3d8a324bff7b613e6ed2

Request headers

:path
/wp-content/uploads/2021/04/056bb7ad908bd2fd9f1f00cc66314d42-520x347.jpg?ezimgfmt=ng:webp/ngcb145
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0; ezosuigeneris=251b488d40df53af8010083a8c3b159f; _ga=GA1.2.1439056393.1623454467; _gid=GA1.2.475314487.1623454467; _gat_gtag_UA_102382503_1=1; __qca=P0-2059049300-1623454466672; ezux_lpl_134878=1623454466701|6849a8fa-5f66-421b-76c3-e9dec216cc9f|false
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
display
staticcontent_sol, staticcontent_sol
x-amzn-requestid
a4088cf4-c9c2-4c4a-bff4-9a51d42cf2c6
x-ezoic-cdn
Hit ds;mm;f0b454d916de9275c59518d92d6cd5e1;2-134878-165;6540f7cd-3606-42c0-500e-a604c32a330d
x-cache
Miss from cloudfront
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
x-amz-apigw-id
f7NOEEa2IAMFfDQ=
response
200
server
nginx/1.16.0
x-amzn-trace-id
Root=1-60adf58d-4945aad101bef43032cd26a6;Sampled=0
vary
Accept-Encoding User-Agent,Origin,Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
via
1.1 e075180747b4645a70b98f1d8e4d8896.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
CDG3-C2
access-control-allow-headers
Content-Type, Authorization
x-amz-cf-id
_de3jPBH7tevu4nchibdUHmPld3a-OHg8Dh_jdSiCvU1BPX8OfSJhw==
Difference-pharmacie-en-ligne-et-traditionnelle-1024x580.jpg
se-faire-rembourser.fr/wp-content/uploads/2021/03/
34 KB
35 KB
Image
General
Full URL
https://se-faire-rembourser.fr/wp-content/uploads/2021/03/Difference-pharmacie-en-ligne-et-traditionnelle-1024x580.jpg?ezimgfmt=ng:webp/ngcb145
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
5d560d67b972586c63b6bc1da8dd95c04d7e02c02588a12f452c32fd47f4a92d

Request headers

:path
/wp-content/uploads/2021/03/Difference-pharmacie-en-ligne-et-traditionnelle-1024x580.jpg?ezimgfmt=ng:webp/ngcb145
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0; ezosuigeneris=251b488d40df53af8010083a8c3b159f; _ga=GA1.2.1439056393.1623454467; _gid=GA1.2.475314487.1623454467; _gat_gtag_UA_102382503_1=1; __qca=P0-2059049300-1623454466672; ezux_lpl_134878=1623454466701|6849a8fa-5f66-421b-76c3-e9dec216cc9f|false
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
br
display
staticcontent_sol, staticcontent_sol
x-amzn-requestid
f37d8838-7513-4fb2-b805-f784400d56fa
x-ezoic-cdn
Hit ds;mm;16957fbe2cdde224179042ea5237383c;2-134878-165;478da530-f6ee-4b75-6f76-9d6c1f3e19ae
x-cache
Miss from cloudfront
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
x-amz-apigw-id
f5g9JFcmIAMFz2w=
response
200
server
nginx/1.16.0
x-amzn-trace-id
Root=1-60ad4854-4490825a2ab992f73b4378a8;Sampled=0
vary
Accept-Encoding User-Agent,Origin,Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
via
1.1 e1228fe256c8bfaa20fd0e879d865614.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
CDG53-C1
access-control-allow-headers
Content-Type, Authorization
x-amz-cf-id
JFdGfRnQG0MbCpNFeqZhpWD8aZuKDr5CRQl0ke1af0lhLjnn3P5b1w==
platforms
odb.outbrain.com/utils/
35 KB
14 KB
Script
General
Full URL
https://odb.outbrain.com/utils/platforms?contentUrl=https%3A%2F%2Fse-faire-rembourser.fr%2F&srcUrl=https%3A%2F%2Fse-faire-rembourser.fr%2Fle-remboursement-simple-et-facile%2Ffeed%2F&idx=0&rand=76963&key=EZOICL9MFJN21JB32NFBE7ODP&widgetJSId=AR_1&va=true&et=true&format=html&pdobuid=-1&adblck=false&abwl=false&extid=134878_1_136_100x480&px=0&py=4079&vpd=2879&cw=1600&settings=true&recs=true&version=2000370&sig=KMQVRRkr&apv=false&osLang=en-US&winW=1600&winH=1200&scrW=1600&scrH=1200&dpr=1&secured=true&cmpStat=0&ccpa=1---&ccpaStat=1&wdr-natlaz=true
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.14.132 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b24ca5b9d1ba68246c4b1b3e6b69f4e909ef92e70b3309ef3de5bb63dcbc68d6

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
content-encoding
gzip
traffic-path
CHIDC2, MDW, FRA, Europe2
x-cache
MISS, MISS
p3p
policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
backend-ip
157.52.75.22
x-cache-hits
0, 0
x-traceid
667305235304645292e2c2a54d5cbef5
content-length
13624
x-served-by
cache-mdw17322-MDW, cache-fra19123-FRA
pragma
no-cache
x-timer
S1623454467.874780,VS0,VE255
vary
Accept-Encoding, User-Agent
content-type
text/javascript; charset=UTF-8
via
1.1 varnish, 1.1 varnish
cache-control
no-cache
accept-ranges
bytes
expires
Thu, 01 Jan 1970 00:00:00 GMT
Cookie set iu3
aax-eu.amazon-adsystem.com/s/ Frame 9799
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-index_pm-db5_rx_cnv_an-db5_sovrn_3lift
  • https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-index_pm-db5_rx_cnv_an-db5_sovrn_3lift&dcc=t
267 B
949 B
Document
General
Full URL
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-index_pm-db5_rx_cnv_an-db5_sovrn_3lift&dcc=t
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.123.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
656396bf1faf1ae0a1f5edbbe80900ed5b6f04123ddc8376516dd5d842d4abd7

Request headers

Host
aax-eu.amazon-adsystem.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://se-faire-rembourser.fr/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
ad-id=A0XCLerV_06pp6qjnqutz0I|t
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://se-faire-rembourser.fr/

Response headers

Server
Server
Date
Fri, 11 Jun 2021 23:34:27 GMT
Content-Type
text/html;charset=ISO-8859-1
Content-Length
212
Connection
keep-alive
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Set-Cookie
ad-id=A0XCLerV_06pp6qjnqutz0I; Domain=.amazon-adsystem.com; Expires=Sat, 01-Jan-2022 23:34:26 GMT; Path=/; Secure; HttpOnly; SameSite=None ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Wed, 01-Jul-2026 23:34:27 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip

Redirect headers

Server
Server
Date
Fri, 11 Jun 2021 23:34:26 GMT
Content-Length
0
Connection
keep-alive
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-index_pm-db5_rx_cnv_an-db5_sovrn_3lift&dcc=t
Set-Cookie
ad-id=A0XCLerV_06pp6qjnqutz0I|t; Domain=.amazon-adsystem.com; Expires=Sat, 01-Jan-2022 23:34:26 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary
User-Agent
integrator.js
adservice.google.ch/adsid/
107 B
853 B
Script
General
Full URL
https://adservice.google.ch/adsid/integrator.js?domain=se-faire-rembourser.fr
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
570 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=se-faire-rembourser.fr
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Jun 2021 23:34:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
476 B
290 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3443079428757219&correlator=4028377176398119&output=ldjh&impl=fifs&eid=31060979%2C31061040%2C31061279%2C31061289%2C31061361%2C31061428%2C31061030%2C31061165%2C44744015&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210611&iu_parts=21732118914%2Cse_faire_rembourser_fr-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x250%7C370x320%7C410x340%7C430x410&prev_scp=a%3D%257C2%257C%26iid16%3D1569149%26iit%3D8%26t%3D134%26d%3D134878%26t1%3D134%26pvc%3D0%26ap%3D1121%26sap%3D1121%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D5302779%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dse_faire_rembourser_fr-box-2-1569149%26eb_br%3Dcce43b634ca6fe368c77e70edfe1459b%26eba%3D1%26ebss%3D10017%2C10082%2C10015%2C11304%2C11307%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26acptad%3D1%26br1%3D1900%26br2%3D240%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D86%2C168%2C28%2C4%2C96%2C122%2C93%2C20%2C26%2C30%2C143%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919%26ax_ssid%3D10082%26amznbid%3D2%26amznsz%3D0x0%26amznp%3D2&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623454466&dt=1623454466954&dlt=1623454466122&idt=460&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=484&adks=1834618358&ucis=1&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fse-faire-rembourser.fr%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1270x250&msz=970x250&ga_vid=1439056393.1623454467&ga_sid=1623454467&ga_hid=1472409148&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
3433b6db1158015ce9ef5d91039f3196551648c6838fb32a48cabb6f41d85943
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
260
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://se-faire-rembourser.fr
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/
0
0
Other
General
Full URL
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

integrator.js
adservice.google.ch/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.ch/adsid/integrator.js?domain=se-faire-rembourser.fr
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Jun 2021 23:34:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=se-faire-rembourser.fr
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Jun 2021 23:34:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
484 B
297 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3443079428757219&correlator=525169343157913&output=ldjh&impl=fifs&eid=31060979%2C31061040%2C31061279%2C31061289%2C31061361%2C31061428%2C31061030%2C31061165%2C44744015&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210611&iu_parts=21732118914%2Cse_faire_rembourser_fr-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C370x320%7C430x350%7C410x410&prev_scp=a%3D%257C5%257C%26iid16%3D1578748%26iit%3D9%26t%3D134%26d%3D134878%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D5302779%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dse_faire_rembourser_fr-medrectangle-2-1578748%26eb_br%3Da8fc62cdaaad9ea4ba6561072b1d55b9%26eba%3D1%26ebss%3D10017%2C10082%2C10015%2C11304%2C11307%26bv%3D23%26bvm%3D0%26bvr%3D3%26shp%3D1%26br1%3D2100%26br2%3D1300%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C14%2C120%2C67%2C51%2C122%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919%26ax_ssid%3D10082%26amznbid%3D2%26amznsz%3D0x0%26amznp%3D2&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623454467&dt=1623454467031&dlt=1623454466122&idt=460&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=1108&adks=420182401&ucis=2&ifi=2&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fse-faire-rembourser.fr%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x-1&msz=728x-1&ga_vid=1439056393.1623454467&ga_sid=1623454467&ga_hid=1472409148&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
ad65333bd9edd4f2e678dc530ee0d59818c2cc20fcb869b775c24d3abd7cfadc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
267
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://se-faire-rembourser.fr
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pr
aax-eu.amazon-adsystem.com/s/v3/ Frame AC7A
2 KB
945 B
Document
General
Full URL
https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rx_cnv_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-index_pm-db5_rx_cnv_an-db5_sovrn_3lift&dcc=t
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.123.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
6b5117f0b1a89b322a53d03ed18ceb8abf23cd0723a9339b94e6b860fe8a994e

Request headers

Host
aax-eu.amazon-adsystem.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-index_pm-db5_rx_cnv_an-db5_sovrn_3lift&dcc=t
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
ad-id=A0XCLerV_06pp6qjnqutz0I; ad-privacy=0
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-index_pm-db5_rx_cnv_an-db5_sovrn_3lift&dcc=t

Response headers

Server
Server
Date
Fri, 11 Jun 2021 23:34:27 GMT
Content-Type
text/html;charset=ISO-8859-1
Content-Length
584
Connection
keep-alive
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
test.html
widgets.outbrain.com/nanoWidget/externals/obUserFrame/ Frame 640F
2 KB
1 KB
Document
General
Full URL
https://widgets.outbrain.com/nanoWidget/externals/obUserFrame/test.html?lsd=c93ec685-b0c7-4730-928b-9c895fae57a0
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-190.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
45f0f27fb78191006375051ee3046fae3105b652d11680432511cba61b32c330

Request headers

:method
GET
:authority
widgets.outbrain.com
:scheme
https
:path
/nanoWidget/externals/obUserFrame/test.html?lsd=c93ec685-b0c7-4730-928b-9c895fae57a0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://se-faire-rembourser.fr/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
obuid=c93ec685-b0c7-4730-928b-9c895fae57a0; recs_a41ca5cdc69b4a388e601cea2e091d32=0B2197219584A3021007003A3404024849A3460137548A2301636376A2741034227ACD1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://se-faire-rembourser.fr/

Response headers

accept-ranges
bytes
content-type
text/html
etag
"1e015194a0e596827cb8971f884eb43c:1623046244.267514"
last-modified
Mon, 07 Jun 2021 05:48:59 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=345600
date
Fri, 11 Jun 2021 23:34:27 GMT
content-length
686
timing-allow-origin
* *
access-control-allow-credentials
false
access-control-allow-methods
GET,POST
access-control-allow-origin
*
set-cookie
akacd_widgets_routing=1623454467~rv=57~id=f9d4ce08ace743262aab90de8d00467d; path=/; Expires=Fri, 11 Jun 2021 23:34:27 GMT; Secure; SameSite=None
obPixelFrame.htm
widgets.outbrain.com/nanoWidget/externals/obPixelFrame/ Frame CADE
361 B
740 B
Document
General
Full URL
https://widgets.outbrain.com/nanoWidget/externals/obPixelFrame/obPixelFrame.htm
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-190.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
85c97bdbfb0fab332e4c93c18caf25e12989e5347597d02c1099773755907a30

Request headers

:method
GET
:authority
widgets.outbrain.com
:scheme
https
:path
/nanoWidget/externals/obPixelFrame/obPixelFrame.htm
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://se-faire-rembourser.fr/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
obuid=c93ec685-b0c7-4730-928b-9c895fae57a0; recs_a41ca5cdc69b4a388e601cea2e091d32=0B2197219584A3021007003A3404024849A3460137548A2301636376A2741034227ACD1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://se-faire-rembourser.fr/

Response headers

accept-ranges
bytes
content-type
text/html
etag
"06266b158cc1a0b89268d5a7103a27c4:1503211501"
last-modified
Sun, 20 Aug 2017 06:45:01 GMT
server
AkamaiNetStorage
content-length
361
cache-control
max-age=345600
date
Fri, 11 Jun 2021 23:34:27 GMT
timing-allow-origin
* *
access-control-allow-credentials
false
access-control-allow-methods
GET,POST
access-control-allow-origin
*
set-cookie
akacd_widgets_routing=1623454467~rv=79~id=9943aa174732cb9bbd36e6771d1dbb41; path=/; Expires=Fri, 11 Jun 2021 23:34:27 GMT; Secure; SameSite=None
obPixelFrame.htm
widgets.outbrain.com/nanoWidget/externals/obPixelFrame/ Frame B9AC
361 B
739 B
Document
General
Full URL
https://widgets.outbrain.com/nanoWidget/externals/obPixelFrame/obPixelFrame.htm
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-190.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
85c97bdbfb0fab332e4c93c18caf25e12989e5347597d02c1099773755907a30

Request headers

:method
GET
:authority
widgets.outbrain.com
:scheme
https
:path
/nanoWidget/externals/obPixelFrame/obPixelFrame.htm
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://se-faire-rembourser.fr/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
obuid=c93ec685-b0c7-4730-928b-9c895fae57a0; recs_a41ca5cdc69b4a388e601cea2e091d32=0B2197219584A3021007003A3404024849A3460137548A2301636376A2741034227ACD1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://se-faire-rembourser.fr/

Response headers

accept-ranges
bytes
content-type
text/html
etag
"06266b158cc1a0b89268d5a7103a27c4:1503211501"
last-modified
Sun, 20 Aug 2017 06:45:01 GMT
server
AkamaiNetStorage
content-length
361
cache-control
max-age=345600
date
Fri, 11 Jun 2021 23:34:27 GMT
timing-allow-origin
* *
access-control-allow-credentials
false
access-control-allow-methods
GET,POST
access-control-allow-origin
*
set-cookie
akacd_widgets_routing=1623454467~rv=1~id=140990663704ff835f7c4be1d0ef5af7; path=/; Expires=Fri, 11 Jun 2021 23:34:27 GMT; Secure; SameSite=None
ob_logo_67x12.png
widgets.outbrain.com/images/widgetIcons/
2 KB
3 KB
Image
General
Full URL
https://widgets.outbrain.com/images/widgetIcons/ob_logo_67x12.png
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-190.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
487aec7746a83542b3573383df65747e31c494d8412103b5675329f3d4befaeb

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
last-modified
Wed, 17 Feb 2021 13:51:00 GMT
server
AkamaiNetStorage
etag
"c52b07e749f7a09fa7b97b7e195e06ce:1613570897.992119"
access-control-allow-methods
GET,POST
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
access-control-allow-credentials
false
accept-ranges
bytes
timing-allow-origin
*, *
content-length
2326
expires
Sun, 11 Jul 2021 23:34:27 GMT
achoice.svg
widgets.outbrain.com/images/widgetIcons/
3 KB
3 KB
Image
General
Full URL
https://widgets.outbrain.com/images/widgetIcons/achoice.svg
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-190.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
last-modified
Wed, 17 Feb 2021 13:51:00 GMT
server
AkamaiNetStorage
etag
"9d26fa4e7238ed94f1d0d92afb453b3e:1613570879.822144"
access-control-allow-methods
GET,POST
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=2592000
access-control-allow-credentials
false
accept-ranges
bytes
timing-allow-origin
*, *
content-length
2735
expires
Sun, 11 Jul 2021 23:34:27 GMT
l
mcdp-chidc2.outbrain.com/
2 B
292 B
Fetch
General
Full URL
https://mcdp-chidc2.outbrain.com/l?token=e97fd10c27e7c9600c84edbfac10c2e1_6420_1623454467061&tm=638&eT=0&widgetWidth=1600&widgetHeight=1087&widgetX=0&widgetY=4079&tpcs=0&wRV=2000370&pVis=1&lsd=c93ec685-b0c7-4730-928b-9c895fae57a0&eIdx=&ccpa=1---&cheq=0&ab=0&wl=0
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
50.31.142.191 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
chi.outbrain.com
Software
/
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
Date
Fri, 11 Jun 2021 23:34:27 GMT
content-encoding
gzip
X-TraceId
bf56cf378920ef9baa47d326e161dca9
Content-Type
text/plain; charset=UTF-8
Content-Length
28
access-control-expose-headers
content-range
obUserSync.html
widgets.outbrain.com/widgetOBUserSync/ Frame C92C
16 KB
6 KB
Document
General
Full URL
https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-190.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
52b5c48a40fa3855f3b617ae95be55fecc1c5b487cef0f83d1dcd83f93b706fc

Request headers

:method
GET
:authority
widgets.outbrain.com
:scheme
https
:path
/widgetOBUserSync/obUserSync.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://se-faire-rembourser.fr/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
obuid=c93ec685-b0c7-4730-928b-9c895fae57a0; recs_a41ca5cdc69b4a388e601cea2e091d32=0B2197219584A3021007003A3404024849A3460137548A2301636376A2741034227ACD1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://se-faire-rembourser.fr/

Response headers

accept-ranges
bytes
content-type
text/html
etag
"097e16da5d53acac1e9c5865ffdadd67:1623068428.808474"
last-modified
Mon, 07 Jun 2021 12:15:24 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=86400
expires
Sat, 12 Jun 2021 23:34:27 GMT
date
Fri, 11 Jun 2021 23:34:27 GMT
content-length
5464
timing-allow-origin
* *
access-control-allow-credentials
false
access-control-allow-methods
GET,POST
access-control-allow-origin
*
set-cookie
akacd_widgets_routing=1623454467~rv=98~id=0588b4cd36c03a038aae8060ac4f037b; path=/; Expires=Fri, 11 Jun 2021 23:34:27 GMT; Secure; SameSite=None
eyJpdSI6IjI4ZjViZjNmOGI0Y2VlYTI4MDVhMjFiZTk4ZjY2YTc0NmQ5N2E1ZGE3MzVjNmYxZTZlNTAyOTFlYTMyY2VhYTkiLCJ3IjoyNzUsImgiOjI3NSwiZCI6Mi4wLCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/
44 KB
44 KB
Image
General
Full URL
https://images.outbrainimg.com/transform/v3/eyJpdSI6IjI4ZjViZjNmOGI0Y2VlYTI4MDVhMjFiZTk4ZjY2YTc0NmQ5N2E1ZGE3MzVjNmYxZTZlNTAyOTFlYTMyY2VhYTkiLCJ3IjoyNzUsImgiOjI3NSwiZCI6Mi4wLCJjcyI6MCwiZiI6NH0.webp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.232.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-232-28.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6c07d0904da869e15cd89798555805ecb7b121666e080eb5e57d4c1007dc5a21

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
cache-control
max-age=2365379
last-modified
Sat, 22 May 2021 01:46:19 GMT
x-traceid
8efdafa6fdc9d206cec1ec6762b8d539
timing-allow-origin
*
content-length
45078
content-type
image/webp
eyJpdSI6IjQ2NjY4MjNlYjJkMzdjYzVlOTBlOWE3NjRmMTEzMzcxODZmNjY3NzM3ODY4YmUwYmVlNDdkYWVhYTViN2YzODUiLCJ3IjoyNzUsImgiOjI3NSwiZCI6Mi4wLCJjaCI6MTcwMDEzOTk3MCwiY3MiOjAsImYiOjR9.webp
images.outbrainimg.com/transform/v3/
157 KB
157 KB
Image
General
Full URL
https://images.outbrainimg.com/transform/v3/eyJpdSI6IjQ2NjY4MjNlYjJkMzdjYzVlOTBlOWE3NjRmMTEzMzcxODZmNjY3NzM3ODY4YmUwYmVlNDdkYWVhYTViN2YzODUiLCJ3IjoyNzUsImgiOjI3NSwiZCI6Mi4wLCJjaCI6MTcwMDEzOTk3MCwiY3MiOjAsImYiOjR9.webp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.232.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-232-28.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c613237b21cb0f306bfa65c59cc4e0ed8c2fe5396e13739a4c60ab522b757cbc

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
cache-control
max-age=2175131
last-modified
Mon, 07 Jun 2021 07:57:04 GMT
x-traceid
6774198de4a23f325280644a6248a23d
timing-allow-origin
*
content-length
160448
content-type
image/webp
eyJpdSI6IjZmZDljMWI5OWFlOGZjNDdlZjA1N2U1MDEyMTg5MmEzMWU3Y2NlYjEwMzE2MTkxZTZlNGViZWI5NTRlMTY0NWQiLCJ3IjoyNzUsImgiOjI3NSwiZCI6Mi4wLCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/
30 KB
30 KB
Image
General
Full URL
https://images.outbrainimg.com/transform/v3/eyJpdSI6IjZmZDljMWI5OWFlOGZjNDdlZjA1N2U1MDEyMTg5MmEzMWU3Y2NlYjEwMzE2MTkxZTZlNGViZWI5NTRlMTY0NWQiLCJ3IjoyNzUsImgiOjI3NSwiZCI6Mi4wLCJjcyI6MCwiZiI6NH0.webp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.232.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-232-28.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
57852b0873517fb9167b9dbebf33a5fdf422689b02e7e8f56a46d2e689d384ad

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
cache-control
max-age=638657
last-modified
Fri, 07 May 2021 07:39:52 GMT
x-traceid
5ffbdf712e1e7d341224a012664b3182
timing-allow-origin
*
content-length
30624
content-type
image/webp
obPixelFrame.js
widgets.outbrain.com/nanoWidget/externals/obPixelFrame/ Frame CADE
2 KB
1 KB
Script
General
Full URL
https://widgets.outbrain.com/nanoWidget/externals/obPixelFrame/obPixelFrame.js
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/nanoWidget/externals/obPixelFrame/obPixelFrame.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-190.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
adab1e55d321a65d4cc1abde330164c08c91229115cedb201979279136212941

Request headers

Referer
https://widgets.outbrain.com/nanoWidget/externals/obPixelFrame/obPixelFrame.htm
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
content-encoding
gzip
last-modified
Mon, 07 Jun 2021 05:48:59 GMT
server
AkamaiNetStorage
etag
"334ff8070b2bf55584902b19bda82fb2:1623046243.591635"
vary
Accept-Encoding
access-control-allow-methods
GET,POST
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=345600
access-control-allow-credentials
false
accept-ranges
bytes
timing-allow-origin
*, *
content-length
777
obPixelFrame.js
widgets.outbrain.com/nanoWidget/externals/obPixelFrame/ Frame B9AC
2 KB
1 KB
Script
General
Full URL
https://widgets.outbrain.com/nanoWidget/externals/obPixelFrame/obPixelFrame.js
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/nanoWidget/externals/obPixelFrame/obPixelFrame.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-190.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
adab1e55d321a65d4cc1abde330164c08c91229115cedb201979279136212941

Request headers

Referer
https://widgets.outbrain.com/nanoWidget/externals/obPixelFrame/obPixelFrame.htm
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
content-encoding
gzip
last-modified
Mon, 07 Jun 2021 05:48:59 GMT
server
AkamaiNetStorage
etag
"334ff8070b2bf55584902b19bda82fb2:1623046243.591635"
vary
Accept-Encoding
access-control-allow-methods
GET,POST
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=345600
access-control-allow-credentials
false
accept-ranges
bytes
timing-allow-origin
*, *
content-length
777
Pug
simage2.pubmatic.com/AdServer/ Frame AC7A
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?sub=amazon&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%5BRX_UUID%5D%26ex%3Drhythmone.com
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2047477351
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2047477351
  • https://sync.1rx.io/usersync/tradedesk/77b35e64-c047-4bd2-9143-c67bec6afe36
  • https://sync.targeting.unrulymedia.com/csync/RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003
42 B
112 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rx_cnv_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug011:0:326
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003
date
Fri, 11 Jun 2021 23:34:27 GMT
server
Tengine
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RXbdc9c5d6382f4dad9141e47cce667a1d003
content-type
text/html
amzns2s
rtb.gumgum.com/usync/ Frame 3459
4 KB
2 KB
Document
General
Full URL
https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rx_cnv_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-122-11.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
da92b08380e932adf6572bc6fbf5e33e672e50622492206155c0520cc5ff70ca

Request headers

:method
GET
:authority
rtb.gumgum.com
:scheme
https
:path
/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
content-type
text/html;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
set-cookie
vst=e_0e9b6ab9-4333-4854-b441-70524bb09764; Domain=.gumgum.com; Expires=Sat, 11-Jun-2022 23:34:27 GMT; Path=/; Secure; SameSite=None
etag
W/"02d3e8266ea01c7167e00165e00ba0f9c"
timing-allow-origin
*
content-encoding
gzip
Cookie set usermatch
ssum-sec.casalemedia.com/ Frame 0A7E
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
2 KB
3 KB
Document
General
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rx_cnv_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b39bd8f8c3673f54c3b0a7596e7a1292fe5874784fea04a2ee07f0db7fa2c47f

Request headers

Host
ssum-sec.casalemedia.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
CMID=YMPzA1V6Z1bsuLCxWCmx9QAA; CMPS=3206
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
39|230|241|45|195|111|13|73
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Content-Length
1925
Expires
Fri, 11 Jun 2021 23:34:27 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:27 GMT
Connection
keep-alive
Set-Cookie
CMID=YMPzA1V6Z1bsuLCxWCmx9QAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 11 Jun 2022 23:34:27 GMT CMPS=3206;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 09 Sep 2021 23:34:27 GMT CMPRO=1154;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 09 Sep 2021 23:34:27 GMT CMST=YMPzA2DD8wMA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 12 Jun 2021 23:34:27 GMT CMRUM3=f160c3f30305a0&e660c3f3032760&6f60c3f30305a0&2d60c3f30305a0&c360c3f30305a00&0d60c3f30305a0&4960c3f30305a0&2760c3f3030b40;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 11 Jun 2022 23:34:27 GMT

Redirect headers

Server
Apache
Content-Length
333
Content-Type
text/html; charset=iso-8859-1
Location
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires
Fri, 11 Jun 2021 23:34:27 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:27 GMT
Connection
keep-alive
Set-Cookie
CMID=YMPzA1V6Z1bsuLCxWCmx9QAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 11 Jun 2022 23:34:27 GMT CMPS=3206;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 09 Sep 2021 23:34:27 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 4995
8 KB
3 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rx_cnv_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
adeacac4167dc188f54213893f0444ea5d60995143ad0552dcb4c383199a740b

Request headers

:method
GET
:authority
ads.pubmatic.com
:scheme
https
:path
/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

last-modified
Tue, 01 Jun 2021 06:44:25 GMT
etag
"1300708-2080-5c3aeac410031"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
2586
content-type
text/html; charset=UTF-8
cache-control
max-age=26449
expires
Sat, 12 Jun 2021 06:55:16 GMT
date
Fri, 11 Jun 2021 23:34:27 GMT
vary
Accept-Encoding
current
amazon-tam-match.dotomi.com/match/bounce/ Frame 47A3
0
0
Document
General
Full URL
https://amazon-tam-match.dotomi.com/match/bounce/current?networkId=31082&version=1&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcnv.com%26id%3D
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rx_cnv_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:13::1400 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

:method
GET
:authority
amazon-tam-match.dotomi.com
:scheme
https
:path
/match/bounce/current?networkId=31082&version=1&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcnv.com%26id%3D
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server
nginx
date
Fri, 11 Jun 2021 23:34:27 GMT
cache-control
no-cache, private, max-age=0, no-store
expires
0
pragma
no-cache
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 47BE
Redirect Chain
  • https://ib.adnxs.com/getuid?https://aax-eu.amazon-adsystem.com/s/ecm3?id=$UID&ex=appnexus.com
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID%26ex%3Dappnexus.com
  • https://aax-eu.amazon-adsystem.com/s/ecm3?id=2704169103602060831&ex=appnexus.com
43 B
344 B
Document
General
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?id=2704169103602060831&ex=appnexus.com
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rx_cnv_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.123.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Host
aax-eu.amazon-adsystem.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
ad-id=A0XCLerV_06pp6qjnqutz0I; ad-privacy=0
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
Server
Date
Fri, 11 Jun 2021 23:34:27 GMT
Content-Type
image/gif
Content-Length
43
Connection
keep-alive
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Vary
User-Agent

Redirect headers

Server
nginx/1.17.9
Date
Fri, 11 Jun 2021 23:34:27 GMT
Content-Type
text/html; charset=utf-8
Content-Length
0
Connection
keep-alive
Cache-Control
no-store, no-cache, private
Pragma
no-cache
Expires
Sat, 15 Nov 2008 16:00:00 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection
0
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Location
https://aax-eu.amazon-adsystem.com/s/ecm3?id=2704169103602060831&ex=appnexus.com
AN-X-Request-Uuid
559a3365-897e-4e27-9671-658048156c27
Set-Cookie
uuid2=2704169103602060831; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 09-Sep-2021 23:34:27 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin
185.156.175.116; 185.156.175.116; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.78:80
Cookie set amazon
ap.lijit.com/beacon/ Frame FE27
Redirect Chain
  • https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com
  • https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
1 KB
1 KB
Document
General
Full URL
https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rx_cnv_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
f7a25d07b76eab3ec392ad029257047179f43b83ea253229a8c1ba7e5bdf000a

Request headers

Host
ap.lijit.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
ljt_reader=dd5cd04597cc0072cafd5326
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
nginx
Date
Fri, 11 Jun 2021 23:34:27 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Vary
Accept-Encoding
Expires
Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie
ljtrtbexp=eJyrVjI0U7IyNDMyMTMzMTAz11EyQuVaGKPxTdCUQ7Qbm1iam5mZ1wIAigUQMg%3D%3D;Path=/;Domain=.lijit.com;Expires=Sat, 11-Jun-2022 23:34:27 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=dd5cd04597cc0072cafd5326;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma
no-cache
P3P
CP="CUR ADM OUR NOR STA NID"
X-Powered-By
raptor
Content-Encoding
gzip
X-Sovrn-Pod
ad_ap2ams1

Redirect headers

Server
nginx
Date
Fri, 11 Jun 2021 23:34:27 GMT
Content-Length
0
Set-Cookie
ljt_reader=dd5cd04597cc0072cafd5326;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None
Expires
Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma
no-cache
P3P
CP="CUR ADM OUR NOR STA NID"
Location
https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap2ams1
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 6753
Redirect Chain
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
  • https://eb2.3lift.com/getuid?ld=1&gdpr=1&cmp_cs=&us_privacy=&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=15712933166483665968
43 B
344 B
Document
General
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=15712933166483665968
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rx_cnv_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.123.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Host
aax-eu.amazon-adsystem.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
ad-id=A0XCLerV_06pp6qjnqutz0I; ad-privacy=0
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
Server
Date
Fri, 11 Jun 2021 23:34:27 GMT
Content-Type
image/gif
Content-Length
43
Connection
keep-alive
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Vary
User-Agent

Redirect headers

date
Fri, 11 Jun 2021 23:34:27 GMT
content-length
0
location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=15712933166483665968
set-cookie
tluid=15712933166483665968; Max-Age=7776000; Expires=Thu, 09 Sep 2021 23:34:27 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
cache-control
no-cache, no-store, must-revalidate
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
beacon.js
sb.scorecardresearch.com/ Frame C92C
1 KB
2 KB
Script
General
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.241.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-241-40.vie50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer
https://widgets.outbrain.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:06:45 GMT
via
1.1 f78fee2989d34e40cb45ddfbcb9ba346.cloudfront.net (CloudFront)
etag
"1827f116c73f319409b97f10b8a58ade"
last-modified
Fri, 26 Feb 2021 14:35:05 GMT
server
AmazonS3
age
1663
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-pop
VIE50-C1
accept-ranges
bytes
content-length
1469
x-amz-cf-id
s86r-MDiaprWfmlvI2QsVIQCouA1ZBVxB9WVe81cOKaLIkMFhjIIdg==
02122019-013444069-1x1pix.png
s0.2mdn.net/8187539/ Frame CADE
Redirect Chain
  • https://ad.doubleclick.net/ddm/ad/N105603.3353239OUTBRAIN.CH/B24707357.305106724;sz=1x1;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGD...
  • https://ad.doubleclick.net/ddm/ad/N105603.3353239OUTBRAIN.CH/B24707357.305106724;dc_pre=CITe0pbfkPECFUw74AodK0cHzA;sz=1x1;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gd...
  • https://s0.2mdn.net/8187539/02122019-013444069-1x1pix.png
951 B
1 KB
Image
General
Full URL
https://s0.2mdn.net/8187539/02122019-013444069-1x1pix.png
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/nanoWidget/externals/obPixelFrame/obPixelFrame.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7338d1df7a0b3b6d2c1177efc1f2ada1411fa054962b315ff80cbe9e0b905645
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://widgets.outbrain.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 01:44:33 GMT
x-content-type-options
nosniff
last-modified
Tue, 12 Feb 2019 09:34:44 GMT
server
sffe
age
78594
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
951
x-xss-protection
0
expires
Sat, 12 Jun 2021 01:44:33 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:27 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
location
https://s0.2mdn.net/8187539/02122019-013444069-1x1pix.png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
02122019-013444069-1x1pix.png
s0.2mdn.net/8187539/ Frame B9AC
Redirect Chain
  • https://ad.doubleclick.net/ddm/ad/N105603.3353239OUTBRAIN.CH/B24707357.305108365;sz=1x1;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGD...
  • https://ad.doubleclick.net/ddm/ad/N105603.3353239OUTBRAIN.CH/B24707357.305108365;dc_pre=CJLg0pbfkPECFRMO4AodfFQDoQ;sz=1x1;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gd...
  • https://s0.2mdn.net/8187539/02122019-013444069-1x1pix.png
951 B
1008 B
Image
General
Full URL
https://s0.2mdn.net/8187539/02122019-013444069-1x1pix.png
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/nanoWidget/externals/obPixelFrame/obPixelFrame.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7338d1df7a0b3b6d2c1177efc1f2ada1411fa054962b315ff80cbe9e0b905645
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://widgets.outbrain.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 01:44:33 GMT
x-content-type-options
nosniff
last-modified
Tue, 12 Feb 2019 09:34:44 GMT
server
sffe
age
78594
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
951
x-xss-protection
0
expires
Sat, 12 Jun 2021 01:44:33 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:27 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
location
https://s0.2mdn.net/8187539/02122019-013444069-1x1pix.png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
showad.js
ads.pubmatic.com/AdServer/js/ Frame 1C46
38 KB
14 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method
GET
:authority
ads.pubmatic.com
:scheme
https
:path
/AdServer/js/showad.js
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID

Response headers

last-modified
Tue, 11 May 2021 05:24:02 GMT
etag
"13006b6-96ca-5c2071a26cca4"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
13964
content-type
text/html; charset=UTF-8
cache-control
public, max-age=25440
expires
Sat, 12 Jun 2021 06:38:27 GMT
date
Fri, 11 Jun 2021 23:34:27 GMT
vary
Accept-Encoding
b2
sb.scorecardresearch.com/ Frame C92C
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=7&c2=14320224&c3=6420&cs_ucfr=1&ns__t=1623454467289&ns_c=UTF-8&ns_if=1&cv=3.5&c8=OB%20user%20sync&c7=https%3A%2F%2Fwidgets.outbrain.com%2FwidgetOBUserSync%2Fob...
  • https://sb.scorecardresearch.com/b2?c1=7&c2=14320224&c3=6420&cs_ucfr=1&ns__t=1623454467289&ns_c=UTF-8&ns_if=1&cv=3.5&c8=OB%20user%20sync&c7=https%3A%2F%2Fwidgets.outbrain.com%2FwidgetOBUserSync%2Fo...
64 B
330 B
Image
General
Full URL
https://sb.scorecardresearch.com/b2?c1=7&c2=14320224&c3=6420&cs_ucfr=1&ns__t=1623454467289&ns_c=UTF-8&ns_if=1&cv=3.5&c8=OB%20user%20sync&c7=https%3A%2F%2Fwidgets.outbrain.com%2FwidgetOBUserSync%2FobUserSync.html%23pid%3D6420%26dmpenabled%3Dtrue%26filterDMP%3D%26csenabled%3Dtrue%26d%3D8fNUIDb_rsGVQujVmdQlcpShRetPLBWm5o-RZETb3KW6pybQ9cNe14xryyMP1SSU%26gdpr%3D0%26cmpNeeded%3Dfalse%26gdprVer%3Dnull%26ccpa%3D1---%26country%3DCH&c9=https%3A%2F%2Fse-faire-rembourser.fr%2F
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.241.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-241-40.vie50.r.cloudfront.net
Software
/
Resource Hash
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Referer
https://widgets.outbrain.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
via
1.1 f78fee2989d34e40cb45ddfbcb9ba346.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
etag
W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache
Miss from cloudfront
content-type
image/gif; charset=utf-8
content-length
64
x-amz-cf-id
biuKkn5xfGkXnr7qCMA-nmnmXQcnoaWk-9YMVAqXaceOsBJO4INGdw==

Redirect headers

date
Fri, 11 Jun 2021 23:34:27 GMT
via
1.1 f78fee2989d34e40cb45ddfbcb9ba346.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
vary
Accept
x-cache
Miss from cloudfront
content-type
text/plain; charset=utf-8
location
https://sb.scorecardresearch.com/b2?c1=7&c2=14320224&c3=6420&cs_ucfr=1&ns__t=1623454467289&ns_c=UTF-8&ns_if=1&cv=3.5&c8=OB%20user%20sync&c7=https%3A%2F%2Fwidgets.outbrain.com%2FwidgetOBUserSync%2FobUserSync.html%23pid%3D6420%26dmpenabled%3Dtrue%26filterDMP%3D%26csenabled%3Dtrue%26d%3D8fNUIDb_rsGVQujVmdQlcpShRetPLBWm5o-RZETb3KW6pybQ9cNe14xryyMP1SSU%26gdpr%3D0%26cmpNeeded%3Dfalse%26gdprVer%3Dnull%26ccpa%3D1---%26country%3DCH&c9=https%3A%2F%2Fse-faire-rembourser.fr%2F
content-length
491
x-amz-cf-id
dEVCmaG5SEeds7w5XxcDli39Yi3rJ4keJw6fKL8BOLpdzjYxtW7REw==
PugMaster
image6.pubmatic.com/AdServer/ Frame 1C46
4 KB
4 KB
Script
General
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=12734669&p=156657&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
eb39520b97b27716c0db9406ae3aa7708fcf8da63df8a9e142e8a6f6575175b5

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:25 GMT
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
ecm3
aax-eu.amazon-adsystem.com/s/ Frame FE27
43 B
344 B
Image
General
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?id=dd5cd04597cc0072cafd5326&ex=sovrn.com&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.123.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:27 GMT
Server
Server
Vary
User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
merge
ce.lijit.com/ Frame FE27
Redirect Chain
  • https://um.simpli.fi/lj_match?r=1623454467292&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=2&3pid=BC90F57C8C16460E9D5AC227F5921EFB
43 B
863 B
Image
General
Full URL
https://ce.lijit.com/merge?pid=2&3pid=BC90F57C8C16460E9D5AC227F5921EFB
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:27 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap7ams1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date
Fri, 11 Jun 2021 23:34:27 GMT
x-content-type-options
nosniff
server
nginx
location
https://ce.lijit.com/merge?pid=2&3pid=BC90F57C8C16460E9D5AC227F5921EFB
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
154
expires
Thu, 10 Jun 2021 23:34:27 GMT
merge
ce.lijit.com/ Frame FE27
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/ul_cb/sync?ssp=fmx&gdpr=0&gdpr_consent=
  • https://p.rfihub.com/cm?in=1&pub=20513&ssp=fmx
  • https://x.bidswitch.net/sync?dsp_id=119&user_id=1875819620527381906&expires=30&ssp=fmx
  • https://ce.lijit.com/merge?pid=26&3pid=161a6eb2-1263-45fc-a644-3e137bdabb83
43 B
1 KB
Image
General
Full URL
https://ce.lijit.com/merge?pid=26&3pid=161a6eb2-1263-45fc-a644-3e137bdabb83
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:30 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap7ams1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
//ce.lijit.com/merge?pid=26&3pid=161a6eb2-1263-45fc-a644-3e137bdabb83
date
Fri, 11 Jun 2021 23:34:30 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
merge
ce.lijit.com/ Frame FE27
Redirect Chain
  • https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=83&3pid=KPSYVGAD-V-82NB&gdpr=0
43 B
847 B
Image
General
Full URL
https://ce.lijit.com/merge?pid=83&3pid=KPSYVGAD-V-82NB&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:27 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap7ams1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://ce.lijit.com/merge?pid=83&3pid=KPSYVGAD-V-82NB&gdpr=0
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
4b510f0cc5fcbc9800016ef543086418
Expires
0
merge
ce.lijit.com/ Frame FE27
Redirect Chain
  • https://aorta.clickagy.com/pixel.gif?ch=185&cm=dd5cd04597cc0072cafd5326&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=84&3pid=c:d5ac9bc0c9bcc03f34ac847e4ba7f3ed
43 B
866 B
Image
General
Full URL
https://ce.lijit.com/merge?pid=84&3pid=c:d5ac9bc0c9bcc03f34ac847e4ba7f3ed
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:27 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap7ams1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date
Fri, 11 Jun 2021 23:34:27 GMT
server
Aorta/2.4.14-20210304.4cf0ca0
access-control-allow-origin
access-control-max-age
31536000
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
Location
https://ce.lijit.com/merge?pid=84&3pid=c:d5ac9bc0c9bcc03f34ac847e4ba7f3ed
access-control-expose-headers
Set-Cookie
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
X-Aorta-Region
us-east-1
Connection
keep-alive
X-Aorta-Host
ip-10-42-21-128.ec2.internal
access-control-allow-headers
Origin,cache-control,content-type,man,messagetype,soapaction
Content-Length
0
merge
ce.lijit.com/ Frame FE27
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=0&gdpr_consent=
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=23&gdpr=0&gdpr_consent=
  • https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_i...
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348&partner_url=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D16%263pid%3D935e5f...
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348&partner_url=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D16%263pid%3D...
  • https://ce.lijit.com/merge?pid=16&3pid=935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=16&3pid=935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348&gdpr=0&gdpr_consent=&dnr=1
0
433 B
Image
General
Full URL
https://ce.lijit.com/merge?pid=16&3pid=935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348&gdpr=0&gdpr_consent=&dnr=1
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:31 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap7ams1
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:31 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Location
https://ce.lijit.com/merge?pid=16&3pid=935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348&gdpr=0&gdpr_consent=&dnr=1
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap7ams1
Content-Length
0
Expires
Fri, 20 Mar 2009 00:00:00 GMT
usersync
rtb.gumgum.com/ Frame 3459
Redirect Chain
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
  • https://rtb.gumgum.com/usersync?b=apn&i=2704169103602060831
35 B
237 B
Image
General
Full URL
https://rtb.gumgum.com/usersync?b=apn&i=2704169103602060831
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-122-11.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:27 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:27 GMT
X-Proxy-Origin
185.156.175.116; 185.156.175.116; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.173.249:80
AN-X-Request-Uuid
eed1af39-a2b1-4e68-b1b8-cb5a9a195798
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://rtb.gumgum.com/usersync?b=apn&i=2704169103602060831
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usersync
rtb.gumgum.com/ Frame 3459
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_0e9b6ab9-4333-4854-b441-70524bb09764&gdpr=&gdpr_consent=&us_privacy=
  • https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_0e9b6ab9-4333-4854-b441-70524bb09764&gdpr=&gdpr_consent=&us_privacy=
  • https://event.clientgear.com/cookie/bidswitch?partner=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=161a6eb2-1263-45fc-a644-3e137bdabb83
  • https://x.bidswitch.net/sync?dsp_id=257&user_id=mkeb018c65-f9d4-4c35-9af8-bb8fb45ccde6&expires=7&user_group=5&ssp=gumgum2&bsw_param=161a6eb2-1263-45fc-a644-3e137bdabb83
  • https://rtb.gumgum.com/usersync?b=bsw&i=161a6eb2-1263-45fc-a644-3e137bdabb83
35 B
237 B
Image
General
Full URL
https://rtb.gumgum.com/usersync?b=bsw&i=161a6eb2-1263-45fc-a644-3e137bdabb83
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-122-11.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:29 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

location
//rtb.gumgum.com/usersync?b=bsw&i=161a6eb2-1263-45fc-a644-3e137bdabb83
date
Fri, 11 Jun 2021 23:34:28 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
cookie-sync
sync.outbrain.com/ Frame 3459
Redirect Chain
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%288fNUIDb_rsGVQujVmdQlcpShRetPLBWm5o-RZETb3KW6pybQ9cNe14xryyMP1SSU%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_0e9b6ab9-4333-4854-b441-70524bb09764&obuid=ENC(8fNUIDb_rsGVQujVmdQlcpShRetPLBWm5o-RZETb3KW6pybQ9cNe14xryyMP1SSU)
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
  • https://b1sync.zemanta.com/usersync/outbrain/?puid=8fNUIDb_rsGVQujVmdQlcpShRetPLBWm5o-RZETb3KW6pybQ9cNe14xryyMP1SSU
  • https://sync.outbrain.com/cookie-sync?p=zemanta&uid=
0
145 B
Image
General
Full URL
https://sync.outbrain.com/cookie-sync?p=zemanta&uid=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.202.112.95 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 11 Jun 2021 23:34:28 GMT
Cache-Control
no-cache
X-TraceId
927ceeed7e3bccc1c5d81fff3fc6fc14
Content-Length
0

Redirect headers

Location
https://sync.outbrain.com/cookie-sync?p=zemanta&uid=
Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:28 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
79
Content-Type
text/html; charset=utf-8
usersync
rtb.gumgum.com/ Frame 3459
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://rtb.gumgum.com/usersync?b=opx&i=6781fbee-26ac-4ec9-9806-cf43b3ebb7dd
35 B
237 B
Image
General
Full URL
https://rtb.gumgum.com/usersync?b=opx&i=6781fbee-26ac-4ec9-9806-cf43b3ebb7dd
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-122-11.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:27 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Fri, 11 Jun 2021 23:34:27 GMT
content-encoding
gzip
server
OXGW/16.208.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://rtb.gumgum.com/usersync?b=opx&i=6781fbee-26ac-4ec9-9806-cf43b3ebb7dd
content-type
image/gif
alt-svc
clear
content-length
0
via
1.1 google
usersync
rtb.gumgum.com/ Frame 3459
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=sta&i=0-a1fef4e9-52da-481a-6dc4-a68bd6081de1$ip$185.156.175.116
35 B
237 B
Image
General
Full URL
https://rtb.gumgum.com/usersync?b=sta&i=0-a1fef4e9-52da-481a-6dc4-a68bd6081de1$ip$185.156.175.116
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-122-11.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:27 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=sta&i=0-a1fef4e9-52da-481a-6dc4-a68bd6081de1$ip$185.156.175.116
Date
Fri, 11 Jun 2021 23:34:27 GMT
Connection
keep-alive
Content-Length
124
Content-Type
text/html; charset=utf-8
usersync
rtb.gumgum.com/ Frame 3459
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=oth&i=y-bD72qrNE2pdpTdH.1ZPCCzuMpDW_BUftDyp3~A
35 B
237 B
Image
General
Full URL
https://rtb.gumgum.com/usersync?b=oth&i=y-bD72qrNE2pdpTdH.1ZPCCzuMpDW_BUftDyp3~A
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-122-11.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:27 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Fri, 11 Jun 2021 23:34:27 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://rtb.gumgum.com/usersync?b=oth&i=y-bD72qrNE2pdpTdH.1ZPCCzuMpDW_BUftDyp3~A
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
expires
Thu, 01 Jan 1970 00:00:00 GMT
usersync
rtb.gumgum.com/ Frame 3459
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3...
  • https://rtb.gumgum.com/usersync?b=vnt&i=90179557-cb0d-11eb-826e-51cf6ac71075
35 B
237 B
Image
General
Full URL
https://rtb.gumgum.com/usersync?b=vnt&i=90179557-cb0d-11eb-826e-51cf6ac71075
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-122-11.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:27 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=vnt&i=90179557-cb0d-11eb-826e-51cf6ac71075
Date
Fri, 11 Jun 2021 23:34:27 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
90179558-cb0d-11eb-826e-51cf6ac71075
services
sync.technoratimedia.com/ Frame 3459
0
294 B
Image
General
Full URL
https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
193.122.174.27 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
via
1.1 varnish
server
nginx
age
0
access-control-allow-methods
POST,GET,HEAD,OPTIONS
x-varnish
730575412
access-control-allow-origin
https://rtb.gumgum.com/
access-control-allow-credentials
true
142
match.deepintent.com/usersync/ Frame 3459
0
44 B
Image
General
Full URL
https://match.deepintent.com/usersync/142?redir=http%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
a /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:26 GMT
content-length
0
server
a
usersync
rtb.gumgum.com/ Frame 3459
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_0e9b6ab9-4333-4854-b441-70524bb09764&gdpr=&gdpr_consent=&us_privacy=
  • https://rtb.gumgum.com/usersync?b=zem&i=
35 B
237 B
Image
General
Full URL
https://rtb.gumgum.com/usersync?b=zem&i=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-122-11.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:27 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=zem&i=
Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:27 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
67
Content-Type
text/html; charset=utf-8
usersync
rtb.gumgum.com/ Frame 3459
Redirect Chain
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://rtb.gumgum.com/usersync?b=idi&i=28a0d9cc-0f85-4226-841b-ab8df5c1c6ac
35 B
237 B
Image
General
Full URL
https://rtb.gumgum.com/usersync?b=idi&i=28a0d9cc-0f85-4226-841b-ab8df5c1c6ac
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-122-11.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:34 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

location
https://rtb.gumgum.com/usersync?b=idi&i=28a0d9cc-0f85-4226-841b-ab8df5c1c6ac
date
Fri, 11 Jun 2021 23:34:34 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003
sync.targeting.unrulymedia.com/csync/ Frame 3459
Redirect Chain
  • https://sync.1rx.io/usersync2/floor6&gdpr=&gdpr_consent=
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6624470356
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6624470356
  • https://sync.1rx.io/usersync/tradedesk/9232594b-cec3-414e-aaf7-05bd3dd2a73e
  • https://sync.targeting.unrulymedia.com/csync/RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003
43 B
395 B
Image
General
Full URL
https://sync.targeting.unrulymedia.com/csync/RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.44 , United Kingdom, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
server
Tengine
content-length
43
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

location
https://sync.targeting.unrulymedia.com/csync/RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003
pragma
no-cache
date
Fri, 11 Jun 2021 23:34:27 GMT
cache-control
no-store, no-cache, must-revalidate
server
Tengine
content-type
text/html
expires
0
usersync
rtb.gumgum.com/ Frame 3459
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://rtb.gumgum.com/usersync?b=pln&i=v5oUkGZdsq2x&ev=1&pid=558355
35 B
237 B
Image
General
Full URL
https://rtb.gumgum.com/usersync?b=pln&i=v5oUkGZdsq2x&ev=1&pid=558355
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-122-11.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:29 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
en-US
location
https://rtb.gumgum.com/usersync?b=pln&i=v5oUkGZdsq2x&ev=1&pid=558355
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-8474b759f8-ddrjw
expires
-1
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 3459
43 B
344 B
Image
General
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=gg.com&id=e_0e9b6ab9-4333-4854-b441-70524bb09764
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.123.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:27 GMT
Server
Server
Vary
User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
usersync
rtb.gumgum.com/ Frame 6624
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
  • https://rtb.gumgum.com/usersync?b=mmh&i=ee4160c3-f306-4f00-9e4c-9ead70fd3f1a&gdpr=&gdpr_consent=
35 B
237 B
Document
General
Full URL
https://rtb.gumgum.com/usersync?b=mmh&i=ee4160c3-f306-4f00-9e4c-9ead70fd3f1a&gdpr=&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-122-11.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method
GET
:authority
rtb.gumgum.com
:scheme
https
:path
/usersync?b=mmh&i=ee4160c3-f306-4f00-9e4c-9ead70fd3f1a&gdpr=&gdpr_consent=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://rtb.gumgum.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
vst=e_0e9b6ab9-4333-4854-b441-70524bb09764
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://rtb.gumgum.com/

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Date
Fri, 11 Jun 2021 23:33:55 GMT
Content-Type
image/gif
Content-Length
0
Connection
keep-alive
Keep-Alive
timeout=360
Server
MT3 3759 5f8f15b master cdg-pixel-x6
Cache-Control
no-cache
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
set-cookie
uuid=ee4160c3-f306-4f00-9e4c-9ead70fd3f1a; domain=.mathtag.com; path=/; expires=Sat, 09-Jul-2022 23:34:30 GMT; SameSite=None; Secure
location
https://rtb.gumgum.com/usersync?b=mmh&i=ee4160c3-f306-4f00-9e4c-9ead70fd3f1a&gdpr=&gdpr_consent=
Expires
Fri, 11 Jun 2021 23:33:54 GMT
usersync
rtb.gumgum.com/ Frame 5267
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=&gdpr_consent=
  • https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=&gdpr_consent=&_test=YMPzBgABfVlXLwBg
  • https://rtb.gumgum.com/usersync?b=atm&i=YMPzBgABfVlXLwBg&gdpr=&gdpr_consent=&_test=YMPzBgABfVlXLwBg
35 B
237 B
Document
General
Full URL
https://rtb.gumgum.com/usersync?b=atm&i=YMPzBgABfVlXLwBg&gdpr=&gdpr_consent=&_test=YMPzBgABfVlXLwBg
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-122-11.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method
GET
:authority
rtb.gumgum.com
:scheme
https
:path
/usersync?b=atm&i=YMPzBgABfVlXLwBg&gdpr=&gdpr_consent=&_test=YMPzBgABfVlXLwBg
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://rtb.gumgum.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
vst=e_0e9b6ab9-4333-4854-b441-70524bb09764
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://rtb.gumgum.com/

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

server
Varnish
retry-after
0
location
https://rtb.gumgum.com/usersync?b=atm&i=YMPzBgABfVlXLwBg&gdpr=&gdpr_consent=&_test=YMPzBgABfVlXLwBg
accept-ranges
bytes
date
Fri, 11 Jun 2021 23:34:30 GMT
via
1.1 varnish
x-served-by
cache-fra19154-FRA
x-cache
HIT
x-cache-hits
0
x-timer
S1623454471.535703,VS0,VE0
cache-control
no-cache
pragma
no-cache
content-length
0
pixel
cm.g.doubleclick.net/ Frame 7832
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8wZTliNmFiOS00MzMzLTQ4NTQtYjQ0MS03MDUyNGJiMDk3NjQ=&gdpr=&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8wZTliNmFiOS00MzMzLTQ4NTQtYjQ0MS03MDUyNGJiMDk3NjQ=&gdpr=&gdpr_consent=&google_tc=
170 B
188 B
Document
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8wZTliNmFiOS00MzMzLTQ4NTQtYjQ0MS03MDUyNGJiMDk3NjQ=&gdpr=&gdpr_consent=&google_tc=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

:method
GET
:authority
cm.g.doubleclick.net
:scheme
https
:path
/pixel?google_nid=gumgum_dbm&google_hm=ZV8wZTliNmFiOS00MzMzLTQ4NTQtYjQ0MS03MDUyNGJiMDk3NjQ=&gdpr=&gdpr_consent=&google_tc=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://rtb.gumgum.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUkg9_pxRxlm8chkPoxKKZs4zqj1EA4yEyaSWO-BBzXmiktmcuxD-EYgLMdJL0A
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://rtb.gumgum.com/

Response headers

content-type
image/png
date
Fri, 11 Jun 2021 23:34:29 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
server
HTTP server (unknown)
content-length
170
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8wZTliNmFiOS00MzMzLTQ4NTQtYjQ0MS03MDUyNGJiMDk3NjQ=&gdpr=&gdpr_consent=&google_tc=
date
Fri, 11 Jun 2021 23:34:29 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
content-length
363
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Fri, 11-Jun-2021 23:49:29 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame D218
8 KB
3 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=&gdprConsent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
adeacac4167dc188f54213893f0444ea5d60995143ad0552dcb4c383199a740b

Request headers

:method
GET
:authority
ads.pubmatic.com
:scheme
https
:path
/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=&gdprConsent=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://rtb.gumgum.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
KCCH=YES
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://rtb.gumgum.com/

Response headers

last-modified
Tue, 01 Jun 2021 06:44:25 GMT
etag
"1300708-2080-5c3aeac410031"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
2586
content-type
text/html; charset=UTF-8
cache-control
max-age=26449
expires
Sat, 12 Jun 2021 06:55:16 GMT
date
Fri, 11 Jun 2021 23:34:27 GMT
vary
Accept-Encoding
/
ssc-cms.33across.com/ps/ Frame 080A
0
0
Document
General
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.110.24 Crown Point, United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip24.67-202-110.static.steadfastdns.net
Software
33XP001 /
Resource Hash

Request headers

:method
GET
:authority
ssc-cms.33across.com
:scheme
https
:path
/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://rtb.gumgum.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://rtb.gumgum.com/

Response headers

x-33x-status
2020008
server
33XP001
date
Fri, 11 Jun 2021 23:34:28 GMT
usersync
rtb.gumgum.com/ Frame D265
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=&gdpr_consent=
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=ttd&i=77b35e64-c047-4bd2-9143-c67bec6afe36&t=1626046467
35 B
237 B
Document
General
Full URL
https://rtb.gumgum.com/usersync?b=ttd&i=77b35e64-c047-4bd2-9143-c67bec6afe36&t=1626046467
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-122-11.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method
GET
:authority
rtb.gumgum.com
:scheme
https
:path
/usersync?b=ttd&i=77b35e64-c047-4bd2-9143-c67bec6afe36&t=1626046467
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://rtb.gumgum.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
vst=e_0e9b6ab9-4333-4854-b441-70524bb09764
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://rtb.gumgum.com/

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

date
Fri, 11 Jun 2021 23:34:27 GMT
content-type
text/html
content-length
209
location
https://rtb.gumgum.com/usersync?b=ttd&i=77b35e64-c047-4bd2-9143-c67bec6afe36&t=1626046467
cache-control
private,no-cache, must-revalidate
pragma
no-cache
x-aspnet-version
4.0.30319
set-cookie
TDID=77b35e64-c047-4bd2-9143-c67bec6afe36; domain=.adsrvr.org; expires=Sat, 11-Jun-2022 23:34:27 GMT; path=/; secure; SameSite=None TDCPM=CAEYBSABKAIyCwiQ6aLzhc_WORAFOAE.; domain=.adsrvr.org; expires=Sat, 11-Jun-2022 23:34:27 GMT; path=/; secure; SameSite=None
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
um
cs.emxdgt.com/ Frame 1DF0
0
0
Document
General
Full URL
https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

:method
GET
:authority
cs.emxdgt.com
:scheme
https
:path
/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://rtb.gumgum.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://rtb.gumgum.com/

Response headers

content-type
text/html
date
Fri, 11 Jun 2021 23:34:29 GMT
content-length
0
usersync
rtb.gumgum.com/ Frame EC77
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://rtb.gumgum.com/usersync?b=sus&i=YMPzB8Co8XYAAAqjbeAAAAAA
35 B
237 B
Document
General
Full URL
https://rtb.gumgum.com/usersync?b=sus&i=YMPzB8Co8XYAAAqjbeAAAAAA
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-122-11.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method
GET
:authority
rtb.gumgum.com
:scheme
https
:path
/usersync?b=sus&i=YMPzB8Co8XYAAAqjbeAAAAAA
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://rtb.gumgum.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://rtb.gumgum.com/

Response headers

date
Fri, 11 Jun 2021 23:34:31 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Server
nginx
Date
Fri, 11 Jun 2021 23:34:31 GMT
Content-Length
0
Connection
keep-alive
Cache-Control
private
Location
https://rtb.gumgum.com/usersync?b=sus&i=YMPzB8Co8XYAAAqjbeAAAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
Set-Cookie
SOC=YMPzB8Co8XYAAAqjbeAAAAAA; path=/; expires=Sun, 11-Jun-23 23:34:31 GMT; domain=socdm.com; secure; SameSite=None
X-SO-Ads-Time
2
X-SO-HostName
m-ad121.dc4p.scaleout.jp
X-SO-LB-Hostname
m-tgng18.dc4p.scaleout.jp
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":47,"gdpr":false,"ipv4":"185.156.175.116","key":"YMPzB8Co8XYAAAqjbeAAAAAA","privacy_sensitive":false,"uid":"","upstream_id":"m-ad121"}
X-SO-Key
YMPzB8Co8XYAAAqjbeAAAAAA
X-SO-IP
185.156.175.116
X-SO-Cluster-ID
47
X-SO-Upstream-ID
m-ad121
usersync
rtb.gumgum.com/ Frame BF47
Redirect Chain
  • https://p.rfihub.com/cm?pub=42796&in=1
  • https://rtb.gumgum.com/usersync?b=zet&i=875739027505389897
35 B
237 B
Document
General
Full URL
https://rtb.gumgum.com/usersync?b=zet&i=875739027505389897
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-122-11.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method
GET
:authority
rtb.gumgum.com
:scheme
https
:path
/usersync?b=zet&i=875739027505389897
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://rtb.gumgum.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
vst=e_0e9b6ab9-4333-4854-b441-70524bb09764
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://rtb.gumgum.com/

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Date
Fri, 11 Jun 2021 23:34:30 GMT
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie
eud=H4sIAAAAAAAAAFslxmtoZmRsYmpiYm5gYmYGABTtSKsQAAAA; Path=/; Domain=.rfihub.com; Expires=Wed, 6 Jul 2022 23:34:30 GMT; Secure; SameSite=None rud=H4sIAAAAAAAAAOMSsjA3NTe2NDAyNzUwNbawtLA0F-Iz1M0x8nfNDS_3ck1KqpLiNTQzMjYxNTExNzAxMwMA6eI06DMAAAA; Path=/; Domain=.rfihub.com; Expires=Wed, 6 Jul 2022 23:34:30 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAAAOMSsjA3NTe2NDAyNzUwNbawtLA0F-Iz1M0x8nfNDS_3ck1KqgIAtl6MIiQAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Location
https://rtb.gumgum.com/usersync?b=zet&i=875739027505389897
Content-Length
0
Server
Jetty(9.3.29.v20201019)
usersync
rtb.gumgum.com/ Frame 70F6
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1
  • https://rtb.gumgum.com/usersync?b=rth&i=NvdZm5dqkCHCSKHsg2Ar&pi=gumgum&tc=1
35 B
237 B
Document
General
Full URL
https://rtb.gumgum.com/usersync?b=rth&i=NvdZm5dqkCHCSKHsg2Ar&pi=gumgum&tc=1
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-122-11.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method
GET
:authority
rtb.gumgum.com
:scheme
https
:path
/usersync?b=rth&i=NvdZm5dqkCHCSKHsg2Ar&pi=gumgum&tc=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://rtb.gumgum.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
vst=e_0e9b6ab9-4333-4854-b441-70524bb09764
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://rtb.gumgum.com/

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

date
Fri, 11 Jun 2021 23:34:30 GMT Fri, 11 Jun 2021 23:34:30 GMT
location
https://rtb.gumgum.com/usersync?b=rth&i=NvdZm5dqkCHCSKHsg2Ar&pi=gumgum&tc=1
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
content-length
0
casale
match.adsrvr.org/track/cmf/ Frame 0A7E
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/casale?cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_dsp_id=39&cm_user_id=YMPzA1V6Z1bsuLCxWCmx9QAA
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a97adde81b00f2ca4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:27 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
usermatchredir
ssum-sec.casalemedia.com/ Frame 0A7E
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YMPzA1V6Z1bsuLCxWCmx9QAABIIAAAAB&gdpr_consent=&us_privacy=&gdpr=
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YMPzA1V6Z1bsuLCxWCmx9QAABIIAAAAB&gdpr_consent=&us_privacy=&gdpr=&google_tc=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEHUkOiYvYt3g-zvOwhKHp8M&google_cver=1
43 B
315 B
Image
General
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEHUkOiYvYt3g-zvOwhKHp8M&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:29 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Fri, 11 Jun 2021 23:34:29 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:29 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEHUkOiYvYt3g-zvOwhKHp8M&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
342
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame 0A7E
43 B
720 B
Image
General
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YMPzA1V6Z1bsuLCxWCmx9QAABIIAAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.239.17.112 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:28 GMT
Server
Server
Vary
User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 0A7E
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YMPzA1V6Z1bsuLCxWCmx9QAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEPQY-jIH09uRKC7NWbtoJs0&google_cver=1
43 B
1 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEPQY-jIH09uRKC7NWbtoJs0&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:29 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 11 Jun 2021 23:34:29 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:29 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEPQY-jIH09uRKC7NWbtoJs0&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 0A7E
Redirect Chain
  • https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-eb8fa87d-e6cf-4bfd-9463-3cc3da483509
43 B
1 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-eb8fa87d-e6cf-4bfd-9463-3cc3da483509
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:28 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 11 Jun 2021 23:34:28 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-eb8fa87d-e6cf-4bfd-9463-3cc3da483509
date
Fri, 11 Jun 2021 23:34:28 GMT
server
Apache-Coyote/1.1
content-length
0
crum
dsum-sec.casalemedia.com/ Frame 0A7E
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=29
  • https://c1.adform.net/serving/cookie/match?CC=1&party=29
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=4598055967431559312&expiration=1624664068
43 B
992 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=4598055967431559312&expiration=1624664068
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:28 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 11 Jun 2021 23:34:28 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:28 GMT
server
nginx
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=4598055967431559312&expiration=1624664068
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
crum
dsum-sec.casalemedia.com/ Frame 0A7E
Redirect Chain
  • https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=0657220400b6d4669c390716&expiration=[EXPIRATION]
43 B
997 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=0657220400b6d4669c390716&expiration=[EXPIRATION]
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:28 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 11 Jun 2021 23:34:28 GMT

Redirect headers

Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=0657220400b6d4669c390716&expiration=[EXPIRATION]
Date
Fri, 11 Jun 2021 23:34:28 GMT
Access-Control-Allow-Credentials
true
X-Powered-By
Express
Content-Length
0
Vary
Origin
YMPzA1V6Z1bsuLCxWCmx9QAABIIAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 0A7E
43 B
564 B
Image
General
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/YMPzA1V6Z1bsuLCxWCmx9QAABIIAAAAB?gdpr_consent=&us_privacy=&gdpr=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
expires
Thu, 01 Jan 1970 00:00:00 GMT
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 0A7E
43 B
344 B
Image
General
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=index.com&id=YMPzA1V6Z1bsuLCxWCmx9QAABIIAAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.123.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:27 GMT
Server
Server
Vary
User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
showad.js
ads.pubmatic.com/AdServer/js/ Frame D335
38 KB
14 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method
GET
:authority
ads.pubmatic.com
:scheme
https
:path
/AdServer/js/showad.js
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=&gdprConsent=
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
KCCH=YES
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=&gdprConsent=

Response headers

last-modified
Tue, 11 May 2021 05:24:02 GMT
etag
"13006b6-96ca-5c2071a26cca4"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
13964
content-type
text/html; charset=UTF-8
cache-control
public, max-age=25440
expires
Sat, 12 Jun 2021 06:38:27 GMT
date
Fri, 11 Jun 2021 23:34:27 GMT
vary
Accept-Encoding
match
c1.adform.net/serving/cookie/ Frame 55DD
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&cid=CC18DE48-720C-4EAB-9594-EF53DDE728DB
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=CC18DE48-720C-4EAB-9594-EF53DDE728DB
35 B
468 B
Document
General
Full URL
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=CC18DE48-720C-4EAB-9594-EF53DDE728DB
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.39 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:method
GET
:authority
c1.adform.net
:scheme
https
:path
/serving/cookie/match?CC=1&party=14&cid=CC18DE48-720C-4EAB-9594-EF53DDE728DB
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
C=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Fri, 11 Jun 2021 23:34:28 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
set-cookie
uid=3315085575752756728; expires=Tue, 10 Aug 2021 23:34:28 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains

Redirect headers

server
nginx
date
Fri, 11 Jun 2021 23:34:28 GMT
content-length
0
location
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=CC18DE48-720C-4EAB-9594-EF53DDE728DB
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
set-cookie
C=1; expires=Sun, 11 Jul 2021 23:34:28 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains
Pug
image2.pubmatic.com/AdServer/ Frame AFBD
Redirect Chain
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4707865020089780405
42 B
210 B
Document
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4707865020089780405
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method
GET
:authority
image2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4707865020089780405
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
KADUSERCOOKIE=CC18DE48-720C-4EAB-9594-EF53DDE728DB; KRTBCOOKIE_188=3189-935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348; PUBMDCID=3; KRTBCOOKIE_57=22776-2704169103602060831; KRTBCOOKIE_153=19420-upL49uqRq_ehw6P36MS2_L2Tr_ShlKPx6pI4v68u&KRTB&22979-upL49uqRq_ehw6P36MS2_L2Tr_ShlKPx6pI4v68u; KRTBCOOKIE_22=14911-3837251083400129601; KRTBCOOKIE_377=6810-77b35e64-c047-4bd2-9143-c67bec6afe36&KRTB&22918-77b35e64-c047-4bd2-9143-c67bec6afe36&KRTB&23031-77b35e64-c047-4bd2-9143-c67bec6afe36; KRTBCOOKIE_594=17105-RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003&KRTB&17107-RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003; KRTBCOOKIE_391=22924-8807254954247102491&KRTB&23263-8807254954247102491; KRTBCOOKIE_466=16530-161a6eb2-1263-45fc-a644-3e137bdabb83; KRTBCOOKIE_80=22987-CAESEKT3UG2L1bUFv0_qbm6g4ZQ&KRTB&16514-CAESEKT3UG2L1bUFv0_qbm6g4ZQ&KRTB&23025-CAESEKT3UG2L1bUFv0_qbm6g4ZQ; KRTBCOOKIE_699=22727-AABtmk7Bh-YAADJYgSTr6w; chkChromeAb67Sec=2; DPSync3=1624579200%3A232_197_219_201_221_226_227%7C1623456000%3A174; SyncRTB3=1625961600%3A203%7C1624233600%3A63%7C1624579200%3A3_234_189_176_166_56_22_7_8_55_161_71_88_165_21_54_220_99_204_222_13_230_81%7C1623974400%3A67_223_15_2%7C1624665600%3A35; SPugT=1623454469; KRTBCOOKIE_1101=23040-6972683855199860881; PugT=1623454470; KRTBCOOKIE_1074=22956-e_0e9b6ab9-4333-4854-b441-70524bb09764; KRTBCOOKIE_27=16735-uid:b7e460c3-f306-4f00-978e-6e0b28012d4d&KRTB&16736-uid:b7e460c3-f306-4f00-978e-6e0b28012d4d&KRTB&23019-uid:b7e460c3-f306-4f00-978e-6e0b28012d4d&KRTB&23114-uid:b7e460c3-f306-4f00-978e-6e0b28012d4d; KRTBCOOKIE_218=22978-YMPzBgABfXJXKwBg&KRTB&23194-YMPzBgABfXJXKwBg&KRTB&23209-YMPzBgABfXJXKwBg&KRTB&23244-YMPzBgABfXJXKwBg; KRTBCOOKIE_409=22966-DOttQozx3RZCkela8jwRW9hm
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Fri, 11 Jun 2021 23:34:30 GMT
content-type
image/gif; charset=utf-8
content-length
42
set-cookie
KRTBCOOKIE_336=5844-4707865020089780405; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 11-Jul-2021 23:34:30 GMT; path=/ PugT=1623454470; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 11-Jul-2021 23:34:30 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Thu, 09-Sep-2021 23:34:30 GMT; path=/
x-lat
lhrpug005:0:450
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4707865020089780405
content-length
0
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
usersync.aspx
dis.criteo.com/dis/ Frame A054
43 B
347 B
Document
General
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method
GET
:authority
dis.criteo.com
:scheme
https
:path
/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

cache-control
no-cache
pragma
no-cache
content-type
image/gif
expires
Fri, 11 Jun 2021 00:00:00 GMT
server
Microsoft-IIS/10.0
x-errorlevel
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1354
date
Fri, 11 Jun 2021 23:34:27 GMT
content-length
43
Pug
simage2.pubmatic.com/AdServer/ Frame E475
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?ssp=9
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6972683855199860881
42 B
290 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6972683855199860881
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method
GET
:authority
simage2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6972683855199860881
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
KADUSERCOOKIE=CC18DE48-720C-4EAB-9594-EF53DDE728DB; KRTBCOOKIE_188=3189-935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348; PUBMDCID=3; KRTBCOOKIE_57=22776-2704169103602060831; KRTBCOOKIE_153=19420-upL49uqRq_ehw6P36MS2_L2Tr_ShlKPx6pI4v68u&KRTB&22979-upL49uqRq_ehw6P36MS2_L2Tr_ShlKPx6pI4v68u; KRTBCOOKIE_22=14911-3837251083400129601; KRTBCOOKIE_377=6810-77b35e64-c047-4bd2-9143-c67bec6afe36&KRTB&22918-77b35e64-c047-4bd2-9143-c67bec6afe36&KRTB&23031-77b35e64-c047-4bd2-9143-c67bec6afe36; KRTBCOOKIE_594=17105-RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003&KRTB&17107-RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003; KRTBCOOKIE_391=22924-8807254954247102491&KRTB&23263-8807254954247102491; KRTBCOOKIE_466=16530-161a6eb2-1263-45fc-a644-3e137bdabb83; SPugT=1623454467; KRTBCOOKIE_80=22987-CAESEKT3UG2L1bUFv0_qbm6g4ZQ&KRTB&16514-CAESEKT3UG2L1bUFv0_qbm6g4ZQ&KRTB&23025-CAESEKT3UG2L1bUFv0_qbm6g4ZQ; PugT=1623454469; KRTBCOOKIE_699=22727-AABtmk7Bh-YAADJYgSTr6w; chkChromeAb67Sec=2; DPSync3=1624579200%3A232_197_219_201_221_226_227%7C1623456000%3A174; SyncRTB3=1625961600%3A203%7C1624233600%3A63%7C1624579200%3A3_234_189_176_166_56_22_7_8_55_161_71_88_165_21_54_220_99_204_222_13_230_81%7C1623974400%3A67_223_15_2%7C1624665600%3A35
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Fri, 11 Jun 2021 23:34:30 GMT
content-type
image/gif; charset=utf-8
content-length
42
set-cookie
KRTBCOOKIE_1101=23040-6972683855199860881; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 11-Jul-2021 23:34:30 GMT; path=/ PugT=1623454470; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 11-Jul-2021 23:34:30 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Thu, 09-Sep-2021 23:34:30 GMT; path=/
x-lat
lhrpug015:0:452
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Server
nginx
Date
Fri, 11 Jun 2021 23:34:30 GMT
Transfer-Encoding
chunked
Connection
keep-alive
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Set-Cookie
UserID1=6972683855199860881; Max-Age=7776000; domain=.adfarm1.adition.com; Path=/; SameSite=None; Secure
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6972683855199860881
Pug
image2.pubmatic.com/AdServer/ Frame 1D0F
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFCdG1rN0JoLVlBQURKWWdTVHI2dw&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AABtmk7Bh-YAADJYgSTr6w&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_curre...
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp%2Cpm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=2&userid=1626073076566976167
  • https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AABtmk7Bh-YAADJYgSTr6w&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fuserid%3D1626073076566976167%26bee_sync_partners%3Dpm%26bee_sync...
  • https://match.prod.bidr.io/cookie-sync?userid=1626073076566976167&bee_sync_partners=pm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AABtmk7Bh-YAADJYgSTr6w&pid=558502&d...
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AABtmk7Bh-YAADJYgSTr6w
42 B
216 B
Document
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AABtmk7Bh-YAADJYgSTr6w
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method
GET
:authority
image2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AABtmk7Bh-YAADJYgSTr6w
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
KADUSERCOOKIE=CC18DE48-720C-4EAB-9594-EF53DDE728DB; chkChromeAb67Sec=1; DPSync3=1623456000%3A174%7C1624579200%3A197_219_201; SyncRTB3=1624233600%3A63%7C1624579200%3A166_99_21_3_81_55_161_56_8_22_7_71_234_54%7C1623974400%3A15_223_2%7C1625961600%3A203%7C1624665600%3A35; KRTBCOOKIE_188=3189-935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348; PUBMDCID=3; KRTBCOOKIE_57=22776-2704169103602060831; KRTBCOOKIE_153=19420-upL49uqRq_ehw6P36MS2_L2Tr_ShlKPx6pI4v68u&KRTB&22979-upL49uqRq_ehw6P36MS2_L2Tr_ShlKPx6pI4v68u; KRTBCOOKIE_22=14911-3837251083400129601; KRTBCOOKIE_377=6810-77b35e64-c047-4bd2-9143-c67bec6afe36&KRTB&22918-77b35e64-c047-4bd2-9143-c67bec6afe36&KRTB&23031-77b35e64-c047-4bd2-9143-c67bec6afe36; KRTBCOOKIE_594=17105-RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003&KRTB&17107-RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003; KRTBCOOKIE_391=22924-8807254954247102491&KRTB&23263-8807254954247102491; KRTBCOOKIE_466=16530-161a6eb2-1263-45fc-a644-3e137bdabb83; SPugT=1623454467; KRTBCOOKIE_80=22987-CAESEKT3UG2L1bUFv0_qbm6g4ZQ&KRTB&16514-CAESEKT3UG2L1bUFv0_qbm6g4ZQ&KRTB&23025-CAESEKT3UG2L1bUFv0_qbm6g4ZQ; PugT=1623454469
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Fri, 11 Jun 2021 23:34:29 GMT
content-type
image/gif; charset=utf-8
content-length
42
set-cookie
KRTBCOOKIE_699=22727-AABtmk7Bh-YAADJYgSTr6w; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 11-Jul-2021 23:34:29 GMT; path=/ PugT=1623454469; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 11-Jul-2021 23:34:29 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Thu, 09-Sep-2021 23:34:29 GMT; path=/
x-lat
lhrpug018:0:444
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Date
Fri, 11 Jun 2021 23:34:29 GMT
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AABtmk7Bh-YAADJYgSTr6w
Server
nginx
strict-transport-security
max-age=2592000; includeSubDomains
Content-Length
0
Connection
keep-alive
Pug
simage2.pubmatic.com/AdServer/ Frame E981
Redirect Chain
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5231786627
  • https://sync.1rx.io/usersync/tradedesk/77b35e64-c047-4bd2-9143-c67bec6afe36
  • https://sync.targeting.unrulymedia.com/csync/RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003
42 B
269 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method
GET
:authority
simage2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
KADUSERCOOKIE=CC18DE48-720C-4EAB-9594-EF53DDE728DB; chkChromeAb67Sec=1; DPSync3=1623456000%3A174%7C1624579200%3A197_219_201; SyncRTB3=1624233600%3A63%7C1624579200%3A166_99_21_3_81_55_161_56_8_22_7_71_234_54%7C1623974400%3A15_223_2%7C1625961600%3A203%7C1624665600%3A35; KRTBCOOKIE_188=3189-935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348; PugT=1623454467; PUBMDCID=3; KRTBCOOKIE_57=22776-2704169103602060831; KRTBCOOKIE_153=19420-upL49uqRq_ehw6P36MS2_L2Tr_ShlKPx6pI4v68u&KRTB&22979-upL49uqRq_ehw6P36MS2_L2Tr_ShlKPx6pI4v68u; KRTBCOOKIE_22=14911-3837251083400129601; KRTBCOOKIE_377=6810-77b35e64-c047-4bd2-9143-c67bec6afe36&KRTB&22918-77b35e64-c047-4bd2-9143-c67bec6afe36&KRTB&23031-77b35e64-c047-4bd2-9143-c67bec6afe36
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Fri, 11 Jun 2021 23:34:27 GMT
content-type
image/gif; charset=utf-8
content-length
42
set-cookie
KRTBCOOKIE_594=17105-RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003&KRTB&17107-RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003; domain=pubmatic.com; SameSite=None; secure; expires=Thu, 09-Sep-2021 23:34:27 GMT; path=/ PugT=1623454467; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 11-Jul-2021 23:34:27 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Thu, 09-Sep-2021 23:34:27 GMT; path=/
x-lat
lhrpug004:0:460
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

server
Tengine
date
Fri, 11 Jun 2021 23:34:27 GMT
content-type
text/html
set-cookie
_rxuuid=%7B%22rx_uuid%22%3A%22RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003%22%7D; path=/; expires=Sat, 11 Jun 2022 23:34:27 GMT; domain=.targeting.unrulymedia.com; samesite=none; secure; httponly
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003
etag
RXbdc9c5d6382f4dad9141e47cce667a1d003
Pug
simage2.pubmatic.com/AdServer/ Frame 419C
Redirect Chain
  • https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie=$UID&gdpr=0
0
88 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie=$UID&gdpr=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method
GET
:authority
simage2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie=$UID&gdpr=0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
KADUSERCOOKIE=CC18DE48-720C-4EAB-9594-EF53DDE728DB; chkChromeAb67Sec=1; DPSync3=1623456000%3A174%7C1624579200%3A197_219_201; SyncRTB3=1624233600%3A63%7C1624579200%3A166_99_21_3_81_55_161_56_8_22_7_71_234_54%7C1623974400%3A15_223_2%7C1625961600%3A203%7C1624665600%3A35; KRTBCOOKIE_188=3189-935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348; PugT=1623454467; PUBMDCID=3; KRTBCOOKIE_57=22776-2704169103602060831; KRTBCOOKIE_153=19420-upL49uqRq_ehw6P36MS2_L2Tr_ShlKPx6pI4v68u&KRTB&22979-upL49uqRq_ehw6P36MS2_L2Tr_ShlKPx6pI4v68u; KRTBCOOKIE_22=14911-3837251083400129601; KRTBCOOKIE_377=6810-77b35e64-c047-4bd2-9143-c67bec6afe36&KRTB&22918-77b35e64-c047-4bd2-9143-c67bec6afe36&KRTB&23031-77b35e64-c047-4bd2-9143-c67bec6afe36; KRTBCOOKIE_594=17105-RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003&KRTB&17107-RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Fri, 11 Jun 2021 23:34:27 GMT
content-type
text/html; charset=utf-8
x-lat
lhrpug010:2:297
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private
content-encoding
gzip

Redirect headers

set-cookie
viewer_token=aa1fd096-1a22-407c-b384-cf42c878da9d; path=/; domain=csync.loopme.me; Expires=Sun, 11-Jul-2021 23:34:27 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie=$UID&gdpr=0
content-length
0
date
Fri, 11 Jun 2021 23:34:27 GMT
server
_
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 66CB
43 B
344 B
Document
General
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?id=CC18DE48-720C-4EAB-9594-EF53DDE728DB&ex=pubmatic.com
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.123.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Host
aax-eu.amazon-adsystem.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://ads.pubmatic.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
ad-id=A0XCLerV_06pp6qjnqutz0I; ad-privacy=0
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

Server
Server
Date
Fri, 11 Jun 2021 23:34:27 GMT
Content-Type
image/gif
Content-Length
43
Connection
keep-alive
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Vary
User-Agent
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 1C46
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=zBjeSHIMTquVlO9T3eco2w%3D%3D
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
8 KB
8 KB
Image
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:29 GMT
content-encoding
gzip
last-modified
Tue, 01 Jun 2021 06:44:25 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300708-2080-5c3aeac410031"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=26447
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
2586
expires
Sat, 12 Jun 2021 06:55:16 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:29 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
272
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
SPug
image4.pubmatic.com/AdServer/ Frame 1C46
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=543660c3-f306-4b00-a63e-89d09c928fc9
0
154 B
Image
General
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=543660c3-f306-4b00-a63e-89d09c928fc9
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:29 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Fri, 11 Jun 2021 23:33:55 GMT
Server
MT3 3759 5f8f15b master cdg-pixel-x27
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=543660c3-f306-4b00-a63e-89d09c928fc9
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Fri, 11 Jun 2021 23:33:54 GMT
mw
mwzeom.zeotap.com/ Frame 1C46
Redirect Chain
  • https://pixel.onaudience.com/?partner=214&mapped=CC18DE48-720C-4EAB-9594-EF53DDE728DB
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=xksw9la&ttd_tpi=1
  • https://pixel.onaudience.com/?partner=147&mapped=ee96c5f7-5169-48b3-a672-bc480f34c111&icm
  • https://spl.zeotap.com/?zdid=1332&zcluid=e3fd39d38416d5ac
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=fd77f8de-96e9-4ee5-7d5e-3b22ea9f49b9&reqId=7d499e44-6b4e-431b-4522-00dc6f34ea56&zclui...
  • https://mwzeom.zeotap.com/mw?google_gid=CAESEKtEvUmA9Pz2Ox6NIg5Vkeg&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=fd77f8de-96e9-4ee5-7d5e-3b22ea9f49b9&reqId=7d499e44-6b4e-431b-4522-00d...
95 B
178 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?google_gid=CAESEKtEvUmA9Pz2Ox6NIg5Vkeg&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=fd77f8de-96e9-4ee5-7d5e-3b22ea9f49b9&reqId=7d499e44-6b4e-431b-4522-00dc6f34ea56&zcluid=e3fd39d38416d5ac&zdid=1332
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:34 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://ads.pubmatic.com
access-control-allow-credentials
true
cf-ray
65dea6a42f274ac3-FRA
access-control-allow-headers
*
content-length
95
cf-request-id
0a9f067a9a00004ac32e087000000001

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:34 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://mwzeom.zeotap.com/mw?google_gid=CAESEKtEvUmA9Pz2Ox6NIg5Vkeg&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=fd77f8de-96e9-4ee5-7d5e-3b22ea9f49b9&reqId=7d499e44-6b4e-431b-4522-00dc6f34ea56&zcluid=e3fd39d38416d5ac&zdid=1332
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
469
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 1C46
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:b7e460c3-f306-4f00-978e-6e0b28012d4d&gdpr=0&gdpr_consent=
42 B
363 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:b7e460c3-f306-4f00-978e-6e0b28012d4d&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug005:0:471
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Fri, 11 Jun 2021 23:33:55 GMT
Server
MT3 3759 5f8f15b master cdg-pixel-x13
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:b7e460c3-f306-4f00-978e-6e0b28012d4d&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Fri, 11 Jun 2021 23:33:54 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 1C46
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=8807254954247102491
42 B
390 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=8807254954247102491
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:28 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug012:0:386
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:28 GMT
server
nginx
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=8807254954247102491
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
Pug
image2.pubmatic.com/AdServer/ Frame 1C46
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEKT3UG2L1bUFv0_qbm6g4ZQ&google_cver=1
42 B
362 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEKT3UG2L1bUFv0_qbm6g4ZQ&google_cver=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:29 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug020:0:383
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:29 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEKT3UG2L1bUFv0_qbm6g4ZQ&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 1C46
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=77b35e64-c047-4bd2-9143-c67bec6afe36
42 B
294 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=77b35e64-c047-4bd2-9143-c67bec6afe36
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug012:0:436
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:27 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=77b35e64-c047-4bd2-9143-c67bec6afe36
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
313
Pug
image2.pubmatic.com/AdServer/ Frame 1C46
Redirect Chain
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2704169103602060831&gdpr=0&gdpr_consent=
42 B
209 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2704169103602060831&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug015:0:441
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:27 GMT
X-Proxy-Origin
185.156.175.116; 185.156.175.116; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.120:80
AN-X-Request-Uuid
69157f60-aa62-49e5-9b95-9dbaea64084b
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2704169103602060831&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
CC18DE48-720C-4EAB-9594-EF53DDE728DB
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 1C46
43 B
88 B
Image
General
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/CC18DE48-720C-4EAB-9594-EF53DDE728DB?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
expires
Thu, 01 Jan 1970 00:00:00 GMT
SPug
image4.pubmatic.com/AdServer/ Frame 1C46
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=CC18DE48-720C-4EAB-9594-EF53DDE728DB&redir=true&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-51n8RQtE2uW6vSJw_LvWoqzbIftR0XA-~A&gdpr=0&gdpr_consent=
0
48 B
Image
General
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-51n8RQtE2uW6vSJw_LvWoqzbIftR0XA-~A&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:29 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Fri, 11 Jun 2021 23:34:30 GMT
Server
ATS/7.1.2.128
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-51n8RQtE2uW6vSJw_LvWoqzbIftR0XA-~A&gdpr=0&gdpr_consent=
Connection
keep-alive
Content-Length
0
Pug
image2.pubmatic.com/AdServer/ Frame 1C46
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=upL49uqRq_ehw6P36MS2_L2Tr_ShlKPx6pI4v68u
42 B
272 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=upL49uqRq_ehw6P36MS2_L2Tr_ShlKPx6pI4v68u
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug014:0:385
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:27 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=upL49uqRq_ehw6P36MS2_L2Tr_ShlKPx6pI4v68u
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 1C46
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
  • https://ads.betweendigital.com/match?bidder_id=43092&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dpubmatic%26expires%3D30%26user_group%3D%24...
  • https://ads.betweendigital.com/match?bidder_id=43092&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dpubmatic%26expires%3D30%26user_group%3D%24...
  • https://x.bidswitch.net/sync?dsp_id=429&user_id=d7dd45ae-3f61-52a3-8bc6-08a0eb05fba4&ssp=pubmatic&expires=30&user_group=1
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=161a6eb2-1263-45fc-a644-3e137bdabb83&gdpr=&gdpr_consent=&gdpr_pd=
1 B
181 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=161a6eb2-1263-45fc-a644-3e137bdabb83&gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:28 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug016:0:404
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
//simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=161a6eb2-1263-45fc-a644-3e137bdabb83&gdpr=&gdpr_consent=&gdpr_pd=
date
Fri, 11 Jun 2021 23:34:28 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
Pug
simage2.pubmatic.com/AdServer/ Frame 1C46
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YMPzBgABfXJXKwBg&gdpr=0&gdpr_consent=&_test=YMPzBgABfXJXKwBg
1 B
388 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YMPzBgABfXJXKwBg&gdpr=0&gdpr_consent=&_test=YMPzBgABfXJXKwBg
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug004:0:494
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:30 GMT
via
1.1 varnish
server
Varnish
x-timer
S1623454471.534299,VS0,VE0
x-served-by
cache-fra19154-FRA
x-cache
HIT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YMPzBgABfXJXKwBg&gdpr=0&gdpr_consent=&_test=YMPzBgABfXJXKwBg
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
Pug
simage2.pubmatic.com/AdServer/ Frame 1C46
Redirect Chain
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3837251083400129601&gdpr=0&gdpr_consent=&us_privacy=
1 B
186 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3837251083400129601&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug011:0:408
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3837251083400129601&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Fri, 11 Jun 2021 23:34:27 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
current
pubmatic-match.dotomi.com/match/bounce/ Frame 1C46
0
104 B
Image
General
Full URL
https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=CC18DE48-720C-4EAB-9594-EF53DDE728DB&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:12::1400 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:27 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
Pug
simage2.pubmatic.com/AdServer/ Frame 1C46
Redirect Chain
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:d97656d8-ef9c-40bd-a05d-d9b6967f2f24&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
42 B
187 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:d97656d8-ef9c-40bd-a05d-d9b6967f2f24&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:29 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug020:0:376
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:d97656d8-ef9c-40bd-a05d-d9b6967f2f24&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date
Fri, 11 Jun 2021 23:34:29 GMT
Server
Apache/2.4.41 (Ubuntu)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=3000
Content-Length
0
P3P
policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"
Pug
image2.pubmatic.com/AdServer/ Frame 1C46
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348&gdpr=0&gdpr_consent=
42 B
543 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug002:0:357
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:27 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348&gdpr=0&gdpr_consent=
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
greenoaks.gif
se-faire-rembourser.fr/detroitchicago/
0
127 B
XHR
General
Full URL
https://se-faire-rembourser.fr/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2ODQ5YThmYS01ZjY2LTQyMWItNzZjMy1lOWRlYzIxNmNjOWYiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImRhdGEiOlt7Im5hbWUiOiJwZXJmX2lzX3RyYWNrZWQiLCJ2YWwiOiIxIn0seyJuYW1lIjoicGVyZl9uYXZfdG9fY29ubmVjdCIsInZhbCI6Ijc5NiJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiMTI0OCJ9LHsibmFtZSI6InBlcmZfcmVzcF90aW1lIiwidmFsIjoiMTcifSx7Im5hbWUiOiJwZXJmX2ludGVyYWN0aXZlIiwidmFsIjoiMjcxIn0seyJuYW1lIjoicGVyZl9jb250ZW50bG9hZGVkIiwidmFsIjoiMjcxIn0seyJuYW1lIjoicGVyZl9jb21wbGV0ZSIsInZhbCI6IjU2NCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImRhdGEiOlt7Im5hbWUiOiJmaXJzdF9wYWludCIsInZhbCI6IjEzNDUifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2ODQ5YThmYS01ZjY2LTQyMWItNzZjMy1lOWRlYzIxNmNjOWYiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfY29udGVudGZ1bF9wYWludCIsInZhbCI6IjEzNDUifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2ODQ5YThmYS01ZjY2LTQyMWItNzZjMy1lOWRlYzIxNmNjOWYiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9lZmZlY3RpdmVfdHlwZSIsInZhbCI6IjRnIn1dfV0=
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2ODQ5YThmYS01ZjY2LTQyMWItNzZjMy1lOWRlYzIxNmNjOWYiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImRhdGEiOlt7Im5hbWUiOiJwZXJmX2lzX3RyYWNrZWQiLCJ2YWwiOiIxIn0seyJuYW1lIjoicGVyZl9uYXZfdG9fY29ubmVjdCIsInZhbCI6Ijc5NiJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiMTI0OCJ9LHsibmFtZSI6InBlcmZfcmVzcF90aW1lIiwidmFsIjoiMTcifSx7Im5hbWUiOiJwZXJmX2ludGVyYWN0aXZlIiwidmFsIjoiMjcxIn0seyJuYW1lIjoicGVyZl9jb250ZW50bG9hZGVkIiwidmFsIjoiMjcxIn0seyJuYW1lIjoicGVyZl9jb21wbGV0ZSIsInZhbCI6IjU2NCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImRhdGEiOlt7Im5hbWUiOiJmaXJzdF9wYWludCIsInZhbCI6IjEzNDUifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2ODQ5YThmYS01ZjY2LTQyMWItNzZjMy1lOWRlYzIxNmNjOWYiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfY29udGVudGZ1bF9wYWludCIsInZhbCI6IjEzNDUifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2ODQ5YThmYS01ZjY2LTQyMWItNzZjMy1lOWRlYzIxNmNjOWYiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9lZmZlY3RpdmVfdHlwZSIsInZhbCI6IjRnIn1dfV0=
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0; ezosuigeneris=251b488d40df53af8010083a8c3b159f; _ga=GA1.2.1439056393.1623454467; _gid=GA1.2.475314487.1623454467; _gat_gtag_UA_102382503_1=1; __qca=P0-2059049300-1623454466672; ezux_lpl_134878=1623454466701|6849a8fa-5f66-421b-76c3-e9dec216cc9f|false; OB-USER-TOKEN=c93ec685-b0c7-4730-928b-9c895fae57a0; __gads=ID=aeba1a184a307383-226cbc9a5ec800c5:T=1623454466:S=ALNI_MaEcMflFFPx4iMw0AMxeo2dZJg-Qw
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 10 Jun 2021 23:34:27 UTC
greenoaks.gif
se-faire-rembourser.fr/detroitchicago/
0
42 B
XHR
General
Full URL
https://se-faire-rembourser.fr/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2ODQ5YThmYS01ZjY2LTQyMWItNzZjMy1lOWRlYzIxNmNjOWYiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9kb3dubGluayIsInZhbCI6IjkuMSJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImRhdGEiOlt7Im5hbWUiOiJjb25uZWN0aW9uX3J0dCIsInZhbCI6IjAifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2ODQ5YThmYS01ZjY2LTQyMWItNzZjMy1lOWRlYzIxNmNjOWYiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfcmVxdWVzdCIsInZhbCI6IjE1MjUifV19XQ==
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2ODQ5YThmYS01ZjY2LTQyMWItNzZjMy1lOWRlYzIxNmNjOWYiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9kb3dubGluayIsInZhbCI6IjkuMSJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImRhdGEiOlt7Im5hbWUiOiJjb25uZWN0aW9uX3J0dCIsInZhbCI6IjAifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2ODQ5YThmYS01ZjY2LTQyMWItNzZjMy1lOWRlYzIxNmNjOWYiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfcmVxdWVzdCIsInZhbCI6IjE1MjUifV19XQ==
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0; ezosuigeneris=251b488d40df53af8010083a8c3b159f; _ga=GA1.2.1439056393.1623454467; _gid=GA1.2.475314487.1623454467; _gat_gtag_UA_102382503_1=1; __qca=P0-2059049300-1623454466672; ezux_lpl_134878=1623454466701|6849a8fa-5f66-421b-76c3-e9dec216cc9f|false; OB-USER-TOKEN=c93ec685-b0c7-4730-928b-9c895fae57a0; __gads=ID=aeba1a184a307383-226cbc9a5ec800c5:T=1623454466:S=ALNI_MaEcMflFFPx4iMw0AMxeo2dZJg-Qw
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 10 Jun 2021 23:34:26 UTC
sodar
pagead2.googlesyndication.com/getconfig/
10 KB
8 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060901&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
70b4828d446756ec95bcfb58fc19ff7974d57c03f98b4d80330a1969c3959643
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Jun 2021 23:34:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7931
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1622653785071769"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6437
x-xss-protection
0
expires
Fri, 11 Jun 2021 23:34:27 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/223/ Frame FACE
12 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/223/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://se-faire-rembourser.fr/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://se-faire-rembourser.fr/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
content-length
5022
date
Fri, 11 Jun 2021 21:01:38 GMT
expires
Sat, 11 Jun 2022 21:01:38 GMT
last-modified
Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
9169
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 00C8
783 B
531 B
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
14fbeec2dab25c504965a03dad472088ca80aec3491ad5985ab7c737c05fd764
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-tB7PPeiDBLzbPRnEB3gkbw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/aframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://se-faire-rembourser.fr/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://se-faire-rembourser.fr/

Response headers

expires
Fri, 11 Jun 2021 23:34:27 GMT
date
Fri, 11 Jun 2021 23:34:27 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-tB7PPeiDBLzbPRnEB3gkbw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
512
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js
pagead2.googlesyndication.com/bg/ Frame FACE
14 KB
6 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b44eb85c6d5c5c01e075166a2ee52630b0b23ae43db3b2c4fe42ffc4e110cf2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 16:17:02 GMT
content-encoding
br
x-content-type-options
nosniff
age
26245
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5784
x-xss-protection
0
last-modified
Mon, 31 May 2021 08:58:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 11 Jun 2022 16:17:02 GMT
gen_204
pagead2.googlesyndication.com/pagead/
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=223&t=2&li=gpt_2021060901&jk=3443079428757219&bg=!REelRwPNAAY6sG-_OrA7ACkAdvg8WrbMJVXg8n4xg5ltyntWJoLGWcwkEiXQhPjXn60YOJfrs5Qi-wIAAABbUgAAAAtoAQeZAnRJdrRFZ9FDKTWEK6UvMAckU0I7fHMzVtcSmpCvPOL3XGR36Eb_fZqlZjxGZ9pc6Mr7vqUl_RlYyr64eR7iDzGlthXe3OPIK24hpk1mHpR0qU_X_qtx5cL4V_N2JyA8PfHonXuwYNNivudo3aTcAoTHA7D8OnmzGuTIj5SOWpsjDOgH4pSTSdrDgRroG--p18BfZfct3yOfsOJ3EGdXG-LCnwBNv8-RnibT4nJddwcuvUl52X0Am97MJjQDkp8CyD4SLRvKOLFNpx92qW7Aql2tksm5I52y4x2xVs21hZXknz2BhELQe8r5mlHfrG-tTQUyQ2rt9u42N0r1vS2LWVZTZQmjNGRXmeCDeAY4gxpdeoti2Dnlf1h4DCdeJnxrgywx_MZTuZySBhbVBD_P6w35lsJNWTPkXa2ewuzhBghIvwHpRB1-jmfBJLuGn9k4AOxANzYTYknMYOfn2cfN2WWkCie8tkVKO7cXHmJuImb7pbZdaEgChidF5YkhzH1BipAOE7IWkhnkHawC7-w41nMiCqbfdMAFnpDKmfUVwzZv8pS_uO7FvrsSdL99X_J18QqoXA4OP_ZBRFmJjOtiOxrZ26S5WXtYPh1kQ19m_7cH4I4YI7HOiaVyKhkR6X02mK3vcU0GFO-8vi4mamgdMkpI5BQw8Pe3NogdT8rk8ADgZVA7iXVibknT43Dp35X1kIkzkQDCTIXzelROP9MzpZI1YJJfVNebeXT7mJI0kSD0aKb74frhX-qYNQ63wF6SeLgYZViJdwVxkyx_5rywk8y6zndJIwlFRjrl5vsCtTPny900mCuukFRUWt3-uxuFNMoFZoli
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:28 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
lcpel.go
se-faire-rembourser.fr/cheetah/
0
95 B
XHR
General
Full URL
https://se-faire-rembourser.fr/cheetah/lcpel.go
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-fetch-mode
cors
origin
https://se-faire-rembourser.fr
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
empty
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0; ezosuigeneris=251b488d40df53af8010083a8c3b159f; _ga=GA1.2.1439056393.1623454467; _gid=GA1.2.475314487.1623454467; _gat_gtag_UA_102382503_1=1; __qca=P0-2059049300-1623454466672; ezux_lpl_134878=1623454466701|6849a8fa-5f66-421b-76c3-e9dec216cc9f|false; OB-USER-TOKEN=c93ec685-b0c7-4730-928b-9c895fae57a0; __gads=ID=5d0b35baab60a9bb-22cdb05e5dc800fb:T=1623454467:S=ALNI_MbiOzcQORQU1mv8pytCgL-qh_t3EA
content-length
1764
:path
/cheetah/lcpel.go
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type
text/plain
accept
*/*
cache-control
no-cache
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
POST
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://se-faire-rembourser.fr
date
Fri, 11 Jun 2021 23:34:28 GMT
cache-control
max-age=0,must-revalidate,no-cache,no-store
server
nginx/1.16.0
content-length
0
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
SPug
simage4.pubmatic.com/AdServer/ Frame 1C46
0
375 B
Script
General
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=156657&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-cnection
close
date
Fri, 11 Jun 2021 23:34:27 GMT
content-encoding
gzip
server
Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-cache
content-type
text/plain; charset=utf-8
integrator.js
adservice.google.ch/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.ch/adsid/integrator.js?domain=se-faire-rembourser.fr
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Jun 2021 23:34:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=se-faire-rembourser.fr
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Jun 2021 23:34:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
15 KB
9 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3443079428757219&correlator=1704434274074842&output=ldjh&impl=fifs&eid=31060979%2C31061040%2C31061279%2C31061289%2C31061361%2C31061428%2C31061030%2C31061165%2C44744015&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210611&iu_parts=21732118914%2Cse_faire_rembourser_fr-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C370x320%7C430x350%7C410x410&ris=3&rcs=1&prev_scp=a%3D%257C5%257C%26iid16%3D1578748%26iit%3D9%26t%3D134%26d%3D134878%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D5302779%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dse_faire_rembourser_fr-medrectangle-2-1578748%26eb_br%3D8a72b14553d8dfd39917a04b6b74550d%2C39abb99448d54704c4afa42efe76e15d%26eba%3D1%26ebss%3D10017%2C10082%2C10015%2C11304%2C11307%26bv%3D23%26bvm%3D0%26bvr%3D3%26shp%3D1%26br1%3D1100%26br2%3D1300%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C14%2C120%2C67%2C51%2C122%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919%2C21%26ax_ssid%3D10082%26amznbid%3D2%26amznsz%3D0x0%26amznp%3D2%26lb%3D2100%26reqt%3D1623454470069&eri=1&cookie=ID%3D5d0b35baab60a9bb-22cdb05e5dc800fb%3AT%3D1623454467%3AS%3DALNI_MbiOzcQORQU1mv8pytCgL-qh_t3EA&bc=31&abxe=1&lmt=1623454470&dt=1623454470075&dlt=1623454466122&idt=460&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=1108&adks=420182401&ucis=3&ifi=3&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fse-faire-rembourser.fr%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x-1&msz=728x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1439056393.1623454467&ga_sid=1623454467&ga_hid=1472409148&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
1b20bf6fcbbba8201d9fd35353ac406a72e7993d6c192f924dbdc7feb1e3fe87
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8794
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://se-faire-rembourser.fr
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/
459 B
274 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3443079428757219&correlator=563109521113273&output=ldjh&impl=fifs&eid=31060979%2C31061040%2C31061279%2C31061289%2C31061361%2C31061428%2C31061030%2C31061165%2C44744015&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210611&iu_parts=21732118914%2Cse_faire_rembourser_fr-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x250%7C370x320%7C410x340%7C430x410&ris=3&rcs=1&prev_scp=a%3D%257C2%257C%26iid16%3D1569149%26iit%3D8%26t%3D134%26d%3D134878%26t1%3D134%26pvc%3D0%26ap%3D1121%26sap%3D1121%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D5302779%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dse_faire_rembourser_fr-box-2-1569149%26eb_br%3D13505aceb7f83a105b073aa7cc81124c%2Cc410f2a2b0c2123f4b6651cda6c5cf53%26eba%3D1%26ebss%3D10017%2C10082%2C10015%2C11304%2C11307%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26acptad%3D1%26br1%3D950%26br2%3D240%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D86%2C168%2C28%2C4%2C96%2C122%2C93%2C20%2C26%2C30%2C143%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919%26ax_ssid%3D10082%26amznbid%3D2%26amznsz%3D0x0%26amznp%3D2%26lb%3D1900%26reqt%3D1623454470071&eri=1&cookie=ID%3D5d0b35baab60a9bb-22cdb05e5dc800fb%3AT%3D1623454467%3AS%3DALNI_MbiOzcQORQU1mv8pytCgL-qh_t3EA&bc=31&abxe=1&lmt=1623454470&dt=1623454470078&dlt=1623454466122&idt=460&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=484&adks=1834618358&ucis=4&ifi=4&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fse-faire-rembourser.fr%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1270x250&msz=970x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1439056393.1623454467&ga_sid=1623454467&ga_hid=1472409148&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
26b458d9fbaf4dbbd2ae6bd3800747352317a437cb1d76506f05cf0fc3fbdb6a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
245
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://se-faire-rembourser.fr
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
showad.js
ads.pubmatic.com/AdServer/js/ Frame D335
38 KB
14 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method
GET
:authority
ads.pubmatic.com
:scheme
https
:path
/AdServer/js/showad.js
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/AdServer/js/showad.js
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
KADUSERCOOKIE=CC18DE48-720C-4EAB-9594-EF53DDE728DB; chkChromeAb67Sec=1; DPSync3=1623456000%3A174%7C1624579200%3A197_219_201; SyncRTB3=1624233600%3A63%7C1624579200%3A166_99_21_3_81_55_161_56_8_22_7_71_234_54%7C1623974400%3A15_223_2%7C1625961600%3A203%7C1624665600%3A35; KRTBCOOKIE_188=3189-935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348; PUBMDCID=3; KRTBCOOKIE_57=22776-2704169103602060831; KRTBCOOKIE_153=19420-upL49uqRq_ehw6P36MS2_L2Tr_ShlKPx6pI4v68u&KRTB&22979-upL49uqRq_ehw6P36MS2_L2Tr_ShlKPx6pI4v68u; KRTBCOOKIE_22=14911-3837251083400129601; KRTBCOOKIE_377=6810-77b35e64-c047-4bd2-9143-c67bec6afe36&KRTB&22918-77b35e64-c047-4bd2-9143-c67bec6afe36&KRTB&23031-77b35e64-c047-4bd2-9143-c67bec6afe36; KRTBCOOKIE_594=17105-RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003&KRTB&17107-RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003; KRTBCOOKIE_391=22924-8807254954247102491&KRTB&23263-8807254954247102491; KRTBCOOKIE_466=16530-161a6eb2-1263-45fc-a644-3e137bdabb83; SPugT=1623454467; KRTBCOOKIE_80=22987-CAESEKT3UG2L1bUFv0_qbm6g4ZQ&KRTB&16514-CAESEKT3UG2L1bUFv0_qbm6g4ZQ&KRTB&23025-CAESEKT3UG2L1bUFv0_qbm6g4ZQ; PugT=1623454469; KRTBCOOKIE_699=22727-AABtmk7Bh-YAADJYgSTr6w; repi=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

last-modified
Tue, 11 May 2021 05:24:02 GMT
etag
"13006b6-96ca-5c2071a26cca4"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
13964
content-type
text/html; charset=UTF-8
cache-control
public, max-age=25437
expires
Sat, 12 Jun 2021 06:38:27 GMT
date
Fri, 11 Jun 2021 23:34:30 GMT
vary
Accept-Encoding
PugMaster
image6.pubmatic.com/AdServer/ Frame D335
2 KB
3 KB
Script
General
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=40850681&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
374f8ce460fc3e9c1db50a4e22cb96fe5c9b98036dc9402631a802243bbf16a4

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Pug
image2.pubmatic.com/AdServer/ Frame 8C39
Redirect Chain
  • https://green.erne.co/pubmatic/cm?
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=DOttQozx3RZCkela8jwRW9hm
42 B
217 B
Document
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=DOttQozx3RZCkela8jwRW9hm
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method
GET
:authority
image2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=DOttQozx3RZCkela8jwRW9hm
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
KADUSERCOOKIE=CC18DE48-720C-4EAB-9594-EF53DDE728DB; KRTBCOOKIE_188=3189-935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348; PUBMDCID=3; KRTBCOOKIE_57=22776-2704169103602060831; KRTBCOOKIE_153=19420-upL49uqRq_ehw6P36MS2_L2Tr_ShlKPx6pI4v68u&KRTB&22979-upL49uqRq_ehw6P36MS2_L2Tr_ShlKPx6pI4v68u; KRTBCOOKIE_22=14911-3837251083400129601; KRTBCOOKIE_377=6810-77b35e64-c047-4bd2-9143-c67bec6afe36&KRTB&22918-77b35e64-c047-4bd2-9143-c67bec6afe36&KRTB&23031-77b35e64-c047-4bd2-9143-c67bec6afe36; KRTBCOOKIE_594=17105-RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003&KRTB&17107-RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003; KRTBCOOKIE_391=22924-8807254954247102491&KRTB&23263-8807254954247102491; KRTBCOOKIE_466=16530-161a6eb2-1263-45fc-a644-3e137bdabb83; KRTBCOOKIE_80=22987-CAESEKT3UG2L1bUFv0_qbm6g4ZQ&KRTB&16514-CAESEKT3UG2L1bUFv0_qbm6g4ZQ&KRTB&23025-CAESEKT3UG2L1bUFv0_qbm6g4ZQ; KRTBCOOKIE_699=22727-AABtmk7Bh-YAADJYgSTr6w; chkChromeAb67Sec=2; DPSync3=1624579200%3A232_197_219_201_221_226_227%7C1623456000%3A174; SyncRTB3=1625961600%3A203%7C1624233600%3A63%7C1624579200%3A3_234_189_176_166_56_22_7_8_55_161_71_88_165_21_54_220_99_204_222_13_230_81%7C1623974400%3A67_223_15_2%7C1624665600%3A35; SPugT=1623454469; KRTBCOOKIE_1101=23040-6972683855199860881; PugT=1623454470; KRTBCOOKIE_1074=22956-e_0e9b6ab9-4333-4854-b441-70524bb09764
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Fri, 11 Jun 2021 23:34:30 GMT
content-type
image/gif; charset=utf-8
content-length
42
set-cookie
KRTBCOOKIE_409=22966-DOttQozx3RZCkela8jwRW9hm; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 11-Jul-2021 23:34:30 GMT; path=/ PugT=1623454470; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 11-Jul-2021 23:34:30 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Thu, 09-Sep-2021 23:34:30 GMT; path=/
x-lat
lhrpug006:0:486
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

server
openresty
date
Fri, 11 Jun 2021 23:34:30 GMT
content-length
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
set-cookie
u=DOttQozx3RZCkela8jwRW9hm; Max-Age=31536000; Domain=.erne.co; Path=/; Secure; SameSite=None
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=DOttQozx3RZCkela8jwRW9hm
strict-transport-security
max-age=0; includeSubDomains;
dpe
ad4m.at/ad/ Frame 75B1
42 B
1009 B
Document
General
Full URL
https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method
GET
:authority
ad4m.at
:scheme
https
:path
/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
content-type
image/gif
content-length
42
report-to
{"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel
{"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires
0
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy
geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy
same-origin
pragma
no-cache
surrogate-control
no-store
x-fastcgi-cache
BYPASS
x-backend-server
adsrv-7d3s
via
1.1 google
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-request-id
0a9f0669710000d6b1f51a7000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
65dea688baedd6b1-FRA
bridge
cm.adgrx.com/ Frame 8B0B
43 B
408 B
Document
General
Full URL
https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
72.251.241.196 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
Cowboy /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Host
cm.adgrx.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://ads.pubmatic.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

Date
Fri, 11 Jun 2021 23:34:30 GMT
Content-Type
image/gif
Content-Length
43
Connection
keep-alive
server
Cowboy
X-RealServer-NX
ams-delivery-5
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Pragma
no-cache
Expires
Thu, 23 Sep 2004 17:42:04 GMT
P3P
CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin
*
i.match
s.tribalfusion.com/z/ Frame B72A
Redirect Chain
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...
43 B
440 B
Document
General
Full URL
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

:method
GET
:authority
s.tribalfusion.com
:scheme
https
:path
/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
ANON_ID=a8noeUw5EGMAaINWfWDKhn3WZa60ETOmGFSi2ZaNw0
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
content-type
image/gif; charset=utf-8
content-length
43
p3p
CP="NOI DEVo TAIa OUR BUS"
x-function
302
cache-control
no-cache private
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
set-cookie
ANON_ID=aynseFRwEfFS2QVormviwUAr6jHxaK7QPN5bvtMUuOtE7ZayGrZcmkROQxXwtHHWAacNFlFB3ZbdoUAfD8FD3sy; path=/; domain=.tribalfusion.com; expires=Thu, 09-Sep-2021 23:34:30 GMT; SameSite=None; Secure; ANON_ID_old=aynseFRwEfFS2QVormviwUAr6jHxaK7QPN5bvtMUuOtE7ZayGrZcmkROQxXwtHHWAacNFlFB3ZbdoUAfD8FD3sy; path=/; domain=.tribalfusion.com; expires=Thu, 09-Sep-2021 23:34:30 GMT;
cf-cache-status
DYNAMIC
cf-request-id
0a9f066a1b000053732480c000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
65dea689cc9d5373-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

date
Fri, 11 Jun 2021 23:34:30 GMT
content-type
text/html
p3p
CP="NOI DEVo TAIa OUR BUS"
x-function
206
x-reuse-index
243
cache-control
no-cache private
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
set-cookie
ANON_ID=a8noeUw5EGMAaINWfWDKhn3WZa60ETOmGFSi2ZaNw0; path=/; domain=.tribalfusion.com; expires=Thu, 09-Sep-2021 23:34:30 GMT; SameSite=None; Secure; ANON_ID_old=a8noeUw5EGMAaINWfWDKhn3WZa60ETOmGFSi2ZaNw0; path=/; domain=.tribalfusion.com; expires=Thu, 09-Sep-2021 23:34:30 GMT;
location
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
cf-cache-status
DYNAMIC
cf-request-id
0a9f06696b00005373162c3000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
65dea688aaa65373-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Pug
simage2.pubmatic.com/AdServer/ Frame 6785
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=557219&ev=1&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&piggybackCookie=%%VGUID%%
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=v5oUkGZdsq2x&pid=557219
1 B
69 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=v5oUkGZdsq2x&pid=557219
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

:method
GET
:authority
simage2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=v5oUkGZdsq2x&pid=557219
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
KADUSERCOOKIE=CC18DE48-720C-4EAB-9594-EF53DDE728DB; KRTBCOOKIE_188=3189-935e5ff5-6be3-4dbd-86cd-ada5c3e3b0dd-60c3f303-4348; PUBMDCID=3; KRTBCOOKIE_57=22776-2704169103602060831; KRTBCOOKIE_153=19420-upL49uqRq_ehw6P36MS2_L2Tr_ShlKPx6pI4v68u&KRTB&22979-upL49uqRq_ehw6P36MS2_L2Tr_ShlKPx6pI4v68u; KRTBCOOKIE_22=14911-3837251083400129601; KRTBCOOKIE_377=6810-77b35e64-c047-4bd2-9143-c67bec6afe36&KRTB&22918-77b35e64-c047-4bd2-9143-c67bec6afe36&KRTB&23031-77b35e64-c047-4bd2-9143-c67bec6afe36; KRTBCOOKIE_594=17105-RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003&KRTB&17107-RX-bdc9c5d6-382f-4dad-9141-e47cce667a1d-003; KRTBCOOKIE_391=22924-8807254954247102491&KRTB&23263-8807254954247102491; KRTBCOOKIE_466=16530-161a6eb2-1263-45fc-a644-3e137bdabb83; KRTBCOOKIE_80=22987-CAESEKT3UG2L1bUFv0_qbm6g4ZQ&KRTB&16514-CAESEKT3UG2L1bUFv0_qbm6g4ZQ&KRTB&23025-CAESEKT3UG2L1bUFv0_qbm6g4ZQ; KRTBCOOKIE_699=22727-AABtmk7Bh-YAADJYgSTr6w; chkChromeAb67Sec=2; DPSync3=1624579200%3A232_197_219_201_221_226_227%7C1623456000%3A174; SyncRTB3=1625961600%3A203%7C1624233600%3A63%7C1624579200%3A3_234_189_176_166_56_22_7_8_55_161_71_88_165_21_54_220_99_204_222_13_230_81%7C1623974400%3A67_223_15_2%7C1624665600%3A35; SPugT=1623454469; KRTBCOOKIE_1101=23040-6972683855199860881; PugT=1623454470; KRTBCOOKIE_1074=22956-e_0e9b6ab9-4333-4854-b441-70524bb09764; KRTBCOOKIE_27=16735-uid:b7e460c3-f306-4f00-978e-6e0b28012d4d&KRTB&16736-uid:b7e460c3-f306-4f00-978e-6e0b28012d4d&KRTB&23019-uid:b7e460c3-f306-4f00-978e-6e0b28012d4d&KRTB&23114-uid:b7e460c3-f306-4f00-978e-6e0b28012d4d; KRTBCOOKIE_218=22978-YMPzBgABfXJXKwBg&KRTB&23194-YMPzBgABfXJXKwBg&KRTB&23209-YMPzBgABfXJXKwBg&KRTB&23244-YMPzBgABfXJXKwBg
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Fri, 11 Jun 2021 23:34:30 GMT
content-type
text/html; charset=utf-8
content-length
1
set-cookie
PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Thu, 09-Sep-2021 23:34:30 GMT; path=/
x-lat
lhrpug018:0:469
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cw-server
bh-deployment-8474b759f8-ddrjw
cache-control
private, max-age=0, no-cache, no-store
expires
-1
content-language
en-US
set-cookie
V=v5oUkGZdsq2x;Version=0;Secure;Path=/;Domain=.contextweb.com;Expires=Mon, 06-Jun-2022 23:34:30 GMT;Max-Age=31104000;SameSite=None
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=v5oUkGZdsq2x&pid=557219
server
Jetty(9.4.14.v20181114)
strict-transport-security
max-age=15768000
rtb-h
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame A10F
Redirect Chain
  • https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
  • https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=0df1c988-1a3c-4fb9-bea1-3502b2691d1c-tuct7bd7886&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...
0
147 B
Document
General
Full URL
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=0df1c988-1a3c-4fb9-bea1-3502b2691d1c-tuct7bd7886&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method
GET
:authority
match.taboola.com
:scheme
https
:path
/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=0df1c988-1a3c-4fb9-bea1-3502b2691d1c-tuct7bd7886&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
t_gid=0df1c988-1a3c-4fb9-bea1-3502b2691d1c-tuct7bd7886
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
accept-ranges
bytes
date
Fri, 11 Jun 2021 23:34:30 GMT
via
1.1 varnish
x-served-by
cache-fra19175-FRA
x-cache
MISS
x-cache-hits
0
x-timer
S1623454471.645248,VS0,VE8
content-length
0

Redirect headers

server
nginx
set-cookie
t_gid=0df1c988-1a3c-4fb9-bea1-3502b2691d1c-tuct7bd7886;Version=1;Path=/;Domain=.taboola.com;Expires=Sat, 11-Jun-2022 23:34:30 GMT;Max-Age=31536000;Secure;SameSite=None
location
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=0df1c988-1a3c-4fb9-bea1-3502b2691d1c-tuct7bd7886&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
accept-ranges
bytes
date
Fri, 11 Jun 2021 23:34:30 GMT
via
1.1 varnish
x-served-by
cache-hhn11535-HHN
x-cache
MISS
x-cache-hits
0
x-timer
S1623454471.530829,VS0,VE60
x-vcl-time-ms
60
content-length
0
usersync
rtb.gumgum.com/ Frame E5A0
35 B
237 B
Document
General
Full URL
https://rtb.gumgum.com/usersync?b=pbm&i=CC18DE48-720C-4EAB-9594-EF53DDE728DB
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-122-11.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method
GET
:authority
rtb.gumgum.com
:scheme
https
:path
/usersync?b=pbm&i=CC18DE48-720C-4EAB-9594-EF53DDE728DB
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
vst=e_0e9b6ab9-4333-4854-b441-70524bb09764
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*
Artemis
aud.pubmatic.com/AdServer/ Frame D335
Redirect Chain
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=CC18DE48-720C-4EAB-9594-EF53DDE728DB&gdpr=
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=CC18DE48-720C-4EAB-9594-EF53DDE728DB&gdpr=&fbounce=1
  • https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=CC18DE48-720C-4EAB-9594-EF53DDE728DB&addseg=31
7 B
78 B
Image
General
Full URL
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=CC18DE48-720C-4EAB-9594-EF53DDE728DB&addseg=31
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.87 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
content-length
7
content-type
text/plain; charset=utf-8

Redirect headers

date
Fri, 11 Jun 2021 23:34:30 GMT
via
1.1 google
p3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=CC18DE48-720C-4EAB-9594-EF53DDE728DB&addseg=31
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type
text/html; charset=utf-8
alt-svc
clear
content-length
135
info2
uipglob.semasio.net/pubmatic/1/ Frame D335
Redirect Chain
  • https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=CC18DE48-720C-4EAB-9594-EF53DDE728DB&sInitiator=external&gdpr=0&gdpr_consent=
  • https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=CC18DE48-720C-4EAB-9594-EF53DDE728DB&sInitiator=external&gdpr=0&gdpr_consent=
42 B
603 B
Image
General
Full URL
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=CC18DE48-720C-4EAB-9594-EF53DDE728DB&sInitiator=external&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
77.243.60.138 Hjørring, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software
/
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:31 GMT
frontend-id
4
p3p
policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin
*
uip-response-status
Ok
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
routing-server-id
-1
expires
Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:31 GMT
frontend-id
9
location
/pubmatic/1/info2?sType=sync&sExtCookieId=CC18DE48-720C-4EAB-9594-EF53DDE728DB&sInitiator=external&gdpr=0&gdpr_consent=
p3p
policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin
*
uip-response-status
Ok
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
0
routing-server-id
-1
expires
Sat, 01 Jan 2011 12:00:00 GMT
mw
mwzeom.zeotap.com/ Frame D335
95 B
490 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=CC18DE48-720C-4EAB-9594-EF53DDE728DB
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://ads.pubmatic.com
access-control-allow-credentials
true
cf-ray
65dea688ab6c4ac3-FRA
access-control-allow-headers
*
content-length
95
cf-request-id
0a9f06696500004ac3311b9000000001
/
loadm.exelator.com/load/ Frame D335
Redirect Chain
  • https://loadm.exelator.com/load/?p=204&g=71&buid=CC18DE48-720C-4EAB-9594-EF53DDE728DB&gdpr=0&gdpr_consent=&j=0
  • https://loadm.exelator.com/load/?p=204&g=71&buid=CC18DE48-720C-4EAB-9594-EF53DDE728DB&gdpr=0&gdpr_consent=&j=0&xl8blockcheck=1
0
2 KB
Image
General
Full URL
https://loadm.exelator.com/load/?p=204&g=71&buid=CC18DE48-720C-4EAB-9594-EF53DDE728DB&gdpr=0&gdpr_consent=&j=0&xl8blockcheck=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.198.69.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:31 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

Redirect headers

date
Fri, 11 Jun 2021 23:34:31 GMT
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location
https://loadm.exelator.com/load/?p=204&g=71&buid=CC18DE48-720C-4EAB-9594-EF53DDE728DB&gdpr=0&gdpr_consent=&j=0&xl8blockcheck=1
cache-control
no-cache
access-control-allow-credentials
true
content-type
image/gif
content-length
0
Pug
image2.pubmatic.com/AdServer/ Frame D335
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=Q0MxOERFNDgtNzIwQy00RUFCLTk1OTQtRUY1M0RERTcyOERC&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
187 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug014:0:289
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:30 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubmatic
um.simpli.fi/ Frame D335
43 B
409 B
Image
General
Full URL
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.253.128.183 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS
b7.80.fd9f.ip4.static.sl-reverse.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Thu, 10 Jun 2021 23:34:30 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame D335
Redirect Chain
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=5583517991533504365
42 B
187 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=5583517991533504365
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:31 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug002:0:315
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:31 GMT
X-Proxy-Origin
185.156.175.116; 185.156.175.116; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.173.29:80
AN-X-Request-Uuid
6f2b0b6a-5df3-4483-9359-47a8c28a1542
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=5583517991533504365
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame D335
Redirect Chain
  • https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_0e9b6ab9-4333-4854-b441-70524bb09764
42 B
225 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_0e9b6ab9-4333-4854-b441-70524bb09764
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug002:0:467
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_0e9b6ab9-4333-4854-b441-70524bb09764
date
Fri, 11 Jun 2021 23:34:30 GMT
p3p
CP="This is not a P3P policy"
server
nginx
timing-allow-origin
*
content-length
0
content-language
en-US
container.html
258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3028
6 KB
3 KB
Document
General
Full URL
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-38/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://se-faire-rembourser.fr/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://se-faire-rembourser.fr/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
3108
date
Fri, 11 Jun 2021 23:34:27 GMT
expires
Sat, 11 Jun 2022 23:34:27 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, immutable, max-age=31536000
age
3
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/
73 KB
28 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
sffe /
Resource Hash
8f4b8d2def1fa5e09bafacbb8ac66e614d74f1cdbace1417cedef55c0d9a83db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1623410781212720"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28237
x-xss-protection
0
expires
Fri, 11 Jun 2021 23:34:30 GMT
greenoaks.gif
se-faire-rembourser.fr/detroitchicago/
0
65 B
XHR
General
Full URL
https://se-faire-rembourser.fr/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2ODQ5YThmYS01ZjY2LTQyMWItNzZjMy1lOWRlYzIxNmNjOWYiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjQ3MDAifV19XQ==
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2ODQ5YThmYS01ZjY2LTQyMWItNzZjMy1lOWRlYzIxNmNjOWYiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjQ3MDAifV19XQ==
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=251b488d40df53af8010083a8c3b159f; _ga=GA1.2.1439056393.1623454467; _gid=GA1.2.475314487.1623454467; _gat_gtag_UA_102382503_1=1; __qca=P0-2059049300-1623454466672; ezux_lpl_134878=1623454466701|6849a8fa-5f66-421b-76c3-e9dec216cc9f|false; OB-USER-TOKEN=c93ec685-b0c7-4730-928b-9c895fae57a0; __gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ; ezouspvv=1100; ezouspva=1; ezouspvh=1100
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 10 Jun 2021 23:34:30 UTC
army.gif
se-faire-rembourser.fr/porpoiseant/
0
19 B
XHR
General
Full URL
https://se-faire-rembourser.fr/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU3ODc0OCIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDkwNTI3MSwiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiIyIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxNTc4NzQ4IiwiZG9tYWluX2lkIjoiMTM0ODc4IiwidW5pdCI6ImRpdi1ncHQtYWQtc2VfZmFpcmVfcmVtYm91cnNlcl9mci1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzQ1NDQ2NSwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiNjg0OWE4ZmEtNWY2Ni00MjFiLTc2YzMtZTlkZWMyMTZjYzlmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTc0OTA1MjcxLCJjcmVhdGl2ZV9pZCI6MTM4MjQxMTIzNTE3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiOGE3MmIxNDU1M2Q4ZGZkMzk5MTdhMDRiNmI3NDU1MGQsMzlhYmI5OTQ0OGQ1NDcwNGM0YWZhNDJlZmU3NmUxNWQifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjE1Nzg3NDgiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZV9mYWlyZV9yZW1ib3Vyc2VyX2ZyLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MC4wMTEsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMTEsImJpZF9mbG9vcl9wcmV2IjowLjAyMSwic3RhdF9zb3VyY2VfaWQiOjM1LCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiNjg0OWE4ZmEtNWY2Ni00MjFiLTc2YzMtZTlkZWMyMTZjYzlmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTc0OTA1MjcxLCJjcmVhdGl2ZV9pZCI6MTM4MjQxMTIzNTE3LCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU3ODc0OCIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDkwNTI3MSwiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MjQxMTIzNTE3In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxNTc4NzQ4IiwiZG9tYWluX2lkIjoiMTM0ODc4IiwidW5pdCI6ImRpdi1ncHQtYWQtc2VfZmFpcmVfcmVtYm91cnNlcl9mci1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzQ1NDQ2NSwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiNjg0OWE4ZmEtNWY2Ni00MjFiLTc2YzMtZTlkZWMyMTZjYzlmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTc0OTA1MjcxLCJjcmVhdGl2ZV9pZCI6MTM4MjQxMTIzNTE3LCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiI0OTc0OTA1MjcxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU3ODc0OCIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDkwNTI3MSwiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiIyIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxNTc4NzQ4IiwiZG9tYWluX2lkIjoiMTM0ODc4IiwidW5pdCI6ImRpdi1ncHQtYWQtc2VfZmFpcmVfcmVtYm91cnNlcl9mci1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzQ1NDQ2NSwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiNjg0OWE4ZmEtNWY2Ni00MjFiLTc2YzMtZTlkZWMyMTZjYzlmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTc0OTA1MjcxLCJjcmVhdGl2ZV9pZCI6MTM4MjQxMTIzNTE3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiOGE3MmIxNDU1M2Q4ZGZkMzk5MTdhMDRiNmI3NDU1MGQsMzlhYmI5OTQ0OGQ1NDcwNGM0YWZhNDJlZmU3NmUxNWQifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjE1Nzg3NDgiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZV9mYWlyZV9yZW1ib3Vyc2VyX2ZyLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MC4wMTEsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMTEsImJpZF9mbG9vcl9wcmV2IjowLjAyMSwic3RhdF9zb3VyY2VfaWQiOjM1LCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiNjg0OWE4ZmEtNWY2Ni00MjFiLTc2YzMtZTlkZWMyMTZjYzlmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTc0OTA1MjcxLCJjcmVhdGl2ZV9pZCI6MTM4MjQxMTIzNTE3LCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU3ODc0OCIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDkwNTI3MSwiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MjQxMTIzNTE3In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxNTc4NzQ4IiwiZG9tYWluX2lkIjoiMTM0ODc4IiwidW5pdCI6ImRpdi1ncHQtYWQtc2VfZmFpcmVfcmVtYm91cnNlcl9mci1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzQ1NDQ2NSwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiNjg0OWE4ZmEtNWY2Ni00MjFiLTc2YzMtZTlkZWMyMTZjYzlmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTc0OTA1MjcxLCJjcmVhdGl2ZV9pZCI6MTM4MjQxMTIzNTE3LCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiI0OTc0OTA1MjcxIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=251b488d40df53af8010083a8c3b159f; _ga=GA1.2.1439056393.1623454467; _gid=GA1.2.475314487.1623454467; _gat_gtag_UA_102382503_1=1; __qca=P0-2059049300-1623454466672; ezux_lpl_134878=1623454466701|6849a8fa-5f66-421b-76c3-e9dec216cc9f|false; OB-USER-TOKEN=c93ec685-b0c7-4730-928b-9c895fae57a0; __gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ; ezouspvv=1100; ezouspva=1; ezouspvh=1100
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 10 Jun 2021 23:34:30 UTC
4974905271
g.ezoic.net/dac/
0
93 B
XHR
General
Full URL
https://g.ezoic.net/dac/4974905271
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/porpoiseant/banger.js?cb=195-2&bv=19&v=51&PageSpeed=off
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 11 Jun 2021 23:34:31 GMT
cache-control
max-age=3600, public
server
nginx/1.16.0
content-length
0
vary
Accept-Encoding
content-type
text/plain
army.gif
se-faire-rembourser.fr/porpoiseant/
0
19 B
XHR
General
Full URL
https://se-faire-rembourser.fr/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU3ODc0OCIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDkwNTI3MSwiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDYtMTIifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxIn0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjYifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU3ODc0OCIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDkwNTI3MSwiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDYtMTIifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxIn0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjYifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=251b488d40df53af8010083a8c3b159f; _ga=GA1.2.1439056393.1623454467; _gid=GA1.2.475314487.1623454467; _gat_gtag_UA_102382503_1=1; __qca=P0-2059049300-1623454466672; ezux_lpl_134878=1623454466701|6849a8fa-5f66-421b-76c3-e9dec216cc9f|false; OB-USER-TOKEN=c93ec685-b0c7-4730-928b-9c895fae57a0; __gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ; ezouspvv=1100; ezouspva=1; ezouspvh=1100
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 10 Jun 2021 23:34:30 UTC
army.gif
se-faire-rembourser.fr/porpoiseant/
0
52 B
XHR
General
Full URL
https://se-faire-rembourser.fr/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTU3ODc0OCIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImF1Y3Rpb25fZXBvY2giOjE2MjM0NTQ0NzEsImFkX3Bvc2l0aW9uIjoxMTAwLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiNjg0OWE4ZmEtNWY2Ni00MjFiLTc2YzMtZTlkZWMyMTZjYzlmIiwiYmlkX2Zsb29yX2luaXRpYWwiOjIxMDAsImJpZF9mbG9vcl9wcmV2IjoyMTAwLCJiaWRfZmxvb3JfZmlsbGVkIjoxMTAwLCJhdWN0aW9uX2NvdW50IjoyLCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjo3NDAsIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjowLCJuZXR3b3JrX2NvZGUiOjIxNzMyMTE4OTE0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjQ5NzQ5MDUyNzF9XQ==
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTU3ODc0OCIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImF1Y3Rpb25fZXBvY2giOjE2MjM0NTQ0NzEsImFkX3Bvc2l0aW9uIjoxMTAwLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiNjg0OWE4ZmEtNWY2Ni00MjFiLTc2YzMtZTlkZWMyMTZjYzlmIiwiYmlkX2Zsb29yX2luaXRpYWwiOjIxMDAsImJpZF9mbG9vcl9wcmV2IjoyMTAwLCJiaWRfZmxvb3JfZmlsbGVkIjoxMTAwLCJhdWN0aW9uX2NvdW50IjoyLCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjo3NDAsIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjowLCJuZXR3b3JrX2NvZGUiOjIxNzMyMTE4OTE0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjQ5NzQ5MDUyNzF9XQ==
pragma
no-cache
cookie
ezoadgid_134878=-1; ezoref_134878=; ezoab_134878=mod1; active_template::134878=pub_site.1623454465; ezopvc_134878=1; ezepvv=0; ezovid_134878=157736985; lp_134878=https://se-faire-rembourser.fr/; ezovuuidtime_134878=1623454466; ezovuuid_134878=e339246a-c084-4e71-7263-d4c45d876538; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=251b488d40df53af8010083a8c3b159f; _ga=GA1.2.1439056393.1623454467; _gid=GA1.2.475314487.1623454467; _gat_gtag_UA_102382503_1=1; __qca=P0-2059049300-1623454466672; ezux_lpl_134878=1623454466701|6849a8fa-5f66-421b-76c3-e9dec216cc9f|false; OB-USER-TOKEN=c93ec685-b0c7-4730-928b-9c895fae57a0; __gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ; ezouspvv=1100; ezouspva=1; ezouspvh=1100
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 10 Jun 2021 23:34:31 UTC
pixel
googleads.g.doubleclick.net/xbbe/ Frame D6DC
478 B
322 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CK3--rICEPyJ1cACGMPTzqIBMAE&v=APEucNWQWIN2-H0BX8zidghPwhpWWuKLzzQsMeQk_Ys_V_Cb0XOaIc6AvVb26FTH9i-vOy_j0ndomFjlMymSuKRuFew8SgPgLw
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/xbbe/pixel?d=CK3--rICEPyJ1cACGMPTzqIBMAE&v=APEucNWQWIN2-H0BX8zidghPwhpWWuKLzzQsMeQk_Ys_V_Cb0XOaIc6AvVb26FTH9i-vOy_j0ndomFjlMymSuKRuFew8SgPgLw
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUkg9_pxRxlm8chkPoxKKZs4zqj1EA4yEyaSWO-BBzXmiktmcuxD-EYgLMdJL0A
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Fri, 11 Jun 2021 23:34:30 GMT
server
cafe
cache-control
private
content-length
230
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ad
googleads.g.doubleclick.net/dbm/ Frame 3028
59 KB
24 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CMJtQlP2nXpaP1eAB1kCkcNCL2D-o6b-tIsadUWS80qqP90lVQru93n-YL5Dn7utQ7hOcSxxzy81QIkdrmlDsSvFVnpmOMzNIRG9HqAzM4BlPmIX1m77__aa9JHqG2CbXtCgfswau1xA1_Vuof3RSdRO53tA&dbm_d=AKAmf-A9hAj6J0pjk0qpj261qaXKcrXU5-bW9N3xppXGPtE9pt4IdwUTEfTkPaEAswRrm6kcIXU9WrYA1il_bEStiDMnwczVnLRKej1G8bstx7hqFtbPC03Z3c5kxZuNpGT3XKLqbYgQimFaKk91zHxBtHLo5OF-tvBUZS63CePwc-UVORcVPZTyxhcH1ReExwowCbtNZ8Z7Tx2fQmrxWwGzP3JwzwMDWxWStWr8z1GTBEOnbdfLRohG_2AslzlRTlZ-Ivk9g5wNSKHSKYMAvvtAlnCOSwlGB4P2fF2fwEBzJo1wiGRWIOohmaCDzWTTtXK7Q0_7YWuUAc4nDT9godjp3yS9OldvzjrCKl--1FFO78bqm-jGgOySSBwT29G7uC1wmCFy-CIVzGKs_E_yjc0nLuH90rhXoIlDYO7t0bYeAKJKT5FtMFMDK67e2cgDuKCnnfukbonFpZBdb84rjbFUT_2RIMQo2FtPV2XHA_w1oNA8UIuHXvTQSVePtd26hncimNwE-_MN6CJ-W-sLjh0wsUU5FdAHGHJmm1RXxMcz4JGorE4uCZ8xkTyLkPkPexVcVmhkj5HkZkCx1F7VgPndsc4HMaco5PIgTbcRmtFnem0ehCksCv6DQ_FpKtBv93sFyuwoY09hfQYnNH6JDQiBi6jWCg3vAvkWMAZvFnMt6Ed3O2WGFozHJ2WRavG1TzPS3uRFt3nLjKHJulFatlb9JywqtWsD20IX5wyV3M3r9MYon9JBcq5iEcZpCDalDvtM_QiNmh51jBRS3cWY9Y5Wlspo6J002PaHjvWzMLyEK1Y6j2TdTZBM6V8veQTYD1CzbSJih_2d7LDSIzlph-YV0jR3GxufW_lGgUEMVifJVwNcjbLS-3Or0B0BqQwJ4kf9MP74lCKfIOdwOVQY_RXv2okB3SxUBtT16ZslW_M40gDyZcjMvQt5bHAkITNx5cqyOSXE1cOkylyGmnVuVJe0hH4RpQDudwubUFVLgb1KMhomAMjkWwRsF0uKt2D8ub1ulj2tssp84HyYJt8-q7gaLtqqDcPIlyXAd46I-MQ6od_tMeebryc0_-GMNxwwLSt6LgY5IyR7lH3qEH3GQvP-r3Sr8F_hEVpMtBlr-wU9DbmHOUddy4-lwx7fxZn3Kp6lJEaedlobXI1xRXG3kpV8OvNJj0iYEDtwAiFmco0bmBLvOyo3uA16X83ezn_S-jADacwoRiVIKwVOHN2oHwPw0F8uGC2RHivf28otz1JS7WCGWKecYg6j38gxuJ18B33kuCDbXsGNEKxRffI6t4ciOvtwdA7ZLw7TLlJ0Ganf6czCTihE6xL57PYNBgwEyiCpMCeqeg8MaGcnLHRTfG9xgh4oJchgbeuvn2cXsEh4F2p2DV7n8Bcx6aHlTxjIf-QEPgkcu55SQLobSDMMfGpmyq5WJz418kkdsPgE70unGaT_5XeURBuHdLBXXl1VhtTpUT1A1fjMVZo9nAXuaponQ7c5YXTIBPlfrrWrbepgTuAgO0vLvTAu_z---za8jiI3laJBjiG3HAad43_ao25EVpMuTsNJIYbpXlDdgjTwv-Bi7YM-nj7ymgu_ucBUT3EJiQO0atdsA60UUyVHorrNuPPd2IhQ2JbuX11jAYLxUiX7SbapL8u0w6FSqeIC11ufaYgCAsVzUQjGVGFiKUMle_b7ThQCkSuoBDeDNp5L2DADHufoEsk88p1vJLEOGnVuHSgzHeIdk_ez6sJ4M5gCbr3qMHuPdowQ9vPwdt3Q1Ou0EpCoaJoSElVZrqNAEJkZgXNnjaSU5KhZLDZ_NXxVnG_QlsjSvSTZC1uncwQxsj--yLB4TvLLW0nlnue9fmfplCVOgRZ1_ZBeT5IH1xaBuyMA2oz-i7MHiGGuNS6SFKqP42ZNBf5tqnPDf0kDj8ZosEOOOAOtQZoUN0FDj0SF1pgGetkf_u4mBYiw56g-hEU1ocl18UFMGLspUXOGHEkUBQwWhIaMUIF5kQVddRvzPiwjJ6pq-nUnCZBRZkAqVuTUc5FM3WZQ0RLtJmiV08FKkKiQgy1LdjFysXZG-cwYUYO581dt-YYEdLeXQzkMZKT91_GPtJknnOVZFKjc307kF23iJuMrADEVkh9vKjtCil55Lxdxyj8b-obbCVrCp0Sj0zF7ruRIxW7qi_gKGytDWzYHvyLbPxnkvG26E152uLpROdN9JO_NC0C3x1b0U3f9ZM7I7s7s6hiuqEh1T9BwMrlcxXC0Jr_h-w8zYLw94CuUNi-FFEcdH58J72ZahR79yX2RkqA1h_838ll55atu5M4WNlh-ZBimlkU3QP-rhJMOuA-iAZz4uOBELjaADUOSEl5r1vOTZMCdaF9NnJdgF78EV60_fkzTYJBgOK4eqX_oW7A8mWmu3p9fDeJ0i_5knhurSD6Wbt3QjcitpTG3htrDs_mEWmaZT0iUzUhLfP9coPpbR6akWtjUQEdqJ9awGpKyLgsR81ZAyVGih2-lJ5D7OmFJLA8ADz9gg8e1reNv5Od-KxXfeVlnsA9ZKMSX8yTxymKh9rvuxwUxFtCkl-D7QLmpvih2wrzUloNClofok2lHoaGSU7FIk9rwNXqlaBlcqv2I-DuFBN6oKmPymQ7C7Ty86xjIX4-s-COjeWqvl3SnMI-FRSG9JQxC56gK0cPceTK0M8RZNkuG313djoH9nXlLFYNk4gqbB4dPFDviILMwT67Nl_vSLOAtN4KkZpKt94be1GV1s4O4MTt1WAOJ9pCCOvDSF9TcoOhSaUgbKrl9vDDt_JTequiquUqJ5yDBZqHqTuVEJe8m71W5hUwVz7Dw8xYcWI-KtVzMohd8NSWjDPTqzgX6QSbso3OMvLiUDRaz0W3oQE-slzQT1uUB-h6OpU5Rtt6dNTvX9k_upr4gpxO0BpTGyNu-7v9mYiMiAGzwVdcgbOFD54LPAwROkR_X6Tm2lrhuHYMzO27kZHDddxbwxNPwoGO3aqyoS0m1j86IURo2tnS16b7Bmea4R-_KMYbgNkL6Gl5M6UUmbXHqYciF_Q8k6KmpgrMZW3Dd8UQowUgiCLEaBMSnRAk64Li8nacC4w0fY-EzZi5pcFDoiA&cid=CAASEuRoUAT0zkbqFoDsej0VRW7S4A&rfl=1%2Chttps%253A%252F%252Fse-faire-rembourser.fr%252F%240
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6f75144d4452c331e3c59d636f43db16f9863fa3537266dcfa520506c1722ddc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:30 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24720
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 3028
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AlkbAuuPh1Sm_b_ye9Ef4fbkjzCKDgc_U2E3PExG6eI3SjogTFOD4qjSVERVJRxlsv5eZZyETo5cWwjgCdKsDAtHw3uQWj5D6gIQdaA4RMW0Vhcsg
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:30 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame 3028
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/window_focus_fy2019.js
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:17:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1031
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1316
x-xss-protection
0
server
cafe
etag
797314601362473214
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Jun 2021 23:17:19 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 3028
122 KB
37 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
sffe /
Resource Hash
34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:30 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1623410775224219"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38028
x-xss-protection
0
expires
Fri, 11 Jun 2021 23:34:30 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame 3028
13 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:31:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
164
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5644
x-xss-protection
0
server
cafe
etag
16788636151609896382
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Jun 2021 23:31:46 GMT
l
www.google.com/ads/measurement/ Frame 3028
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTFwaRdaH0-9vpqJJmQmA94KYHbsoHIYCVytvhdMYgrbM88ViKCnwFp84NcMWHmR47U4wuPnGNC_8YoOm2inGyJHNwkbA
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pixel
cm.g.doubleclick.net/ Frame D6DC
170 B
243 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK3--rICEPyJ1cACGMPTzqIBMAE&v=APEucNWQWIN2-H0BX8zidghPwhpWWuKLzzQsMeQk_Ys_V_Cb0XOaIc6AvVb26FTH9i-vOy_j0ndomFjlMymSuKRuFew8SgPgLw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:30 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame D6DC
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_dbm=&google_tc=
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEADrjaEshyuiR1CI0_xcnmg&google_cver=1
43 B
1014 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEADrjaEshyuiR1CI0_xcnmg&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK3--rICEPyJ1cACGMPTzqIBMAE&v=APEucNWQWIN2-H0BX8zidghPwhpWWuKLzzQsMeQk_Ys_V_Cb0XOaIc6AvVb26FTH9i-vOy_j0ndomFjlMymSuKRuFew8SgPgLw
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:31 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 11 Jun 2021 23:34:31 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:30 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEADrjaEshyuiR1CI0_xcnmg&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame D6DC
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMPzBrmcVDBbyJnR4TnCHAAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEADrjaEshyuiR1CI0_xcnmg&google_cver=1
43 B
894 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEADrjaEshyuiR1CI0_xcnmg&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK3--rICEPyJ1cACGMPTzqIBMAE&v=APEucNWQWIN2-H0BX8zidghPwhpWWuKLzzQsMeQk_Ys_V_Cb0XOaIc6AvVb26FTH9i-vOy_j0ndomFjlMymSuKRuFew8SgPgLw
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:31 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 11 Jun 2021 23:34:31 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:31 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEADrjaEshyuiR1CI0_xcnmg&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
html_inpage_rendering_lib_200_271.js
s0.2mdn.net/879366/ Frame 3028
176 KB
61 KB
Script
General
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2f126a8957c32db99e94d1bf7c9ed09fcd38ba99bd632ebd048f01f9c5f9c9b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 10:46:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
46090
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
62241
x-xss-protection
0
last-modified
Wed, 14 Oct 2020 18:02:47 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 12 Jun 2021 10:46:20 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/ Frame 3028
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CMJtQlP2nXpaP1eAB1kCkcNCL2D-o6b-tIsadUWS80qqP90lVQru93n-YL5Dn7utQ7hOcSxxzy81QIkdrmlDsSvFVnpmOMzNIRG9HqAzM4BlPmIX1m77__aa9JHqG2CbXtCgfswau1xA1_Vuof3RSdRO53tA&dbm_d=AKAmf-A9hAj6J0pjk0qpj261qaXKcrXU5-bW9N3xppXGPtE9pt4IdwUTEfTkPaEAswRrm6kcIXU9WrYA1il_bEStiDMnwczVnLRKej1G8bstx7hqFtbPC03Z3c5kxZuNpGT3XKLqbYgQimFaKk91zHxBtHLo5OF-tvBUZS63CePwc-UVORcVPZTyxhcH1ReExwowCbtNZ8Z7Tx2fQmrxWwGzP3JwzwMDWxWStWr8z1GTBEOnbdfLRohG_2AslzlRTlZ-Ivk9g5wNSKHSKYMAvvtAlnCOSwlGB4P2fF2fwEBzJo1wiGRWIOohmaCDzWTTtXK7Q0_7YWuUAc4nDT9godjp3yS9OldvzjrCKl--1FFO78bqm-jGgOySSBwT29G7uC1wmCFy-CIVzGKs_E_yjc0nLuH90rhXoIlDYO7t0bYeAKJKT5FtMFMDK67e2cgDuKCnnfukbonFpZBdb84rjbFUT_2RIMQo2FtPV2XHA_w1oNA8UIuHXvTQSVePtd26hncimNwE-_MN6CJ-W-sLjh0wsUU5FdAHGHJmm1RXxMcz4JGorE4uCZ8xkTyLkPkPexVcVmhkj5HkZkCx1F7VgPndsc4HMaco5PIgTbcRmtFnem0ehCksCv6DQ_FpKtBv93sFyuwoY09hfQYnNH6JDQiBi6jWCg3vAvkWMAZvFnMt6Ed3O2WGFozHJ2WRavG1TzPS3uRFt3nLjKHJulFatlb9JywqtWsD20IX5wyV3M3r9MYon9JBcq5iEcZpCDalDvtM_QiNmh51jBRS3cWY9Y5Wlspo6J002PaHjvWzMLyEK1Y6j2TdTZBM6V8veQTYD1CzbSJih_2d7LDSIzlph-YV0jR3GxufW_lGgUEMVifJVwNcjbLS-3Or0B0BqQwJ4kf9MP74lCKfIOdwOVQY_RXv2okB3SxUBtT16ZslW_M40gDyZcjMvQt5bHAkITNx5cqyOSXE1cOkylyGmnVuVJe0hH4RpQDudwubUFVLgb1KMhomAMjkWwRsF0uKt2D8ub1ulj2tssp84HyYJt8-q7gaLtqqDcPIlyXAd46I-MQ6od_tMeebryc0_-GMNxwwLSt6LgY5IyR7lH3qEH3GQvP-r3Sr8F_hEVpMtBlr-wU9DbmHOUddy4-lwx7fxZn3Kp6lJEaedlobXI1xRXG3kpV8OvNJj0iYEDtwAiFmco0bmBLvOyo3uA16X83ezn_S-jADacwoRiVIKwVOHN2oHwPw0F8uGC2RHivf28otz1JS7WCGWKecYg6j38gxuJ18B33kuCDbXsGNEKxRffI6t4ciOvtwdA7ZLw7TLlJ0Ganf6czCTihE6xL57PYNBgwEyiCpMCeqeg8MaGcnLHRTfG9xgh4oJchgbeuvn2cXsEh4F2p2DV7n8Bcx6aHlTxjIf-QEPgkcu55SQLobSDMMfGpmyq5WJz418kkdsPgE70unGaT_5XeURBuHdLBXXl1VhtTpUT1A1fjMVZo9nAXuaponQ7c5YXTIBPlfrrWrbepgTuAgO0vLvTAu_z---za8jiI3laJBjiG3HAad43_ao25EVpMuTsNJIYbpXlDdgjTwv-Bi7YM-nj7ymgu_ucBUT3EJiQO0atdsA60UUyVHorrNuPPd2IhQ2JbuX11jAYLxUiX7SbapL8u0w6FSqeIC11ufaYgCAsVzUQjGVGFiKUMle_b7ThQCkSuoBDeDNp5L2DADHufoEsk88p1vJLEOGnVuHSgzHeIdk_ez6sJ4M5gCbr3qMHuPdowQ9vPwdt3Q1Ou0EpCoaJoSElVZrqNAEJkZgXNnjaSU5KhZLDZ_NXxVnG_QlsjSvSTZC1uncwQxsj--yLB4TvLLW0nlnue9fmfplCVOgRZ1_ZBeT5IH1xaBuyMA2oz-i7MHiGGuNS6SFKqP42ZNBf5tqnPDf0kDj8ZosEOOOAOtQZoUN0FDj0SF1pgGetkf_u4mBYiw56g-hEU1ocl18UFMGLspUXOGHEkUBQwWhIaMUIF5kQVddRvzPiwjJ6pq-nUnCZBRZkAqVuTUc5FM3WZQ0RLtJmiV08FKkKiQgy1LdjFysXZG-cwYUYO581dt-YYEdLeXQzkMZKT91_GPtJknnOVZFKjc307kF23iJuMrADEVkh9vKjtCil55Lxdxyj8b-obbCVrCp0Sj0zF7ruRIxW7qi_gKGytDWzYHvyLbPxnkvG26E152uLpROdN9JO_NC0C3x1b0U3f9ZM7I7s7s6hiuqEh1T9BwMrlcxXC0Jr_h-w8zYLw94CuUNi-FFEcdH58J72ZahR79yX2RkqA1h_838ll55atu5M4WNlh-ZBimlkU3QP-rhJMOuA-iAZz4uOBELjaADUOSEl5r1vOTZMCdaF9NnJdgF78EV60_fkzTYJBgOK4eqX_oW7A8mWmu3p9fDeJ0i_5knhurSD6Wbt3QjcitpTG3htrDs_mEWmaZT0iUzUhLfP9coPpbR6akWtjUQEdqJ9awGpKyLgsR81ZAyVGih2-lJ5D7OmFJLA8ADz9gg8e1reNv5Od-KxXfeVlnsA9ZKMSX8yTxymKh9rvuxwUxFtCkl-D7QLmpvih2wrzUloNClofok2lHoaGSU7FIk9rwNXqlaBlcqv2I-DuFBN6oKmPymQ7C7Ty86xjIX4-s-COjeWqvl3SnMI-FRSG9JQxC56gK0cPceTK0M8RZNkuG313djoH9nXlLFYNk4gqbB4dPFDviILMwT67Nl_vSLOAtN4KkZpKt94be1GV1s4O4MTt1WAOJ9pCCOvDSF9TcoOhSaUgbKrl9vDDt_JTequiquUqJ5yDBZqHqTuVEJe8m71W5hUwVz7Dw8xYcWI-KtVzMohd8NSWjDPTqzgX6QSbso3OMvLiUDRaz0W3oQE-slzQT1uUB-h6OpU5Rtt6dNTvX9k_upr4gpxO0BpTGyNu-7v9mYiMiAGzwVdcgbOFD54LPAwROkR_X6Tm2lrhuHYMzO27kZHDddxbwxNPwoGO3aqyoS0m1j86IURo2tnS16b7Bmea4R-_KMYbgNkL6Gl5M6UUmbXHqYciF_Q8k6KmpgrMZW3Dd8UQowUgiCLEaBMSnRAk64Li8nacC4w0fY-EzZi5pcFDoiA&cid=CAASEuRoUAT0zkbqFoDsej0VRW7S4A&rfl=1%2Chttps%253A%252F%252Fse-faire-rembourser.fr%252F%240
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:14:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1227
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3124
x-xss-protection
0
server
cafe
etag
4537136162986801320
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Jun 2021 23:14:03 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/ Frame 3028
22 KB
8 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CMJtQlP2nXpaP1eAB1kCkcNCL2D-o6b-tIsadUWS80qqP90lVQru93n-YL5Dn7utQ7hOcSxxzy81QIkdrmlDsSvFVnpmOMzNIRG9HqAzM4BlPmIX1m77__aa9JHqG2CbXtCgfswau1xA1_Vuof3RSdRO53tA&dbm_d=AKAmf-A9hAj6J0pjk0qpj261qaXKcrXU5-bW9N3xppXGPtE9pt4IdwUTEfTkPaEAswRrm6kcIXU9WrYA1il_bEStiDMnwczVnLRKej1G8bstx7hqFtbPC03Z3c5kxZuNpGT3XKLqbYgQimFaKk91zHxBtHLo5OF-tvBUZS63CePwc-UVORcVPZTyxhcH1ReExwowCbtNZ8Z7Tx2fQmrxWwGzP3JwzwMDWxWStWr8z1GTBEOnbdfLRohG_2AslzlRTlZ-Ivk9g5wNSKHSKYMAvvtAlnCOSwlGB4P2fF2fwEBzJo1wiGRWIOohmaCDzWTTtXK7Q0_7YWuUAc4nDT9godjp3yS9OldvzjrCKl--1FFO78bqm-jGgOySSBwT29G7uC1wmCFy-CIVzGKs_E_yjc0nLuH90rhXoIlDYO7t0bYeAKJKT5FtMFMDK67e2cgDuKCnnfukbonFpZBdb84rjbFUT_2RIMQo2FtPV2XHA_w1oNA8UIuHXvTQSVePtd26hncimNwE-_MN6CJ-W-sLjh0wsUU5FdAHGHJmm1RXxMcz4JGorE4uCZ8xkTyLkPkPexVcVmhkj5HkZkCx1F7VgPndsc4HMaco5PIgTbcRmtFnem0ehCksCv6DQ_FpKtBv93sFyuwoY09hfQYnNH6JDQiBi6jWCg3vAvkWMAZvFnMt6Ed3O2WGFozHJ2WRavG1TzPS3uRFt3nLjKHJulFatlb9JywqtWsD20IX5wyV3M3r9MYon9JBcq5iEcZpCDalDvtM_QiNmh51jBRS3cWY9Y5Wlspo6J002PaHjvWzMLyEK1Y6j2TdTZBM6V8veQTYD1CzbSJih_2d7LDSIzlph-YV0jR3GxufW_lGgUEMVifJVwNcjbLS-3Or0B0BqQwJ4kf9MP74lCKfIOdwOVQY_RXv2okB3SxUBtT16ZslW_M40gDyZcjMvQt5bHAkITNx5cqyOSXE1cOkylyGmnVuVJe0hH4RpQDudwubUFVLgb1KMhomAMjkWwRsF0uKt2D8ub1ulj2tssp84HyYJt8-q7gaLtqqDcPIlyXAd46I-MQ6od_tMeebryc0_-GMNxwwLSt6LgY5IyR7lH3qEH3GQvP-r3Sr8F_hEVpMtBlr-wU9DbmHOUddy4-lwx7fxZn3Kp6lJEaedlobXI1xRXG3kpV8OvNJj0iYEDtwAiFmco0bmBLvOyo3uA16X83ezn_S-jADacwoRiVIKwVOHN2oHwPw0F8uGC2RHivf28otz1JS7WCGWKecYg6j38gxuJ18B33kuCDbXsGNEKxRffI6t4ciOvtwdA7ZLw7TLlJ0Ganf6czCTihE6xL57PYNBgwEyiCpMCeqeg8MaGcnLHRTfG9xgh4oJchgbeuvn2cXsEh4F2p2DV7n8Bcx6aHlTxjIf-QEPgkcu55SQLobSDMMfGpmyq5WJz418kkdsPgE70unGaT_5XeURBuHdLBXXl1VhtTpUT1A1fjMVZo9nAXuaponQ7c5YXTIBPlfrrWrbepgTuAgO0vLvTAu_z---za8jiI3laJBjiG3HAad43_ao25EVpMuTsNJIYbpXlDdgjTwv-Bi7YM-nj7ymgu_ucBUT3EJiQO0atdsA60UUyVHorrNuPPd2IhQ2JbuX11jAYLxUiX7SbapL8u0w6FSqeIC11ufaYgCAsVzUQjGVGFiKUMle_b7ThQCkSuoBDeDNp5L2DADHufoEsk88p1vJLEOGnVuHSgzHeIdk_ez6sJ4M5gCbr3qMHuPdowQ9vPwdt3Q1Ou0EpCoaJoSElVZrqNAEJkZgXNnjaSU5KhZLDZ_NXxVnG_QlsjSvSTZC1uncwQxsj--yLB4TvLLW0nlnue9fmfplCVOgRZ1_ZBeT5IH1xaBuyMA2oz-i7MHiGGuNS6SFKqP42ZNBf5tqnPDf0kDj8ZosEOOOAOtQZoUN0FDj0SF1pgGetkf_u4mBYiw56g-hEU1ocl18UFMGLspUXOGHEkUBQwWhIaMUIF5kQVddRvzPiwjJ6pq-nUnCZBRZkAqVuTUc5FM3WZQ0RLtJmiV08FKkKiQgy1LdjFysXZG-cwYUYO581dt-YYEdLeXQzkMZKT91_GPtJknnOVZFKjc307kF23iJuMrADEVkh9vKjtCil55Lxdxyj8b-obbCVrCp0Sj0zF7ruRIxW7qi_gKGytDWzYHvyLbPxnkvG26E152uLpROdN9JO_NC0C3x1b0U3f9ZM7I7s7s6hiuqEh1T9BwMrlcxXC0Jr_h-w8zYLw94CuUNi-FFEcdH58J72ZahR79yX2RkqA1h_838ll55atu5M4WNlh-ZBimlkU3QP-rhJMOuA-iAZz4uOBELjaADUOSEl5r1vOTZMCdaF9NnJdgF78EV60_fkzTYJBgOK4eqX_oW7A8mWmu3p9fDeJ0i_5knhurSD6Wbt3QjcitpTG3htrDs_mEWmaZT0iUzUhLfP9coPpbR6akWtjUQEdqJ9awGpKyLgsR81ZAyVGih2-lJ5D7OmFJLA8ADz9gg8e1reNv5Od-KxXfeVlnsA9ZKMSX8yTxymKh9rvuxwUxFtCkl-D7QLmpvih2wrzUloNClofok2lHoaGSU7FIk9rwNXqlaBlcqv2I-DuFBN6oKmPymQ7C7Ty86xjIX4-s-COjeWqvl3SnMI-FRSG9JQxC56gK0cPceTK0M8RZNkuG313djoH9nXlLFYNk4gqbB4dPFDviILMwT67Nl_vSLOAtN4KkZpKt94be1GV1s4O4MTt1WAOJ9pCCOvDSF9TcoOhSaUgbKrl9vDDt_JTequiquUqJ5yDBZqHqTuVEJe8m71W5hUwVz7Dw8xYcWI-KtVzMohd8NSWjDPTqzgX6QSbso3OMvLiUDRaz0W3oQE-slzQT1uUB-h6OpU5Rtt6dNTvX9k_upr4gpxO0BpTGyNu-7v9mYiMiAGzwVdcgbOFD54LPAwROkR_X6Tm2lrhuHYMzO27kZHDddxbwxNPwoGO3aqyoS0m1j86IURo2tnS16b7Bmea4R-_KMYbgNkL6Gl5M6UUmbXHqYciF_Q8k6KmpgrMZW3Dd8UQowUgiCLEaBMSnRAk64Li8nacC4w0fY-EzZi5pcFDoiA&cid=CAASEuRoUAT0zkbqFoDsej0VRW7S4A&rfl=1%2Chttps%253A%252F%252Fse-faire-rembourser.fr%252F%240
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cabbde8502a6598896a3c812c89ecd99ecfb3e9ca68f632c8c9b3f2a7f6e0046
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:30:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
219
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8601
x-xss-protection
0
server
cafe
etag
18280575870105241958
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Jun 2021 23:30:51 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 3028
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 12:04:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
41430
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 11 Jun 2022 12:04:00 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame E61A
1 KB
749 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
pagead2.googlesyndication.com
:scheme
https
:path
/pagead/s/cookie_push_onload.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Fri, 11 Jun 2021 05:40:48 GMT
expires
Sat, 12 Jun 2021 05:40:48 GMT
content-type
text/html; charset=UTF-8
etag
48472445140208031
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
age
64422
cache-control
public, max-age=86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 3028
213 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
76b8a63499218a55a67dd6f6b19db156e9de0f08e12f48cb0b4f027bc5515010

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 9BE9
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
8395
date
Fri, 11 Jun 2021 11:11:48 GMT
expires
Sat, 11 Jun 2022 11:11:48 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
44562
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
index.html
s0.2mdn.net/sadbundle/17071967268029595648/ Frame BCB8
57 KB
15 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/17071967268029595648/index.html?e=69&leftOffset=0&topOffset=0&c=hZMvZ7ipRe&t=1&renderingType=2
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
723c76ebc9c48661b17bf57ba3fe2d79793dc4912170d49208153dc100478051
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
s0.2mdn.net
:scheme
https
:path
/sadbundle/17071967268029595648/index.html?e=69&leftOffset=0&topOffset=0&c=hZMvZ7ipRe&t=1&renderingType=2
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
date
Fri, 11 Jun 2021 23:34:31 GMT
expires
Sat, 11 Jun 2022 23:34:31 GMT
cache-control
public, max-age=31536000
last-modified
Sat, 24 Apr 2021 19:16:13 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame 3028
0
592 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstsgpFispJAzTxqxjEssk1ptKoIfSp4HE-Sos_MvWVF00wQFZ-iF-T8vrWZdG2shovq9AK0Q6PImkIv0GdcCGpIs1_BTBJtsSIkoejXJTOoX5iDwxe0cfphDzdNp5tPBdFnRzvPKjDzL6j2sI6O6hNC42cZg0MJZ5wbd4E9eGlVNRnKvhcVyfnl7RnIUpHf5C2fFkvU-2CmhsAaygeWZBNTTm5FFVxkHCPXBX4Eu_ToKF710o8pPof5sNdjKIxen_0StNAtGJ-imo7Oe398xrC7rp2EpLT3uIJ5D3LEi3EAUiTfUMpKXPRvJOLyC7atwnl69w4HUtE4K1Ycl4xwCIqia11UnInF7WKKoh1fYnK640oG7PMm-Mx9hq5EtV6pbubkGN9ShyhRlO7IHMapDkinZ6VTYIeco5REZv1ScgAG4x0V8dwp4PO2IZnjBrByRX8MW04n5CP1YibHKAudNCqg1JsXpYKqtwtq5WQk-J9cXdp6jMPVkNVT_Vsf_xFoeZfWsaPpouqlC2ojpN-ZQ-xi7cET5g9aRS-D3cZxy10qa9BgnekFxTahEIimMlU1MaMHUuMrepmKuGnfbyq_ZWmW0eaBYoWdZ1G6rehxSxVr-C7dzDkJVlnSWDZbf-jGbx9hgCrXCeApDnB6zoAtOydBBYq5elk372zBOmhgjFiZ043dtPa9MCqCyh2hobGnBxvGmOqo1a4Tv4I1Ss6ntXKYL_bolAEn8-hke2LS-p4F8sLO20-sAUzP4uiVOSjKf9cdC7Bhxr8QZXwsEoxYPYYpAZGSd9-fCQhj5tCa-U8eR-2NvYSLPD34ZKDIo3MaZEZeQ-ty321mvtzwY6GeVh2SS659DpwMvUchA5B9aMSV6VkG4jfVO-fjke_zA3C7pBBNhYpMmJkZfLJJ847hAI96_pKUDfWz6tWyEUXOgNZg91WMuwSkT2nIRvjMTjWkX4qI_m7uYoLoa2pgGIgIsBjTtAqEUOV4ue9vz_Tt0a6IqcRvyX76JtUQHS55Btcc-Q1N6CvHWHF_R7VBABaLrq1ApLSOegWnTnoPpzvb6WFlsEU_z6oiXzn3P1FAnzfDlT5fQzz3c4matXPBalckgdXe9dsOVPU3IRmMvFnQoww4dKyio8WqGFB53kShHkHPC59tREeMT3kRe3h5b5QyFXqy7GVQwXOtC2CSUinuy_uIwxdvpCrWuYEK8vRVB05XSLFX1MG9v_KhUXQIFd41iH7hIUZY37yCqekq0hhioqa859B-94U9QpVWDrKz9adJbEapKlxPnw&sai=AMfl-YQ6YUJXGy27cFCuFEFJhdDChX17_5rawwpC8QcrpaDhvZtrE5LtlGQLRXZiYkjiMLdBT1-QqgY6evC7fW9vPVlnJyhHSgWtCTfovqY8ZLwn_KDT30qblrOZkg9pgqb4KBNscHI23wTkKTpkOJ5ZTinXAV7HGA&sig=Cg0ArKJSzPb6_aS7FlXAEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=88&cbvp=1&cstd=81&cisv=r20210607.44521&adurl=
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date
Fri, 11 Jun 2021 23:34:31 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
dot.gif
s0.2mdn.net/ Frame E61A
43 B
63 B
Image
General
Full URL
https://s0.2mdn.net/dot.gif?google_gid=CAESEJOk0MDFTRoM9Av7DZOvCEQ&google_cver=1&google_push=AYg5qPKGyFklRvUjTMv7OWX1Vo8D52e9HFdLHVINtmQa_4qbbRjKaLI0ZK5NcknE73elN3QCkHI4AFJ-ZfTp5I6DIfQThe1C2Tv8Qg
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:31 GMT
x-content-type-options
nosniff
last-modified
Sun, 01 Feb 2009 08:00:00 GMT
server
sffe
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
expires
Sat, 12 Jun 2021 23:34:31 GMT
pixel
cm.g.doubleclick.net/ Frame E61A
Redirect Chain
  • https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEIW-RiXVQ_mA86UL1WxM9Ng&google_cver=1&google_push=AYg5qPKeVBEZO-K4PKDEmyqqEZpZPmXi3seTBW-lJV-G5_OQbyMho2vcyOSnlulD-3oJ0BBXkkPY9ghrsz--3...
  • https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEIW-RiXVQ_mA86UL1WxM9Ng&google_push=AYg5qPKeVBEZO-K4PKDEmyqqEZpZPmXi3seTBW-lJV-G5_OQbyMho2vcyOSnlulD-3oJ0BBXkkPY9ghrsz--3...
  • https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPKeVBEZO-K4PKDEmyqqEZpZPmXi3seTBW-lJV-G5_OQbyMho2vcyOSnlulD-3oJ0BBXkkPY9ghrsz--3GwC-9ejqdU-Yh-z9g&google_hm=TnNBcHlJR0EwbmZTRW...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPKeVBEZO-K4PKDEmyqqEZpZPmXi3seTBW-lJV-G5_OQbyMho2vcyOSnlulD-3oJ0BBXkkPY9ghrsz--3GwC-9ejqdU-Yh-z9g&google_hm=TnNBcHlJR0EwbmZTRWp2YkczY04=
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:31 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:31 GMT
P3p
CP="We do not support P3P header."
Location
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPKeVBEZO-K4PKDEmyqqEZpZPmXi3seTBW-lJV-G5_OQbyMho2vcyOSnlulD-3oJ0BBXkkPY9ghrsz--3GwC-9ejqdU-Yh-z9g&google_hm=TnNBcHlJR0EwbmZTRWp2YkczY04=
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
238
Expires
Thu, 01 Dec 1994 16:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame E61A
Redirect Chain
  • https://dsum-sec.casalemedia.com/cma?gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_10}&google_gid=CAESEHUkOiYvYt3g-zvOwhKHp8M&google_cver=1&google_push=AYg5qPJwz94egkw2derLVlhcB31K8ltTmYgN41WHmjAyJk8TT6...
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D46%26external_user_id%3D%24UID
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=5583517991533504365
43 B
928 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=5583517991533504365
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:31 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 11 Jun 2021 23:34:31 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:31 GMT
X-Proxy-Origin
185.156.175.116; 185.156.175.116; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.172.50:80
AN-X-Request-Uuid
1c09d500-015a-466e-bfba-5e1ec3f5c4e9
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=5583517991533504365
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame E61A
Redirect Chain
  • https://ads.yieldmo.com/exptsync?google_gid=CAESEFwLIbPwuc9q23dhEk9Xf9k&google_cver=1&google_push=AYg5qPJz_CwGtsOCAcFy370HBIpdvv2j3hvrQpy1RFPj_TODGUx7vhFlhwPv47rRNMLidp4u39m33w2kSNBINi-DMgJMGstB0YjnMA
  • https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AYg5qPJz_CwGtsOCAcFy370HBIpdvv2j3hvrQpy1RFPj_TODGUx7vhFlhwPv47rRNMLidp4u39m33w2kSNBINi-DMgJMGstB0YjnMA&google_hm=Z2YwNTAzMTJlZmJlZD...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AYg5qPJz_CwGtsOCAcFy370HBIpdvv2j3hvrQpy1RFPj_TODGUx7vhFlhwPv47rRNMLidp4u39m33w2kSNBINi-DMgJMGstB0YjnMA&google_hm=Z2YwNTAzMTJlZmJlZDliNDJlMGQ=
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:31 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:31 GMT
location
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AYg5qPJz_CwGtsOCAcFy370HBIpdvv2j3hvrQpy1RFPj_TODGUx7vhFlhwPv47rRNMLidp4u39m33w2kSNBINi-DMgJMGstB0YjnMA&google_hm=Z2YwNTAzMTJlZmJlZDliNDJlMGQ=
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Cache-Control, Pragma, *
content-length
0
pixel
cm.g.doubleclick.net/ Frame E61A
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEF...
  • https://sync.targeting.unrulymedia.com/csync/RX-35e35e84-da95-4997-a6ae-98d2b919a9dc-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPJ--okPkAmQXsD4XjRan...
  • https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPJ--okPkAmQXsD4XjRanwGWr1ndNpulmqOPcVtnOnOz9vW1UUvT0NZN8eRAb5ix-wdJTlAG0GSwPC1BUrG91d9786PVGm4EWw&google_hm=AzXjXoTalUmXpq6Y0rkZqdw
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPJ--okPkAmQXsD4XjRanwGWr1ndNpulmqOPcVtnOnOz9vW1UUvT0NZN8eRAb5ix-wdJTlAG0GSwPC1BUrG91d9786PVGm4EWw&google_hm=AzXjXoTalUmXpq6Y0rkZqdw
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:31 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPJ--okPkAmQXsD4XjRanwGWr1ndNpulmqOPcVtnOnOz9vW1UUvT0NZN8eRAb5ix-wdJTlAG0GSwPC1BUrG91d9786PVGm4EWw&google_hm=AzXjXoTalUmXpq6Y0rkZqdw
date
Fri, 11 Jun 2021 23:34:31 GMT
server
Tengine
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RX35e35e84da954997a6ae98d2b919a9dc003
content-type
text/html
pixel
cm.g.doubleclick.net/ Frame E61A
Redirect Chain
  • https://cs.media.net/cksync?type=g&google_gid=CAESEIP0Xy4spPJiV5AMYzI58EU&google_cver=1&google_push=AYg5qPKEO-CaHj-OpsmGXT8-LHOIxzC4y5l1pOuoqMmrX1JS0yiTanPLIY7ThopPjwW8deQOZ9gwDMn8Sksrw8POIEeFQHQL1...
  • https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjY2NDU2MDcxNTM0OTI1NjAwMFYxMA%3d%3d&mn_hm=MjY2NDU2MDcxNTM0OTI1NjAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPKEO-CaHj-OpsmGXT8-LHOIxzC...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjY2NDU2MDcxNTM0OTI1NjAwMFYxMA%3d%3d&mn_hm=MjY2NDU2MDcxNTM0OTI1NjAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPKEO-CaHj-OpsmGXT8-LHOIxzC4y5l1pOuoqMmrX1JS0yiTanPLIY7ThopPjwW8deQOZ9gwDMn8Sksrw8POIEeFQHQL1YT0Zw&gdpr=&gdpr_consent=
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:31 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:31 GMT
Server
Apache
P3P
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjY2NDU2MDcxNTM0OTI1NjAwMFYxMA%3d%3d&mn_hm=MjY2NDU2MDcxNTM0OTI1NjAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPKEO-CaHj-OpsmGXT8-LHOIxzC4y5l1pOuoqMmrX1JS0yiTanPLIY7ThopPjwW8deQOZ9gwDMn8Sksrw8POIEeFQHQL1YT0Zw&gdpr=&gdpr_consent=
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html
Content-Length
154
X-MNET-HL2
E
Expires
Fri, 11 Jun 2021 23:34:31 GMT
pixel
cm.g.doubleclick.net/ Frame E61A
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEBUi8aMQrx18JntvCZrynfo&google_cver=1&google_push=AYg5qPJrCTXZfmXVoP7PhM98lzl6g8fNDZ64XAyCg3euj61Pj5VqVz1oCbvNJ-6ln8ZY7kwYsX...
  • https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEBUi8aMQrx18JntvCZrynfo&google_cver=1&google_push=AYg5qPJrCTXZfmXVoP7PhM98lzl6g8fNDZ64XAyCg3euj61Pj5VqVz1oCbvNJ-6ln8ZY7kwYsX...
  • https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1WYUttTkR4RTJ1RTJiTEVpWlhUcmJfU3BKTHdyenduWX5B&google_push=AYg5qPJrCTXZfmXVoP7PhM98lzl6g8fNDZ64XAyCg3euj61Pj5VqVz1oC...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1WYUttTkR4RTJ1RTJiTEVpWlhUcmJfU3BKTHdyenduWX5B&google_push=AYg5qPJrCTXZfmXVoP7PhM98lzl6g8fNDZ64XAyCg3euj61Pj5VqVz1oCbvNJ-6ln8ZY7kwYsX846YJG7ydsVmd58KZTY-ar6COYMPY
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:31 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Fri, 11 Jun 2021 23:34:31 GMT
Server
ATS/7.1.2.128
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1WYUttTkR4RTJ1RTJiTEVpWlhUcmJfU3BKTHdyenduWX5B&google_push=AYg5qPJrCTXZfmXVoP7PhM98lzl6g8fNDZ64XAyCg3euj61Pj5VqVz1oCbvNJ-6ln8ZY7kwYsX846YJG7ydsVmd58KZTY-ar6COYMPY
Connection
keep-alive
Content-Length
0
attr
cm.g.doubleclick.net/pixel/ Frame E61A
0
12 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JZh82dm0LEUIhlfFqLcnoWZEBPuVYI_uPnXS12kikHvSCWxVd6vd7n1Vjpj5OnDiDE9Er-GQ
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:31 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js
pagead2.googlesyndication.com/bg/ Frame 9BE9
14 KB
6 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b44eb85c6d5c5c01e075166a2ee52630b0b23ae43db3b2c4fe42ffc4e110cf2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 16:17:02 GMT
content-encoding
br
x-content-type-options
nosniff
age
26249
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5784
x-xss-protection
0
last-modified
Mon, 31 May 2021 08:58:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 11 Jun 2022 16:17:02 GMT
Enabler_01_245.js
s0.2mdn.net/879366/ Frame BCB8
110 KB
38 KB
Script
General
Full URL
https://s0.2mdn.net/879366/Enabler_01_245.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17071967268029595648/index.html?e=69&leftOffset=0&topOffset=0&c=hZMvZ7ipRe&t=1&renderingType=2
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/17071967268029595648/index.html?e=69&leftOffset=0&topOffset=0&c=hZMvZ7ipRe&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 16:43:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
24673
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38568
x-xss-protection
0
last-modified
Wed, 14 Oct 2020 19:32:54 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 12 Jun 2021 16:43:18 GMT
2_frame-01-bg.jpg
s0.2mdn.net/sadbundle/17071967268029595648/ Frame BCB8
9 KB
9 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/17071967268029595648/2_frame-01-bg.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17071967268029595648/index.html?e=69&leftOffset=0&topOffset=0&c=hZMvZ7ipRe&t=1&renderingType=2
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1e9048266f8e779a7b2659b9f5b1c19a18e9ed6e5f2fc89e773bc9868bcd2072
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/17071967268029595648/index.html?e=69&leftOffset=0&topOffset=0&c=hZMvZ7ipRe&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 10 Jun 2021 07:01:08 GMT
x-content-type-options
nosniff
age
146003
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9644
x-xss-protection
0
last-modified
Sat, 24 Apr 2021 19:16:13 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Jun 2022 07:01:08 GMT
2_frame-02-bg.jpg
s0.2mdn.net/sadbundle/17071967268029595648/ Frame BCB8
13 KB
13 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/17071967268029595648/2_frame-02-bg.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17071967268029595648/index.html?e=69&leftOffset=0&topOffset=0&c=hZMvZ7ipRe&t=1&renderingType=2
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c40a30ffe80c80e643df346ad8242cd2b934757e3c82ac44c4eab38d3988014b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/17071967268029595648/index.html?e=69&leftOffset=0&topOffset=0&c=hZMvZ7ipRe&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:31 GMT
x-content-type-options
nosniff
last-modified
Sat, 24 Apr 2021 19:16:13 GMT
server
sffe
x-dns-prefetch-control
off
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13448
x-xss-protection
0
expires
Sat, 11 Jun 2022 23:34:31 GMT
2_frame-03-bg.jpg
s0.2mdn.net/sadbundle/17071967268029595648/ Frame BCB8
10 KB
10 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/17071967268029595648/2_frame-03-bg.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17071967268029595648/index.html?e=69&leftOffset=0&topOffset=0&c=hZMvZ7ipRe&t=1&renderingType=2
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6df2999c31c1830e841b67c90f706d39b4c8a099f88c85046c6a4d79fa70817c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/17071967268029595648/index.html?e=69&leftOffset=0&topOffset=0&c=hZMvZ7ipRe&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:31 GMT
x-content-type-options
nosniff
last-modified
Sat, 24 Apr 2021 19:16:13 GMT
server
sffe
x-dns-prefetch-control
off
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9921
x-xss-protection
0
expires
Sat, 11 Jun 2022 23:34:31 GMT
2_frame-04-bg.jpg
s0.2mdn.net/sadbundle/17071967268029595648/ Frame BCB8
8 KB
8 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/17071967268029595648/2_frame-04-bg.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17071967268029595648/index.html?e=69&leftOffset=0&topOffset=0&c=hZMvZ7ipRe&t=1&renderingType=2
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
80747e684f98566647fb2c271a71cebad36eead965587bd8aa0d222e30036f86
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/17071967268029595648/index.html?e=69&leftOffset=0&topOffset=0&c=hZMvZ7ipRe&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:31 GMT
x-content-type-options
nosniff
last-modified
Sat, 24 Apr 2021 19:16:13 GMT
server
sffe
x-dns-prefetch-control
off
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8320
x-xss-protection
0
expires
Sat, 11 Jun 2022 23:34:31 GMT
Fedra-Serif-A-Pro-Medium.ttf
s0.2mdn.net/sadbundle/17071967268029595648/ Frame BCB8
336 KB
336 KB
Font
General
Full URL
https://s0.2mdn.net/sadbundle/17071967268029595648/Fedra-Serif-A-Pro-Medium.ttf
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17071967268029595648/index.html?e=69&leftOffset=0&topOffset=0&c=hZMvZ7ipRe&t=1&renderingType=2
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
67b5ac8808e9b451ff4bb84ab1a411dc864625992f60a64a745db0076d93c0a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://s0.2mdn.net
Referer
https://s0.2mdn.net/sadbundle/17071967268029595648/index.html?e=69&leftOffset=0&topOffset=0&c=hZMvZ7ipRe&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:31 GMT
x-content-type-options
nosniff
last-modified
Sat, 24 Apr 2021 19:16:13 GMT
server
sffe
x-dns-prefetch-control
off
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
343848
x-xss-protection
0
expires
Sat, 11 Jun 2022 23:34:31 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 9BE9
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B0CKkBvPDYKXPNIfx3wPb542wDQAAAAA4AeAEAg&bg=!cnGlcTXNAAY6sG-_OrA7ACkAdvg8WpYpVgaVIT6DXYAO5Fvlgz9TtgRSxecfbTQ9MJGse3YcujaoJwIAAABfUgAAAApoAQcKAAGDmQLPaB5SM7b8EX0UwnfrSJyUlUzUkB2q2EPxs4KJIGmlRUyFci-4xZewwuGufu0vzNpCHndY_T4fUNsViKbBuOfuJsNBsBigWCt_cn_kY7Sa0D0Mu1XugLq19cZdpSUlfbry2KvNr5Dj-qThf5JzOnhWqMP0MVrZYl2xyEtWmgAQkK8xKqv7n0cfaZWvgDjj8LFJmpjWoelp6OY5i7nB7Mukh8uNdvhMC9OLOqbOQCiiwix1vIBMl3metvHxelfKhZW-1Bm17fr2MC-2f0xotekNxML4jTQ07yLLSWwJnQeZCq16W3-RRs2vroQDh-xYXKFhRbp5SDDMxFwxlKZK1o9izoNB_yln8vDFCu3QlwlO2pxmd8bjYp74a_ZoXOGFCTelZF0z9SOPQZksiCV_NduWspiI6l5ZvdBXnvdCWAI2__oldp1hKWaqFnA7_H7ACjD335hJdWsVxu983KRYhTd7PYfUzkNG6I9eQehyH5o1G-uFdPgb6ouIuzsj-dB0Zts25WrvhcpGRt-xU622oqodZGckn5p3RxYqfPxuitOWcvftv0bZupqoQDVsjfzzlLJ1kmBz2U6Usx3qVHqkdKj8_KAGtU2pCayLO2fpjlshI0f3SN5bgVTC4892hq2OHqxFZBKHvBwzg7W6kNpBpwUrjAGIRUtV8pDN7K5H2Vq_YadldzpdfGHpuk85R3BN9sWvKFvQxno5jxen2WIeFJWAhLI7x0zlPLdy5KPtbOVJ94H4xy6dZ9XdHCBhX8zDf38Yat4fXCdZiyO6ehe9ts7eyqYXDGTqYGZLhhUMpJWCfKeB-F4Sdmurr4bG_6ffdvxRfid6yXNUMEpsgW2NL-Kg4dKyjcfipa7zV8ODBzncse6bo4ak6ls1gF3_Qk_JxrBbc2cmMtffTd1egPmlWFHMLElcGmZmsf7IjHHOlzFpe_ieIi26CQma7RjPDTWwO8E
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:31 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame BCB8
5 KB
4 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e38db140a051a123f1dbbd560e31e8bcf146582457de165ac31ae40a3f1c9d7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Jun 2021 23:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4245
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame BCB8
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1622653785071769"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6437
x-xss-protection
0
expires
Fri, 11 Jun 2021 23:34:31 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 3028
0
23 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstsgpFispJAzTxqxjEssk1ptKoIfSp4HE-Sos_MvWVF00wQFZ-iF-T8vrWZdG2shovq9AK0Q6PImkIv0GdcCGpIs1_BTBJtsSIkoejXJTOoX5iDwxe0cfphDzdNp5tPBdFnRzvPKjDzL6j2sI6O6hNC42cZg0MJZ5wbd4E9eGlVNRnKvhcVyfnl7RnIUpHf5C2fFkvU-2CmhsAaygeWZBNTTm5FFVxkHCPXBX4Eu_ToKF710o8pPof5sNdjKIxen_0StNAtGJ-imo7Oe398xrC7rp2EpLT3uIJ5D3LEi3EAUiTfUMpKXPRvJOLyC7atwnl69w4HUtE4K1Ycl4xwCIqia11UnInF7WKKoh1fYnK640oG7PMm-Mx9hq5EtV6pbubkGN9ShyhRlO7IHMapDkinZ6VTYIeco5REZv1ScgAG4x0V8dwp4PO2IZnjBrByRX8MW04n5CP1YibHKAudNCqg1JsXpYKqtwtq5WQk-J9cXdp6jMPVkNVT_Vsf_xFoeZfWsaPpouqlC2ojpN-ZQ-xi7cET5g9aRS-D3cZxy10qa9BgnekFxTahEIimMlU1MaMHUuMrepmKuGnfbyq_ZWmW0eaBYoWdZ1G6rehxSxVr-C7dzDkJVlnSWDZbf-jGbx9hgCrXCeApDnB6zoAtOydBBYq5elk372zBOmhgjFiZ043dtPa9MCqCyh2hobGnBxvGmOqo1a4Tv4I1Ss6ntXKYL_bolAEn8-hke2LS-p4F8sLO20-sAUzP4uiVOSjKf9cdC7Bhxr8QZXwsEoxYPYYpAZGSd9-fCQhj5tCa-U8eR-2NvYSLPD34ZKDIo3MaZEZeQ-ty321mvtzwY6GeVh2SS659DpwMvUchA5B9aMSV6VkG4jfVO-fjke_zA3C7pBBNhYpMmJkZfLJJ847hAI96_pKUDfWz6tWyEUXOgNZg91WMuwSkT2nIRvjMTjWkX4qI_m7uYoLoa2pgGIgIsBjTtAqEUOV4ue9vz_Tt0a6IqcRvyX76JtUQHS55Btcc-Q1N6CvHWHF_R7VBABaLrq1ApLSOegWnTnoPpzvb6WFlsEU_z6oiXzn3P1FAnzfDlT5fQzz3c4matXPBalckgdXe9dsOVPU3IRmMvFnQoww4dKyio8WqGFB53kShHkHPC59tREeMT3kRe3h5b5QyFXqy7GVQwXOtC2CSUinuy_uIwxdvpCrWuYEK8vRVB05XSLFX1MG9v_KhUXQIFd41iH7hIUZY37yCqekq0hhioqa859B-94U9QpVWDrKz9adJbEapKlxPnw&sai=AMfl-YQ6YUJXGy27cFCuFEFJhdDChX17_5rawwpC8QcrpaDhvZtrE5LtlGQLRXZiYkjiMLdBT1-QqgY6evC7fW9vPVlnJyhHSgWtCTfovqY8ZLwn_KDT30qblrOZkg9pgqb4KBNscHI23wTkKTpkOJ5ZTinXAV7HGA&sig=Cg0ArKJSzPb6_aS7FlXAEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=446&vt=11&dtpt=358&dett=3&cstd=81&cisv=r20210607.44521&adurl=
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Fri, 11 Jun 2021 23:34:31 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
logo-assistance.svg
s0.2mdn.net/sadbundle/17071967268029595648/ Frame BCB8
7 KB
2 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/17071967268029595648/logo-assistance.svg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61e0765fa06d87b6c2f049e00226abc16193047d287ebf5e1bf1cf3bba0be08d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/17071967268029595648/index.html?e=69&leftOffset=0&topOffset=0&c=hZMvZ7ipRe&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 10 Jun 2021 07:29:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
144312
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2267
x-xss-protection
0
last-modified
Sat, 24 Apr 2021 19:16:13 GMT
server
sffe
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Jun 2022 07:29:19 GMT
logo-vaudoise.svg
s0.2mdn.net/sadbundle/17071967268029595648/ Frame BCB8
5 KB
2 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/17071967268029595648/logo-vaudoise.svg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1b2559ec804877cff975c8959851c4ad46abf6a163f61ec3e931df2fc9b94b25
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/17071967268029595648/index.html?e=69&leftOffset=0&topOffset=0&c=hZMvZ7ipRe&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 10 Jun 2021 07:29:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
144312
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2359
x-xss-protection
0
last-modified
Sat, 24 Apr 2021 19:16:13 GMT
server
sffe
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Jun 2022 07:29:19 GMT
frame-02-img.jpg
s0.2mdn.net/sadbundle/17071967268029595648/ Frame BCB8
7 KB
7 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/17071967268029595648/frame-02-img.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55f1274ad9504ffb1c6eaf048620cbfed2f3df752624b62bdbae06d5e978832b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/17071967268029595648/index.html?e=69&leftOffset=0&topOffset=0&c=hZMvZ7ipRe&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 10 Jun 2021 07:29:19 GMT
x-content-type-options
nosniff
age
144312
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7213
x-xss-protection
0
last-modified
Sat, 24 Apr 2021 19:16:13 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Jun 2022 07:29:19 GMT
frame-04-bg.jpg
s0.2mdn.net/sadbundle/17071967268029595648/ Frame BCB8
9 KB
9 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/17071967268029595648/frame-04-bg.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2670e922bdde9161dba8e6b79254002423dee823c4778d0b11421f2638efca3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/17071967268029595648/index.html?e=69&leftOffset=0&topOffset=0&c=hZMvZ7ipRe&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 10 Jun 2021 07:29:19 GMT
x-content-type-options
nosniff
age
144312
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9393
x-xss-protection
0
last-modified
Sat, 24 Apr 2021 19:16:13 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Jun 2022 07:29:19 GMT
frame-03-bg.jpg
s0.2mdn.net/sadbundle/17071967268029595648/ Frame BCB8
24 KB
24 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/17071967268029595648/frame-03-bg.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
096b50f6376adb1780a33cb578d022c0eaf3b87afc7670ab7b77d58d4d989437
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/17071967268029595648/index.html?e=69&leftOffset=0&topOffset=0&c=hZMvZ7ipRe&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:31 GMT
x-content-type-options
nosniff
last-modified
Sat, 24 Apr 2021 19:16:13 GMT
server
sffe
x-dns-prefetch-control
off
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24587
x-xss-protection
0
expires
Sat, 11 Jun 2022 23:34:31 GMT
frame-02-bg.jpg
s0.2mdn.net/sadbundle/17071967268029595648/ Frame BCB8
11 KB
11 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/17071967268029595648/frame-02-bg.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0cc85c2e93b19ffff3e8305dfe9e02605426168cf7c65022e51a411d6d36bb00
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/17071967268029595648/index.html?e=69&leftOffset=0&topOffset=0&c=hZMvZ7ipRe&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:31 GMT
x-content-type-options
nosniff
last-modified
Sat, 24 Apr 2021 19:16:13 GMT
server
sffe
x-dns-prefetch-control
off
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10771
x-xss-protection
0
expires
Sat, 11 Jun 2022 23:34:31 GMT
frame-01-bg.jpg
s0.2mdn.net/sadbundle/17071967268029595648/ Frame BCB8
16 KB
16 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/17071967268029595648/frame-01-bg.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
42bb2f86c78fe778f8e4647bbd3cb84a3f941a9b0bf70d9401ce604274ae0764
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/17071967268029595648/index.html?e=69&leftOffset=0&topOffset=0&c=hZMvZ7ipRe&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 10 Jun 2021 07:29:19 GMT
x-content-type-options
nosniff
age
144312
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16536
x-xss-protection
0
last-modified
Sat, 24 Apr 2021 19:16:13 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Jun 2022 07:29:19 GMT
tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js
pagead2.googlesyndication.com/bg/ Frame C8D1
14 KB
6 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b44eb85c6d5c5c01e075166a2ee52630b0b23ae43db3b2c4fe42ffc4e110cf2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 16:17:02 GMT
content-encoding
br
x-content-type-options
nosniff
age
26249
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5784
x-xss-protection
0
last-modified
Mon, 31 May 2021 08:58:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 11 Jun 2022 16:17:02 GMT
wp-emoji-release.min.js
se-faire-rembourser.fr/wp-includes/js/
14 KB
4 KB
Script
General
Full URL
https://se-faire-rembourser.fr/wp-includes/js/wp-emoji-release.min.js?ver=5.7.2
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c

Request headers

:path
/wp-includes/js/wp-emoji-release.min.js?ver=5.7.2
pragma
no-cache
cookie
__gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
public
date
Fri, 11 Jun 2021 23:34:31 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
display
staticcontent_sol, staticcontent_sol
x-ezoic-cdn
Hit ds;mm;ab7b7bc69f8a5387de1fe8a186595e64;2-134878-165;cb342174-affc-4b4b-4a8d-a2ce6dd2e17e
content-type
application/javascript
x-middleton-display
staticcontent_sol, staticcontent_sol
cache-control
public, max-age=2592000
x-middleton-response
200
jquery.min.js
se-faire-rembourser.fr/wp-includes/js/jquery/
92 KB
30 KB
Script
General
Full URL
https://se-faire-rembourser.fr/wp-includes/js/jquery/jquery.min.js?screx=1&sxcb=145a&ver=3.5.1
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
50c8d681ebefb8fa94b60691e89d4e31c3d283310c13457028898a70f1998cc0

Request headers

:path
/wp-includes/js/jquery/jquery.min.js?screx=1&sxcb=145a&ver=3.5.1
pragma
no-cache
cookie
__gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
public
date
Fri, 11 Jun 2021 23:34:31 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
display
staticcontent_sol, staticcontent_sol
x-ezoic-cdn
Hit ds;mm;3b015cce444825374e8568e3793f414b;2-134878-165;dd301a57-d457-44b7-6edb-4da7f10666d6
content-type
application/javascript
x-middleton-display
staticcontent_sol, staticcontent_sol
cache-control
public, max-age=2592000
x-middleton-response
200
gpt.js
securepubads.g.doubleclick.net/tag/js/
61 KB
21 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
sffe /
Resource Hash
8f95d222e7d69ea62172fa291feb6c08c6842a3dd5ce2ad874d07e2499fed799
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"900 / 658 of 1000 / last-modified: 1623449339"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21290
x-xss-protection
0
expires
Fri, 11 Jun 2021 23:34:31 GMT
jquery-migrate.min.js
se-faire-rembourser.fr/wp-includes/js/jquery/
11 KB
4 KB
Script
General
Full URL
https://se-faire-rembourser.fr/wp-includes/js/jquery/jquery-migrate.min.js?screx=1&sxcb=145a&ver=3.3.2
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
8704650cfb8bf873b0e1972bc6a3e34546d08be5bb5419968ebba009a86e8c15

Request headers

:path
/wp-includes/js/jquery/jquery-migrate.min.js?screx=1&sxcb=145a&ver=3.3.2
pragma
no-cache
cookie
__gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
public
date
Fri, 11 Jun 2021 23:34:31 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
display
staticcontent_sol, staticcontent_sol
x-ezoic-cdn
Hit ds;mm;0ba8a9569f93857d26b95e4f0feb37fe;2-134878-165;5468df03-e002-4f93-517a-2f089c752dc7
content-type
application/javascript
x-middleton-display
staticcontent_sol, staticcontent_sol
cache-control
public, max-age=2592000
x-middleton-response
200
content-length
4092
cv.js
se-faire-rembourser.fr/wp-content/plugins/content-views-query-and-display-post-page/public/assets/js/
24 KB
7 KB
Script
General
Full URL
https://se-faire-rembourser.fr/wp-content/plugins/content-views-query-and-display-post-page/public/assets/js/cv.js?screx=1&sxcb=145a&ver=2.4.0.1
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
3eb4ccd224866071424411c7c17a14159ca85478e0b409f3b267cc8b0c4a9fd8

Request headers

:path
/wp-content/plugins/content-views-query-and-display-post-page/public/assets/js/cv.js?screx=1&sxcb=145a&ver=2.4.0.1
pragma
no-cache
cookie
__gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
public
date
Fri, 11 Jun 2021 23:34:31 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
display
staticcontent_sol, staticcontent_sol
x-ezoic-cdn
Hit ds;mm;f50afc0dd561b00a4dc10c4c0cc5519d;2-134878-165;c6f107eb-279e-45ce-4183-9a11d01665ff
content-type
application/javascript
x-middleton-display
staticcontent_sol, staticcontent_sol
cache-control
public, max-age=31536000
x-middleton-response
200
bootstrap.min.js
se-faire-rembourser.fr/wp-content/themes/sfr/assets/bootstrap/js/
59 KB
15 KB
Script
General
Full URL
https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/bootstrap/js/bootstrap.min.js?screx=1&sxcb=145a&ver=1.1.0
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
92a0f8f8b8696e02d6be7a33d7b6cf69742a66968fec85844d544754f0d22956

Request headers

:path
/wp-content/themes/sfr/assets/bootstrap/js/bootstrap.min.js?screx=1&sxcb=145a&ver=1.1.0
pragma
no-cache
cookie
__gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
public
date
Fri, 11 Jun 2021 23:34:31 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
display
staticcontent_sol, staticcontent_sol
x-ezoic-cdn
Hit ds;mm;5f6947dfbb779faad83d7c666dc1ad57;2-134878-165;a45c7c40-208b-4ff8-5c58-cf2401d759ce
content-type
application/javascript
x-middleton-display
staticcontent_sol, staticcontent_sol
cache-control
public, max-age=31536000
x-middleton-response
200
mrdev_script.js
se-faire-rembourser.fr/wp-content/themes/sfr/assets/js/
5 KB
2 KB
Script
General
Full URL
https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/js/mrdev_script.js?screx=1&sxcb=145a&ver=1.1.0
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
09c951bf557d591d8973141bbc46acf44d8a7aebf514004b0e7e65053c1220fc

Request headers

:path
/wp-content/themes/sfr/assets/js/mrdev_script.js?screx=1&sxcb=145a&ver=1.1.0
pragma
no-cache
cookie
__gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
public
date
Fri, 11 Jun 2021 23:34:31 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
display
staticcontent_sol, staticcontent_sol
x-ezoic-cdn
Hit ds;mm;aa18a093c2e33e54fad8d072b8fb6ce3;2-134878-165;54c451cf-7996-4ff8-58d7-57fd11eeabf3
content-type
application/javascript
x-middleton-display
staticcontent_sol, staticcontent_sol
cache-control
public, max-age=31536000
x-middleton-response
200
content-length
1784
mrdev_share.js
se-faire-rembourser.fr/wp-content/themes/sfr/assets/js/
1 KB
544 B
Script
General
Full URL
https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/js/mrdev_share.js?screx=1&sxcb=145a&ver=1.1.0
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
a06d114fe0eaac2bc5e3c16113baf3c3c5cb658d3fa4f1720c363e6a56bc8ca7

Request headers

:path
/wp-content/themes/sfr/assets/js/mrdev_share.js?screx=1&sxcb=145a&ver=1.1.0
pragma
no-cache
cookie
__gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
public
date
Fri, 11 Jun 2021 23:34:31 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
display
staticcontent_sol, staticcontent_sol
x-ezoic-cdn
Hit ds;mm;2a7e23d4fa31b0c95c7b84968185ab73;2-134878-165;04c27154-6cf9-4bed-7287-7c12af74d9cc
content-type
application/javascript
x-middleton-display
staticcontent_sol, staticcontent_sol
cache-control
public, max-age=31536000
x-middleton-response
200
content-length
437
army.gif
se-faire-rembourser.fr/porpoiseant/
0
19 B
XHR
General
Full URL
https://se-faire-rembourser.fr/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2OTE0OSIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItYm94LTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTIxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIyNSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU3ODc0OCIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDkwNTI3MSwiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjQ3In1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2OTE0OSIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItYm94LTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTIxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIyNSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU3ODc0OCIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDkwNTI3MSwiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjQ3In1dLCJpc19vcmlnIjpmYWxzZX1d
pragma
no-cache
cookie
__gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:31 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 10 Jun 2021 23:34:31 UTC
army.gif
se-faire-rembourser.fr/porpoiseant/
0
19 B
XHR
General
Full URL
https://se-faire-rembourser.fr/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2OTE0OSIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItYm94LTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTIxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjMxNSJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiNDg0In0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU3ODc0OCIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDkwNTI3MSwiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTEwMCJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoidHJ1ZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2OTE0OSIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItYm94LTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTIxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjMxNSJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiNDg0In0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU3ODc0OCIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDkwNTI3MSwiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTEwMCJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoidHJ1ZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma
no-cache
cookie
__gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:31 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 10 Jun 2021 23:34:30 UTC
mrdev_toc.js
se-faire-rembourser.fr/wp-content/themes/sfr/assets/js/
2 KB
716 B
Script
General
Full URL
https://se-faire-rembourser.fr/wp-content/themes/sfr/assets/js/mrdev_toc.js?screx=1&sxcb=145a&ver=1.1.0
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
3d77781d42b3acf0bc523e89811903e6e05c262e0e77adcfb931d905dacdcf42

Request headers

:path
/wp-content/themes/sfr/assets/js/mrdev_toc.js?screx=1&sxcb=145a&ver=1.1.0
pragma
no-cache
cookie
__gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
public
date
Fri, 11 Jun 2021 23:34:31 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
display
staticcontent_sol, staticcontent_sol
x-ezoic-cdn
Hit ds;mm;bc244884e51354c10352d3175fe18c21;2-134878-165;3372ce3f-1cd7-4c02-5187-7749f7c42098
content-type
application/javascript
x-middleton-display
staticcontent_sol, staticcontent_sol
cache-control
public, max-age=31536000
x-middleton-response
200
content-length
583
wp-embed.min.js
se-faire-rembourser.fr/wp-includes/js/
2 KB
830 B
Script
General
Full URL
https://se-faire-rembourser.fr/wp-includes/js/wp-embed.min.js?screx=1&sxcb=145a&ver=5.7.2
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
5827adb70b8322616b409c3230bd1a69a203870fe0e77b2d19c74d36053c3a81

Request headers

:path
/wp-includes/js/wp-embed.min.js?screx=1&sxcb=145a&ver=5.7.2
pragma
no-cache
cookie
__gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
public
date
Fri, 11 Jun 2021 23:34:31 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Wed, 02 Jun 2021 21:58:41 GMT
server
nginx/1.16.0
display
staticcontent_sol, staticcontent_sol
x-ezoic-cdn
Hit ds;mm;44a77f7158962c5cfcf1f35b7f1f0ba1;2-134878-165;cf48ca39-ccc4-49ac-536d-2337146fb805
content-type
application/javascript
x-middleton-display
staticcontent_sol, staticcontent_sol
cache-control
public, max-age=2592000
x-middleton-response
200
content-length
712
integrator.js
adservice.google.ch/adsid/
107 B
165 B
Script
General
Full URL
https://adservice.google.ch/adsid/integrator.js?domain=se-faire-rembourser.fr
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Jun 2021 23:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
165 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=se-faire-rembourser.fr
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Jun 2021 23:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
15 KB
9 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3443079428757219&correlator=553789021809810&output=ldjh&impl=fifs&eid=31060979%2C31061040%2C31061279%2C31061289%2C31061361%2C31061428%2C31061030%2C31061165%2C44744015&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210611&iu_parts=21732118914%2Cse_faire_rembourser_fr-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x250%7C370x320%7C410x340%7C430x410&ris=2&rcs=2&prev_scp=a%3D%257C2%257C%26iid16%3D1569149%26iit%3D8%26t%3D134%26d%3D134878%26t1%3D134%26pvc%3D0%26ap%3D1121%26sap%3D1121%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D5302779%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dse_faire_rembourser_fr-box-2-1569149%26eb_br%3Db09f4d2e4dcd3d270724508a246baee4%2C8b07bae800b215e481d05a271b3e723b%26eba%3D1%26ebss%3D10017%2C10082%2C10015%2C11304%2C11307%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26acptad%3D1%26br1%3D700%26br2%3D240%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D86%2C168%2C28%2C4%2C96%2C122%2C93%2C20%2C26%2C30%2C143%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919%26ax_ssid%3D10082%26amznbid%3D2%26amznsz%3D0x0%26amznp%3D2%26lb%3D950%26reqt%3D1623454470895&eri=1&cookie=ID%3D5d0b35baab60a9bb%3AT%3D1623454467%3AS%3DALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ&bc=31&abxe=1&lmt=1623454471&dt=1623454471914&dlt=1623454466122&idt=460&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=484&adks=1834618358&ucis=5&ifi=5&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fse-faire-rembourser.fr%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1270x250&msz=970x250&ga_vid=1439056393.1623454467&ga_sid=1623454467&ga_hid=1472409148&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
9d4cd5bc39023f301fff6b87337258e143d503cd9d549740837576f56cae1184
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:32 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8993
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://se-faire-rembourser.fr
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
Comment-se-faire-rembourser-par-Cultura--520x346.jpg
se-faire-rembourser.fr/wp-content/uploads/2021/01/
28 KB
28 KB
Image
General
Full URL
https://se-faire-rembourser.fr/wp-content/uploads/2021/01/Comment-se-faire-rembourser-par-Cultura--520x346.jpg?ezimgfmt=ng:webp/ngcb145
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
a02fb4f71fe9b088bdbf79e613c78a11f989677e82751cfdbeef0d2ad01a82b5

Request headers

:path
/wp-content/uploads/2021/01/Comment-se-faire-rembourser-par-Cultura--520x346.jpg?ezimgfmt=ng:webp/ngcb145
pragma
no-cache
cookie
__gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ; ezux_lpl_134878=1623454471823|6849a8fa-5f66-421b-76c3-e9dec216cc9f|false
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:32 GMT
content-encoding
br
display
staticcontent_sol, staticcontent_sol
x-amzn-requestid
fe94275a-bcc3-49ba-83c0-f10e56fb025b
x-ezoic-cdn
Hit ds;mm;0a7ac94a0ca86f265f379caa9ae906a7;2-134878-165;73c85e02-63a0-4df2-69f5-4d9fde1fb02d
x-cache
Miss from cloudfront
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
x-amz-apigw-id
f53gsEB5IAMF_0A=
response
200
server
nginx/1.16.0
x-amzn-trace-id
Root=1-60ad6c6a-7d33e44c5d4532651ee5f2bf;Sampled=0
vary
Accept-Encoding User-Agent,Origin,Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
via
1.1 dcaf4d7094d3d4a2ebb1136fadd0b20a.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
CDG3-C2
access-control-allow-headers
Content-Type, Authorization
x-amz-cf-id
gReGPG5JqWJIEXT2b4hWvXCkFgJQSwrgjhwkZxXR5DujqdV4pUgiQA==
easypharmacie-com-remboursement-520x520.png
se-faire-rembourser.fr/wp-content/uploads/2021/01/
9 KB
10 KB
Image
General
Full URL
https://se-faire-rembourser.fr/wp-content/uploads/2021/01/easypharmacie-com-remboursement-520x520.png?ezimgfmt=ng:webp/ngcb145
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
303210f6ea5656711c988abc9fd7cb738005bd4470e3f70fa8360f2f1b93116c

Request headers

:path
/wp-content/uploads/2021/01/easypharmacie-com-remboursement-520x520.png?ezimgfmt=ng:webp/ngcb145
pragma
no-cache
cookie
__gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ; ezux_lpl_134878=1623454471823|6849a8fa-5f66-421b-76c3-e9dec216cc9f|false
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:32 GMT
content-encoding
br
display
staticcontent_sol, staticcontent_sol
x-amzn-requestid
9e1d234a-0737-481c-9fee-6dbe3be0cb30
x-ezoic-cdn
Hit ds;dm;beb4e25caea8df6435a8e36626c8a1eb;2-134878-165;1cf6184e-910b-4f52-4de7-529a5c4e6c44
x-cache
Miss from cloudfront
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
x-amz-apigw-id
f7hT0ETmoAMFtOw=
response
200
server
nginx/1.16.0
x-amzn-trace-id
Root=1-60ae15b1-4fbc69dc21b6eb712f9ac121;Sampled=0
vary
Accept-Encoding User-Agent,Origin,Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
via
1.1 ae1b2f64d909bc787f8b2cb1e91446cd.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
CDG53-C1
access-control-allow-headers
Content-Type, Authorization
x-amz-cf-id
udIxVXvRIR-GztciodhvXlZXM95QA6EFPRcK1dfzO0jb3Ul1iGm_cQ==
Tout-savoir-sur-la-facture-de-regularisation-EDF-520x346.jpg
se-faire-rembourser.fr/wp-content/uploads/2021/01/
20 KB
21 KB
Image
General
Full URL
https://se-faire-rembourser.fr/wp-content/uploads/2021/01/Tout-savoir-sur-la-facture-de-regularisation-EDF-520x346.jpg?ezimgfmt=ng:webp/ngcb145
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
4aa06d93d34f1506f832aa2be34e9539608856c2846ff3eba6f7805ff502f1ad

Request headers

:path
/wp-content/uploads/2021/01/Tout-savoir-sur-la-facture-de-regularisation-EDF-520x346.jpg?ezimgfmt=ng:webp/ngcb145
pragma
no-cache
cookie
__gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ; ezux_lpl_134878=1623454471823|6849a8fa-5f66-421b-76c3-e9dec216cc9f|false
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:31 GMT
content-encoding
br
display
staticcontent_sol, staticcontent_sol
x-amzn-requestid
e95ab20a-8c80-4561-aae2-bef7f13d9c76
x-ezoic-cdn
Hit ds;mm;15cd9a218b4f4bbf076a3e58fe074376;2-134878-165;7412b762-9a0f-4317-7c27-1d0cf988de07
x-cache
Miss from cloudfront
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
x-amz-apigw-id
f6zB3FxDIAMFrKA=
response
200
server
nginx/1.16.0
x-amzn-trace-id
Root=1-60adcba5-027dd0e20e4438cc7fdff457;Sampled=0
vary
Accept-Encoding User-Agent,Origin,Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
via
1.1 05ad9acef0768042c9e1e6aa1757dea6.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
CDG52-P2
access-control-allow-headers
Content-Type, Authorization
x-amz-cf-id
yAH1g2xwAFjlv_kx62QrRpoNIKTxfFWkYIe4nuVQHAxgMtzb1DqYVg==
activeview
pagead2.googlesyndication.com/pcs/ Frame 3028
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstENwMumh-jYf8Qhy-GN7BKKBVd5dXGBI4b0qg45B-z-vwDrcwwF4wdtMv2cgxtoqfJbg9Y7hL7FydLQ7UKVUt6-dlE0YVNSwD8NFrVpoXJARZIK2gKn3W2ucI&sai=AMfl-YR1sQYBMh_pceE8SleFDtOUD0itOnEoesTiWKR1H1_NP_98OWo--gxF9qqG5o_k80_YazUoy5J5sEx5GI5kTlCGZEnt6eOb2pHlNiY5jMnISB1urztr9t3u0l4&sig=Cg0ArKJSzM6P9mdRteIQEAE&cid=CAASEuRoUAT0zkbqFoDsej0VRW7S4A&id=lidar2&mcvt=1000&p=1108,436,1198,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210611&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=420182401&rs=4&met=ce&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&rst=1623454470822&dlt=20&rpt=146&isd=0&msd=0&r=v
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:31 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
army.gif
se-faire-rembourser.fr/porpoiseant/
0
114 B
XHR
General
Full URL
https://se-faire-rembourser.fr/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU3ODc0OCIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDkwNTI3MSwiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU3ODc0OCIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDkwNTI3MSwiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=
pragma
no-cache
cookie
__gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ; ezux_lpl_134878=1623454471823|6849a8fa-5f66-421b-76c3-e9dec216cc9f|false
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:32 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 10 Jun 2021 23:34:31 UTC
army.gif
se-faire-rembourser.fr/porpoiseant/
0
19 B
XHR
General
Full URL
https://se-faire-rembourser.fr/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU3ODc0OCIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDkwNTI3MSwiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzcyOCw5MF0ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjE1Nzg3NDgiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZV9mYWlyZV9yZW1ib3Vyc2VyX2ZyLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiI2ODQ5YThmYS01ZjY2LTQyMWItNzZjMy1lOWRlYzIxNmNjOWYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ5NzQ5MDUyNzEsImNyZWF0aXZlX2lkIjoxMzgyNDExMjM1MTcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU3ODc0OCIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDkwNTI3MSwiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIxNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU3ODc0OCIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDkwNTI3MSwiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzcyOCw5MF0ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjE1Nzg3NDgiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZV9mYWlyZV9yZW1ib3Vyc2VyX2ZyLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiI2ODQ5YThmYS01ZjY2LTQyMWItNzZjMy1lOWRlYzIxNmNjOWYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ5NzQ5MDUyNzEsImNyZWF0aXZlX2lkIjoxMzgyNDExMjM1MTcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU3ODc0OCIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDkwNTI3MSwiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIxNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma
no-cache
cookie
__gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ; ezux_lpl_134878=1623454471823|6849a8fa-5f66-421b-76c3-e9dec216cc9f|false
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:32 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 10 Jun 2021 23:34:31 UTC
container.html
258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B973
6 KB
3 KB
Document
General
Full URL
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061428
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-38/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://se-faire-rembourser.fr/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://se-faire-rembourser.fr/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
3108
date
Fri, 11 Jun 2021 23:34:27 GMT
expires
Sat, 11 Jun 2022 23:34:27 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, immutable, max-age=31536000
age
5
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
army.gif
se-faire-rembourser.fr/porpoiseant/
0
42 B
XHR
General
Full URL
https://se-faire-rembourser.fr/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2OTE0OSIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItYm94LTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTIxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDg5MTI0NywiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiIzIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxNTY5MTQ5IiwiZG9tYWluX2lkIjoiMTM0ODc4IiwidW5pdCI6ImRpdi1ncHQtYWQtc2VfZmFpcmVfcmVtYm91cnNlcl9mci1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzQ1NDQ2NSwiYWRfcG9zaXRpb24iOjExMjEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiNjg0OWE4ZmEtNWY2Ni00MjFiLTc2YzMtZTlkZWMyMTZjYzlmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTc0ODkxMjQ3LCJjcmVhdGl2ZV9pZCI6MTM4MjQxMTIzNTE3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiYjA5ZjRkMmU0ZGNkM2QyNzA3MjQ1MDhhMjQ2YmFlZTQsOGIwN2JhZTgwMGIyMTVlNDgxZDA1YTI3MWIzZTcyM2IifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjE1NjkxNDkiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZV9mYWlyZV9yZW1ib3Vyc2VyX2ZyLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MC4wMDcsImFkX3Bvc2l0aW9uIjoxMTIxLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDcsImJpZF9mbG9vcl9wcmV2IjowLjAwOTUsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDg5MTI0NywiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6ImxvYWRlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjE1NjkxNDkiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZV9mYWlyZV9yZW1ib3Vyc2VyX2ZyLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJhZF9wb3NpdGlvbiI6MTEyMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiI2ODQ5YThmYS01ZjY2LTQyMWItNzZjMy1lOWRlYzIxNmNjOWYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ5NzQ4OTEyNDcsImNyZWF0aXZlX2lkIjoxMzgyNDExMjM1MTcsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODI0MTEyMzUxNyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2OTE0OSIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItYm94LTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTIxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDg5MTI0NywiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiNDk3NDg5MTI0NyJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2OTE0OSIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItYm94LTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTIxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDg5MTI0NywiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiIzIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxNTY5MTQ5IiwiZG9tYWluX2lkIjoiMTM0ODc4IiwidW5pdCI6ImRpdi1ncHQtYWQtc2VfZmFpcmVfcmVtYm91cnNlcl9mci1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzQ1NDQ2NSwiYWRfcG9zaXRpb24iOjExMjEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiNjg0OWE4ZmEtNWY2Ni00MjFiLTc2YzMtZTlkZWMyMTZjYzlmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTc0ODkxMjQ3LCJjcmVhdGl2ZV9pZCI6MTM4MjQxMTIzNTE3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiYjA5ZjRkMmU0ZGNkM2QyNzA3MjQ1MDhhMjQ2YmFlZTQsOGIwN2JhZTgwMGIyMTVlNDgxZDA1YTI3MWIzZTcyM2IifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjE1NjkxNDkiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZV9mYWlyZV9yZW1ib3Vyc2VyX2ZyLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MC4wMDcsImFkX3Bvc2l0aW9uIjoxMTIxLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDcsImJpZF9mbG9vcl9wcmV2IjowLjAwOTUsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDg5MTI0NywiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6ImxvYWRlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjE1NjkxNDkiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZV9mYWlyZV9yZW1ib3Vyc2VyX2ZyLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJhZF9wb3NpdGlvbiI6MTEyMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiI2ODQ5YThmYS01ZjY2LTQyMWItNzZjMy1lOWRlYzIxNmNjOWYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ5NzQ4OTEyNDcsImNyZWF0aXZlX2lkIjoxMzgyNDExMjM1MTcsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODI0MTEyMzUxNyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2OTE0OSIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItYm94LTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTIxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDg5MTI0NywiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiNDk3NDg5MTI0NyJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma
no-cache
cookie
__gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ; ezux_lpl_134878=1623454471823|6849a8fa-5f66-421b-76c3-e9dec216cc9f|false; ezouspvv=700; ezouspva=1; ezouspvh=700
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:32 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 10 Jun 2021 23:34:32 UTC
4974891247
g.ezoic.net/dac/
0
40 B
XHR
General
Full URL
https://g.ezoic.net/dac/4974891247
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/porpoiseant/banger.js?cb=195-2&bv=19&v=51&PageSpeed=off
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.66.136.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-66-136-156.eu-central-1.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 11 Jun 2021 23:34:32 GMT
cache-control
max-age=3600, public
server
nginx/1.16.0
content-length
0
vary
Accept-Encoding
content-type
text/plain
army.gif
se-faire-rembourser.fr/porpoiseant/
0
19 B
XHR
General
Full URL
https://se-faire-rembourser.fr/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2OTE0OSIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItYm94LTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTIxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDg5MTI0NywiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDYtMTIifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxIn0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjYifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2OTE0OSIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItYm94LTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTIxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDg5MTI0NywiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDYtMTIifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxIn0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjYifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma
no-cache
cookie
__gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ; ezux_lpl_134878=1623454471823|6849a8fa-5f66-421b-76c3-e9dec216cc9f|false; ezouspvv=700; ezouspva=1; ezouspvh=700
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:32 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 10 Jun 2021 23:34:32 UTC
army.gif
se-faire-rembourser.fr/porpoiseant/
0
19 B
XHR
General
Full URL
https://se-faire-rembourser.fr/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2OTE0OSIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItYm94LTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImF1Y3Rpb25fZXBvY2giOjE2MjM0NTQ0NzMsImFkX3Bvc2l0aW9uIjoxMTIxLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiNjg0OWE4ZmEtNWY2Ni00MjFiLTc2YzMtZTlkZWMyMTZjYzlmIiwiYmlkX2Zsb29yX2luaXRpYWwiOjE5MDAsImJpZF9mbG9vcl9wcmV2Ijo5NTAsImJpZF9mbG9vcl9maWxsZWQiOjcwMCwiYXVjdGlvbl9jb3VudCI6MywicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NzUxLCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoyMTczMjExODkxNCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjo0OTc0ODkxMjQ3fV0=
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2OTE0OSIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItYm94LTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImF1Y3Rpb25fZXBvY2giOjE2MjM0NTQ0NzMsImFkX3Bvc2l0aW9uIjoxMTIxLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiNjg0OWE4ZmEtNWY2Ni00MjFiLTc2YzMtZTlkZWMyMTZjYzlmIiwiYmlkX2Zsb29yX2luaXRpYWwiOjE5MDAsImJpZF9mbG9vcl9wcmV2Ijo5NTAsImJpZF9mbG9vcl9maWxsZWQiOjcwMCwiYXVjdGlvbl9jb3VudCI6MywicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NzUxLCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoyMTczMjExODkxNCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjo0OTc0ODkxMjQ3fV0=
pragma
no-cache
cookie
__gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ; ezux_lpl_134878=1623454471823|6849a8fa-5f66-421b-76c3-e9dec216cc9f|false; ezouspvv=700; ezouspva=1; ezouspvh=700
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:32 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 10 Jun 2021 23:34:32 UTC
pixel
googleads.g.doubleclick.net/xbbe/ Frame 61B5
478 B
251 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CK3--rICEPyJ1cACGOLlpKQBMAE&v=APEucNU6CkY7U-Q8g9vseXOwh6gLBjbmIsy226uvd33m7CVzX2cWQKVOHL2H_0AXb-4joIamGE8qmEfYhtUleJe8dXAS5IGnCA
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/xbbe/pixel?d=CK3--rICEPyJ1cACGOLlpKQBMAE&v=APEucNU6CkY7U-Q8g9vseXOwh6gLBjbmIsy226uvd33m7CVzX2cWQKVOHL2H_0AXb-4joIamGE8qmEfYhtUleJe8dXAS5IGnCA
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUlPryKdnKx29296Ti7Dx-ke2Btn2QdLJs8ZS8sCRZWzjeW48eNxlIdXk88EKbU
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Fri, 11 Jun 2021 23:34:32 GMT
server
cafe
cache-control
private
content-length
230
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ad
googleads.g.doubleclick.net/dbm/ Frame B973
60 KB
24 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DJstzfmA4sO_yILY99PeT62U2LFttFPFHm9IpwqIsErf00RM71Q3beZ65un0mvytzLi_04jV_KSAEah8rpFZDflFyPtmVHDfH5OTVrDw20oyJE8lzQFpzHsX_pluvC82xkF2DCaH92kUc5fTAQiphi_kfVbw&dbm_d=AKAmf-C9gqqPTkNCc2-s5oB0J22EqfTUc5HMkoct9VvIJqRGD3BRpHz5TNL5QPzyJwooSfpxVhh6vAaohBcWNJOv3KS6DsJoQVerIO22yWKkmzoATPJS7v25XgZaWRdugRcA3jBpPEKyQIKt1QcCQn6qi6oK6RUVdy2nz8DiD6IZ-DMNunQjiLoNuBBSTv_Tx8Y55wJHR2OuUESrqU1Ew8AecKeyJVSbIOcBFSWDP7vytnEoHY59ZOA3f2js-w95N4PpYW4UHaM9euWpCVyGPp90ODcPGU25ywDc8CTUD6319pzhs3greh6gfwf4Zy8G0StAyvNYbL5GyrZAhv3dKDwGLjJ6_iWLG6VjuOS8y9Xa3F-ylLCe3UWXrX8jACMPeRbs1n7Y1ShRSLHxMb7_owcVcufsIc37mZoTDjenn4A2fFL1VB84LFSStNRiEXee320I5OmvenP4nnXdcSL59-G61GcOr81HAQfhJtqJ_GrsiN4FIhrmHfKbe-Kc-7hKVPquwRp8p96oHKMVyGRlqmUdDTI4Ii717F3sfB6JwT6jN3_C4CffiMZCM-LlzfU7JNC85Y5ybkub-D_yzt6g2aE_Cp78G4lQT3zOK2PQBNoxRNifN0cPYxK1GO8fJUz3PSOkltCh9TTEsJgQhhYkTMcilvBu4hQaJzc44lww6Gk3wGRoEEAR7K-cWaqgVdTdSdWIsVP7iQsZ0Vjgy1GPmkxW0jAIyq18aJfVyXZgGqEuYTIkqWVGE5buqKUsYdY-9jow-tWOO9EQxugT2oOvU49Z00JoiPMY76-1p2I9LNF94ptj5VIUikTB7HGWwZuD5L5u7jO3_Bn-E0KlMs70tUd6JSH0PfmZ2ePOIrUQxJMIRMMrxUeOoQx_xjo_tkJqt5vQn5Mi5Vnxui8RYyJtLiXTNyrEWvku_m1MSn7iv2PARu_FOFcfRSUr4iMbZE3f7rNsfWLLneyQVQ-F5Xgo4lg8mhFo_8YfgXg-q9r62cTu6ND7mLhchuuWx2vF-e6Fb_l_dibyfcmA0vOhRoomacUyhMjHKYeHGuKfIzZy4kSEugQ0oX6ZVVasOpf9gRx_w4s4oOXNdxqbX_UegGXnQn1vDvOfYNT1gI8ksXh219-KqQ8uo1SQCX67D4U7XQZ4tTUX5r8UYvjD_zYh2fx6LPXAFctjz4d46fjLTPvt5lm0U1DM1HfaI1NwQCqdpuGJKqmCdM6DtLvDIqjlwM6hFElq30Y9VDfD9KWZ8cbgmrJuB4w0aly9JKHJ9JewZydIRJYkepgPBLzxH5lFSZrTSU581egHq3WOy2oaIiRonuboaT3qocYNjAySUd6HRwamMk6gEPmL0yNaFRU4YCoOrI_XLWuOdSzXBQHyxmOluhRGdbacmyh7r1KZrJ2WhqyoM0Aa6tZp_ZATkII1kvmVG7goJ0PXK8xQnQAIwo3OANgPl9yIkRL7JJ1m8LknB42hgydRlR4Qtk9cbNU9djRc_3Pgk9ovKqMKtj9I2JCMbECUqVU7XppMTo-fWNfFtneWDmG9lnA_JGsUK4VlMAijVA5oGrXjdk5lHNe5lm9ZPhnKvuWICmOxtZLIhrgUv2NbsIDogZDw82ePsoKj_ydoc7br5jdwDwrgejaknHsHRvHV291UK8TlYp3f83TmXUiArdtLMDFNDE4ZEwae_lr1w8xq-gRKdkzGyf77dHTDspWCSY8-9rhQhTMUaLbEs5H-QKhARXsstYTUCczvhds-I0VxercIfquImHrZU4qET5fx7WwIBr8NRdWhn7sdcShhaE_GTf4xQv_vldXvbkeZp-7ZAyjCc78M190y1EavvNVruB9t5syVp4DCAZ6id9TAHZ3Z-qp6wfgNHFLuW-CQlFYThHdQkVB1Q2A757oVhsO-3EgcDOjLYdOtrcRhGKhoL1U6dO9ciUVTo4JxObBy27iRFlQ8fd_MULh3aZE7DbfrHA2axqwRBD3EWUofXd1Hjt_6TGeUfZLUzKtS-pbCVAqENk_bBDDmQGUqtIcBSF3o1Djb467LnZ00AaBXCguyOoD7SIJyOy77t2lHG_ybm0HIhskUsXgP8wqCPdCOedOz1op7qtSsQLhMJLO_0Wrys_1jNaJ0yE4tZfMfxTS_Fn27grq7NuRl6nIp8Xb5m6mMo7K0gTCh-a3kA19KO8zW6mMD7ylczmNJ0AIrxDwZCUKzEkSMRXGT3I-1nFfl5-vD90wrXkfrhMkOZa36BJVDgFEs3zSHlKKBMPXrxhB5S0B2YhMIGGlezdtB5evhNk6sQBio6mXSvd6cj9xQVwonohcZTvrjPvCvZjuGoNq1UTtymCrKbwQ7F6HAY3XTFJWJkm5hsvEbX64BEwVIXUhRFmQGsI04WLeQwALIuXKVUIBXHGvd2Untp2dDaHieuRmRV2N3H-NHB26W_0cJlB6fevniA9XLBI7uWkIxunghFl4I2YbGvY9XrI20NhraK-XcVPfA66p07uQeQuEl82g5fRGNSK5_F2F9EGhoJMyAAK2bhaZWK5UOVDp8WFzAKUpVfR7IIrHUdmNT0mj2wqusWTRba5DkQQphgNW2PG3vO95AyHnxB1cUiQIflt1XBzdMZockWpEAUvzX81rREAVlD2fh4eZHLHYvj7hpfvZ1EwnrDJkSPrdsc8sq9H90eZ3syyitr5Dwj5Gs8hPQepyJ2Hq0G_g62A9gO6minWAOy9Ag5vTurPlTfVHe0VNNKdToK7xVX8dQLEIItqX8MB8gcIkAbuydBJh6bD7Yva1MqgwyReW-eDmflKTB4ZK75-gDjh5MRwWopoPY8a_KERuQKE5B6DRlqxZqNggsuRTVPXzkgpAzK3ZiMsm0k3AUvjseI00Uv8Cy2FoqmN2hDaazxziqzIjxNZR9oUAcQDcnxzdBNaiaaHu7Z015iAbutrZO0vjR1PhLIReUe7Ee5zO3mdlveIoKqoY87Dw4fpvhv8oFcXZIWMegXGSnKwf90qI6rgzFZN8iCplAyzdhhWEz7clIeKnZIjG4Fj4FcCgjAwhqOR0ojO-JoXURc3SsMyHc9K33K8bk0qY6tBkwCkgjFZvmD4ARhk679s8WCnGKVuFmWKUMVJ9wILSiFSte0k4rfwvSO9TbsHqbhes0we0BD21SVhKcg_b_&cid=CAASEuRogONKo6aggwded0SQ_dSwmA&rfl=1%2Chttps%253A%252F%252Fse-faire-rembourser.fr%252F%240
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
84e49ebebeb518e8e8fadc55f3d4650b35fa89b9b50aba698f282359e4449955
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:32 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24830
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B973
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BOO7d_ybR024WHgvn9kDVvF-pPCm7eNPYsfiVx7B6lSNUE6HJnRNgUwaW7-rOCnnlEZkTSEnxvd1YFvIVcIlCJAlR3WtvAX1Iw5ndRwdAtGPRyIGo
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:32 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame B973
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/window_focus_fy2019.js
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:17:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1033
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1316
x-xss-protection
0
server
cafe
etag
797314601362473214
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Jun 2021 23:17:19 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame B973
122 KB
37 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
sffe /
Resource Hash
34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:32 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1623410775224219"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38028
x-xss-protection
0
expires
Fri, 11 Jun 2021 23:34:32 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame B973
13 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:31:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
166
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5644
x-xss-protection
0
server
cafe
etag
16788636151609896382
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Jun 2021 23:31:46 GMT
l
www.google.com/ads/measurement/ Frame B973
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQfQz8ftjpzLhqkDMi8RV7mPv_7dd4psiQ7i9Ia09o8F2QQLaYwrZPRephQ5BjVU4L6DzJeI9TJ-NMqJuvF10Ve4Hd41Q
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pixel
cm.g.doubleclick.net/ Frame 61B5
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK3--rICEPyJ1cACGOLlpKQBMAE&v=APEucNU6CkY7U-Q8g9vseXOwh6gLBjbmIsy226uvd33m7CVzX2cWQKVOHL2H_0AXb-4joIamGE8qmEfYhtUleJe8dXAS5IGnCA
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 61B5
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEADrjaEshyuiR1CI0_xcnmg&google_cver=1
43 B
1 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEADrjaEshyuiR1CI0_xcnmg&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK3--rICEPyJ1cACGOLlpKQBMAE&v=APEucNU6CkY7U-Q8g9vseXOwh6gLBjbmIsy226uvd33m7CVzX2cWQKVOHL2H_0AXb-4joIamGE8qmEfYhtUleJe8dXAS5IGnCA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:32 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 11 Jun 2021 23:34:32 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:32 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEADrjaEshyuiR1CI0_xcnmg&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 61B5
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMPzBrmcVDBbyJnR4TnCHAAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEADrjaEshyuiR1CI0_xcnmg&google_cver=1
43 B
928 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEADrjaEshyuiR1CI0_xcnmg&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK3--rICEPyJ1cACGOLlpKQBMAE&v=APEucNU6CkY7U-Q8g9vseXOwh6gLBjbmIsy226uvd33m7CVzX2cWQKVOHL2H_0AXb-4joIamGE8qmEfYhtUleJe8dXAS5IGnCA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Jun 2021 23:34:32 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 11 Jun 2021 23:34:32 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:32 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEADrjaEshyuiR1CI0_xcnmg&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
html_inpage_rendering_lib_200_271.js
s0.2mdn.net/879366/ Frame B973
176 KB
61 KB
Script
General
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2f126a8957c32db99e94d1bf7c9ed09fcd38ba99bd632ebd048f01f9c5f9c9b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 10:46:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
46092
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
62241
x-xss-protection
0
last-modified
Wed, 14 Oct 2020 18:02:47 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 12 Jun 2021 10:46:20 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/ Frame B973
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DJstzfmA4sO_yILY99PeT62U2LFttFPFHm9IpwqIsErf00RM71Q3beZ65un0mvytzLi_04jV_KSAEah8rpFZDflFyPtmVHDfH5OTVrDw20oyJE8lzQFpzHsX_pluvC82xkF2DCaH92kUc5fTAQiphi_kfVbw&dbm_d=AKAmf-C9gqqPTkNCc2-s5oB0J22EqfTUc5HMkoct9VvIJqRGD3BRpHz5TNL5QPzyJwooSfpxVhh6vAaohBcWNJOv3KS6DsJoQVerIO22yWKkmzoATPJS7v25XgZaWRdugRcA3jBpPEKyQIKt1QcCQn6qi6oK6RUVdy2nz8DiD6IZ-DMNunQjiLoNuBBSTv_Tx8Y55wJHR2OuUESrqU1Ew8AecKeyJVSbIOcBFSWDP7vytnEoHY59ZOA3f2js-w95N4PpYW4UHaM9euWpCVyGPp90ODcPGU25ywDc8CTUD6319pzhs3greh6gfwf4Zy8G0StAyvNYbL5GyrZAhv3dKDwGLjJ6_iWLG6VjuOS8y9Xa3F-ylLCe3UWXrX8jACMPeRbs1n7Y1ShRSLHxMb7_owcVcufsIc37mZoTDjenn4A2fFL1VB84LFSStNRiEXee320I5OmvenP4nnXdcSL59-G61GcOr81HAQfhJtqJ_GrsiN4FIhrmHfKbe-Kc-7hKVPquwRp8p96oHKMVyGRlqmUdDTI4Ii717F3sfB6JwT6jN3_C4CffiMZCM-LlzfU7JNC85Y5ybkub-D_yzt6g2aE_Cp78G4lQT3zOK2PQBNoxRNifN0cPYxK1GO8fJUz3PSOkltCh9TTEsJgQhhYkTMcilvBu4hQaJzc44lww6Gk3wGRoEEAR7K-cWaqgVdTdSdWIsVP7iQsZ0Vjgy1GPmkxW0jAIyq18aJfVyXZgGqEuYTIkqWVGE5buqKUsYdY-9jow-tWOO9EQxugT2oOvU49Z00JoiPMY76-1p2I9LNF94ptj5VIUikTB7HGWwZuD5L5u7jO3_Bn-E0KlMs70tUd6JSH0PfmZ2ePOIrUQxJMIRMMrxUeOoQx_xjo_tkJqt5vQn5Mi5Vnxui8RYyJtLiXTNyrEWvku_m1MSn7iv2PARu_FOFcfRSUr4iMbZE3f7rNsfWLLneyQVQ-F5Xgo4lg8mhFo_8YfgXg-q9r62cTu6ND7mLhchuuWx2vF-e6Fb_l_dibyfcmA0vOhRoomacUyhMjHKYeHGuKfIzZy4kSEugQ0oX6ZVVasOpf9gRx_w4s4oOXNdxqbX_UegGXnQn1vDvOfYNT1gI8ksXh219-KqQ8uo1SQCX67D4U7XQZ4tTUX5r8UYvjD_zYh2fx6LPXAFctjz4d46fjLTPvt5lm0U1DM1HfaI1NwQCqdpuGJKqmCdM6DtLvDIqjlwM6hFElq30Y9VDfD9KWZ8cbgmrJuB4w0aly9JKHJ9JewZydIRJYkepgPBLzxH5lFSZrTSU581egHq3WOy2oaIiRonuboaT3qocYNjAySUd6HRwamMk6gEPmL0yNaFRU4YCoOrI_XLWuOdSzXBQHyxmOluhRGdbacmyh7r1KZrJ2WhqyoM0Aa6tZp_ZATkII1kvmVG7goJ0PXK8xQnQAIwo3OANgPl9yIkRL7JJ1m8LknB42hgydRlR4Qtk9cbNU9djRc_3Pgk9ovKqMKtj9I2JCMbECUqVU7XppMTo-fWNfFtneWDmG9lnA_JGsUK4VlMAijVA5oGrXjdk5lHNe5lm9ZPhnKvuWICmOxtZLIhrgUv2NbsIDogZDw82ePsoKj_ydoc7br5jdwDwrgejaknHsHRvHV291UK8TlYp3f83TmXUiArdtLMDFNDE4ZEwae_lr1w8xq-gRKdkzGyf77dHTDspWCSY8-9rhQhTMUaLbEs5H-QKhARXsstYTUCczvhds-I0VxercIfquImHrZU4qET5fx7WwIBr8NRdWhn7sdcShhaE_GTf4xQv_vldXvbkeZp-7ZAyjCc78M190y1EavvNVruB9t5syVp4DCAZ6id9TAHZ3Z-qp6wfgNHFLuW-CQlFYThHdQkVB1Q2A757oVhsO-3EgcDOjLYdOtrcRhGKhoL1U6dO9ciUVTo4JxObBy27iRFlQ8fd_MULh3aZE7DbfrHA2axqwRBD3EWUofXd1Hjt_6TGeUfZLUzKtS-pbCVAqENk_bBDDmQGUqtIcBSF3o1Djb467LnZ00AaBXCguyOoD7SIJyOy77t2lHG_ybm0HIhskUsXgP8wqCPdCOedOz1op7qtSsQLhMJLO_0Wrys_1jNaJ0yE4tZfMfxTS_Fn27grq7NuRl6nIp8Xb5m6mMo7K0gTCh-a3kA19KO8zW6mMD7ylczmNJ0AIrxDwZCUKzEkSMRXGT3I-1nFfl5-vD90wrXkfrhMkOZa36BJVDgFEs3zSHlKKBMPXrxhB5S0B2YhMIGGlezdtB5evhNk6sQBio6mXSvd6cj9xQVwonohcZTvrjPvCvZjuGoNq1UTtymCrKbwQ7F6HAY3XTFJWJkm5hsvEbX64BEwVIXUhRFmQGsI04WLeQwALIuXKVUIBXHGvd2Untp2dDaHieuRmRV2N3H-NHB26W_0cJlB6fevniA9XLBI7uWkIxunghFl4I2YbGvY9XrI20NhraK-XcVPfA66p07uQeQuEl82g5fRGNSK5_F2F9EGhoJMyAAK2bhaZWK5UOVDp8WFzAKUpVfR7IIrHUdmNT0mj2wqusWTRba5DkQQphgNW2PG3vO95AyHnxB1cUiQIflt1XBzdMZockWpEAUvzX81rREAVlD2fh4eZHLHYvj7hpfvZ1EwnrDJkSPrdsc8sq9H90eZ3syyitr5Dwj5Gs8hPQepyJ2Hq0G_g62A9gO6minWAOy9Ag5vTurPlTfVHe0VNNKdToK7xVX8dQLEIItqX8MB8gcIkAbuydBJh6bD7Yva1MqgwyReW-eDmflKTB4ZK75-gDjh5MRwWopoPY8a_KERuQKE5B6DRlqxZqNggsuRTVPXzkgpAzK3ZiMsm0k3AUvjseI00Uv8Cy2FoqmN2hDaazxziqzIjxNZR9oUAcQDcnxzdBNaiaaHu7Z015iAbutrZO0vjR1PhLIReUe7Ee5zO3mdlveIoKqoY87Dw4fpvhv8oFcXZIWMegXGSnKwf90qI6rgzFZN8iCplAyzdhhWEz7clIeKnZIjG4Fj4FcCgjAwhqOR0ojO-JoXURc3SsMyHc9K33K8bk0qY6tBkwCkgjFZvmD4ARhk679s8WCnGKVuFmWKUMVJ9wILSiFSte0k4rfwvSO9TbsHqbhes0we0BD21SVhKcg_b_&cid=CAASEuRogONKo6aggwded0SQ_dSwmA&rfl=1%2Chttps%253A%252F%252Fse-faire-rembourser.fr%252F%240
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:14:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1229
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3124
x-xss-protection
0
server
cafe
etag
4537136162986801320
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Jun 2021 23:14:03 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/ Frame B973
22 KB
8 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DJstzfmA4sO_yILY99PeT62U2LFttFPFHm9IpwqIsErf00RM71Q3beZ65un0mvytzLi_04jV_KSAEah8rpFZDflFyPtmVHDfH5OTVrDw20oyJE8lzQFpzHsX_pluvC82xkF2DCaH92kUc5fTAQiphi_kfVbw&dbm_d=AKAmf-C9gqqPTkNCc2-s5oB0J22EqfTUc5HMkoct9VvIJqRGD3BRpHz5TNL5QPzyJwooSfpxVhh6vAaohBcWNJOv3KS6DsJoQVerIO22yWKkmzoATPJS7v25XgZaWRdugRcA3jBpPEKyQIKt1QcCQn6qi6oK6RUVdy2nz8DiD6IZ-DMNunQjiLoNuBBSTv_Tx8Y55wJHR2OuUESrqU1Ew8AecKeyJVSbIOcBFSWDP7vytnEoHY59ZOA3f2js-w95N4PpYW4UHaM9euWpCVyGPp90ODcPGU25ywDc8CTUD6319pzhs3greh6gfwf4Zy8G0StAyvNYbL5GyrZAhv3dKDwGLjJ6_iWLG6VjuOS8y9Xa3F-ylLCe3UWXrX8jACMPeRbs1n7Y1ShRSLHxMb7_owcVcufsIc37mZoTDjenn4A2fFL1VB84LFSStNRiEXee320I5OmvenP4nnXdcSL59-G61GcOr81HAQfhJtqJ_GrsiN4FIhrmHfKbe-Kc-7hKVPquwRp8p96oHKMVyGRlqmUdDTI4Ii717F3sfB6JwT6jN3_C4CffiMZCM-LlzfU7JNC85Y5ybkub-D_yzt6g2aE_Cp78G4lQT3zOK2PQBNoxRNifN0cPYxK1GO8fJUz3PSOkltCh9TTEsJgQhhYkTMcilvBu4hQaJzc44lww6Gk3wGRoEEAR7K-cWaqgVdTdSdWIsVP7iQsZ0Vjgy1GPmkxW0jAIyq18aJfVyXZgGqEuYTIkqWVGE5buqKUsYdY-9jow-tWOO9EQxugT2oOvU49Z00JoiPMY76-1p2I9LNF94ptj5VIUikTB7HGWwZuD5L5u7jO3_Bn-E0KlMs70tUd6JSH0PfmZ2ePOIrUQxJMIRMMrxUeOoQx_xjo_tkJqt5vQn5Mi5Vnxui8RYyJtLiXTNyrEWvku_m1MSn7iv2PARu_FOFcfRSUr4iMbZE3f7rNsfWLLneyQVQ-F5Xgo4lg8mhFo_8YfgXg-q9r62cTu6ND7mLhchuuWx2vF-e6Fb_l_dibyfcmA0vOhRoomacUyhMjHKYeHGuKfIzZy4kSEugQ0oX6ZVVasOpf9gRx_w4s4oOXNdxqbX_UegGXnQn1vDvOfYNT1gI8ksXh219-KqQ8uo1SQCX67D4U7XQZ4tTUX5r8UYvjD_zYh2fx6LPXAFctjz4d46fjLTPvt5lm0U1DM1HfaI1NwQCqdpuGJKqmCdM6DtLvDIqjlwM6hFElq30Y9VDfD9KWZ8cbgmrJuB4w0aly9JKHJ9JewZydIRJYkepgPBLzxH5lFSZrTSU581egHq3WOy2oaIiRonuboaT3qocYNjAySUd6HRwamMk6gEPmL0yNaFRU4YCoOrI_XLWuOdSzXBQHyxmOluhRGdbacmyh7r1KZrJ2WhqyoM0Aa6tZp_ZATkII1kvmVG7goJ0PXK8xQnQAIwo3OANgPl9yIkRL7JJ1m8LknB42hgydRlR4Qtk9cbNU9djRc_3Pgk9ovKqMKtj9I2JCMbECUqVU7XppMTo-fWNfFtneWDmG9lnA_JGsUK4VlMAijVA5oGrXjdk5lHNe5lm9ZPhnKvuWICmOxtZLIhrgUv2NbsIDogZDw82ePsoKj_ydoc7br5jdwDwrgejaknHsHRvHV291UK8TlYp3f83TmXUiArdtLMDFNDE4ZEwae_lr1w8xq-gRKdkzGyf77dHTDspWCSY8-9rhQhTMUaLbEs5H-QKhARXsstYTUCczvhds-I0VxercIfquImHrZU4qET5fx7WwIBr8NRdWhn7sdcShhaE_GTf4xQv_vldXvbkeZp-7ZAyjCc78M190y1EavvNVruB9t5syVp4DCAZ6id9TAHZ3Z-qp6wfgNHFLuW-CQlFYThHdQkVB1Q2A757oVhsO-3EgcDOjLYdOtrcRhGKhoL1U6dO9ciUVTo4JxObBy27iRFlQ8fd_MULh3aZE7DbfrHA2axqwRBD3EWUofXd1Hjt_6TGeUfZLUzKtS-pbCVAqENk_bBDDmQGUqtIcBSF3o1Djb467LnZ00AaBXCguyOoD7SIJyOy77t2lHG_ybm0HIhskUsXgP8wqCPdCOedOz1op7qtSsQLhMJLO_0Wrys_1jNaJ0yE4tZfMfxTS_Fn27grq7NuRl6nIp8Xb5m6mMo7K0gTCh-a3kA19KO8zW6mMD7ylczmNJ0AIrxDwZCUKzEkSMRXGT3I-1nFfl5-vD90wrXkfrhMkOZa36BJVDgFEs3zSHlKKBMPXrxhB5S0B2YhMIGGlezdtB5evhNk6sQBio6mXSvd6cj9xQVwonohcZTvrjPvCvZjuGoNq1UTtymCrKbwQ7F6HAY3XTFJWJkm5hsvEbX64BEwVIXUhRFmQGsI04WLeQwALIuXKVUIBXHGvd2Untp2dDaHieuRmRV2N3H-NHB26W_0cJlB6fevniA9XLBI7uWkIxunghFl4I2YbGvY9XrI20NhraK-XcVPfA66p07uQeQuEl82g5fRGNSK5_F2F9EGhoJMyAAK2bhaZWK5UOVDp8WFzAKUpVfR7IIrHUdmNT0mj2wqusWTRba5DkQQphgNW2PG3vO95AyHnxB1cUiQIflt1XBzdMZockWpEAUvzX81rREAVlD2fh4eZHLHYvj7hpfvZ1EwnrDJkSPrdsc8sq9H90eZ3syyitr5Dwj5Gs8hPQepyJ2Hq0G_g62A9gO6minWAOy9Ag5vTurPlTfVHe0VNNKdToK7xVX8dQLEIItqX8MB8gcIkAbuydBJh6bD7Yva1MqgwyReW-eDmflKTB4ZK75-gDjh5MRwWopoPY8a_KERuQKE5B6DRlqxZqNggsuRTVPXzkgpAzK3ZiMsm0k3AUvjseI00Uv8Cy2FoqmN2hDaazxziqzIjxNZR9oUAcQDcnxzdBNaiaaHu7Z015iAbutrZO0vjR1PhLIReUe7Ee5zO3mdlveIoKqoY87Dw4fpvhv8oFcXZIWMegXGSnKwf90qI6rgzFZN8iCplAyzdhhWEz7clIeKnZIjG4Fj4FcCgjAwhqOR0ojO-JoXURc3SsMyHc9K33K8bk0qY6tBkwCkgjFZvmD4ARhk679s8WCnGKVuFmWKUMVJ9wILSiFSte0k4rfwvSO9TbsHqbhes0we0BD21SVhKcg_b_&cid=CAASEuRogONKo6aggwded0SQ_dSwmA&rfl=1%2Chttps%253A%252F%252Fse-faire-rembourser.fr%252F%240
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cabbde8502a6598896a3c812c89ecd99ecfb3e9ca68f632c8c9b3f2a7f6e0046
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:30:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
221
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8601
x-xss-protection
0
server
cafe
etag
18280575870105241958
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Jun 2021 23:30:51 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame B973
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 12:04:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
41432
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 11 Jun 2022 12:04:00 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame EADD
1 KB
749 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
pagead2.googlesyndication.com
:scheme
https
:path
/pagead/s/cookie_push_onload.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Fri, 11 Jun 2021 05:40:48 GMT
expires
Sat, 12 Jun 2021 05:40:48 GMT
content-type
text/html; charset=UTF-8
etag
48472445140208031
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
age
64424
cache-control
public, max-age=86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame B973
210 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
52c8d3da27637ce47ad90f639e9b16942ee460ea1a710cab557d7551f3802dcb

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame F17C
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
8395
date
Fri, 11 Jun 2021 11:11:48 GMT
expires
Sat, 11 Jun 2022 11:11:48 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
44564
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
index.html
s0.2mdn.net/sadbundle/1863874276352851968/ Frame BB9D
57 KB
16 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f20984abe6466e64b64e3ef52d8d40448d0150bd05a71215a88ab9a115ae6dc6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
s0.2mdn.net
:scheme
https
:path
/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
date
Fri, 11 Jun 2021 23:34:32 GMT
expires
Sat, 11 Jun 2022 23:34:32 GMT
cache-control
public, max-age=31536000
last-modified
Sat, 24 Apr 2021 19:18:15 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame B973
0
24 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuDeSvy4V3G4iJd2nZKLdkENUuCbfCgzCte12nbAF28R5pJIZ_8Rjc7Md6wlV70nZQgAlOs84f-Mf2FKDeRQ36_CDIkQURDLRCpXvwSYSxQpPbBscDF3xASS8FKaDjbmUCFANCGf92qyzjNatza6PYkTQK8Y79Akhb01__Lx_bqIMlPGecOtF0OQKvBycPxfL9KqIZoPfm-X88Qpj2OKxuesgdJzm9O74etsdeaMa5GduUDkP5NZL1hJ7sXhy4ouYsWQHO103rPs_admacvLunCKuL6KHEzLLuLV74P8Ed-Q_T0CFgqR746nngXIYtxo3oCKT0KCWpA_bos0ak3Xhn1X119D0gHhg8WCA8PpR8cLo-uDqI5S6E5OXGGih68JKX0RK8hMz07D9ofNGqvyNdKZkrFmjoaKN76MPvozUxf0Wq1bsgaQi7GmIY8oTSaEWWd93IjAR1eax8t1c3FW4hBJzdJS0zJty3tvqjbTuWVFFPg8f9MccyREDSXhfOnAK_FeI9GBufhRnmjKYmrgYJqEC6vvslfRw8kn9rStCrAYwVVadZDGDv3_1w77axHsrgsJ9U5l8Hqa1TuJXUNiGipkzYTH4aofyH-kffkN_XPysXOBCGP78wZ2dbanxjYLYhBTUtLL5Si3EUz3yWVAGTmCleFOGyLeyloQgIwXm6q8gemxLvQXTa6D1XYF66l09ChztW9I40g6zr629548bo3Kd7S32juvJtZUnMYJMzS1--djJmb5qCJL1pYhbrBu9w9fN_ThwSy9ZbqvIQ1Ck3_5lbeU4Jd9YCp23oIl_c9juCzndlxtScBU8H_cQFzSu6YhPx-vfx5w748DrmSqNDi_FS7qOzt3Hk0d6tPUOcXgNmA2D9pyIaHd3kCVKYx0sFVVAobCE4L43R9qKWE2CAdwAgiIWLX9WULctuxtSjYTy2fKQBedtKXQoiYywyTMOvDas_zeFtzz9c37o9X1O5JakJUYOzMhm7cbsXofAzm0fqjxowCkNga9g-7PjnpCT2XREIRmgVsxaT1h2TGMmWkbWrEduvIyfEl2l1dDg1Lu4kMCpkHlzYyYxZUI0Bofu1PCpqOmdxNG4EOxN6LABCE7mV9XZUDs3XeWE2WQosviBCiO_wn-UIi3niWKi4Ze3vdq63qG4o2JWJDVh60CxtfcD3Dx1YfsBiZQG0qZLIgf4z-5KqhIBVhGpikoP4P0_t4iy1sTgfLUYL8CU0aEbNL1AXVLM7hU5CBaZ1Cus3NKzecmqoQP0fyv7IKj2fiZQ&sai=AMfl-YTN9RChcPTBiUInc58e15L0rGFYE2XQtrPfvICEG7D49nMFfos1zzY4ilDnlY9sDatLanQMKPSxqO3NV3eBwkYuK_4wu0eF-govE8O8k5irP-9GRxPQ293P_cgskmpGeoikm64dJ4CRJVBY0YkyRuPz7tEkoQ&sig=Cg0ArKJSzJVoENW3wDR5EAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=59&cbvp=1&cstd=55&cisv=r20210607.33164&adurl=
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date
Fri, 11 Jun 2021 23:34:32 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame EADD
Redirect Chain
  • https://ad.turn.com/r/cs?pid=3&google_gid=CAESEMITOJDe7iudWZxHMSpSv4Y&google_cver=1&google_push=AYg5qPICKK_WZUrmpVoFzzCtGUzERf6We8pUCqWEbh5YTN_36MohcMmKkenf-OncBkz0U4xyiA-SaUOIo2zgetcCxCU_fQCcCy8HMA
  • https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzM1NjI1MTI0MjIzNjc1MDkxMw==
  • https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEMITOJDe7iudWZxHMSpSv4Y&google_cver=1
43 B
407 B
Image
General
Full URL
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEMITOJDe7iudWZxHMSpSv4Y&google_cver=1
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software
/
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:32 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type
image/gif
content-length
43
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:32 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEMITOJDe7iudWZxHMSpSv4Y&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
301
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
current
dclk-match.dotomi.com/match/bounce/ Frame EADD
0
104 B
Image
General
Full URL
https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEAsZDlpOKz5-XK4RWdShpMo&google_cver=1&google_push=AYg5qPKrsaRKRzibNaD8l4J4y-nFsWYjwZPpBTxInJyuhzScb5cV2RLrATKJ6Rc_XVr7dF4UERSJPvqzWDI5hrvTw47ofFBuzJjWnQ
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:16::1400 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:32 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
pixel
cm.g.doubleclick.net/ Frame EADD
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEMOw_bMVniEjdt8CLWhMgyo&google_cver=1&google_push=AYg5qPJAgvrxVFR6hznrDUMWeN-sHV3LO-IKoe48nGMxSgsr06xh4pKfIVDI6OvIYCCEmYyQINAeDp-...
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=8&google_gid=CAESEMOw_bMVniEjdt8CLWhMgyo&google_cver=1&google_push=AYg5qPJAgvrxVFR6hznrDUMWeN-sHV3LO-IKoe48nGMxSgsr06xh4pKfIVDI6OvIYCCEm...
  • https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=HeP9MWy6QNmvC4Y--QHKxmDD8wg
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=HeP9MWy6QNmvC4Y--QHKxmDD8wg
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:32 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=HeP9MWy6QNmvC4Y--QHKxmDD8wg
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
pixel
cm.g.doubleclick.net/ Frame EADD
Redirect Chain
  • https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEPylaMAY5jAUm4rYLLRKWpE&google_cver=1&google_push=AYg5qPIHcKdE8Red_NwWLN4mC-TWVlFneDpvtk7yz0-kAY39W72KKATIoYvpX7tuZYeCDlg0O3Th78msbwm...
  • https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPIHcKdE8Red_NwWLN4mC-TWVlFneDpvtk7yz0-kAY39W72KKATIoYvpX7tuZYeCDlg0O3Th78msbwmQOtggkq4rWeKK0Kry9g
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPIHcKdE8Red_NwWLN4mC-TWVlFneDpvtk7yz0-kAY39W72KKATIoYvpX7tuZYeCDlg0O3Th78msbwmQOtggkq4rWeKK0Kry9g
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPIHcKdE8Red_NwWLN4mC-TWVlFneDpvtk7yz0-kAY39W72KKATIoYvpX7tuZYeCDlg0O3Th78msbwmQOtggkq4rWeKK0Kry9g
Date
Fri, 11 Jun 2021 23:34:33 GMT
Server
Apache/2.4.41 (Ubuntu)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=3000
Content-Length
0
P3P
policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"
pixel
cm.g.doubleclick.net/ Frame EADD
Redirect Chain
  • https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEJNn_k5dvteN2SxKwn5ukOc&google_cver=1&google_push=AYg5qPLpNC_x4z4QJruwj66Bi4ayhA1mPmnxyZzdlaPM1NHjTizsAWvGo8ZKT...
  • https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEJNn_k5dvteN2SxKwn5ukOc&google_cver=1&google_push=AYg5qPLpNC_x4z4QJruwj66Bi4ayhA1mPmnxyZzdlaPM1NHjTizsAWvGo8ZKT...
  • https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=lc3G7rPaE7v3ZtwR6_vDTA&google_push=AYg5qPLpNC_x4z4QJruwj66Bi4ayhA1mPmnxyZzdlaPM1NHjTizsAWvGo8ZKTzZvBWgqMCJR2Si-RMI5i...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=lc3G7rPaE7v3ZtwR6_vDTA&google_push=AYg5qPLpNC_x4z4QJruwj66Bi4ayhA1mPmnxyZzdlaPM1NHjTizsAWvGo8ZKTzZvBWgqMCJR2Si-RMI5i0IqaJu4mL9sNq_27Pis
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Fri, 11 Jun 2021 23:34:33 GMT
Server
nginx
Vary
Accept
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=lc3G7rPaE7v3ZtwR6_vDTA&google_push=AYg5qPLpNC_x4z4QJruwj66Bi4ayhA1mPmnxyZzdlaPM1NHjTizsAWvGo8ZKTzZvBWgqMCJR2Si-RMI5i0IqaJu4mL9sNq_27Pis
Connection
close
Content-Type
text/plain; charset=utf-8
Content-Length
238
pixel
cm.g.doubleclick.net/ Frame EADD
Redirect Chain
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEJjgauLGlaa7GrwalaGRBag&google_cver=1&google_push=AYg5qPLoiLydcfBYZ-5cuHZ5P1Vm4IaXUpRLNYceM1IbMY5rK0um5LXaz7l9xL1mjj-P6WOrj6HeShyJ...
  • https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEJjgauLGlaa7GrwalaGRBag&google_cver=1&google_push=AYg5qPLoiLydcfBYZ-5cuHZ5P1Vm4IaXUpRLNYceM1IbMY5rK0um5LXaz7l9xL1mjj-P6WOrj6H...
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTg3Nzk1OTQzNDM3MDI3MDk4MA&google_push=AYg5qPLoiLydcfBYZ-5cuHZ5P1Vm4IaXUpRLNYceM1IbMY5rK0um5LXaz7l9xL1mjj-P6WOrj6HeSh...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTg3Nzk1OTQzNDM3MDI3MDk4MA&google_push=AYg5qPLoiLydcfBYZ-5cuHZ5P1Vm4IaXUpRLNYceM1IbMY5rK0um5LXaz7l9xL1mjj-P6WOrj6HeShyJagQGLs5u4XgHz5Arr7bzkg
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:32 GMT
server
nginx
location
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTg3Nzk1OTQzNDM3MDI3MDk4MA&google_push=AYg5qPLoiLydcfBYZ-5cuHZ5P1Vm4IaXUpRLNYceM1IbMY5rK0um5LXaz7l9xL1mjj-P6WOrj6HeShyJagQGLs5u4XgHz5Arr7bzkg
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
pixel
cm.g.doubleclick.net/ Frame EADD
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=IvVnK1rEQrSK29SSf2BL_w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=IvVnK1rEQrSK29SSf2BL_w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPL-sDA2pc-PNlGHpfepX71I4HC63A6HhUZxxB8ppq6YU7rB1usw54G02yb13VynJlu51kgUkDciVVFkk_HF-tMDofWlyTzzHg
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=IvVnK1rEQrSK29SSf2BL_w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPL-sDA2pc-PNlGHpfepX71I4HC63A6HhUZxxB8ppq6YU7rB1usw54G02yb13VynJlu51kgUkDciVVFkk_HF-tMDofWlyTzzHg
date
Fri, 11 Jun 2021 23:34:32 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
attr
cm.g.doubleclick.net/pixel/ Frame EADD
0
12 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LZeIBMWNXyX0Z1E_xEHFQCfHhXM9HfXqZBNvjVauSKc0WkOyVgtB-Aoi3imd6mMGra3svI
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:32 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
BIKfHL6N8NnL0SRbyz4COSMYlE8t2lwSnrtAnHeyH4k.js
pagead2.googlesyndication.com/bg/ Frame F17C
14 KB
6 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/BIKfHL6N8NnL0SRbyz4COSMYlE8t2lwSnrtAnHeyH4k.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
04829f1cbe8df0d9cbd1245bcb3e02392318944f2dda5c129ebb409c77b21f89
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 11:32:41 GMT
content-encoding
br
x-content-type-options
nosniff
age
43311
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5722
x-xss-protection
0
last-modified
Mon, 31 May 2021 08:58:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 11 Jun 2022 11:32:41 GMT
Enabler_01_245.js
s0.2mdn.net/879366/ Frame BB9D
110 KB
38 KB
Script
General
Full URL
https://s0.2mdn.net/879366/Enabler_01_245.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 16:43:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
24674
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38568
x-xss-protection
0
last-modified
Wed, 14 Oct 2020 19:32:54 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 12 Jun 2021 16:43:18 GMT
2_frame-01-bg.jpg
s0.2mdn.net/sadbundle/1863874276352851968/ Frame BB9D
203 KB
203 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/1863874276352851968/2_frame-01-bg.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
12c4741a1b502ae087da043fc1cadeb279848cd40c486e4a7d8f72e8a3d1e92c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:32 GMT
x-content-type-options
nosniff
last-modified
Sat, 24 Apr 2021 19:18:15 GMT
server
sffe
x-dns-prefetch-control
off
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
207500
x-xss-protection
0
expires
Sat, 11 Jun 2022 23:34:32 GMT
2_frame-02-bg.jpg
s0.2mdn.net/sadbundle/1863874276352851968/ Frame BB9D
245 KB
246 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/1863874276352851968/2_frame-02-bg.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
25fcbcd6cc5f5b05db25c6240e4441274bf842def2bf03ea447bbbd57618d363
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 10 Jun 2021 04:40:21 GMT
x-content-type-options
nosniff
age
154451
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
251356
x-xss-protection
0
last-modified
Sat, 24 Apr 2021 19:18:15 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Jun 2022 04:40:21 GMT
2_frame-03-bg.jpg
s0.2mdn.net/sadbundle/1863874276352851968/ Frame BB9D
73 KB
73 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/1863874276352851968/2_frame-03-bg.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7168f61ff963cc3dacb89f419c1930cabebf45d9dfb50c88b6bbf773825c5a0d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 10 Jun 2021 04:40:21 GMT
x-content-type-options
nosniff
age
154451
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
74934
x-xss-protection
0
last-modified
Sat, 24 Apr 2021 19:18:15 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Jun 2022 04:40:21 GMT
2_frame-04-bg.jpg
s0.2mdn.net/sadbundle/1863874276352851968/ Frame BB9D
41 KB
41 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/1863874276352851968/2_frame-04-bg.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c1fdc2beee7f9e2c11aa71a159e129e0792865ca2545ba88d7f72eff2c105055
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:33 GMT
x-content-type-options
nosniff
last-modified
Sat, 24 Apr 2021 19:18:15 GMT
server
sffe
x-dns-prefetch-control
off
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41965
x-xss-protection
0
expires
Sat, 11 Jun 2022 23:34:33 GMT
Fedra-Serif-A-Pro-Medium.ttf
s0.2mdn.net/sadbundle/1863874276352851968/ Frame BB9D
336 KB
336 KB
Font
General
Full URL
https://s0.2mdn.net/sadbundle/1863874276352851968/Fedra-Serif-A-Pro-Medium.ttf
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
67b5ac8808e9b451ff4bb84ab1a411dc864625992f60a64a745db0076d93c0a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://s0.2mdn.net
Referer
https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 10 Jun 2021 04:40:21 GMT
x-content-type-options
nosniff
age
154451
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
343848
x-xss-protection
0
last-modified
Sat, 24 Apr 2021 19:18:15 GMT
server
sffe
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Jun 2022 04:40:21 GMT
Fedra-Serif-A-Pro-Normal.ttf
s0.2mdn.net/sadbundle/1863874276352851968/ Frame BB9D
335 KB
335 KB
Font
General
Full URL
https://s0.2mdn.net/sadbundle/1863874276352851968/Fedra-Serif-A-Pro-Normal.ttf
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5b57a7d6a773f0966f49617b10b4341bc789a7e606a72f9c9cc836b0815c268e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://s0.2mdn.net
Referer
https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 10 Jun 2021 04:40:21 GMT
x-content-type-options
nosniff
age
154451
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
343304
x-xss-protection
0
last-modified
Sat, 24 Apr 2021 19:18:15 GMT
server
sffe
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Jun 2022 04:40:21 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame F17C
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BfOhsCPPDYLnZKveX9u8Plv-12A8AAAAAOAHgBAI&bg=!enmleT3NAAY6sG-_OrA7ACkAdvg8Ws1ufBio1bNn16m8HjNz2h9rEDR8Ue6dkJGIGcSdcr2fOGKQ-QIAAAB4UgAAABFoAQeZAtBFAZuVK2uC5s2vQP7yaX16DIdK0yoDosbXLTKvC_L9U1Aj-tqO1fk5xTT6_0lj_e1UUETDn1KbVEoVd7vGs3PWupfaLqhcypAsyWFuA3BLHQ81HhNRX8vrfsSi4ccWrvkRk_fK3qT5kJqJhP4OrQjoeYM2dpjH1GcE3iHshMinSo6dViSRbKmLvUBNCA324FpVoHH-LfimqkbRdn-AVhYPZfOH-NjzOlzYL2VnUiMLC1tjqD8mZocAboniQaNyw7UPClROienrLVtmrqivje9XL5IvMnYmBL7avPV1z-mOam8YJEjHZLFnBDkrXx40YjkihqVi7JUdS_X1ebGZ-MF5B_uhOlm4ju_zdPkve_seX3rYZTYm4eyahoVPAJwAwEO6SteF0xD2uWWwXjGlBfYdznlw_rY3CWUUgL4HzxyEGCmshm4ghCHvtTO-BJpi9k0sFk47mscYcDwJoikS7YEoIl0NgKphx1SWb4WJW7BrdrNRCHDen7UvlVqioJcj24jwhgpOq-aj0fFE23JepfoRcXjdObddxjc05rpw2R808hqp33skFYnIGj7cC5mKXfm_Tc90kgXyTrFBndf3noPVVB3JCKtPSZ4LYVAaPn9pBXLgoV6ChkJQvlG3QCLaN0ZYuSDy9ruV-f6GLDWzI9gHPIGww4O5E0l5G1SrmTjBHemgNygrun19fZd91HZdrP4h7Gvg3g3fUtwp8y6QPfDeDK5epg1wLp0cLnqSNhIO1P3NzwEgzLM3FxpbbulAcr9zZQUc0HUPKMQ1LluA9WFILAfcD_XbDB3VFSIzuyOjPZ_21Sjs9se7DMZIbl3rXiWiaQvmU4oZj-65AscHQeKYcRysohvo2-Vn2Lwz42eyU24Ymr4Plkebjrw7jxwawbPbcuX4nVVm4DoUbYiENhrnjj6ulk805fb5L9_zMADMA8BX6LscicxplTon1m9vZJU
Requested by
Host: 258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
URL: https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame BB9D
6 KB
4 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
832030a07d8f4833bc44cc0adb1fb7681613d2f7014a493565ce439f6efeab41
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Jun 2021 23:34:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4361
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame BB9D
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1622653785071769"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6437
x-xss-protection
0
expires
Fri, 11 Jun 2021 23:34:33 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame B973
0
23 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuDeSvy4V3G4iJd2nZKLdkENUuCbfCgzCte12nbAF28R5pJIZ_8Rjc7Md6wlV70nZQgAlOs84f-Mf2FKDeRQ36_CDIkQURDLRCpXvwSYSxQpPbBscDF3xASS8FKaDjbmUCFANCGf92qyzjNatza6PYkTQK8Y79Akhb01__Lx_bqIMlPGecOtF0OQKvBycPxfL9KqIZoPfm-X88Qpj2OKxuesgdJzm9O74etsdeaMa5GduUDkP5NZL1hJ7sXhy4ouYsWQHO103rPs_admacvLunCKuL6KHEzLLuLV74P8Ed-Q_T0CFgqR746nngXIYtxo3oCKT0KCWpA_bos0ak3Xhn1X119D0gHhg8WCA8PpR8cLo-uDqI5S6E5OXGGih68JKX0RK8hMz07D9ofNGqvyNdKZkrFmjoaKN76MPvozUxf0Wq1bsgaQi7GmIY8oTSaEWWd93IjAR1eax8t1c3FW4hBJzdJS0zJty3tvqjbTuWVFFPg8f9MccyREDSXhfOnAK_FeI9GBufhRnmjKYmrgYJqEC6vvslfRw8kn9rStCrAYwVVadZDGDv3_1w77axHsrgsJ9U5l8Hqa1TuJXUNiGipkzYTH4aofyH-kffkN_XPysXOBCGP78wZ2dbanxjYLYhBTUtLL5Si3EUz3yWVAGTmCleFOGyLeyloQgIwXm6q8gemxLvQXTa6D1XYF66l09ChztW9I40g6zr629548bo3Kd7S32juvJtZUnMYJMzS1--djJmb5qCJL1pYhbrBu9w9fN_ThwSy9ZbqvIQ1Ck3_5lbeU4Jd9YCp23oIl_c9juCzndlxtScBU8H_cQFzSu6YhPx-vfx5w748DrmSqNDi_FS7qOzt3Hk0d6tPUOcXgNmA2D9pyIaHd3kCVKYx0sFVVAobCE4L43R9qKWE2CAdwAgiIWLX9WULctuxtSjYTy2fKQBedtKXQoiYywyTMOvDas_zeFtzz9c37o9X1O5JakJUYOzMhm7cbsXofAzm0fqjxowCkNga9g-7PjnpCT2XREIRmgVsxaT1h2TGMmWkbWrEduvIyfEl2l1dDg1Lu4kMCpkHlzYyYxZUI0Bofu1PCpqOmdxNG4EOxN6LABCE7mV9XZUDs3XeWE2WQosviBCiO_wn-UIi3niWKi4Ze3vdq63qG4o2JWJDVh60CxtfcD3Dx1YfsBiZQG0qZLIgf4z-5KqhIBVhGpikoP4P0_t4iy1sTgfLUYL8CU0aEbNL1AXVLM7hU5CBaZ1Cus3NKzecmqoQP0fyv7IKj2fiZQ&sai=AMfl-YTN9RChcPTBiUInc58e15L0rGFYE2XQtrPfvICEG7D49nMFfos1zzY4ilDnlY9sDatLanQMKPSxqO3NV3eBwkYuK_4wu0eF-govE8O8k5irP-9GRxPQ293P_cgskmpGeoikm64dJ4CRJVBY0YkyRuPz7tEkoQ&sig=Cg0ArKJSzJVoENW3wDR5EAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=302&vt=11&dtpt=243&dett=3&cstd=55&cisv=r20210607.33164&adurl=
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Fri, 11 Jun 2021 23:34:33 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
logo-assistance.svg
s0.2mdn.net/sadbundle/1863874276352851968/ Frame BB9D
7 KB
2 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/1863874276352851968/logo-assistance.svg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61e0765fa06d87b6c2f049e00226abc16193047d287ebf5e1bf1cf3bba0be08d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 10 Jun 2021 04:40:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
154452
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2267
x-xss-protection
0
last-modified
Sat, 24 Apr 2021 19:18:15 GMT
server
sffe
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Jun 2022 04:40:21 GMT
logo-vaudoise.svg
s0.2mdn.net/sadbundle/1863874276352851968/ Frame BB9D
5 KB
2 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/1863874276352851968/logo-vaudoise.svg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1b2559ec804877cff975c8959851c4ad46abf6a163f61ec3e931df2fc9b94b25
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 10 Jun 2021 04:40:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
154452
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2359
x-xss-protection
0
last-modified
Sat, 24 Apr 2021 19:18:15 GMT
server
sffe
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Jun 2022 04:40:21 GMT
frame-02-img.jpg
s0.2mdn.net/sadbundle/1863874276352851968/ Frame BB9D
20 KB
20 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/1863874276352851968/frame-02-img.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88fee597096d24e09d9df414069a5bbd2e9232cc29091543458806717e08f59c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 10 Jun 2021 04:40:21 GMT
x-content-type-options
nosniff
age
154452
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20396
x-xss-protection
0
last-modified
Sat, 24 Apr 2021 19:18:15 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Jun 2022 04:40:21 GMT
frame-04-bg.jpg
s0.2mdn.net/sadbundle/1863874276352851968/ Frame BB9D
38 KB
38 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/1863874276352851968/frame-04-bg.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
799ae0778295a6bcd7227a09c2aaf37a83812921577df86b57656e0cfa376dd7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 10 Jun 2021 04:40:21 GMT
x-content-type-options
nosniff
age
154452
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38635
x-xss-protection
0
last-modified
Sat, 24 Apr 2021 19:18:15 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Jun 2022 04:40:21 GMT
frame-03-bg.jpg
s0.2mdn.net/sadbundle/1863874276352851968/ Frame BB9D
69 KB
70 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/1863874276352851968/frame-03-bg.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ca61ae61928f4c621638f73dd9a6b97ee407439bfe9f43733e8dd94212358cf3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 10:49:58 GMT
x-content-type-options
nosniff
age
45875
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
71147
x-xss-protection
0
last-modified
Sat, 24 Apr 2021 19:18:15 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 11 Jun 2022 10:49:58 GMT
frame-02-bg.jpg
s0.2mdn.net/sadbundle/1863874276352851968/ Frame BB9D
151 KB
151 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/1863874276352851968/frame-02-bg.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
77963f1e81d05afc7c36c1044db0c4bc93b63681527052994b3eccbbf80585af
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 10 Jun 2021 04:40:21 GMT
x-content-type-options
nosniff
age
154452
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
154909
x-xss-protection
0
last-modified
Sat, 24 Apr 2021 19:18:15 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Jun 2022 04:40:21 GMT
frame-01-bg.jpg
s0.2mdn.net/sadbundle/1863874276352851968/ Frame BB9D
125 KB
125 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/1863874276352851968/frame-01-bg.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
748ce85b55617d2a9a4df4551622305443ff58d579ed788baae32f3de513f03a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/1863874276352851968/index.html?e=69&leftOffset=0&topOffset=0&c=93wGLOdKuR&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 10 Jun 2021 04:40:21 GMT
x-content-type-options
nosniff
age
154452
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
127594
x-xss-protection
0
last-modified
Sat, 24 Apr 2021 19:18:15 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Jun 2022 04:40:21 GMT
tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js
pagead2.googlesyndication.com/bg/ Frame 7901
14 KB
6 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b44eb85c6d5c5c01e075166a2ee52630b0b23ae43db3b2c4fe42ffc4e110cf2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 16:17:02 GMT
content-encoding
br
x-content-type-options
nosniff
age
26251
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5784
x-xss-protection
0
last-modified
Mon, 31 May 2021 08:58:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 11 Jun 2022 16:17:02 GMT
army.gif
se-faire-rembourser.fr/porpoiseant/
0
65 B
XHR
General
Full URL
https://se-faire-rembourser.fr/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2OTE0OSIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItYm94LTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEyMSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDg5MTI0NywiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2OTE0OSIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItYm94LTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEyMSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDg5MTI0NywiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=
pragma
no-cache
cookie
__gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ; ezux_lpl_134878=1623454471823|6849a8fa-5f66-421b-76c3-e9dec216cc9f|false; ezouspvv=700; ezouspva=1; ezouspvh=700
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:33 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 10 Jun 2021 23:34:33 UTC
activeview
pagead2.googlesyndication.com/pcs/ Frame B973
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsubyczHonyVCGyveLB4QW_JCoe_9I9DwnosDhKgHuhPwLcfOlZEcjePgIySyIXUYpkLar_ZAtmsjVE56I4XPQSPaPo3xaeXkw4pYsKFjci4WBK7wsedsuZfu2E&sai=AMfl-YS2lZb_tAEaDlkFSumTQ2vxsyFvcTWKll-rLaPVxcHLAGEQ29_-uqu99uU5WVj3qh0WlHANDcq0FIyfFK8Mq6hi90cEauz2Qs8R1LQRLHO8LsOLxqsmuFOnXIQ&sig=Cg0ArKJSzDdrqgUdHXh9EAE&cid=CAASEuRogONKo6aggwded0SQ_dSwmA&id=lidar2&mcvt=1000&p=484,315,734,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210611&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1834618358&rs=4&met=ce&la=1&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&rst=1623454472667&dlt=8&rpt=1&isd=0&msd=0&r=v
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
greenoaks.gif
se-faire-rembourser.fr/detroitchicago/
0
42 B
XHR
General
Full URL
https://se-faire-rembourser.fr/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2ODQ5YThmYS01ZjY2LTQyMWItNzZjMy1lOWRlYzIxNmNjOWYiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJkYXRhIjpbeyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjI0MjUwMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiIyIn0seyJuYW1lIjoibmF0aXZlX2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19weCIsInZhbCI6IjMwODAyMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfZG9jX2NvdW50IiwidmFsIjoiMiJ9LHsibmFtZSI6Im5hdGl2ZV9hZF9kb2NfcHgiLCJ2YWwiOiIxNzM5MjAwIn0seyJuYW1lIjoibmF0aXZlX2FkX2RvY19jb3VudCIsInZhbCI6IjEifSx7Im5hbWUiOiJ2aWV3cG9ydF9zaXplIiwidmFsIjoiMTYwMHgxMjAwIn0seyJuYW1lIjoidmlld3BvcnRfcHgiLCJ2YWwiOiIxOTIwMDAwIn0seyJuYW1lIjoiZG9jX3B4IiwidmFsIjoiODUyODAwMCJ9LHsibmFtZSI6ImRvY19oZWlnaHQiLCJ2YWwiOiI1MzMwIn1dfV0=
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2ODQ5YThmYS01ZjY2LTQyMWItNzZjMy1lOWRlYzIxNmNjOWYiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJkYXRhIjpbeyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjI0MjUwMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiIyIn0seyJuYW1lIjoibmF0aXZlX2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19weCIsInZhbCI6IjMwODAyMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfZG9jX2NvdW50IiwidmFsIjoiMiJ9LHsibmFtZSI6Im5hdGl2ZV9hZF9kb2NfcHgiLCJ2YWwiOiIxNzM5MjAwIn0seyJuYW1lIjoibmF0aXZlX2FkX2RvY19jb3VudCIsInZhbCI6IjEifSx7Im5hbWUiOiJ2aWV3cG9ydF9zaXplIiwidmFsIjoiMTYwMHgxMjAwIn0seyJuYW1lIjoidmlld3BvcnRfcHgiLCJ2YWwiOiIxOTIwMDAwIn0seyJuYW1lIjoiZG9jX3B4IiwidmFsIjoiODUyODAwMCJ9LHsibmFtZSI6ImRvY19oZWlnaHQiLCJ2YWwiOiI1MzMwIn1dfV0=
pragma
no-cache
cookie
__gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ; ezux_lpl_134878=1623454471823|6849a8fa-5f66-421b-76c3-e9dec216cc9f|false; ezouspvv=700; ezouspva=1; ezouspvh=700
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:33 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 10 Jun 2021 23:34:34 UTC
army.gif
se-faire-rembourser.fr/porpoiseant/
0
42 B
XHR
General
Full URL
https://se-faire-rembourser.fr/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2OTE0OSIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItYm94LTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTIxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDg5MTI0NywiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzk3MCwyNTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxNTY5MTQ5IiwiZG9tYWluX2lkIjoiMTM0ODc4IiwidW5pdCI6ImRpdi1ncHQtYWQtc2VfZmFpcmVfcmVtYm91cnNlcl9mci1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzQ1NDQ2NSwiYWRfcG9zaXRpb24iOjExMjEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiNjg0OWE4ZmEtNWY2Ni00MjFiLTc2YzMtZTlkZWMyMTZjYzlmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTc0ODkxMjQ3LCJjcmVhdGl2ZV9pZCI6MTM4MjQxMTIzNTE3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjE1NjkxNDkiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZV9mYWlyZV9yZW1ib3Vyc2VyX2ZyLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJhZF9wb3NpdGlvbiI6MTEyMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiI2ODQ5YThmYS01ZjY2LTQyMWItNzZjMy1lOWRlYzIxNmNjOWYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ5NzQ4OTEyNDcsImNyZWF0aXZlX2lkIjoxMzgyNDExMjM1MTcsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMTQzIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: se-faire-rembourser.fr
URL: https://se-faire-rembourser.fr/detroitchicago/cmbv2.js?gcb=195-2&cb=04-100-306-1007-110-509-50a-70d-30f-312-213-114-1317-216-418-31c-122c-12e-21&cmbcb=17&sj=x04x00x06x07x10x09x0ax0dx0fx12x13x14x17x16x18x1cx2cx2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.47.187.175 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-47-187-175.eu-west-3.compute.amazonaws.com
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTU2OTE0OSIsImRvbWFpbl9pZCI6IjEzNDg3OCIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlX2ZhaXJlX3JlbWJvdXJzZXJfZnItYm94LTItMCIsInRfZXBvY2giOjE2MjM0NTQ0NjUsImFkX3Bvc2l0aW9uIjoxMTIxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjY4NDlhOGZhLTVmNjYtNDIxYi03NmMzLWU5ZGVjMjE2Y2M5ZiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk3NDg5MTI0NywiY3JlYXRpdmVfaWQiOjEzODI0MTEyMzUxNywiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzk3MCwyNTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxNTY5MTQ5IiwiZG9tYWluX2lkIjoiMTM0ODc4IiwidW5pdCI6ImRpdi1ncHQtYWQtc2VfZmFpcmVfcmVtYm91cnNlcl9mci1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzQ1NDQ2NSwiYWRfcG9zaXRpb24iOjExMjEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiNjg0OWE4ZmEtNWY2Ni00MjFiLTc2YzMtZTlkZWMyMTZjYzlmIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTc0ODkxMjQ3LCJjcmVhdGl2ZV9pZCI6MTM4MjQxMTIzNTE3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjE1NjkxNDkiLCJkb21haW5faWQiOiIxMzQ4NzgiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZV9mYWlyZV9yZW1ib3Vyc2VyX2ZyLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjIzNDU0NDY1LCJhZF9wb3NpdGlvbiI6MTEyMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiI2ODQ5YThmYS01ZjY2LTQyMWItNzZjMy1lOWRlYzIxNmNjOWYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ5NzQ4OTEyNDcsImNyZWF0aXZlX2lkIjoxMzgyNDExMjM1MTcsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMTQzIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma
no-cache
cookie
__gads=ID=5d0b35baab60a9bb:T=1623454467:S=ALNI_MbCebZ3y7eawN0GsC2-cR238oySxQ; ezux_lpl_134878=1623454471823|6849a8fa-5f66-421b-76c3-e9dec216cc9f|false; ezouspvv=700; ezouspva=1; ezouspvh=700
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
se-faire-rembourser.fr
referer
https://se-faire-rembourser.fr/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://se-faire-rembourser.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 23:34:34 GMT
server
nginx/1.16.0
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 10 Jun 2021 23:34:34 UTC
dc_oe=ChMIpeqtmN-Q8QIVh_h3Ch3bcwPWEAAYACC9nuBGQhMI7qSAmN-Q8QIVmee7CB2tXwkz;met=1;&timestamp=1623454481202;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 3028
42 B
515 B
Image
General
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIpeqtmN-Q8QIVh_h3Ch3bcwPWEAAYACC9nuBGQhMI7qSAmN-Q8QIVmee7CB2tXwkz;met=1;&timestamp=1623454481202;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Jun 2021 23:34:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

300 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| __ez string| __sellerid object| __ezaps string| __ezapid function| ezapsFetchBids object| apstag object| __banger_pmp_deals number| ezobv function| ez_isclean object| ezSlotKVStore function| ezSetSlotTargeting function| ezGetSlotById object| ez_queue function| sort_queue function| execute_ez_queue function| ez_write_tag function| in_array object| ezrpos undefined| ez_current_interval number| ez_current_load function| __ez_fad_load boolean| __ez_fad_floatshowd function| __ez_fad_floatshow object| __ez_fad_initslot object| __ez_fad_fastd object| __ez_fad_fastdiv object| __ez_fad_fastslots object| __ez_fad_viewslots object| __ez_fad_instaslots object| ezslit_run object| __ez_fad_divs object| __ez_fad_divsd number| __ez_fad_vw number| __ez_fad_vh function| __ez_fad_invisible function| __ez_fad_position function| __ez_fad_fast function| __ez_fad_csnt boolean| __ez_fad_haspo function| __ez_fad_rdy function| __ez_fad_docht function| __ez_fad_vpht number| __ez_fad_doc_ht number| __ez_fad_vp_ht boolean| __ez_fad_hascp object| ez_ad_units object| ezslots object| ezsrqt object| __ez_fad_divpos object| ezorbf boolean| isEZABL number| ezmadspc boolean| ezoViewCheck boolean| ezDisableInitialLoad object| googletag object| ezoibfh object| ezaxmns object| ezaucmns object| __ez_fad_floating boolean| __ez_fad_gptd boolean| __ez_fad_ezpbinitd function| __ez_fad_gpt function| __ez_fad_pb function| ezogetbrkey boolean| ezoll string| ezoadxnc string| ezoadhb function| ezorefgsl boolean| ezoicTestActive object| _ezaq object| _ezim_d object| _ezat function| gtag object| dataLayer object| cookieconsent_options boolean| hasCookieConsent string| ezouid string| ezoTemplate string| ezoFormfactor object| ezo_elements_to_check string| soc_app_id number| did string| ezdomain number| ezoicSearchable function| __ez_ezosuigenerisEvt function| create_ezolpl function| attach_ezolpl string| _audins_dom number| _audins_did number| _ez_fad_vw object| google_tag_manager object| ggeac object| google_js_reporting_queue object| __ezlcp function| __ezlcpcd function| __ez_sendLCPElement boolean| __inScopeForCCPA function| __uspapi function| __receiveUspapiMessage function| __ez_fad_ezpbinit object| epbjs boolean| __enableAnalytics object| __s2sbidders function| __ez_tkn_evnt function| __ez_fad_scroll number| __ez_fad_scrollint function| __ez_fad_chkpos object| ezRBA function| __ez_addAllListeners undefined| __ez_dims function| uglipop string| ezoScriptHost object| IL11ILILIIlLLLILILLLLIILLLIIL11111LLILiiLIliLlILlLiiLLIiILL object| ezomash function| ezbanger function| ezvb function| ezsr function| ezosethbbids function| ezoSyncToDfp function| ezoGetDFPSlot function| ez_attachEvent function| ez_attachEventWithCapture function| ez_detachEvent function| ez_getQueryString function| __ezDotData object| ezux object| ct object| ezdent object| ezDenty object| ezmt object| ezua object| ezuxgoals function| _ez_TOS_TrackEvent function| ezocfol number| netStartTime function| hashCode function| ezogetrqbykey function| ezorqs function| ezorqe function| _fEzDt function| xhrSuccess function| xhrError function| loadFile function| lex undefined| _comments undefined| _depth undefined| _position undefined| _tokens function| parse function| astNode function| next function| parseAtGroup function| parseAtImport function| parseCharset function| parseComment function| parseNamespace function| parseProperty function| parseSelector function| parseToken function| parseTokensWhile function| parseDeclarations function| parseRules undefined| _compress undefined| _indentation undefined| _level undefined| _n undefined| _s function| stringify function| indent function| stringifyAtRule function| stringifyAtGroup function| stringifyComment function| stringifyRule function| reduce function| stringifyBlock function| stringifyChildren function| stringifyDeclaration function| stringifyNode function| stringifyProperty function| CSSurgeon object| surgeon function| eachAsync function| getRandomInt function| printCSS function| runsurgeon string| UA function| ezoicSiteSpeed function| ezoicDocumentWrite boolean| __ezScrexFired function| __ezScrexify boolean| isScrexed object| _ezImgFmt object| vitalsFired object| metricNameMap function| ezlogVital object| _qevents object| _ezfd object| riveted number| ez_tos_track_count number| ez_last_activity_count function| ES6Promise function| EzoIvent function| _findOverlappingQuietPeriods function| _findNetworkQuietPeriods function| ezoFetchConst function| __ez__ael undefined| __ez__ael__proto function| loadCSS object| ezLazySizesConfig object| ezLazySizes object| webVitals function| ezoChar function| ezoCharSize number| indexKey object| google_tag_data string| GoogleAnalyticsObject function| ga string| ezosuigeneris function| __ez_func_ezosuigeneris object| OBR string| OB_releaseVer function| OBR$ boolean| success object| OB_PROXY object| outbrain object| outbrain_rater boolean| apstagLOADED function| epbjsRequestAdUnits function| epbjsRefreshSlot function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter undefined| google_measure_js_timing function| quantserve function| __qc object| ezt object| _qoptions function| qtrack object| gaplugins object| gaGlobal object| gaData string| pubcidCookie function| update_cookieconsent_options object| perf_vals boolean| __ez__w_load string| token object| ezslot_2 number| i3 object| googleToken object| googleIMState function| processGoogleToken number| __google_ad_urls_id number| google_unique_id object| ezslot_0 boolean| ezowwinit object| GoogleGcLKhOms object| google_image_requests object| __google_ad_urls boolean| google_osd_loaded boolean| google_onload_fired object| ampInaboxIframes object| ampInaboxPendingMessages number| ezouspvv string| slotElName number| bid_val function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| _defer_wait object| _wpemojiSettings object| twemoji object| wp undefined| $ function| jQuery object| PT_CV_PUBLIC object| PT_CV_PAGINATION object| bootstrap string| mrdev_ajaxurl string| slot_key object| slots string| slot

21 Cookies

Domain/Path Name / Value
.se-faire-rembourser.fr/ Name: ezosuigeneris
Value: 251b488d40df53af8010083a8c3b159f
se-faire-rembourser.fr/ Name: ezouspva
Value: 0
.se-faire-rembourser.fr/ Name: _ga
Value: GA1.2.1439056393.1623454467
se-faire-rembourser.fr/ Name: ezouspvv
Value: 0
se-faire-rembourser.fr/ Name: ezux_lpl_134878
Value: 1623454466701|6849a8fa-5f66-421b-76c3-e9dec216cc9f|false
se-faire-rembourser.fr/ Name: ezds
Value: ffid%3D1%2Cw%3D1600%2Ch%3D1200
.se-faire-rembourser.fr/ Name: _gat_gtag_UA_102382503_1
Value: 1
.se-faire-rembourser.fr/ Name: ezovuuid_134878
Value: e339246a-c084-4e71-7263-d4c45d876538
.se-faire-rembourser.fr/ Name: lp_134878
Value: https://se-faire-rembourser.fr/
.se-faire-rembourser.fr/ Name: ezovuuidtime_134878
Value: 1623454466
.se-faire-rembourser.fr/ Name: ezovid_134878
Value: 157736985
.se-faire-rembourser.fr/ Name: ezCMPCCS
Value: true
.se-faire-rembourser.fr/ Name: ezoab_134878
Value: mod1
.se-faire-rembourser.fr/ Name: ezepvv
Value: 0
.se-faire-rembourser.fr/ Name: ezoadgid_134878
Value: -1
.se-faire-rembourser.fr/ Name: ezopvc_134878
Value: 1
.se-faire-rembourser.fr/ Name: __qca
Value: P0-2059049300-1623454466672
se-faire-rembourser.fr/ Name: ezohw
Value: w%3D1600%2Ch%3D1200
.se-faire-rembourser.fr/ Name: ezoref_134878
Value:
.se-faire-rembourser.fr/ Name: _gid
Value: GA1.2.475314487.1623454467
.se-faire-rembourser.fr/ Name: active_template::134878
Value: pub_site.1623454465

1 Console Messages

Source Level URL
Text
console-api log URL: https://se-faire-rembourser.fr/wp-includes/js/jquery/jquery-migrate.min.js?screx=1&sxcb=145a&ver=3.3.2(Line 2)
Message:
JQMIGRATE: Migrate is installed, version 3.3.2

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

258794d01fb5d833175829b3278a1db8.safeframe.googlesyndication.com
a.tribalfusion.com
aax-eu.amazon-adsystem.com
ad.360yield.com
ad.doubleclick.net
ad.turn.com
ad4m.at
ade.googlesyndication.com
ads.betweendigital.com
ads.playground.xyz
ads.pubmatic.com
ads.yieldmo.com
adservice.google.ch
adservice.google.com
amazon-tam-match.dotomi.com
aorta.clickagy.com
ap.lijit.com
aud.pubmatic.com
b1sync.zemanta.com
bh.contextweb.com
c.amazon-adsystem.com
c1.adform.net
ce.lijit.com
cm.adgrx.com
cm.g.doubleclick.net
creativecdn.com
cs.emxdgt.com
cs.media.net
csync.loopme.me
d5p.de17a.com
dclk-match.dotomi.com
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eb2.3lift.com
event.clientgear.com
fonts.googleapis.com
fonts.gstatic.com
g.ezoic.net
go.ezodn.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
green.erne.co
ib.adnxs.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
images.outbrainimg.com
loadm.exelator.com
log.outbrainimg.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
match.taboola.com
mcdp-chidc2.outbrain.com
mwzeom.zeotap.com
nep.advangelists.com
odb.outbrain.com
p.rfihub.com
pagead2.googlesyndication.com
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel.onaudience.com
pixel.quantserve.com
pixel.tapad.com
pr-bh.ybp.yahoo.com
pubmatic-match.dotomi.com
r.turn.com
rtb-csync.smartadserver.com
rtb.gumgum.com
rules.quantcount.com
s.amazon-adsystem.com
s.tribalfusion.com
s0.2mdn.net
sb.scorecardresearch.com
se-faire-rembourser.fr
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
spl.zeotap.com
ssc-cms.33across.com
ssum-sec.casalemedia.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.adotmob.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
sync.technoratimedia.com
tcheck.outbrainimg.com
tg.socdm.com
tpc.googlesyndication.com
tracking.m6r.eu
trc.taboola.com
uipglob.semasio.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
visitor.fiftyt.com
widget-pixels.outbrain.com
widgets.outbrain.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.se-faire-rembourser.fr
x.bidswitch.net
124.146.215.47
13.32.5.125
142.250.181.226
142.250.185.130
142.250.185.162
142.250.186.70
142.250.74.194
146.59.148.16
151.101.13.44
151.101.14.132
151.101.14.49
159.253.128.183
162.55.6.211
169.197.150.7
178.250.0.163
178.62.202.251
18.156.0.31
18.195.155.181
18.198.69.109
185.183.112.148
185.184.8.65
185.29.135.234
185.33.221.53
185.64.189.114
185.64.190.78
185.64.190.80
185.64.190.87
185.86.137.131
188.165.4.142
188.42.196.115
193.0.160.129
193.122.174.27
198.148.27.139
199.232.137.44
2.18.232.28
2.18.233.180
2.18.234.190
2.18.234.21
2.18.235.93
2001:678:cb4:bbbb::11
213.155.156.183
213.19.147.44
216.52.2.39
2600:9000:211a:a600:6:44e3:f8c0:93a1
2606:4700:10::6816:1857
2606:4700:20::681a:bd1
2606:4700:3032::ac43:b890
2606:4700:3033::ac43:bfe3
2606:4700::6812:d05
2620:116:800d:21:5a23:9c4e:e774:96c1
2a00:1288:110:c305::8000
2a00:1450:4001:803::2002
2a00:1450:4001:803::2006
2a00:1450:4001:809::2004
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:813::2001
2a00:1450:4001:829::2001
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2008
2a00:1450:4001:82f::2002
2a00:1450:4001:831::200a
2a00:1450:4001:831::200e
2a00:1450:400c:c04::9c
2a02:fa8:8806:12::1400
2a02:fa8:8806:13::1400
2a02:fa8:8806:16::1400
3.120.242.149
3.66.136.156
3.66.22.42
34.205.3.24
34.254.122.11
34.98.107.212
35.201.96.126
35.227.248.159
35.244.159.8
37.157.4.39
37.252.172.45
47.252.78.131
50.31.142.191
52.208.100.147
52.47.187.175
52.49.40.147
52.57.251.82
52.95.123.167
54.163.239.172
54.175.176.13
54.239.17.112
54.86.120.215
64.202.112.95
66.155.71.25
67.202.110.24
69.173.144.165
70.42.32.31
72.251.241.196
72.251.244.140
72.251.249.13
76.223.111.131
77.243.60.138
85.114.159.118
99.86.241.40
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
04829f1cbe8df0d9cbd1245bcb3e02392318944f2dda5c129ebb409c77b21f89
05dbc51654b96590d176c27efbcef2cf4ac0497499a9f28b731b73eea399070c
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
076c63f713871e395188ffb1a8205e7c0a50a1e318220154f4c2b0cb6e96c887
096b50f6376adb1780a33cb578d022c0eaf3b87afc7670ab7b77d58d4d989437
09c951bf557d591d8973141bbc46acf44d8a7aebf514004b0e7e65053c1220fc
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b9a8a3f27fa969797b4fbec0716dcacd5aaa38202277691d7baf41a540963fd
0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c
0cc85c2e93b19ffff3e8305dfe9e02605426168cf7c65022e51a411d6d36bb00
0f4b08d07ecca9f8fcaf108ea78bb163fc98cfc19a844bd0f87412ab34a41873
10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12c4741a1b502ae087da043fc1cadeb279848cd40c486e4a7d8f72e8a3d1e92c
12f34d4eeed04ece92a44207714251bd462b3dc2380d2d0e0fc635239e7a937a
14fbeec2dab25c504965a03dad472088ca80aec3491ad5985ab7c737c05fd764
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
18e79d6a5c30ec774fe3b61069ddf3c8a1b175e276aea75fe43222fd12839db5
1b20bf6fcbbba8201d9fd35353ac406a72e7993d6c192f924dbdc7feb1e3fe87
1b2559ec804877cff975c8959851c4ad46abf6a163f61ec3e931df2fc9b94b25
1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74
1d6f7818a09adfc9c11ff7110eb866179ef9d36a3625cd1c02e23292d315daaa
1e9048266f8e779a7b2659b9f5b1c19a18e9ed6e5f2fc89e773bc9868bcd2072
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
25fcbcd6cc5f5b05db25c6240e4441274bf842def2bf03ea447bbbd57618d363
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
26b458d9fbaf4dbbd2ae6bd3800747352317a437cb1d76506f05cf0fc3fbdb6a
28f4dd480a7c5eb19c0a7754803758f2a2a19473b3b087132f6d6847ccf81e43
2bf7551b8beb152f8bfe5cfb4037e46f0a509ac23839dc68eda612c0c6345736
2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
303210f6ea5656711c988abc9fd7cb738005bd4470e3f70fa8360f2f1b93116c
3433b6db1158015ce9ef5d91039f3196551648c6838fb32a48cabb6f41d85943
34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
374f8ce460fc3e9c1db50a4e22cb96fe5c9b98036dc9402631a802243bbf16a4
3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820
3d77781d42b3acf0bc523e89811903e6e05c262e0e77adcfb931d905dacdcf42
3dc0b6e4edbfc8d6d8446e112130624fd05d7b8a8cfe62839046fc733c8b19a8
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3eb4ccd224866071424411c7c17a14159ca85478e0b409f3b267cc8b0c4a9fd8
42bb2f86c78fe778f8e4647bbd3cb84a3f941a9b0bf70d9401ce604274ae0764
45f0f27fb78191006375051ee3046fae3105b652d11680432511cba61b32c330
4632f2a6b880931a9a2468fe53828f3a5a4b0934d9f4f6f37d6831214469a07e
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
487aec7746a83542b3573383df65747e31c494d8412103b5675329f3d4befaeb
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4aa06d93d34f1506f832aa2be34e9539608856c2846ff3eba6f7805ff502f1ad
4ba31f51e4f6c8f7cdb5c1a110f139f726b0c6c4795ad4c9cf2bcf93580d85ac
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f3b933077b738b503f7543ffc82fa0a061f0fe7d0ff1470865fde561a324bcc
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50c8d681ebefb8fa94b60691e89d4e31c3d283310c13457028898a70f1998cc0
52b5c48a40fa3855f3b617ae95be55fecc1c5b487cef0f83d1dcd83f93b706fc
52c8d3da27637ce47ad90f639e9b16942ee460ea1a710cab557d7551f3802dcb
53b907326f7c21a04f6d39cc32ff471aafec57d887feabfabb53394f378c659f
557874c0d05a6e45197ae1660fdc76b7b762c08788f698c8ab402088746c7ed2
55f1274ad9504ffb1c6eaf048620cbfed2f3df752624b62bdbae06d5e978832b
57852b0873517fb9167b9dbebf33a5fdf422689b02e7e8f56a46d2e689d384ad
5827adb70b8322616b409c3230bd1a69a203870fe0e77b2d19c74d36053c3a81
5b57a7d6a773f0966f49617b10b4341bc789a7e606a72f9c9cc836b0815c268e
5d560d67b972586c63b6bc1da8dd95c04d7e02c02588a12f452c32fd47f4a92d
5d75f1b225eba7fb931e5e6a7bfd9efa6998c92d9820b39f4865e3911d71ab2c
6139e1fc0d3709eebbe2b18510cf24361b9f8a538c3529a73c282bafe6c78474
61e0765fa06d87b6c2f049e00226abc16193047d287ebf5e1bf1cf3bba0be08d
6374127776c7f3622a3b34499563bccc2ba71c28f3d1a497aea25a7ed0542339
656396bf1faf1ae0a1f5edbbe80900ed5b6f04123ddc8376516dd5d842d4abd7
67b5ac8808e9b451ff4bb84ab1a411dc864625992f60a64a745db0076d93c0a0
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b5117f0b1a89b322a53d03ed18ceb8abf23cd0723a9339b94e6b860fe8a994e
6c07d0904da869e15cd89798555805ecb7b121666e080eb5e57d4c1007dc5a21
6cd06e07070780dec137084762850d100ab69bff9c72f12ebd95443185f321c0
6df2999c31c1830e841b67c90f706d39b4c8a099f88c85046c6a4d79fa70817c
6dff2d7c816efa9ec2f57e0ec117eae40221bf537ee7005378bb035f6c4ade33
6f75144d4452c331e3c59d636f43db16f9863fa3537266dcfa520506c1722ddc
70b4828d446756ec95bcfb58fc19ff7974d57c03f98b4d80330a1969c3959643
7168f61ff963cc3dacb89f419c1930cabebf45d9dfb50c88b6bbf773825c5a0d
716cf93f71a94d792a4cb35dddf57d7fd7d0e2b59cffa60459591c319e3397a0
723c76ebc9c48661b17bf57ba3fe2d79793dc4912170d49208153dc100478051
7338d1df7a0b3b6d2c1177efc1f2ada1411fa054962b315ff80cbe9e0b905645
748ce85b55617d2a9a4df4551622305443ff58d579ed788baae32f3de513f03a
76b8a63499218a55a67dd6f6b19db156e9de0f08e12f48cb0b4f027bc5515010
77963f1e81d05afc7c36c1044db0c4bc93b63681527052994b3eccbbf80585af
7798165ee5a3c6809310d8261dcbe7c8d0c12d795b7b09a71af3eb86ec8f33f2
799ae0778295a6bcd7227a09c2aaf37a83812921577df86b57656e0cfa376dd7
7c9683afc486e6b2c3276cbf3291b887c7589162776280ceeae0e05d822f63c3
80747e684f98566647fb2c271a71cebad36eead965587bd8aa0d222e30036f86
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
832030a07d8f4833bc44cc0adb1fb7681613d2f7014a493565ce439f6efeab41
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
84e49ebebeb518e8e8fadc55f3d4650b35fa89b9b50aba698f282359e4449955
85c97bdbfb0fab332e4c93c18caf25e12989e5347597d02c1099773755907a30
8704650cfb8bf873b0e1972bc6a3e34546d08be5bb5419968ebba009a86e8c15
88fee597096d24e09d9df414069a5bbd2e9232cc29091543458806717e08f59c
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8f4b8d2def1fa5e09bafacbb8ac66e614d74f1cdbace1417cedef55c0d9a83db
8f95d222e7d69ea62172fa291feb6c08c6842a3dd5ce2ad874d07e2499fed799
929701ed632814943e3df803ddd9e3f179ccf889c0ad7b7f3392bd8d109b174f
92a0f8f8b8696e02d6be7a33d7b6cf69742a66968fec85844d544754f0d22956
94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9d4cd5bc39023f301fff6b87337258e143d503cd9d549740837576f56cae1184
9d9fe401b65d8cc512a532c1f704d749b522980f11d460733e78eb3589ba971b
9f7f51e9cef3384b695cc4e54985f69afc57975c7a6902fad10b8e1bd0ee50c2
a02fb4f71fe9b088bdbf79e613c78a11f989677e82751cfdbeef0d2ad01a82b5
a06d114fe0eaac2bc5e3c16113baf3c3c5cb658d3fa4f1720c363e6a56bc8ca7
a073f91e3318d097b4094c9ada42ac168848dd871ebb9d4e08f72f599fa5850a
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
ad65333bd9edd4f2e678dc530ee0d59818c2cc20fcb869b775c24d3abd7cfadc
ad83cd7b5cd167c75b91103363edadbd82fb731a1a5e06bca7e5a001b905d406
adab1e55d321a65d4cc1abde330164c08c91229115cedb201979279136212941
adeacac4167dc188f54213893f0444ea5d60995143ad0552dcb4c383199a740b
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b24ca5b9d1ba68246c4b1b3e6b69f4e909ef92e70b3309ef3de5bb63dcbc68d6
b39bd8f8c3673f54c3b0a7596e7a1292fe5874784fea04a2ee07f0db7fa2c47f
b44eb85c6d5c5c01e075166a2ee52630b0b23ae43db3b2c4fe42ffc4e110cf2a
b50d2212a6d1c03bba771a50cf306825856a1265bca6ca72e17ad5077e048abd
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b83a51957a6cd576bbf1d599207ee1a646e533f87bf1aaa7d3e7fcf7b6db9ea0
bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012
c1fdc2beee7f9e2c11aa71a159e129e0792865ca2545ba88d7f72eff2c105055
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c40a30ffe80c80e643df346ad8242cd2b934757e3c82ac44c4eab38d3988014b
c613237b21cb0f306bfa65c59cc4e0ed8c2fe5396e13739a4c60ab522b757cbc
c867104326e3c4b658209d8e5bcea0900aaf7fbc2bbc181ca01c482cac2810f3
c9053db3b244c7a3b93534429221550d6d1423e728c8c3b80ae186fb840614f1
c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca61ae61928f4c621638f73dd9a6b97ee407439bfe9f43733e8dd94212358cf3
cabbde8502a6598896a3c812c89ecd99ecfb3e9ca68f632c8c9b3f2a7f6e0046
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5
d25f3b9ca280f29b9e92ef327d66a64500bb313f967ce3e8145133329126e852
d68b415aff54e01441bd15c2113d6cd5565616968c498a1dc4267319ec501f47
da92b08380e932adf6572bc6fbf5e33e672e50622492206155c0520cc5ff70ca
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc
e086f284556d6286cf162686877537a9e922f313304b3d8a324bff7b613e6ed2
e2670e922bdde9161dba8e6b79254002423dee823c4778d0b11421f2638efca3
e2f126a8957c32db99e94d1bf7c9ed09fcd38ba99bd632ebd048f01f9c5f9c9b
e38db140a051a123f1dbbd560e31e8bcf146582457de165ac31ae40a3f1c9d7b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e585da4fe75d0c301c6ae14f1b9026f4555231f42622c5502f809035bb38c162
e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb
e8294f18a50ce3d652e79eb3d6b5ae3f5e593fd3b098f67050c0ff5f2c58a5b2
eb39520b97b27716c0db9406ae3aa7708fcf8da63df8a9e142e8a6f6575175b5
eb54ca86698de7bdb4dcde4b186145f2376d43d3bab896e533ad0cbedf737b35
ee07b09c7d212fc29ceefa7da934f3ccd93e495257ea6e5edeb8269ecb7c33c7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef8f413b642a6e5727c976b3ab998b24ab4ad2a45e6c1ffd8ceff3f4c0ca8dec
f20984abe6466e64b64e3ef52d8d40448d0150bd05a71215a88ab9a115ae6dc6
f2a908224fc8625c4a92c46fcad6da1c1eef42089b5d5bd62d99866647e73ad9
f3a0f785fbc1b38f34416a64a68d31eb6c646e29b273a81709629670889c3f96
f7a25d07b76eab3ec392ad029257047179f43b83ea253229a8c1ba7e5bdf000a
fce5822409c38e996bac0e0d3a51464953aa0ea66c4b19e19b5a4df2bb95a6d2