no.gottamentor.com Open in urlscan Pro
2606:4700:3037::ac43:d08b Public Scan

Go To Rescan
Add Verdict Report

URL:
https://no.gottamentor.com/now-dasher-now-dancer
Submission: On December 02 via manual (December 2nd 2022, 12:26:02 pm UTC) from LV — Scanned from DE

Summary HTTP 290 Redirects Links 37 Behaviour Indicators

Summary

This website contacted 53 IPs in 8 countries across 43 domains to perform 290 HTTP transactions. The main IP is 2606:4700:3037::ac43:d08b, located in United States and belongs to CLOUDFLARENET, US. The main domain is no.gottamentor.com.
TLS certificate: Issued by E1 on October 23rd 2022. Valid for: 3 months.

This is the only time no.gottamentor.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
10	2606:4700:303... 2606:4700:3037::ac43:d08b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	185.177.92.30 185.177.92.30	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
2	2600:9000:225... 2600:9000:225e:fe00:11:a4de:2580:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700::68... 2606:4700::6810:5914	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
4	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	35.190.59.101 35.190.59.101	15169 (GOOGLE) (GOOGLE)
2	35.201.67.47 35.201.67.47	15169 (GOOGLE) (GOOGLE)
2	35.190.91.160 35.190.91.160	15169 (GOOGLE) (GOOGLE)
4	52.222.214.2 52.222.214.2	16509 (AMAZON-02) (AMAZON-02)
5	148.251.44.111 148.251.44.111	24940 (HETZNER-AS) (HETZNER-AS)
8	37.157.6.247 37.157.6.247	198622 (ADFORM) (ADFORM)
14	104.22.69.131 104.22.69.131	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6 15	185.89.210.82 185.89.210.82	29990 (ASN-APPNEX) (ASN-APPNEX)
7	52.58.56.102 52.58.56.102	16509 (AMAZON-02) (AMAZON-02)
4	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
14	2606:4700:10:... 2606:4700:10::6816:2560	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	147.75.85.234 147.75.85.234	54825 (PACKET) (PACKET)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
2	137.74.20.12 137.74.20.12	16276 (OVH) (OVH)
14	37.59.235.100 37.59.235.100	16276 (OVH) (OVH)
16	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2006	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c09::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
3 4	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
2 4	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
29	37.157.6.236 37.157.6.236	198622 (ADFORM) (ADFORM)
15	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
1	2a02:2638::1c 2a02:2638::1c	() ()
1	15.197.193.217 15.197.193.217	() ()
4	151.101.129.108 151.101.129.108	() ()
1	66.155.71.25 66.155.71.25	() ()
4 4	18.156.0.31 18.156.0.31	() ()
2 2	37.157.6.245 37.157.6.245	() ()
1	69.173.144.138 69.173.144.138	() ()
4	216.52.2.48 216.52.2.48	() ()
4	2600:9000:223... 2600:9000:223f:e00:1b:5138:8a40:93a1	() ()
4	3.122.182.165 3.122.182.165	() ()
3	162.19.138.120 162.19.138.120	() ()
4	213.19.147.44 213.19.147.44	() ()
4	23.35.236.201 23.35.236.201	() ()
4	51.38.120.206 51.38.120.206	() ()
1	178.250.0.157 178.250.0.157	() ()
290	53

10 2606:4700:3037::ac43:d08b (United States)

ASN13335 (CLOUDFLARENET, US)

no.gottamentor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gottamentor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.177.92.30 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
PTR: ip-185-177-92-30.ah-server.com

dr6.biz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:225e:fe00:11:a4de:2580:93a1 (United States)

ASN16509 (AMAZON-02, US)

get.optad360.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

s.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.59.101 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 101.59.190.35.bc.googleusercontent.com

r.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.67.47 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 47.67.201.35.bc.googleusercontent.com

t.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.91.160 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 160.91.190.35.bc.googleusercontent.com

p.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.222.214.2 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-2.fra56.r.cloudfront.net

optad360.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 148.251.44.111 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: sundoro

rtb.adxpremium.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 37.157.6.247 (Denmark)

ASN198622 (ADFORM, DK)

adx.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 104.22.69.131 (None, )

ASN13335 (CLOUDFLARENET, US)

prebid.smilewanted.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
csync.smilewanted.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.smilewanted.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 185.89.210.82 (Frankfurt am Main, Germany) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.58.56.102 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-56-102.eu-central-1.compute.amazonaws.com

d.vidoomy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a-prebid.vidoomy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2606:4700:10::6816:2560 (United States)

ASN13335 (CLOUDFLARENET, US)

useast.quantumdex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.quantumdex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 147.75.85.234 (Schiphol, Netherlands)

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 137.74.20.12 (France)

ASN16276 (OVH, FR)
PTR: vh11.eris-m.of.pl

video.onnetwork.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 37.59.235.100 (France)

ASN16276 (OVH, FR)
PTR: vh11b.eris-w24.of.pl

cdn.onnetwork.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdnt.onnetwork.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c09::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.18.2 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.80.39.216 (Canada) 2 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 37.157.6.236 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::1c (None, )

ASN- ()

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (None, )

ASN- ()

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.129.108 (None, )

ASN- ()

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.25 (None, )

ASN- ()

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.156.0.31 (None, ) 4 redirects

ASN- ()

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.245 (None, ) 2 redirects

ASN- ()

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (None, )

ASN- ()

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.52.2.48 (None, )

ASN- ()

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:223f:e00:1b:5138:8a40:93a1 (None, )

ASN- ()

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.122.182.165 (None, )

ASN- ()

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 162.19.138.120 (None, )

ASN- ()

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 213.19.147.44 (None, )

ASN- ()

usermatch.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.35.236.201 (None, )

ASN- ()

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 51.38.120.206 (None, )

ASN- ()

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.157 (None, )

ASN- ()

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	adform.net 2 redirects adx.adform.net — Cisco Umbrella Rank: 4151 track.adform.net — Cisco Umbrella Rank: 3283 s1.adform.net — Cisco Umbrella Rank: 6735 cm.adform.net	238 KB
27	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 101 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 139	156 KB
19	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 204 acdn.adnxs.com	87 KB
18	doubleclick.net 3 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 189 googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 stats.g.doubleclick.net — Cisco Umbrella Rank: 73 cm.g.doubleclick.net — Cisco Umbrella Rank: 194	224 KB
16	onnetwork.tv video.onnetwork.tv — Cisco Umbrella Rank: 43717 cdn.onnetwork.tv — Cisco Umbrella Rank: 42148 cdnt.onnetwork.tv — Cisco Umbrella Rank: 54146	151 KB
15	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 394	325 KB
14	quantumdex.io useast.quantumdex.io — Cisco Umbrella Rank: 11359 sync.quantumdex.io	5 KB
14	smilewanted.com prebid.smilewanted.com — Cisco Umbrella Rank: 5195 csync.smilewanted.com static.smilewanted.com	56 KB
10	gottamentor.com no.gottamentor.com gottamentor.com	278 KB
8	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 37 imasdk.googleapis.com — Cisco Umbrella Rank: 437	602 KB
7	vidoomy.com d.vidoomy.com — Cisco Umbrella Rank: 10835 a-prebid.vidoomy.com	2 KB
6	skimresources.com s.skimresources.com — Cisco Umbrella Rank: 3394 r.skimresources.com — Cisco Umbrella Rank: 3273 t.skimresources.com — Cisco Umbrella Rank: 3446 p.skimresources.com — Cisco Umbrella Rank: 4344	21 KB
5	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 70 www.google.com — Cisco Umbrella Rank: 2	2 KB
5	adxpremium.services rtb.adxpremium.services — Cisco Umbrella Rank: 9548	7 KB
5	gstatic.com fonts.gstatic.com	145 KB
4	onetag-sys.com onetag-sys.com
4	pubmatic.com ads.pubmatic.com image6.pubmatic.com Failed
4	unrulymedia.com usermatch.targeting.unrulymedia.com
4	sharethrough.com match.sharethrough.com	137 B
4	smaato.net s.ad.smaato.net	961 B
4	lijit.com ap.lijit.com	1 KB
4	yahoo.com 4 redirects ups.analytics.yahoo.com	815 B
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 496 ssum-sec.casalemedia.com Failed	3 KB
4	a-mo.net prebid.a-mo.net — Cisco Umbrella Rank: 889	227 B
4	creativecdn.com prebid-eu.creativecdn.com — Cisco Umbrella Rank: 6224	721 B
4	consensu.org optad360.mgr.consensu.org — Cisco Umbrella Rank: 52906	26 KB
3	id5-sync.com id5-sync.com Failed	3 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 8649 www.google.de — Cisco Umbrella Rank: 6168	1 KB
3	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 381	97 KB
2	criteo.com gum.criteo.com mug.criteo.com Failed
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	20 KB
2	optad360.io get.optad360.io — Cisco Umbrella Rank: 33545	213 KB
1	rubiconproject.com pixel.rubiconproject.com eus.rubiconproject.com Failed	239 B
1	sitescout.com pixel-sync.sitescout.com	191 B
1	adsrvr.org match.adsrvr.org	391 B
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 182	48 KB
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 267	17 KB
1	dr6.biz dr6.biz — Cisco Umbrella Rank: 373595	15 KB
0	stickyadstv.com Failed ads.stickyadstv.com Failed
0	betweendigital.com Failed ads.betweendigital.com Failed
0	media.net Failed hbx.media.net Failed
0	disqus.com Failed ssp.disqus.com Failed
0	bidswitch.net Failed x.bidswitch.net Failed
290	43

	Domain	Requested by
29	s1.adform.net	track.adform.net s1.adform.net no.gottamentor.com 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
16	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com googleads.g.doubleclick.net no.gottamentor.com
15	cdn.ampproject.org	securepubads.g.doubleclick.net
15	ib.adnxs.com	6 redirects get.optad360.io googleads.g.doubleclick.net acdn.adnxs.com
13	cdn.onnetwork.tv	video.onnetwork.tv cdn.onnetwork.tv no.gottamentor.com
10	sync.quantumdex.io	get.optad360.io sync.quantumdex.io
10	securepubads.g.doubleclick.net	get.optad360.io securepubads.g.doubleclick.net no.gottamentor.com
9	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
9	gottamentor.com	no.gottamentor.com
6	csync.smilewanted.com	get.optad360.io csync.smilewanted.com
5	rtb.adxpremium.services	get.optad360.io
5	fonts.gstatic.com	fonts.googleapis.com
4	static.smilewanted.com	csync.smilewanted.com
4	onetag-sys.com	sync.quantumdex.io
4	ads.pubmatic.com	sync.quantumdex.io
4	usermatch.targeting.unrulymedia.com	sync.quantumdex.io
4	match.sharethrough.com	sync.quantumdex.io csync.smilewanted.com
4	s.ad.smaato.net	sync.quantumdex.io
4	ap.lijit.com	sync.quantumdex.io
4	ups.analytics.yahoo.com	4 redirects
4	acdn.adnxs.com	get.optad360.io
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	track.adform.net	4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com s1.adform.net
4	imasdk.googleapis.com	cdn.onnetwork.tv imasdk.googleapis.com
4	prebid.a-mo.net	get.optad360.io
4	useast.quantumdex.io	get.optad360.io
4	prebid-eu.creativecdn.com	get.optad360.io
4	d.vidoomy.com	get.optad360.io
4	prebid.smilewanted.com	get.optad360.io
4	adx.adform.net	get.optad360.io
4	optad360.mgr.consensu.org	get.optad360.io
4	fonts.googleapis.com	gottamentor.com securepubads.g.doubleclick.net
3	id5-sync.com	sync.quantumdex.io
3	a-prebid.vidoomy.com
3	googleads.g.doubleclick.net	4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com no.gottamentor.com
3	www.google.com	1 redirects tpc.googlesyndication.com
3	cdn.jsdelivr.net	no.gottamentor.com get.optad360.io cdn.onnetwork.tv
2	cm.adform.net	2 redirects
2	www.google-analytics.com	cdn.onnetwork.tv www.google-analytics.com
2	video.onnetwork.tv	get.optad360.io cdn.onnetwork.tv
2	4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	adservice.google.com	securepubads.g.doubleclick.net
2	adservice.google.de	securepubads.g.doubleclick.net
2	p.skimresources.com	no.gottamentor.com
2	t.skimresources.com	no.gottamentor.com s.skimresources.com
2	get.optad360.io	no.gottamentor.com get.optad360.io
1	pixel.rubiconproject.com
1	pixel-sync.sitescout.com
1	match.adsrvr.org	get.optad360.io
1	mug.criteo.com
1	gum.criteo.com
1	www.google.de
1	stats.g.doubleclick.net	www.google-analytics.com
1	www.googletagservices.com	4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
1	cdnt.onnetwork.tv	no.gottamentor.com
1	s0.2mdn.net	imasdk.googleapis.com
1	r.skimresources.com	s.skimresources.com
1	s.skimresources.com	no.gottamentor.com
1	dr6.biz	no.gottamentor.com
1	no.gottamentor.com
0	image6.pubmatic.com Failed	ads.pubmatic.com
0	ads.stickyadstv.com Failed	csync.smilewanted.com
0	eus.rubiconproject.com Failed	sync.quantumdex.io
0	ssum-sec.casalemedia.com Failed	sync.quantumdex.io
0	ads.betweendigital.com Failed	sync.quantumdex.io
0	hbx.media.net Failed	sync.quantumdex.io
0	ssp.disqus.com Failed	sync.quantumdex.io
0	x.bidswitch.net Failed
290	69

This site contains links to these domains. Also see Links.

Domain
en.optad360.com
www.optad360.com
www.noradsanta.org
santatracker.google.com
gottamentor.com
de.gottamentor.com
ar.gottamentor.com
bg.gottamentor.com
cs.gottamentor.com
da.gottamentor.com
el.gottamentor.com
et.gottamentor.com
fi.gottamentor.com
fr.gottamentor.com
hi.gottamentor.com
hr.gottamentor.com
hu.gottamentor.com
id.gottamentor.com
it.gottamentor.com
ja.gottamentor.com
ko.gottamentor.com
lt.gottamentor.com
lv.gottamentor.com
ms.gottamentor.com
nl.gottamentor.com
pl.gottamentor.com
pt.gottamentor.com
ro.gottamentor.com
ru.gottamentor.com
sk.gottamentor.com
sl.gottamentor.com
sr.gottamentor.com
sv.gottamentor.com
th.gottamentor.com
tr.gottamentor.com
vi.gottamentor.com
uk.gottamentor.com

Subject Issuer	Validity	Valid
*.gottamentor.com E1	`2022-10-23` - `2023-01-21`	3 months	crt.sh
0.mo11.biz R3	`2022-10-07` - `2023-01-05`	3 months	crt.sh
*.optad360.io Amazon	`2022-10-17` - `2023-11-15`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-02` - `2023-06-01`	a year	crt.sh
*.skimresources.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-25` - `2023-11-08`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
optad360.mgr.consensu.org Amazon	`2022-05-23` - `2023-06-21`	a year	crt.sh
*.adxpremium.services Sectigo RSA Domain Validation Secure Server CA	`2022-08-26` - `2023-08-05`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-20` - `2023-09-20`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.vidoomy.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-01` - `2023-10-02`	a year	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-17` - `2023-04-12`	a year	crt.sh
*.a-mo.net R3	`2022-09-05` - `2022-12-04`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
onnetwork.tv R3	`2022-11-25` - `2023-02-23`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-10-31` - `2023-01-26`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
cdn.adnxs.com GeoTrust TLS RSA CA G1	`2022-03-11` - `2023-04-11`	a year	crt.sh
*.sitescout.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-15` - `2023-01-15`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2022-06-27` - `2023-06-05`	a year	crt.sh
s.ad.smaato.net Amazon	`2022-08-22` - `2023-09-20`	a year	crt.sh
*.sharethrough.com Amazon	`2022-07-14` - `2023-08-12`	a year	crt.sh
*.id5-sync.com R3	`2022-11-09` - `2023-02-07`	3 months	crt.sh
*.targeting.unrulymedia.com Sectigo RSA Domain Validation Secure Server CA	`2022-05-09` - `2023-05-09`	a year	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2022-02-04` - `2023-02-03`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-10` - `2023-01-03`	a year	crt.sh

This page contains 57 frames:

Primary Page: https://no.gottamentor.com/now-dasher-now-dancer
Frame ID: E15872C25310059009C997C84A057226
Requests: 87 HTTP requests in this frame

Frame: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.985114764071479
Frame ID: 52F71BE53E51D8236B738008DBED18EF
Requests: 1 HTTP requests in this frame

Frame: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: CB5933DE40C48D1902E6F5C90F05C663
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 2D13B8FBC97D61EC486B21B4AEB8F8B2
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6800FE698F33D879196C49D65154DE94
Requests: 2 HTTP requests in this frame

Frame: https://cdn.onnetwork.tv/css/player86.css?s=1669482283
Frame ID: F833A50415D46C27C0B00EEF3C3FB2DC
Requests: 20 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.547.0_en.html
Frame ID: E4D6D46814D183B9550FBF59D6C46A67
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.547.0_en.html
Frame ID: 3A02410DEADFB9C4F78121BF0B6509A9
Requests: 1 HTTP requests in this frame

Frame: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 822D03C0397F1FEC3C5973796E500B18
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMbfsgIQlY2jgQMY9MCE2QEwAQ&v=APEucNVSLEx6Ocfpdl9FPLeRSr_p73fHytAeMBVWZXXHOeVXbsJoJ52_jL6PqR6i7JnVZme_2gfXpR9yd-7mzSbAANB2Jh1vcv6AY_8wuEjnIBecULGqTsVgEioNipcQJl0OJH3__F0VHLb5liKF37zmOOWzIACuNwp4lFPExcibLLPZ0Kei1gb7nl9adTEmg75hFRvN3OQYKVkwkw2ivoopb_MeGk-UKQ
Frame ID: E9BE0626BF0F1853BAE305A3620148CA
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 9F8BEEC5EFF3E8B636C7A89C0840DF69
Requests: 3 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs
Frame ID: 585CAAC2F63930D9E3A8347867150532
Requests: 14 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/11990643.js?ADFassetID=11990643&bv=516
Frame ID: 15205BDA89A521A6F54D500A8BB0599A
Requests: 27 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs
Frame ID: C68C6ABB8F214D0EDA59C366C353A2D7
Requests: 14 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs
Frame ID: 2E1842F630A4C5D0D04971C7ED55B432
Requests: 14 HTTP requests in this frame

Frame: https://csync.smilewanted.com/
Frame ID: 2A898BE5E75557FC8C1F348F0D8E6FB3
Requests: 2 HTTP requests in this frame

Frame: https://sync.quantumdex.io/usersync/pbjs
Frame ID: F82BB798BBDC5EBDDB6A88CC6CA2866C
Requests: 10 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 67EC1189E92A6414DA210780AE4B9C48
Requests: 2 HTTP requests in this frame

Frame: https://sync.quantumdex.io/usersync/pbjs
Frame ID: 2F4843DAE4D36E181F2C686B62EA5890
Requests: 10 HTTP requests in this frame

Frame: https://csync.smilewanted.com/
Frame ID: 4AC3D0BAE2D013C94151B83901F06B1B
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 63433C7A9881EC95F48B2571E42CFD66
Requests: 2 HTTP requests in this frame

Frame: https://sync.quantumdex.io/usersync/pbjs
Frame ID: F7AF56850C3D812932E1367EA111EE6C
Requests: 10 HTTP requests in this frame

Frame: https://csync.smilewanted.com/
Frame ID: 1B786962F3705BB636C2AB0DE15E54DF
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: C442DCAACC55B831B96BFD1C8A41F4DB
Requests: 2 HTTP requests in this frame

Frame: https://csync.smilewanted.com/
Frame ID: BCAC0C127AFFEDA8898A7806473AF40F
Requests: 2 HTTP requests in this frame

Frame: https://sync.quantumdex.io/usersync/pbjs
Frame ID: A3571829204DDCC24E4EA1A7C33FFC41
Requests: 10 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 0FB1A055D0964AC25E69C7A177B02AB8
Requests: 2 HTTP requests in this frame

Frame: https://usermatch.targeting.unrulymedia.com/pbsync?gdpr=${GDPR}&consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&rurl=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%24UID
Frame ID: 5F74286975CC754F4F9C5EDB12301A86
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Frame ID: B4DAADC3E7D72C31E4BF0D399E819C22
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east
Frame ID: 96153F32929D349D5D9074C3A13BD30D
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Frame ID: 5E202534BEC831B371BE14EF0FDC06AE
Requests: 2 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Frame ID: 2D97B218CD4F806901B86CCE852AE463
Requests: 1 HTTP requests in this frame

Frame: https://usermatch.targeting.unrulymedia.com/pbsync?gdpr=${GDPR}&consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&rurl=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%24UID
Frame ID: 98D4908E25EBD7DBD39A22478C68A110
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Frame ID: 2EC846F5B0E3CB5D35F53F30E8D0E245
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east
Frame ID: 9DDD9E4CC653F232254DA45EFEE8C9B6
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Frame ID: 3814A26A92D2E7FD89A2E9648D7FFFFF
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Frame ID: 5CDB80A08B653D6BF421C4BC928BEAFE
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Frame ID: 3493F170CDC216F91AC3EE7155E79DF3
Requests: 1 HTTP requests in this frame

Frame: https://usermatch.targeting.unrulymedia.com/pbsync?gdpr=${GDPR}&consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&rurl=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%24UID
Frame ID: BECAF7D101F8FBD76DB7B445D804A959
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Frame ID: E941A89345D65BAC340440331F9C29CB
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east
Frame ID: A97A4878744F6D4D1CB315E36C4A28FE
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Frame ID: 7DE82D86B374768BB79BD84C3E8D3062
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Frame ID: F3FFA3E09498A055798180ECFD2394D1
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Frame ID: D65A050940CEAEAFC882F0B4461B428F
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Frame ID: 4DAD6BE3E209E040F74CC738576F05BB
Requests: 1 HTTP requests in this frame

Frame: https://usermatch.targeting.unrulymedia.com/pbsync?gdpr=${GDPR}&consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&rurl=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%24UID
Frame ID: 8A1B901DE6A47AC2D2726DB357EDEBAD
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east
Frame ID: A40832CDAEFFBCE41321CB46341A734F
Requests: 1 HTTP requests in this frame

Frame: https://csync.smilewanted.com/drop_cookie_sw.php
Frame ID: CD4971CF97B284E1F9227190C92971A4
Requests: 1 HTTP requests in this frame

Frame: https://ads.stickyadstv.com/user-matching?id=3602&gdpr=0&gdpr_consent=
Frame ID: BB1D93940920A8C57A03AD23A8061882
Requests: 1 HTTP requests in this frame

Frame: https://csync.smilewanted.com/drop_cookie_sw.php
Frame ID: 1689853DF121034C7BB54D543AD22381
Requests: 1 HTTP requests in this frame

Frame: https://ads.stickyadstv.com/user-matching?id=3602&gdpr=0&gdpr_consent=
Frame ID: BB392BD8F4B0F7E26F40F89FBD61E5D9
Requests: 1 HTTP requests in this frame

Frame: https://csync.smilewanted.com/drop_cookie_sw.php
Frame ID: 8D3CB49C42AF9CFD1644F43C4154AD69
Requests: 1 HTTP requests in this frame

Frame: https://csync.smilewanted.com/drop_cookie_sw.php
Frame ID: 96CA9014BBD6DC854A805A1B051A8758
Requests: 1 HTTP requests in this frame

Frame: https://ads.stickyadstv.com/user-matching?id=3602&gdpr=0&gdpr_consent=
Frame ID: 8A0BF4CF071597F453AF12F132B1FE1F
Requests: 1 HTTP requests in this frame

Frame: https://ads.stickyadstv.com/user-matching?id=3602&gdpr=0&gdpr_consent=
Frame ID: 08EAE34E32060E0B8F8BD11BB368D4CF
Requests: 1 HTTP requests in this frame

Frame: https://match.sharethrough.com/universal/v1?supply_id=GmfSCHMu&gdpr=0&gdpr_consent=
Frame ID: CE42C107A5E8B7094FAB4A80146C2454
Requests: 1 HTTP requests in this frame

Frame: https://match.sharethrough.com/universal/v1?supply_id=GmfSCHMu&gdpr=0&gdpr_consent=
Frame ID: 58AB45828686DD6A3E01641A8A2A0E70
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Julenissens navn - Hvor mange reinsdyr trekker nisseens slede?

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

YouTube (Video Players) Expand

Overall confidence: 100%
Detected patterns

<(?:param|embed|iframe)[^>]+youtube(?:-nocookie)?\.com/(?:v|embed)

GSAP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

TweenMax(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

290
Requests

83 %
HTTPS

43 %
IPv6

43
Domains

69
Subdomains

53
IPs

8
Countries

2739 kB
Transfer

7610 kB
Size

24
Cookies

37 Outgoing links

These are links going to different origins than the main page.

URL: https://en.optad360.com/?utm_source=branding&utm_medium=display&utm_campaign=no.gottamentor.com

Search URL Search Domain Scan URL

URL: https://www.optad360.com/?utm_source=branding&utm_medium=video&utm_camaign=no.gottamentor.com

Search URL Search Domain Scan URL

URL: https://www.noradsanta.org/
Title: NORAD Santa Tracker

Search URL Search Domain Scan URL

URL: https://santatracker.google.com/
Title: Google Santa Tracker.

Search URL Search Domain Scan URL

URL: https://gottamentor.com/
Title: es

Search URL Search Domain Scan URL

URL: https://de.gottamentor.com/
Title: de

Search URL Search Domain Scan URL

URL: https://ar.gottamentor.com/
Title: ar

Search URL Search Domain Scan URL

URL: https://bg.gottamentor.com/
Title: bg

Search URL Search Domain Scan URL

URL: https://cs.gottamentor.com/
Title: cs

Search URL Search Domain Scan URL

URL: https://da.gottamentor.com/
Title: da

Search URL Search Domain Scan URL

URL: https://el.gottamentor.com/
Title: el

Search URL Search Domain Scan URL

URL: https://et.gottamentor.com/
Title: et

Search URL Search Domain Scan URL

URL: https://fi.gottamentor.com/
Title: fi

Search URL Search Domain Scan URL

URL: https://fr.gottamentor.com/
Title: fr

Search URL Search Domain Scan URL

URL: https://hi.gottamentor.com/
Title: hi

Search URL Search Domain Scan URL

URL: https://hr.gottamentor.com/
Title: hr

Search URL Search Domain Scan URL

URL: https://hu.gottamentor.com/
Title: hu

Search URL Search Domain Scan URL

URL: https://id.gottamentor.com/
Title: id

Search URL Search Domain Scan URL

URL: https://it.gottamentor.com/
Title: it

Search URL Search Domain Scan URL

URL: https://ja.gottamentor.com/
Title: ja

Search URL Search Domain Scan URL

URL: https://ko.gottamentor.com/
Title: ko

Search URL Search Domain Scan URL

URL: https://lt.gottamentor.com/
Title: lt

Search URL Search Domain Scan URL

URL: https://lv.gottamentor.com/
Title: lv

Search URL Search Domain Scan URL

URL: https://ms.gottamentor.com/
Title: ms

Search URL Search Domain Scan URL

URL: https://nl.gottamentor.com/
Title: nl

Search URL Search Domain Scan URL

URL: https://pl.gottamentor.com/
Title: pl

Search URL Search Domain Scan URL

URL: https://pt.gottamentor.com/
Title: pt

Search URL Search Domain Scan URL

URL: https://ro.gottamentor.com/
Title: ro

Search URL Search Domain Scan URL

URL: https://ru.gottamentor.com/
Title: ru

Search URL Search Domain Scan URL

URL: https://sk.gottamentor.com/
Title: sk

Search URL Search Domain Scan URL

URL: https://sl.gottamentor.com/
Title: sl

Search URL Search Domain Scan URL

URL: https://sr.gottamentor.com/
Title: sr

Search URL Search Domain Scan URL

URL: https://sv.gottamentor.com/
Title: sv

Search URL Search Domain Scan URL

URL: https://th.gottamentor.com/
Title: th

Search URL Search Domain Scan URL

URL: https://tr.gottamentor.com/
Title: tr

Search URL Search Domain Scan URL

URL: https://vi.gottamentor.com/
Title: vi

Search URL Search Domain Scan URL

URL: https://uk.gottamentor.com/
Title: uk

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 112

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKGxDCbIdMUXHFs004GItbc&google_cver=1

Request Chain 113

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y4nu18.vn3BQOGgCKy887QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKGxDCbIdMUXHFs004GItbc&google_cver=1&google_hm=2

Request Chain 114

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEKz0c9WaWOVQrFxVo9hYrcU&google_cver=1

Request Chain 115

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjYyMTI2NjM0MzU2NTM0MTk5Mg%3D%3D

Request Chain 134

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 199

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fno.gottamentor.com%2F&domain=no.gottamentor.com&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=Q9C_vnxEK3BaUFZGN2JrYndWMzdVR1R3QTgwdXg1TVBWaXQ0eXJMZzg1RU5QbU5GVGs5RHpFbUN2cnppSkthOVBiUkduaEl5Z0JLUnhMZ1BLTlhjNVJlRW9wWVJtYk91N0c0ZU9za3N3d0U1WE5sMWd0VEZQbFQ4UXFXSklzTkNMM2plVjZqZXJscXR4TWphM3pYUmNMSnRCZXkzY2tGVEg3Wk9ieTlHT1RHTUY1c2RvT21CNUhHWGZmbnpZck1BMC8zbDQrUm1vcjBNV2hwU2VjdFNKNUtKTnp5OTcvQzMwOUVVVUs3YXE0Zkd6Z3UvRDQ5NmE0YWJpV0NYVVpTYWJWczg2fA&cppv=2

Request Chain 213

https://ib.adnxs.com/getuid?https%3A%2F%2Fa-prebid.vidoomy.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D0%26gdpr_consent%3Dundefined%26uid%3D%24UID HTTP 302
https://a-prebid.vidoomy.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=undefined&uid=2621266343565341992

Request Chain 215

https://ups.analytics.yahoo.com/ups/58531/occ?gdpr=0&gdpr_consent=undefined HTTP 302
https://ups.analytics.yahoo.com/ups/58531/occ?gdpr=0&gdpr_consent=undefined&verify=true HTTP 302
https://a-prebid.vidoomy.com/setuid?bidder=verizonmedia&uid=y-uMgjUy1E2uGgOMQQS7x9cPAku9sbbW2eSNFjNaE-~A&gdpr=0&gdpr_consent=

Request Chain 216

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fa-prebid.vidoomy.com%2Fsetuid%3Fbidder%3Dadf%26gdpr%3D0%26gdpr_consent%3Dundefined%26uid%3D%24UID HTTP 303
https://a-prebid.vidoomy.com/setuid?bidder=adf&gdpr=0&gdpr_consent=undefined&uid=6436852272809430576

Request Chain 217

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Frtb.adxpremium.services%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID HTTP 303
https://rtb.adxpremium.services/setuid?bidder=adform&gdpr=0&gdpr_consent=&us_privacy=&uid=6436852272809430576

Request Chain 218

https://x.bidswitch.net/sync?ssp=vidoomy HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=vidoomy HTTP 302
https://sonata-notifications.taptapnetworks.com/web/cookie/bidswitch/sync?bidswitch_ssp_id=vidoomy&bsw_custom_parameter=2ee812e6-c5dd-4452-a6e1-20f8163d78fe&gdpr=&gdpr_consent=&gdpr_pd= HTTP 302
https://x.bidswitch.net/sync?dsp_id=413&ssp=vidoomy&user_id=csonata_9218f959-4db7-4993-93fe-923182ee2d8e&bsw_param=2ee812e6-c5dd-4452-a6e1-20f8163d78fe&expires=10

Request Chain 220

https://ups.analytics.yahoo.com/ups/58424/occ HTTP 302
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-uMgjUy1E2uGgOMQQS7x9cPAku9sbbW2eSNFjNaE-~A

Request Chain 222

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=2621266343565341992

Request Chain 228

https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D HTTP 302
https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1

Request Chain 230

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=2621266343565341992

Request Chain 236

https://ups.analytics.yahoo.com/ups/58424/occ HTTP 302
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-uMgjUy1E2uGgOMQQS7x9cPAku9sbbW2eSNFjNaE-~A

Request Chain 237

https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D HTTP 302
https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1

Request Chain 238

https://ups.analytics.yahoo.com/ups/58424/occ HTTP 302
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-uMgjUy1E2uGgOMQQS7x9cPAku9sbbW2eSNFjNaE-~A

Request Chain 240

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=2621266343565341992

Request Chain 245

https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D HTTP 302
https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1

Request Chain 252

https://ups.analytics.yahoo.com/ups/58424/occ HTTP 302
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-uMgjUy1E2uGgOMQQS7x9cPAku9sbbW2eSNFjNaE-~A

Request Chain 253

https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D HTTP 302
https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1

Request Chain 255

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=2621266343565341992

Request Chain 258

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-valueimpression&endpoint=us-east HTTP 301
https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east

Request Chain 264

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-valueimpression&endpoint=us-east HTTP 301
https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east

Request Chain 270

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-valueimpression&endpoint=us-east HTTP 301
https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east

Request Chain 278

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-valueimpression&endpoint=us-east HTTP 301
https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east

290 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request now-dasher-now-dancer Show response
no.gottamentor.com/ 23 KB
8 KB 153ms
95ms Document
text/html 2606:4700:3037::ac43:d08b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:d08b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c84b90184116759a7aeb7afd45829e8da77c69c9a8ee3fe12c43061698aa2b3

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 77340c503edd7a4f-DUS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 02 Dec 2022 12:25:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jeQluEXwTXv8U4lDasdhVCqpR17%2BGjBJ0qtB03qxISBDUXPrkIa6ZiBNP6J9Q59gxpfW3yQT74d5ujFd9enNFYL0R7puaDEFAZGOKv9TSxrpjMvdMtF2tzIxrZnZ4AUMBYBSjGFgsprpwzEzEWUnj%2Fc%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 blog.css
gottamentor.com/template/styles/ 18 KB
4 KB 241ms
40ms Stylesheet
text/css 2606:4700:3037::ac43:d08b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gottamentor.com/template/styles/blog.css
Requested by: Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:d08b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 04bde04ecda49fbc137152641575dd31d7f6180a67d152479ca5abb4f4cdf8f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 13 Oct 2021 13:49:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 832811
etag: W/"6166e3d5-4907"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vjYI782R5ayL1d88ABYqtlC4LZuClTVxgIJ1SStRjkm8QgjdPBNihdFMCNLoLUg2bE2cwjGjGZHyWm1%2B6w0fgkXQSnRTwykXoI9JB8POtzeK6AVO1kJ8LwaYhT6CclK0IHPYlR5r1pAV1WVwgjU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 77340c5219f67a4f-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 22 Dec 2022 21:05:45 GMT

GET
H2 200 blog_responsive.css
gottamentor.com/template/styles/ 3 KB
1 KB 224ms
23ms Stylesheet
text/css 2606:4700:3037::ac43:d08b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gottamentor.com/template/styles/blog_responsive.css
Requested by: Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:d08b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd9207c1f37483c675ff7793523f5d5b5eab933d4380e586d43636ccf1b7c27f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 23 Oct 2020 07:58:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 832811
etag: W/"5f928d12-d05"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gKOM8euIrYBDVXLIkjDnLhI0StH1JMNEyB%2FxOK9PtiFn0vPZ3v%2Fm6aDcpW%2BCHSDAcAy7%2BJP2porPjnObfa897hjvH1agAcV3TrGaWojEMbsvgxmY9o0Io%2BVlP3wH014pjC%2FEPFTDIxyzOhExx%2Bk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 77340c5219f87a4f-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 22 Dec 2022 21:05:45 GMT

GET
H2 200 bootstrap.min.css
gottamentor.com/template/styles/bootstrap-4.1.2/ 139 KB
22 KB 242ms
41ms Stylesheet
text/css 2606:4700:3037::ac43:d08b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gottamentor.com/template/styles/bootstrap-4.1.2/bootstrap.min.css
Requested by: Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:d08b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd5525bc887734465161af57feaa4d63c3f5681cb477816b23b6e17d94995707

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 23 Oct 2020 07:58:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 832811
etag: W/"5f928d12-22ad9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VKSHxoRCu99is3A2QyxBu9u3qtbgqheo0WK%2BjyaOlM9TuS%2BnmqYbfKCM36qHQm%2BaV4W%2FHdwQpIqXODWIpSfCSk0rjduDiSezF%2FYY6lCWc3i%2FxT8Dgee1GnHKQu4n0XC%2FolJYMI4txEva7F3FdAs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 77340c5229f97a4f-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 22 Dec 2022 21:05:45 GMT

GET
H2 200 / Show response
dr6.biz/ 14 KB
15 KB 186ms
16ms Script
application/javascript 185.177.92.30
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://dr6.biz/?te=he4tgmrwmm5ha3ddf42tamzz

Requested by

Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.177.92.30 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

ip-185-177-92-30.ah-server.com

Software

nginx /

Resource Hash

2f95e36b04e23bffeb83e056d7f27b8ea8e0113da68c41b305c1f67498ca8abf

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 02 Dec 2022 12:25:56 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
server: nginx
content-type: application/javascript; charset=UTF-8

GET
H2 200 plugin.min.js Show response
get.optad360.io/sf/79c8e619-1733-4d5d-b430-d284be6559de/ 271 KB
58 KB 178ms
9ms Script
application/javascript 2600:9000:225e:fe00:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/sf/79c8e619-1733-4d5d-b430-d284be6559de/plugin.min.js
Requested by: Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:fe00:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c9aeb20d3aeaa0bdd38044f5fa39ac5f68c376d5cf1857f01031db91e4f719fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 04:20:19 GMT
content-encoding: gzip
via: 1.1 760a29e891ec10bba1274911260e1fc8.cloudfront.net (CloudFront)
last-modified: Wed, 30 Nov 2022 04:04:28 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 201938
etag: W/"01905a0b3f94fee14eddfdb6472ac873"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=604800
x-amz-cf-id: JBE2giYfnd_V8ca0zgHlOML6WwuZFIGHQ9_8hAvCM0HaBuGQC2p49w==

GET
H2 200 now-dasher-now-dancer.jpg
gottamentor.com/img/christmas/73/ 137 KB
137 KB 125ms
29ms Image
image/jpeg 2606:4700:3037::ac43:d08b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gottamentor.com/img/christmas/73/now-dasher-now-dancer.jpg
Requested by: Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:d08b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7f93b1f8397f310070ad8dd6ddfe96401d90d637d16bbb8359dcf0aa6cc65f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:56 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9671
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 140250
last-modified: Tue, 01 Jun 2021 11:30:52 GMT
server: cloudflare
etag: "60b61a6c-223da"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Iywe7CYO%2F3kbkPQWT%2B1kambvba9Zzxccv5gk4Jrvhg3Z15enJNQgJEuZ8TIYsmlTmcpdyVl1eVVBQwXDYVnjVqLUMbsXXZtv0ha1WXWro4PXv3%2FSXvvHzR1izAdo3Byk0Q5i7NkCu6%2BliPPbYno%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 77340c5229fa7a4f-DUS
expires: Sun, 01 Jan 2023 09:44:45 GMT

GET
H2 200 jquery-3.3.1.min.js Show response
gottamentor.com/template/js/ 85 KB
31 KB 207ms
25ms Script
application/javascript 2606:4700:3037::ac43:d08b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gottamentor.com/template/js/jquery-3.3.1.min.js
Requested by: Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:d08b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 23 Oct 2020 07:58:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 832811
etag: W/"5f928d12-1538f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vk1g8LSaJumE%2BuFbcOnPll%2BFCfXDp82Pvr4DK6Wcq%2FXAiGzTGmVTHa9rCxB5q7ZKzwbCu9xSC2OvouqUdAsl1DjPN1t12tFNa1f8CO67HzX3ZjGSBzoZqmpN5pUqbbbFQC1wKKYalBXxhWQF6Jo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=2592000
cf-ray: 77340c5229fb7a4f-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 22 Dec 2022 21:05:45 GMT

GET
H2 200 popper.js Show response
gottamentor.com/template/styles/bootstrap-4.1.2/ 80 KB
22 KB 222ms
40ms Script
application/javascript 2606:4700:3037::ac43:d08b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gottamentor.com/template/styles/bootstrap-4.1.2/popper.js
Requested by: Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:d08b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a93f37c5c32d030a1d831b5023b6b29bc93290f5423debaf47c83b6444528059

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 23 Oct 2020 07:58:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 832811
etag: W/"5f928d12-13f06"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JUJQQLSHhszxBvJX2VtfHrA85lJ0e4pXyHUDodRrMfoE%2FNSu5MDZ6CRqFq1CAJ8vLNj5a8kcl1R%2BAgyH9TQHMMvddeyNOwWSEDOGSyAsjgswfzcziXTEILhIQaDYbSGzZwG6l5tC1VKOiBAksr0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=2592000
cf-ray: 77340c5229fc7a4f-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 22 Dec 2022 21:05:45 GMT

GET
H2 200 bootstrap.min.js Show response
gottamentor.com/template/styles/bootstrap-4.1.2/ 50 KB
15 KB 222ms
41ms Script
application/javascript 2606:4700:3037::ac43:d08b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gottamentor.com/template/styles/bootstrap-4.1.2/bootstrap.min.js
Requested by: Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:d08b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21e2349686b7e697ee0f1a996c68505226660f60b2c2fd7f6ddaa2ca9196e3aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 23 Oct 2020 07:58:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 67567
etag: W/"5f928d12-c75f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OfiRVIoG5xN%2FMU8H3A5QBJ9fEHv60lVDSjmfjwqYE4LavBuZsfunaK%2FmooDJ9dZfHEjOdh1GAGc4zXQOicvUW5Tbrm3%2BVS0tWullts%2BjbKcoCiiqZtcwrcrPK9G8TxC%2BBy6KLlqGL%2BYC0GzdpOI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=2592000
cf-ray: 77340c5229fd7a4f-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sat, 31 Dec 2022 17:39:49 GMT

GET
H2 200 blog.js Show response
gottamentor.com/template/js/ 2 KB
1 KB 29ms
28ms Script
application/javascript 2606:4700:3037::ac43:d08b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gottamentor.com/template/js/blog.js
Requested by: Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:d08b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 759256c335c2ddc42e40f32debca9f0d57f0f14413724241689b57dfb3cbfd67

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 23 Oct 2020 07:58:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 832811
etag: W/"5f928d12-7b7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hHG2NbrBnq6QJtTLWJJWdWF44p39Pr8Qc6TpiFTAeM6BUJ%2FY0vdGmpNkjV%2B9IYrMCgW%2BL7U4xJUEmVD%2Fb5I5ChVInfVh5O4Q7%2FIjnppEyD6hfjt5JSNrZ0Gz94UDn5HiAQ%2FF3L4RHO9r19r93h8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=2592000
cf-ray: 77340c524a437a4f-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 22 Dec 2022 21:05:45 GMT

GET
H2 200 TweenMax.min.js Show response
gottamentor.com/template/plugins/greensock/ 110 KB
38 KB 29ms
29ms Script
application/javascript 2606:4700:3037::ac43:d08b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gottamentor.com/template/plugins/greensock/TweenMax.min.js
Requested by: Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:d08b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 62b1cff44a5e34b9587ad49f7ca951160f1559c5c545bcf99e13574ccaa5425a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 23 Oct 2020 07:58:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 832811
etag: W/"5f928d12-1b8f0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PE2eCDOjnWO5BaJJcYvnIyjG%2BJQNLZTE69v22D5CiUc5Km6mViu%2Fapa%2F0g%2Ft%2FsBULN%2B7oi%2B%2F5NDdyyzEPETyXG1Mmby%2FGreN%2B1OywgQm8hAwoJqw9HjxIKhM1SgJ2wZildGs4A7sIc5R6O7oc5Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=2592000
cf-ray: 77340c524a467a4f-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 22 Dec 2022 21:05:45 GMT

GET
H2 200 lazyload.min.js Show response
cdn.jsdelivr.net/npm/vanilla-lazyload@12.4.0/dist/ 6 KB
3 KB 120ms
1ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vanilla-lazyload@12.4.0/dist/lazyload.min.js

Requested by

Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0be502b9446e16b338d36ccadac232f4a68ab74655f98fec415ccdbbccbf5729

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
fastly-original-body-size: 2436
age: 14013262
x-jsd-version: 12.4.0
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19126-FRA, cache-cdg20728-CDG
x-jsd-version-type: version
server: cloudflare
etag: W/"1926-ftj+zhhSvu4E/RMH3S02cxSkfWc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0iBZoPA5UIayH6gQuAMH6clv33lMCT6GK9KAXg4zUWMsDDoK1Kq8AkAjwKL4hvyDq5Apk6fkovtgWPKuz1YwQDmyLExgy8LNYiCrANQM5MDg7ycJO2IBF%2Fu31BaylFXaH3goMJra9LTMxMynjyQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 77340c5188cd9034-FRA

GET
H2 200 192355X1677340.skimlinks.js Show response
s.skimresources.com/js/ 56 KB
21 KB 180ms
10ms Script
application/octet-stream 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://s.skimresources.com/js/192355X1677340.skimlinks.js
Requested by: Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: a8ff02979e73ddc14664b0809679bded65d8e2e61c712c846efb4bc14ce808e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:56 GMT
content-encoding: gzip
last-modified: Tue, 30 Aug 2022 08:54:29 GMT
server: AmazonS3
x-amz-request-id: XGRHXX260WJ8AGVM
etag: "54a5c71c59059ab091f13da071a97c02"
x-hw: 1669983956.cds143.fr8.hn,1669983956.cds256.fr8.c
content-type: application/octet-stream
cache-control: max-age=3600
accept-ranges: bytes
content-length: 20715
x-amz-id-2: yGQuondgi/2LwR0SnfJ2vqB8y3PxYvdHbgMHrbb7ZhQ4HN0c5um/1yXePKssiqhW2nNASwrIJGY=

GET
H2 200 css
fonts.googleapis.com/ 16 KB
1 KB 70ms
31ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,600i,700,800

Requested by

Host: gottamentor.com
URL: https://gottamentor.com/template/styles/blog.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8816e84666e9f5617099091a1422c343cd30ae4ba0680e5795e338e6aad95df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 02 Dec 2022 12:25:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 02 Dec 2022 12:25:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 02 Dec 2022 12:25:56 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ 44 KB
44 KB 52ms
14ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,600i,700,800

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://no.gottamentor.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 18:50:24 GMT
x-content-type-options: nosniff
age: 322532
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:50:24 GMT

GET
H2 200 memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0RkxhjWVAewA.woff2
fonts.gstatic.com/s/opensans/v34/ 17 KB
17 KB 65ms
28ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0RkxhjWVAewA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,600i,700,800

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d79caf876bd38b43ea665e758bee70d4f2c86942140b3035dc6653aa41abd497

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://no.gottamentor.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 05:53:21 GMT
x-content-type-options: nosniff
age: 196355
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17780
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:15:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Nov 2023 05:53:21 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 107ms
28ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/79c8e619-1733-4d5d-b430-d284be6559de/plugin.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

555995e2499646fa341aecca1a19f77231ec6c3c6c14162c668d08560e7ac4ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27394
x-xss-protection: 0
server: sffe
etag: "1409 / 822 of 1000 / last-modified: 1669982859"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 02 Dec 2022 12:25:57 GMT

GET
H2 200 prebid7.17.0.js Show response
get.optad360.io/sf/ 492 KB
155 KB 8ms
7ms Script
application/javascript 2600:9000:225e:fe00:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/sf/prebid7.17.0.js
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/79c8e619-1733-4d5d-b430-d284be6559de/plugin.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:fe00:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 529d5a06e1e90ceadfad7e6c2eaed6e9b868a35798345d5431c90f6024f15b55

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Mon, 03 Oct 2022 08:55:17 GMT
content-encoding: gzip
via: 1.1 760a29e891ec10bba1274911260e1fc8.cloudfront.net (CloudFront)
last-modified: Mon, 03 Oct 2022 06:53:57 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 5196640
etag: W/"840fa482840c0b1f014b3c14f6e0ab2e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=360000000
x-amz-cf-id: _fXvWeu5YYPimOOXlC5nyXgMSKZQ2BmRcM_RPSSOj0d-nEG-C_7xfw==

POST
H2 200 / Show response
r.skimresources.com/api/ 176 B
391 B 85ms
21ms XHR
application/json 35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/192355X1677340.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.59.101 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

101.59.190.35.bc.googleusercontent.com

Software

openresty/1.19.9.1 /

Resource Hash

b9ec65827bb7aa4ea5ff5f9b379bb44765cb3d6d800281e32196e675f6a91e6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 02 Dec 2022 12:25:57 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
server: openresty/1.19.9.1
via: 1.1 google
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://no.gottamentor.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 206 robots.txt
t.skimresources.com/api/v2/ Frame 52F7 0
134 B 61ms
23ms Image
text/plain 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.985114764071479
Requested by: Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.67.47 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 47.67.201.35.bc.googleusercontent.com
Software: Python/3.10 aiohttp/3.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:57 GMT
via: 1.1 google
server: Python/3.10 aiohttp/3.8.3
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain charset=UTF-8

GET
H2 200 px.gif
p.skimresources.com/ 43 B
276 B 77ms
21ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=1&rn=10.27985244460532
Requested by: Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 160.91.190.35.bc.googleusercontent.com
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
date: Fri, 02 Dec 2022 12:25:57 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
content-type: image/gif

GET
H2 200 px.gif
p.skimresources.com/ 43 B
102 B 77ms
22ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=2&rn=10.27985244460532
Requested by: Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 160.91.190.35.bc.googleusercontent.com
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
date: Fri, 02 Dec 2022 12:25:57 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
content-type: image/gif

GET
H3 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
2 KB 36ms
25ms XHR
application/json 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20221202

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50972fc41f894ed8acbad2e88268b464252de21576b80740541cc6d807f3356d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 02 Dec 2022 12:25:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 33891
x-jsd-version: 1.0.1541
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230021-FRA, cache-yyz4521-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"663-bD4dQPAEewRQ7RxxSfYLDSf/Wjc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ae4zCZlZ0Lrlx1hgz3%2B0xyB1bRI1BzrOCmAeP2%2FGH7JmMCvpP3jhIhnnMfL2llsSsKprPyxfVgXukTFUwZyEBTGXJYkqDCR3yoK40k9QJC1NwhodTVVDa%2B1EyZUJbzoV6AF9wDhdgsEByW7q2Rs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 77340c540da89170-FRA

GET
H3 200 pubads_impl_2022111501.js Show response
securepubads.g.doubleclick.net/gpt/ 381 KB
129 KB 66ms
14ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a4c7748a8849068a7262049472b6b640aea77d843c16a57de3e34d3c47e4a01f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 11:54:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1872
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132177
x-xss-protection: 0
last-modified: Tue, 15 Nov 2022 09:35:23 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 02 Dec 2023 11:54:45 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 78 B
90 B 74ms
47ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=no.gottamentor.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee6c40b0c921fd7b3bbc39971c9c34f277885ef09ddde5032bb6e8db65ba9d1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65
x-xss-protection: 0
expires: Fri, 02 Dec 2022 12:25:57 GMT

POST
H3 200 page Show response
t.skimresources.com/api/v2/ 22 B
43 B 39ms
23ms XHR
application/javascript 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/page

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/192355X1677340.skimlinks.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.201.67.47 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

47.67.201.35.bc.googleusercontent.com

Software

Python/3.10 aiohttp/3.8.3 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:25:57 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.10 aiohttp/3.8.3
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://no.gottamentor.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
content-length: 22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 branding-ads.svg
optad360.mgr.consensu.org/icons/ 7 KB
8 KB 35ms
7ms Image
image/svg+xml 52.222.214.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optad360.mgr.consensu.org/icons/branding-ads.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.2 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-2.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d04a8585ca1c9cbff59e413fe76da6b8dcf3c567cbc68ec436b852d7f1694df1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:24:04 GMT
via: 1.1 9e1b24b39ac8b669f996f1e7907eb696.cloudfront.net (CloudFront)
last-modified: Wed, 22 Jun 2022 12:02:24 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 82915
etag: "b0a3aa2e09d4ddd83150d7bd3347c5c0"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=360000000
accept-ranges: bytes
content-length: 7419
x-amz-cf-id: lkpHmGSJk6AcUlkgGTAjdosMqEBJK6zHyQ2AgVogsPkBG5IfdNiamw==

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ 1 KB
2 KB 261ms
179ms XHR
application/json 148.251.44.111
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 148.251.44.111 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: sundoro
Software: /
Resource Hash: 9a2effff80e62dd0c63de66518ab84d16d6fe474c6c3daf6c2102670e16c455f

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:25:58 GMT
x-prebid: pbs-go/unknown
vary: Origin
content-type: application/json
access-control-allow-origin: https://no.gottamentor.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 1340
expires: 0

POST
H2 204 openrtb Show response
adx.adform.net/adx/ 0
409 B 182ms
102ms XHR
text/plain 37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:25:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://no.gottamentor.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 / Show response
prebid.smilewanted.com/ 0
36 B 79ms
52ms XHR
text/plain 104.22.69.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 02 Dec 2022 12:25:58 GMT
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: https://no.gottamentor.com
cache-control: no-cache, private
access-control-allow-credentials: true
cf-ray: 77340c5a2d8b9c06-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 144 B
1 KB 192ms
118ms XHR
application/json 185.89.210.82
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

f06646a7054dd13cc5d038e17ad3bc5d9eed8e4b26026a5c3f729e160007dc9c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 02 Dec 2022 12:25:58 GMT
AN-X-Request-Uuid: c9f098a0-9981-40e3-aa16-5576a208283f
Server: nginx/1.21.3
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://no.gottamentor.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 178.162.209.129; 178.162.209.129; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 / Show response
d.vidoomy.com/api/rtbserver/prebid/ 0
212 B 92ms
58ms XHR
text/plain 52.58.56.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.vidoomy.com/api/rtbserver/prebid/?id=39645&adtype=banner&auc=oa-360-1669983958067_u8yv6ze4c&w=728&h=90&pos=1&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F108.0.5359.71%20Safari%2F537.36&l=en&dt=1&pid=62135&requestId=109633c4b124654&schain=%5Bobject%20Object%5D&bidfloor=0&d=gottamentor.com&sp=https%253A%252F%252Fno.gottamentor.com%252Fnow-dasher-now-dancer&usp=&coppa=false&videoContext=&gdpr=false&gdprcs=undefined
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.56.102 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-56-102.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://no.gottamentor.com
date: Fri, 02 Dec 2022 12:25:58 GMT
access-control-expose-headers: X-VD-C
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,PATCH,OPTIONS

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
181 B 57ms
16ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://no.gottamentor.com
date: Fri, 02 Dec 2022 12:25:58 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H2 204 pbjs Show response
useast.quantumdex.io/auction/ 0
133 B 142ms
115ms XHR
text/plain 2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://useast.quantumdex.io/auction/pbjs
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://no.gottamentor.com
date: Fri, 02 Dec 2022 12:25:58 GMT
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77340c5a3b308fdc-FRA
access-control-allow-methods: POST, GET

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
171 B 60ms
14ms XHR
text/plain 147.75.85.234
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.85.234 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

x-nbr: 1
date: Fri, 02 Dec 2022 12:25:57 GMT
server: envoy
vary: origin, Accept-Encoding
access-control-allow-origin: https://no.gottamentor.com
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0

GET
H2 204 / Show response
d.vidoomy.com/api/rtbserver/prebid/ 0
212 B 51ms
23ms XHR
text/plain 52.58.56.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.vidoomy.com/api/rtbserver/prebid/?id=39645&adtype=banner&auc=oa-360-1669983958066_33lk1yigl&w=728&h=90&pos=1&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F108.0.5359.71%20Safari%2F537.36&l=en&dt=1&pid=62135&requestId=18d0cc02aeb565d&schain=%5Bobject%20Object%5D&bidfloor=0&d=gottamentor.com&sp=https%253A%252F%252Fno.gottamentor.com%252Fnow-dasher-now-dancer&usp=&coppa=false&videoContext=&gdpr=false&gdprcs=undefined
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.56.102 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-56-102.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://no.gottamentor.com
date: Fri, 02 Dec 2022 12:25:58 GMT
access-control-expose-headers: X-VD-C
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,PATCH,OPTIONS

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ 1 KB
2 KB 194ms
121ms XHR
application/json 148.251.44.111
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 148.251.44.111 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: sundoro
Software: /
Resource Hash: 1399b1bf428b32bd6a69bbaa89167cfe776f650d9cac6980bc96f5e2166d7961

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:25:58 GMT
x-prebid: pbs-go/unknown
vary: Origin
content-type: application/json
access-control-allow-origin: https://no.gottamentor.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 1339
expires: 0

POST
H2 204 / Show response
prebid.smilewanted.com/ 0
310 B 56ms
38ms XHR
text/plain 104.22.69.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 02 Dec 2022 12:25:58 GMT
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: https://no.gottamentor.com
cache-control: no-cache, private
access-control-allow-credentials: true
cf-ray: 77340c5a2d8d9c06-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 204 openrtb Show response
adx.adform.net/adx/ 0
410 B 148ms
77ms XHR
text/plain 37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:25:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://no.gottamentor.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
180 B 51ms
16ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://no.gottamentor.com
date: Fri, 02 Dec 2022 12:25:58 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H2 204 pbjs Show response
useast.quantumdex.io/auction/ 0
266 B 129ms
109ms XHR
text/plain 2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://useast.quantumdex.io/auction/pbjs
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://no.gottamentor.com
date: Fri, 02 Dec 2022 12:25:58 GMT
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77340c5a3b368fdc-FRA
access-control-allow-methods: POST, GET

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 10 KB
5 KB 239ms
175ms XHR
application/json 185.89.210.82
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

6e86fcfa5caff72f05cf3c9113e96d3b489df50ea5e48fb339f8e4d02d4c1b94

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 02 Dec 2022 12:25:58 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 178.162.209.129; 178.162.209.129; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 7b0baf07-e624-4515-8d81-37c93a69a3a8
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://no.gottamentor.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
20 B 55ms
15ms XHR
text/plain 147.75.85.234
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.85.234 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

x-nbr: 1
date: Fri, 02 Dec 2022 12:25:57 GMT
server: envoy
vary: origin, Accept-Encoding
access-control-allow-origin: https://no.gottamentor.com
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1

POST
H2 204 openrtb Show response
adx.adform.net/adx/ 0
409 B 172ms
106ms XHR
text/plain 37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:25:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://no.gottamentor.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
18 B 50ms
15ms XHR
text/plain 147.75.85.234
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.85.234 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

x-nbr: 1
date: Fri, 02 Dec 2022 12:25:57 GMT
server: envoy
vary: origin, Accept-Encoding
access-control-allow-origin: https://no.gottamentor.com
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
180 B 46ms
17ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://no.gottamentor.com
date: Fri, 02 Dec 2022 12:25:58 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 240ms
181ms XHR
application/json 185.89.210.82
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

22cc4a7bc0c7006ea5be08a4a51073e31c9ddd9a2b76c6fbb01c03325a33eb03

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 02 Dec 2022 12:25:58 GMT
AN-X-Request-Uuid: 62839eab-1e19-4b24-b3b9-096ac76594b5
Server: nginx/1.21.3
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://no.gottamentor.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 178.162.209.129; 178.162.209.129; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 / Show response
d.vidoomy.com/api/rtbserver/prebid/ 0
213 B 38ms
18ms XHR
text/plain 52.58.56.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.vidoomy.com/api/rtbserver/prebid/?id=39645&adtype=banner&auc=oa-360-1669983958060_tv3sihbwf&w=728&h=90&pos=1&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F108.0.5359.71%20Safari%2F537.36&l=en&dt=1&pid=62135&requestId=423a3721a36d1fb&schain=%5Bobject%20Object%5D&bidfloor=0&d=gottamentor.com&sp=https%253A%252F%252Fno.gottamentor.com%252Fnow-dasher-now-dancer&usp=&coppa=false&videoContext=&gdpr=false&gdprcs=undefined
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.56.102 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-56-102.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://no.gottamentor.com
date: Fri, 02 Dec 2022 12:25:58 GMT
access-control-expose-headers: X-VD-C
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,PATCH,OPTIONS

POST
H2 204 / Show response
prebid.smilewanted.com/ 0
35 B 54ms
44ms XHR
text/plain 104.22.69.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 02 Dec 2022 12:25:58 GMT
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: https://no.gottamentor.com
cache-control: no-cache, private
access-control-allow-credentials: true
cf-ray: 77340c5a2d8f9c06-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 204 pbjs Show response
useast.quantumdex.io/auction/ 0
133 B 127ms
114ms XHR
text/plain 2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://useast.quantumdex.io/auction/pbjs
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://no.gottamentor.com
date: Fri, 02 Dec 2022 12:25:58 GMT
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77340c5a3b348fdc-FRA
access-control-allow-methods: POST, GET

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ 1 KB
2 KB 189ms
126ms XHR
application/json 148.251.44.111
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 148.251.44.111 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: sundoro
Software: /
Resource Hash: b47ff21e0bb6bdd13562a5f1d52f66074a63f44d2121ad91655e42133189b772

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:25:58 GMT
x-prebid: pbs-go/unknown
vary: Origin
content-type: application/json
access-control-allow-origin: https://no.gottamentor.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 1338
expires: 0

GET
H2 200 branding-ads.svg
optad360.mgr.consensu.org/icons/ 7 KB
8 KB 8ms
7ms Image
image/svg+xml 52.222.214.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optad360.mgr.consensu.org/icons/branding-ads.svg
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/79c8e619-1733-4d5d-b430-d284be6559de/plugin.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.2 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-2.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d04a8585ca1c9cbff59e413fe76da6b8dcf3c567cbc68ec436b852d7f1694df1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:24:04 GMT
via: 1.1 9e1b24b39ac8b669f996f1e7907eb696.cloudfront.net (CloudFront)
last-modified: Wed, 22 Jun 2022 12:02:24 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 82915
etag: "b0a3aa2e09d4ddd83150d7bd3347c5c0"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=360000000
accept-ranges: bytes
content-length: 7419
x-amz-cf-id: SXU6bsejz1SU-nhB8NU_93yZSRH4v8rxjwD4mGOM8QorDpUbqgVytA==

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 72ms
21ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=no.gottamentor.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 81ms
25ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=no.gottamentor.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 19 KB
9 KB 567ms
566ms XHR
text/plain 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=504992986827039&correlator=2656882371949770&eid=31070116%2C31068826&output=ldjh&gdfp_req=1&vrg=2022111501&ptt=17&impl=fif&iu_parts=121764058%3A22528037647%2Ccelebs-networth.com%2Ccelebs-networth.com_ATF&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C970x250%7C970x300&ifi=1&adks=2483656142&sfv=1-0-40&prev_scp=hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D970x250%26hb_pb_appnexus%3D0.04%26hb_adid_appnexus%3D498a14000635078%26hb_bidder_appnexus%3Dappnexus%26hb_format%3Dbanner%26hb_size%3D970x250%26hb_pb%3D0.04%26hb_adid%3D498a14000635078%26hb_bidder%3Dappnexus&sc=1&cookie_enabled=1&abxe=1&dt=1669983958358&lmt=1669983958&dlt=1669983956614&idt=675&adxs=436&adys=445&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fno.gottamentor.com%2Fnow-dasher-now-dancer&frm=20&vis=1&psz=0x-1&msz=728x-1&fws=644&ohw=1600&ga_vid=818863337.1669983958&ga_sid=1669983958&ga_hid=371846855&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9e56b7b82263ae7a915472e90f57e1e9b5a32a2e44d9264c1422de8e55dce8a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9206
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://no.gottamentor.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 124ms
70ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022111501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0b3b1222ac3ed02cbd2db738f018a3e8b0693aab2990ba87e66dbebbc0a707fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11119
x-xss-protection: 0

GET
H2 200 container.html Show response
4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame CB59 6 KB
3 KB 100ms
22ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://no.gottamentor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 12:25:58 GMT
expires: Sat, 02 Dec 2023 12:25:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 56 KB
13 KB 962ms
962ms XHR
text/plain 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=504992986827039&correlator=2656882371949770&eid=31070116%2C31068826&output=ldjh&gdfp_req=1&vrg=2022111501&ptt=17&impl=fif&iu_parts=121764058%3A22528037647%2Ccelebs-networth.com%2Ccelebs-networth.com_SF&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C750x100%7C970x90&ifi=2&adks=3313129298&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1669983958373&lmt=1669983958&dlt=1669983956614&idt=675&adxs=436&adys=1200&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fno.gottamentor.com%2Fnow-dasher-now-dancer&frm=20&vis=1&psz=0x-1&msz=728x-1&fws=640&ohw=0&ga_vid=818863337.1669983958&ga_sid=1669983958&ga_hid=371846855&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1ca40611d10ac24d19be3dbaef22025ceee07aac60a50e6ace1baa57169f18c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12785
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://no.gottamentor.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 63 KB
13 KB 1449ms
1449ms XHR
text/plain 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=504992986827039&correlator=2656882371949770&eid=31070116%2C31068826&output=ldjh&gdfp_req=1&vrg=2022111501&ptt=17&impl=fif&iu_parts=121764058%3A22528037647%2Ccelebs-networth.com%2Ccelebs-networth.com_BTF&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C970x250%7C970x300%7C1280x300&ifi=3&adks=3029265718&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1669983958379&lmt=1669983958&dlt=1669983956614&idt=675&adxs=436&adys=3808&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fno.gottamentor.com%2Fnow-dasher-now-dancer&frm=20&vis=1&psz=0x-1&msz=728x-1&fws=644&ohw=1600&ga_vid=818863337.1669983958&ga_sid=1669983958&ga_hid=371846855&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a8a40c9bcf21990fcc91eb186c3e674a0af8c9c572807675daea2b13d3057fd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13216
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://no.gottamentor.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 embed.php Show response
video.onnetwork.tv/ 2 KB
1013 B 98ms
31ms Script
text/javascript 137.74.20.12
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://video.onnetwork.tv/embed.php?ext=optad

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/79c8e619-1733-4d5d-b430-d284be6559de/plugin.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

137.74.20.12 , France, ASN16276 (OVH, FR),

Reverse DNS

vh11.eris-m.of.pl

Software

XO.webservant /

Resource Hash

cab552598c313ec62fe89766dd35aeff2441972ccf6665487fc9c9805bff3b57

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Fri, 02 Dec 2022 12:25:58 GMT
last-modified: Fri, 02 Dec 2022 12:25:57 GMT
server: XO.webservant
vary: Accept-Encoding
p3p: CP="ALL CAO DSP COR IVD IVA PSD PSA TEL TAI CUS ADM CUR CON SAM OUR IND"
content-type: text/javascript;charset=utf-8
cache-control: no-store, no-cache, must-revalidate, post-check=1, pre-check=1
feature-policy: fullscreen *; autoplay;
content-length: 687
expires: Fri, 02 Dec 2022 12:25:57 GMT

GET
H2 200 embed.min.js Show response
cdn.onnetwork.tv/js/player90/ 70 KB
24 KB 74ms
32ms Script
application/javascript 37.59.235.100
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onnetwork.tv/js/player90/embed.min.js?s=1669913823

Requested by

Host: video.onnetwork.tv
URL: https://video.onnetwork.tv/embed.php?ext=optad

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.59.235.100 , France, ASN16276 (OVH, FR),

Reverse DNS

vh11b.eris-w24.of.pl

Software

XO.webservantpro /

Resource Hash

c42ac47a2cf8ca8ed138b3538b35ed4d8d6e7b462dfd39c48f4feebb3b738d2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://no.gottamentor.com/
Origin: https://no.gottamentor.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

pragma: public
date: Fri, 02 Dec 2022 12:25:58 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Thu, 01 Dec 2022 16:57:03 GMT
server: XO.webservantpro
etag: W/"6388dcdf-117de"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=17280000, public
expires: Tue, 20 Jun 2023 12:25:58 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 103ms
38ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 02 Dec 2022 12:25:58 GMT

GET
H2 200 embedOptAd.min.js Show response
cdn.onnetwork.tv/js/player90/ 22 KB
8 KB 18ms
18ms Script
application/javascript 37.59.235.100
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onnetwork.tv/js/player90/embedOptAd.min.js?s=1669913823

Requested by

Host: video.onnetwork.tv
URL: https://video.onnetwork.tv/embed.php?ext=optad

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.59.235.100 , France, ASN16276 (OVH, FR),

Reverse DNS

vh11b.eris-w24.of.pl

Software

XO.webservantpro /

Resource Hash

504867782586fad9c6efd023992df14d977196b24825de28cc59b51aca206165

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://no.gottamentor.com/
Origin: https://no.gottamentor.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

pragma: public
date: Fri, 02 Dec 2022 12:25:58 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Thu, 01 Dec 2022 16:57:03 GMT
server: XO.webservantpro
etag: W/"6388dcdf-58da"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=17280000, public
expires: Tue, 20 Jun 2023 12:25:58 GMT

GET
H2 200 branding-ads.svg
optad360.mgr.consensu.org/icons/ 7 KB
8 KB 8ms
8ms Image
image/svg+xml 52.222.214.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optad360.mgr.consensu.org/icons/branding-ads.svg
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/79c8e619-1733-4d5d-b430-d284be6559de/plugin.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.2 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-2.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d04a8585ca1c9cbff59e413fe76da6b8dcf3c567cbc68ec436b852d7f1694df1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:24:04 GMT
via: 1.1 9e1b24b39ac8b669f996f1e7907eb696.cloudfront.net (CloudFront)
last-modified: Wed, 22 Jun 2022 12:02:24 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 82915
etag: "b0a3aa2e09d4ddd83150d7bd3347c5c0"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=360000000
accept-ranges: bytes
content-length: 7419
x-amz-cf-id: m_pUnFq4oBPBzAkmXBiSYmu3BHslfLfMjQT4BNiEsdnKHfweO5RtGQ==

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 52ms
51ms XHR
application/json 185.89.210.82
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

396387372e521a2859b66d8ba258fa48a469738cdfdabdb44ce7b8f6530fee53

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 02 Dec 2022 12:25:58 GMT
AN-X-Request-Uuid: 32cbc340-9f23-413a-bf11-af9f3d9d10c2
Server: nginx/1.21.3
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://no.gottamentor.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 178.162.209.129; 178.162.209.129; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
18 B 16ms
15ms XHR
text/plain 147.75.85.234
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.85.234 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

x-nbr: 1
date: Fri, 02 Dec 2022 12:25:57 GMT
server: envoy
vary: origin, Accept-Encoding
access-control-allow-origin: https://no.gottamentor.com
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1

GET
H2 204 / Show response
d.vidoomy.com/api/rtbserver/prebid/ 0
212 B 105ms
105ms XHR
text/plain 52.58.56.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.vidoomy.com/api/rtbserver/prebid/?id=39645&adtype=banner&auc=oa-360-1669983958589_dm9mv3t7i&w=300&h=250&pos=1&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F108.0.5359.71%20Safari%2F537.36&l=en&dt=1&pid=62135&requestId=56e723fd2ef600e&schain=%5Bobject%20Object%5D&bidfloor=0&d=gottamentor.com&sp=https%253A%252F%252Fno.gottamentor.com%252Fnow-dasher-now-dancer&usp=&coppa=false&videoContext=&gdpr=false&gdprcs=undefined
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.56.102 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-56-102.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://no.gottamentor.com
date: Fri, 02 Dec 2022 12:25:58 GMT
access-control-expose-headers: X-VD-C
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,PATCH,OPTIONS

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ 1 KB
2 KB 268ms
268ms XHR
application/json 148.251.44.111
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 148.251.44.111 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: sundoro
Software: /
Resource Hash: f71eb60faf969bf70ee1521aeca9b1d6c8990f81cc5d879b3109232133ce1a7c

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:25:58 GMT
x-prebid: pbs-go/unknown
vary: Origin
content-type: application/json
access-control-allow-origin: https://no.gottamentor.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 1338
expires: 0

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
180 B 16ms
16ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://no.gottamentor.com
date: Fri, 02 Dec 2022 12:25:58 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H2 204 openrtb Show response
adx.adform.net/adx/ 0
409 B 55ms
55ms XHR
text/plain 37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:25:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://no.gottamentor.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 pbjs Show response
useast.quantumdex.io/auction/ 0
35 B 115ms
115ms XHR
text/plain 2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://useast.quantumdex.io/auction/pbjs
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://no.gottamentor.com
date: Fri, 02 Dec 2022 12:25:58 GMT
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77340c5d49178fdc-FRA
access-control-allow-methods: POST, GET

POST
H2 204 / Show response
prebid.smilewanted.com/ 0
36 B 36ms
36ms XHR
text/plain 104.22.69.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 02 Dec 2022 12:25:58 GMT
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: https://no.gottamentor.com
cache-control: no-cache, private
access-control-allow-credentials: true
cf-ray: 77340c5d4c309c06-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

GET
H2 200 frame86.php Show response
video.onnetwork.tv/ 18 KB
6 KB 44ms
43ms Fetch
text/html 137.74.20.12
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://video.onnetwork.tv/frame86.php?id=ffONNP7d06dad6959bb035c5e47a48811d2ea016699839586041&iid=1669983958604&e=1&ap=4&map=1&umum=1&naa=1&lang=1&pinva=1&pinv=1&dpre=1&onnsfonn=1&vids=919027&dpb=1&onnwid=9074&wtop=https%253A%252F%252Fno.gottamentor.com%252Fnow-dasher-now-dancer&apop=0&vpop=0&apopa=0&vpopa=0&cId=ndONNP7d06dad6959bb035c5e47a48811d2ea01669983958603&rrpt=%7B%22CxSegments%22%3Anull%7D

Requested by

Host: cdn.onnetwork.tv
URL: https://cdn.onnetwork.tv/js/player90/embed.min.js?s=1669913823

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

137.74.20.12 , France, ASN16276 (OVH, FR),

Reverse DNS

vh11.eris-m.of.pl

Software

XO.webservant /

Resource Hash

48b3cef92295572e8c4ef939348c8141b17c12e9365b34c24b4e132b371548ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Fri, 02 Dec 2022 12:25:58 GMT
last-modified: Fri, 02 Dec 2022 12:25:58 GMT
server: XO.webservant
vary: Accept-Encoding
p3p: CP="ALL CAO DSP COR IVD IVA PSD PSA TEL TAI CUS ADM CUR CON SAM OUR IND"
access-control-allow-origin: https://no.gottamentor.com
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache, must-revalidate, post-check=1, pre-check=1
feature-policy: fullscreen *; autoplay;
access-control-allow-credentials: true
content-length: 5901
expires: Fri, 02 Dec 2022 12:25:59 GMT

GET
H2 200 branding-video-negative.svg
optad360.mgr.consensu.org/icons/ 10 KB
3 KB 8ms
7ms Image
image/svg+xml 52.222.214.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optad360.mgr.consensu.org/icons/branding-video-negative.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.2 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-2.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7260b4a4163f2e458b462ed77194205e12e7d8352f0ec3cb2e4d1475f7419a9a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 15:47:57 GMT
content-encoding: gzip
via: 1.1 9e1b24b39ac8b669f996f1e7907eb696.cloudfront.net (CloudFront)
last-modified: Wed, 22 Jun 2022 12:05:00 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 74282
etag: W/"4ccbac335fa4fcdf4c526588ec6a6bc0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=360000000
x-amz-cf-id: LYoT0ypVzfXFSqL7nMbYiDhCapE3mPVLVUHxf0tKyzMsrJfAPWNs0A==

GET
H2 200 a_cntg.png
cdn.onnetwork.tv/cnt/ 126 B
330 B 54ms
17ms Image
image/png 37.59.235.100
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.onnetwork.tv/cnt/a_cntg.png?ts=1669983958611&d=9074&wsc=00&typ=embed&mobile=0&c=40
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.59.235.100 , France, ASN16276 (OVH, FR),
Reverse DNS: vh11b.eris-w24.of.pl
Software: XO.webservantpro /
Resource Hash: a607b3c3e0d09d7f339e0035f16f99bf93637dee0eb27b2b9c447701fefa2ace

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:58 GMT
last-modified: Friday, 02-Dec-2022 12:25:58 GMT
server: XO.webservantpro
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-length: 126

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 2D13 13 KB
5 KB 45ms
13ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://no.gottamentor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1348
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 12:03:30 GMT
expires: Sat, 02 Dec 2023 12:03:30 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6800 783 B
1 KB 58ms
23ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bcbed99682f898f0fa16fa0f0c4baf1ac2b8d9ba65cff14fe563e28f5285fddd

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-IAyRyP7iFP04sy7KuFhreA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://no.gottamentor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-IAyRyP7iFP04sy7KuFhreA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 12:25:58 GMT
expires: Fri, 02 Dec 2022 12:25:58 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 player86.css
cdn.onnetwork.tv/css/ Frame F833 44 KB
11 KB 24ms
24ms Stylesheet
text/css 37.59.235.100
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onnetwork.tv/css/player86.css?s=1669482283

Requested by

Host: cdn.onnetwork.tv
URL: https://cdn.onnetwork.tv/js/player90/embed.min.js?s=1669913823

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.59.235.100 , France, ASN16276 (OVH, FR),

Reverse DNS

vh11b.eris-w24.of.pl

Software

XO.webservantpro /

Resource Hash

d3db2e5ccf8f6bfb963ab88463e09d992c67a4c37258b8f99714e7822abe6d79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

pragma: public
date: Fri, 02 Dec 2022 12:25:58 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Sat, 26 Nov 2022 17:04:43 GMT
server: XO.webservantpro
etag: W/"6382472b-b1e5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=17280000, public
expires: Tue, 20 Jun 2023 12:25:58 GMT

GET
H2 200 player_utils.min.js Show response
cdn.onnetwork.tv/js/player86/ Frame F833 11 KB
4 KB 23ms
23ms Script
application/javascript 37.59.235.100
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onnetwork.tv/js/player86/player_utils.min.js?s=1669482715

Requested by

Host: cdn.onnetwork.tv
URL: https://cdn.onnetwork.tv/js/player90/embed.min.js?s=1669913823

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.59.235.100 , France, ASN16276 (OVH, FR),

Reverse DNS

vh11b.eris-w24.of.pl

Software

XO.webservantpro /

Resource Hash

b42cdce8a41bd8076fdd464a537ad64ad3f25a2ce0c8fc0e91abe2756d6ee970

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

pragma: public
date: Fri, 02 Dec 2022 12:25:58 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Sat, 26 Nov 2022 17:11:55 GMT
server: XO.webservantpro
etag: W/"638248db-2c6a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=17280000, public
expires: Tue, 20 Jun 2023 12:25:58 GMT

GET
H2 200 adblock_notify.js Show response
cdn.onnetwork.tv/js/ Frame F833 134 B
416 B 23ms
22ms Script
application/javascript 37.59.235.100
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onnetwork.tv/js/adblock_notify.js?s=1669983958

Requested by

Host: cdn.onnetwork.tv
URL: https://cdn.onnetwork.tv/js/player90/embed.min.js?s=1669913823

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.59.235.100 , France, ASN16276 (OVH, FR),

Reverse DNS

vh11b.eris-w24.of.pl

Software

XO.webservantpro /

Resource Hash

634c7a6099396c9382029aa927edfc1e84583592d97a96fa6dd2fe8d7a0c2602

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

pragma: public
date: Fri, 02 Dec 2022 12:25:58 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Sat, 24 Sep 2022 20:52:18 GMT
server: XO.webservantpro
etag: W/"632f6e02-86"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=17280000, public
expires: Tue, 20 Jun 2023 12:25:58 GMT

GET
H2 200 gpt_proxy.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame F833 83 KB
31 KB 68ms
13ms Script
text/javascript 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/gpt_proxy.js

Requested by

Host: cdn.onnetwork.tv
URL: https://cdn.onnetwork.tv/js/player90/embed.min.js?s=1669913823

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d172e4a65be0295624eff225a515158c7959e40041303be754edb04e01b541f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:23:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 175
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30955
x-xss-protection: 0
last-modified: Wed, 30 Nov 2022 15:35:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=900
accept-ranges: bytes
expires: Fri, 02 Dec 2022 12:38:03 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame F833 371 KB
124 KB 83ms
28ms Script
text/javascript 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: cdn.onnetwork.tv
URL: https://cdn.onnetwork.tv/js/player90/embed.min.js?s=1669913823

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

530040ebbfc1cd7a18f0537709371ccd55ec5ed96756cb4c121c2a56a33f8f19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126620
x-xss-protection: 0
expires: Fri, 02 Dec 2022 12:25:58 GMT

GET
H3 200 hls.min.js Show response
cdn.jsdelivr.net/npm/hls.js@1.1.3/dist/ Frame F833 315 KB
93 KB 46ms
37ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/hls.js@1.1.3/dist/hls.min.js

Requested by

Host: cdn.onnetwork.tv
URL: https://cdn.onnetwork.tv/js/player90/embed.min.js?s=1669913823

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

920230cba1a6e09330a6cc76c634c78e547fcf67b7a9cc03213dde43ceea0baa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 22129459
x-jsd-version: 1.1.3
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19124-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"4eaf2-/CwIB8b0ZgFLVgmQTHnomAXuiz4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mVYCTSVASWzzJughbn9QutVGVGB5wFZVN8aeMIJkdVK1O3EdJ8xSt2N9d6KUvzeXb0Df4FlJa7C2jaYyp8E150siKUj%2BNUoLw0KT4TxNm%2FeijovkDNlFJk%2Bm4GotlSoPi4rJW4e3EtUOzC5B44o%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 77340c5db9ea5b6e-FRA

GET
H2 200 player.min.js Show response
cdn.onnetwork.tv/js/player86/ Frame F833 315 KB
83 KB 38ms
36ms Script
application/javascript 37.59.235.100
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onnetwork.tv/js/player86/player.min.js?s=1669482715

Requested by

Host: cdn.onnetwork.tv
URL: https://cdn.onnetwork.tv/js/player90/embed.min.js?s=1669913823

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.59.235.100 , France, ASN16276 (OVH, FR),

Reverse DNS

vh11b.eris-w24.of.pl

Software

XO.webservantpro /

Resource Hash

2a3f5688e753d3843a4975b2604136b480e56cd27614fdc6f925906f3672160a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

pragma: public
date: Fri, 02 Dec 2022 12:25:58 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Sat, 26 Nov 2022 17:11:55 GMT
server: XO.webservantpro
etag: W/"638248db-4ea96"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=17280000, public
expires: Tue, 20 Jun 2023 12:25:58 GMT

GET
H3 200 HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js Show response
pagead2.googlesyndication.com/bg/ Frame 2D13 36 KB
16 KB 45ms
15ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d72b55013b9749fe76255325fcf5230fe3314fcdf71f172dc5e24068444cdca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 14:16:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79770
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16085
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 01 Dec 2023 14:16:28 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6800 0
0 172ms
157ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022111501&jk=504992986827039&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

GET
H2 200 general.css
cdn.onnetwork.tv/css/websites/optad/ Frame F833 616 B
498 B 38ms
38ms Stylesheet
text/css 37.59.235.100
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onnetwork.tv/css/websites/optad/general.css

Requested by

Host: cdn.onnetwork.tv
URL: https://cdn.onnetwork.tv/js/player86/player.min.js?s=1669482715

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.59.235.100 , France, ASN16276 (OVH, FR),

Reverse DNS

vh11b.eris-w24.of.pl

Software

XO.webservantpro /

Resource Hash

60e70619e42d5f5a364383d83867d95a84d0133e43b3cd2bc78942eb468c7d4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

pragma: public
date: Fri, 02 Dec 2022 12:25:58 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Sun, 27 Mar 2022 07:49:33 GMT
server: XO.webservantpro
etag: W/"6240170d-268"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=17280000, public
expires: Tue, 20 Jun 2023 12:25:58 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame F833 49 KB
20 KB 84ms
22ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: cdn.onnetwork.tv
URL: https://cdn.onnetwork.tv/js/player86/player.min.js?s=1669482715

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 02 Dec 2022 11:15:49 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 4209
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Fri, 02 Dec 2022 13:15:49 GMT

GET
H3 200 bridge3.547.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame E4D6 691 KB
221 KB 42ms
13ms Document
text/html 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.547.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f461e1e3fb47ce63a8d28c453253784cc233481904428c57a361fc93fd987327

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://no.gottamentor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 236142
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 226691
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 18:50:16 GMT
expires: Wed, 29 Nov 2023 18:50:16 GMT
last-modified: Tue, 29 Nov 2022 15:11:42 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame F833 44 KB
17 KB 71ms
25ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 02 Dec 2022 12:25:58 GMT

GET
H3 200 bridge3.547.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 3A02 691 KB
221 KB 36ms
16ms Document
text/html 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.547.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f461e1e3fb47ce63a8d28c453253784cc233481904428c57a361fc93fd987327

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://no.gottamentor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 236142
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 226691
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 18:50:16 GMT
expires: Wed, 29 Nov 2023 18:50:16 GMT
last-modified: Tue, 29 Nov 2022 15:11:42 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 919027_5m.jpg
cdnt.onnetwork.tv/poster/9/1/ Frame F833 10 KB
10 KB 27ms
20ms Image
image/jpeg 37.59.235.100
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnt.onnetwork.tv/poster/9/1/919027_5m.jpg

Requested by

Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.59.235.100 , France, ASN16276 (OVH, FR),

Reverse DNS

vh11b.eris-w24.of.pl

Software

XO.webservantpro /

Resource Hash

37cb31effe0fa7997e40575b2d239b9fd99fa789fa7f4a9e16cd8c55cb86163c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:58 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 17 Nov 2022 10:35:17 GMT
server: XO.webservantpro
etag: "63760e65-28d8"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=17280000
accept-ranges: bytes
content-length: 10456
expires: Tue, 20 Jun 2023 12:25:58 GMT

GET
H2 200 a_cnti.png
cdn.onnetwork.tv/cnt/ Frame F833 126 B
329 B 24ms
21ms Image
image/png 37.59.235.100
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.onnetwork.tv/cnt/a_cnti.png?ts=1669983958849&event=plimpression&d=9074&vs=0&aps=4&playerVisible=0&plist=0&widget=0&initap=4&currap=4&ab=0&cbs=1&co=0&vc=0&pod=0&ppos=0&muted=1&mobile=0&lls=0&acount=0
Requested by: Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.59.235.100 , France, ASN16276 (OVH, FR),
Reverse DNS: vh11b.eris-w24.of.pl
Software: XO.webservantpro /
Resource Hash: a607b3c3e0d09d7f339e0035f16f99bf93637dee0eb27b2b9c447701fefa2ace

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:58 GMT
last-modified: Friday, 02-Dec-2022 12:25:58 GMT
server: XO.webservantpro
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-length: 126

GET
H2 200 a_cntm.png
cdn.onnetwork.tv/cnt/ Frame F833 126 B
329 B 24ms
22ms Image
image/png 37.59.235.100
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.onnetwork.tv/cnt/a_cntm.png?ts=1669983958855&i=919027&d=9074&wsc=ab&plist=0&widget=0&initap=4&currap=4&ab=0&cbs=1&co=0&vc=0&pod=0&ppos=0&muted=1&mobile=0&lls=0&typ=embed&ap=4&vs=40
Requested by: Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.59.235.100 , France, ASN16276 (OVH, FR),
Reverse DNS: vh11b.eris-w24.of.pl
Software: XO.webservantpro /
Resource Hash: a607b3c3e0d09d7f339e0035f16f99bf93637dee0eb27b2b9c447701fefa2ace

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:58 GMT
last-modified: Friday, 02-Dec-2022 12:25:58 GMT
server: XO.webservantpro
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-length: 126

GET
H2 200 a_cntd.png
cdn.onnetwork.tv/cnt/ Frame F833 126 B
329 B 25ms
22ms Image
image/png 37.59.235.100
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.onnetwork.tv/cnt/a_cntd.png?ts=1669983958856&mobile=0&plc=1&time=17&website=9074
Requested by: Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.59.235.100 , France, ASN16276 (OVH, FR),
Reverse DNS: vh11b.eris-w24.of.pl
Software: XO.webservantpro /
Resource Hash: a607b3c3e0d09d7f339e0035f16f99bf93637dee0eb27b2b9c447701fefa2ace

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:58 GMT
last-modified: Friday, 02-Dec-2022 12:25:58 GMT
server: XO.webservantpro
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-length: 126

GET
H2 206 black2.mp4
cdn.onnetwork.tv/img/ Frame F833 2 KB
2 KB 21ms
20ms Media
video/mp4 37.59.235.100
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onnetwork.tv/img/black2.mp4

Requested by

Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.59.235.100 , France, ASN16276 (OVH, FR),

Reverse DNS

vh11b.eris-w24.of.pl

Software

XO.webservantpro /

Resource Hash

6212a4c6fd9be62d0795e3957471693cb344af6f21c2bbe0e957f3ed82520f1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://no.gottamentor.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Range: bytes=0-

Response headers

pragma: public
date: Fri, 02 Dec 2022 12:25:58 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 15 Nov 2022 12:58:10 GMT
server: XO.webservantpro
etag: "63738ce2-8be"
access-control-allow-methods: GET, POST, OPTIONS
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-2237/2238
cache-control: max-age=17280000, public
Content-Length: 2238
expires: Tue, 20 Jun 2023 12:25:58 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 56ms
22ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=no.gottamentor.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 57ms
25ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=no.gottamentor.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 63 KB
13 KB 1236ms
1236ms XHR
text/plain 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=504992986827039&correlator=2656882371949770&eid=31070116%2C31068826&output=ldjh&gdfp_req=1&vrg=2022111501&ptt=17&impl=fif&iu_parts=121764058%3A22528037647%2Ccelebs-networth.com%2Ccelebs-networth.com_am_S1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C336x280%7C360x300%7C580x200&ifi=4&adks=4090274508&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1669983958884&lmt=1669983958&dlt=1669983956614&idt=675&adxs=460&adys=1218&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=3&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fno.gottamentor.com%2Fnow-dasher-now-dancer&frm=20&vis=1&psz=0x-1&msz=300x-1&fws=644&ohw=1600&ga_vid=818863337.1669983958&ga_sid=1669983958&ga_hid=371846855&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

143e61f341f2a9c692f5c4da3376571f8eceb3bd522100ced05fecd474fbb3d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:26:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13451
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://no.gottamentor.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 2D13 0
10 B 13ms
13ms Image
text/plain 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?es1u-A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:58 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 container.html Show response
4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 822D 6 KB
3 KB 42ms
13ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://no.gottamentor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 12:25:58 GMT
expires: Sat, 02 Dec 2023 12:25:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 200 collect Show response
www.google-analytics.com/j/ Frame F833 4 B
24 B 48ms
20ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&aip=1&a=1879589529&t=pageview&_s=1&dl=https%3A%2F%2Fno.gottamentor.com%2Fnow-dasher-now-dancer&dp=%2Fab%2Foptad360_com&ul=en-us&de=UTF-8&dt=Player&sd=24-bit&sr=1600x1200&vp=480x270&je=0&_u=IGhAAEABAAAAACAAsD~&jid=30703565&gjid=456733467&cid=1953490166.1669983959&tid=UA-135216642-1&_gid=529838787.1669983959&_r=1&_slc=1&z=242800756

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:25:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://no.gottamentor.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame E9BE 624 B
918 B 87ms
50ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMbfsgIQlY2jgQMY9MCE2QEwAQ&v=APEucNVSLEx6Ocfpdl9FPLeRSr_p73fHytAeMBVWZXXHOeVXbsJoJ52_jL6PqR6i7JnVZme_2gfXpR9yd-7mzSbAANB2Jh1vcv6AY_8wuEjnIBecULGqTsVgEioNipcQJl0OJH3__F0VHLb5liKF37zmOOWzIACuNwp4lFPExcibLLPZ0Kei1gb7nl9adTEmg75hFRvN3OQYKVkwkw2ivoopb_MeGk-UKQ

Requested by

Host: 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
URL: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 12:25:59 GMT
expires: Fri, 02 Dec 2022 12:25:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 822D 28 KB
17 KB 88ms
53ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DCp6W38GewkqX-cWqndC8h_dvUpgbGQRqrMki8StDq8NdIPRpwE6fbHGEDYwiYwX74ZTi0PysxjGrjIMnLD7IH05P7sbt_uJfcw-lfjmJd3vrRj1Tk7Ngy72Guf8SwzRbrHPASlgbidlJvUTXYGLaTmMUJgjyvLN4B5kicdSXsxAIBFeE&cry=1&dbm_d=AKAmf-D_4HXaz_B5MeOggX4W0Aj4e4kMMExpck4U89wmDbXfMxezsedUbNj98bf979HvmtA_mlWF2VfGI2Pcn5QoSzdgsa2CF837uXvZypE-OA8N-WZyte2L9t7MpzjNqipowx7yUilOCeCQK-RW36eeU5xnBiIuMyUGS3KQsAENvDKX7yqtlDWdW80KgI82mReCritDobhFpXXQcPYbBuyGoMyun-9cyIfZEVFd3OTGOBeQxDqoUliLwiIMuS50iHyOvpC6BJnxPkh--_YLLsv9AmlYsPzKSvizK_1qBQDiVq6zIsUGHrBI6-kZIgdyDhRs6Qpnog1kYdRqW-sya4DXpTM9u6Mws5IoDbzaQgWIUBlHQSSWoUXezxm0mEL_WkGCZyikYfoqSb1a_FMj7b-c33kaoGRvRpiNskUnknHVavtdKYfIkIOGEONTsDgJI_piZunrKU1z1cQXytRQBnpD6exv4fBstng1mqorbPvwkOMw9DECUJIepA8xGNsAn3o0wjJZWuThBhrF1JgQaGoAIWhHPteiUJeODZRI7TfpoLLFbiZV_pnEstdj5j1N77vgy2M1QQfDPZ2JviokLJcFU3GtGgRNXipzUsP8PwDfXFF05U-5I2JTi0fnMnOeP8m2iY_CDDN8o1bDgzOmFmxYbAhgQlRLTOx-OraWpevRdBrj6iY53X7m8PBQjuM23rd2lHnpGmL4j_i0Xj5kpDdsHEtdj0mnL2WXvqyN8h7ClNYzNdxR9XOqcrK4SAM_JdUTew2OOXULpH_iA8y6M7OdrTAJv5hfHwLdwagDQ9b75dAgODZS0D57w7cIYpEBN8mOeSvk9RRHuTyadymr9PwqQHmZz-qh2z9h_tFt0XQ6Q8UpzNJHbfx2JGok5SiKUNZCOmfOLjXX7JyTOYMF5lKMWHH70ZUlGXBEhoIr27WqLK8tUWjeye2b-jgTFb0-77Gdj9p3dMzOK4IugvACskq_531XPMI39DsPdKIrbKo-P2WKb2CEdCPy4bNuIiN5YjLrASQ_dZ8HCB6mQetibW9-pYcDQXSqquliMLm_WILB6nUs3iL9ouG8URYmBEG6YFvoL6d-p-_l3f-1SFnzOZZtOHYz7p7xD-WybLlxYu80PZxv93q18PTK8ZdcGGNg2ug8gH0rKCYukphXK86NldAarAYCH5d9W2c4rZzJaLjqIgY_5gcYvmeXqcwp3XxSo31u6oq8GXOeCP8KZ-qDU8QRZG623G44TyeBVflBc2UCtsni73CUpMMmjJdgqT3oitucLTlqctFKch7-jE0X23od-UcCFTx4CMMYXOak9OfSdO1AzS6j1rvL-LJdbkmnoKlDyhApP31_0t7Pi1NmTLQAosE4OYKW0J5Cb0Ck2Tt9HS20VMMMVSAFHcjw_JQHOBQlJG7-tXMfCKFSmLjPkoWSwfVrJ3JZrV2PMN8NE8-Wv6SnZHvtbHIvb1sMkbeleOk9Dfu5nuiu3r6Cd-xOHc39EG2dsXMa4Ddu8YJfyJuRVUEQIm_L8Fxi4QQzJMcZulL2EBdPHMu9WpNpdOHWnZf7eKvcJjNimnDa0ADvFbZEi7ItCeffYLc_z-M1E0KtAQuyOltczdPif-158wdQ4GODB5i-SrNw0RA4B5YAnz0wNxkaN794G6ue7XiwRFYSjVe3E_DNubz_LlXIwlOHqp4q250SKWBejoXDSmKGYHHu5AWdHi3yDVVynmhrTtRNhx5HHCyAxFdUur5JMLq_92jULkT3ChyzmfcqwSdctfDgaTUXO9SwIXwJwPo1LU3MCovBPmuhP5OMuBZ-8kcvYdXkvLP7S7Wq_7QGhfm7NO84W94h5DOS0GeKyKiuvfq-VW0jELZqXguuXoIUtunnZf6YBd-vWnMDIo5v3QBDNe5Vu74MqdQBwnawag08mT5jAEEkInl0vBWOMtl_78Yfw1me5HhzhLPpZsnIrnKGzPF1OIa75yeJyntxoTYDdLQMuTgkCtO9xyd2RPO8pcMXLapNXwbGrphvQ7B_RJlGtbe7Ol_AP5F1MaM6M6k4IhIpmoBB9SsvCkm2FgmDY1-v30EtO7Xfq95Kg1bCB9i9igXixpDA5K45qXY58crGuwSWJey_WSRiYHSBMBGkfEDGyVtQBrlC0N2u6cbEbp_dlIjbo8Dodxtnxh2fCU7xLtcNXhAGph9ig0rkvSZpQexkRyGD9FMXis1yNEgJw5Z35bS1u-w3vZCvk9gA5ALZzBwVBVSRKdn4qz_TeTyUvx-BJlo_QoSqgxsGogVJu-ggJYK2v6NCrOjK91BfESIOsZCEueUtehoJzzjY4DFoBFn4LCPgTlfhHbb1qlRu2kcM-lGq_ZVqzWe-PxawiuFdI3a_nYSV4ayRBuOwPPdx4Hkgc46d42INMc7wNHiQmdwibkuxOmMrZhHSguv9bqxB74XFNlasNY1fH2gFggizp91D0NzHcuSCSVUfAsV3rPpLt2lrpPrGFbDYPKYCICqqB2lUEw6uXBIfxn0-LScCzn4sJHwRMVggFwsnuta45EEWvY8KR5a7V5GftCSVZ6FYv5UDKKjgRwIZbA6_U2B8ERyLp0Jm_fxYs3EeGHirV40jdBjR1KatLqfy40sTB4pEbxpyEtTEKo9x2w1JkOEIVKFeWpgdZ59UZF76ysYePZPy_XybD6-j_CZr7suc_LxN2HnIbOeKQqg26JduSdhWetIdxmwz_PoMQ9PRvVPiAQLRIbKOso_dyDEOXvIncsUbCAEz8DEQAAIxZn5dIrIrFAW1FwT3sxu-lTLTbLyBwi3mYpYRrNYAsNJdSfpWtg8JgF4SEa7sBJpbu8g3d7jyYH9c-0TJWb_MIOyYihNWSup9rDAxYqSkj5TfxonRlxiv3tViv1PCAZziASul0zua029kbpJuCRALtFxm5OMTLGIyVbiTqG-6GLRlPfmcY9vnsx8NJUPXq5om0J2apyZRpUoPk13XeETfrnz82mFxFL0KO1TMVUKRkV7Z4mWIkiD1ZETC9jDEG_87S1e13E35W2RIZIK5llGvmYdU5MNPnpmvOrN9-oqmihG7G0Tjv3lGEA59TcHrJRCsfZa71_pwVE7Z81hQaEa1kYC_NOIH2zND9q_BaF5wx0T1aRn41pWUn_1XI2vAlsbQNd7UNx1xfKwBDJsHInnf_OYy5FmFQBmyGWvzVwLw0Wi6x5DG4fCevz1b6k1VmdwVlCkWS7bilZw8_NJfxs9E2Id29mnKk3cFb1grBDftlKGZHZPaXD6p-Id2158jA5rKiD5ZnuF29etqoHWGTB16MXIVjA8VO3jqBoV08YAiuYtTz2bM5mDPF6MwM31mL1NmHZOf3N6lXEVhbegCmbIPC6MxMdTzvxWTDlGofOnnDNF1NCgV7y4cbLdFyu0hAXd-crtz6X2IWRXG_R_r0iJwoiNw32EGPw61fpx25CWQmLzxkCLuXcgOAcrxy3dlCyfXTvpIifzLRJ_gqqmk-XnsC0Wm0ffBXZyKhtEqKoX2CLjG2RcyLvdWKysvurzO3NWoQ1vve9dBdydvePwp-2OBXZMVopmwWFwJkDTkHaUekbLN1u2Ac3Bw0UTw4_jzTXfvPasSYIvlaqTufccDUllnB0czWO2wXRCrkrfYDnfLeJd6EDQbaueSiuHFc7zufggcWb8mkfOgB4xLTDXcWgjDK1gsGQ&cid=CAQSTADq26N9P1vSCUwF_Hw56ALD7w_XMSzOHCGSVwRtPgdL2zKuqt3poRoI8DkphZbna0FF5ib352xXAz-UH95uIMiI1bl34wWFFQQCs7UYASAT&rfl=1%2Chttps%253A%252F%252Fno.gottamentor.com%252F%240

Requested by

Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4f2ba2bfe1eb64214229713ccd780bd1507170c13f11f2e28305614a1e25b123

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:25:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16982
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 822D 42 B
63 B 156ms
156ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BWUZcfNDTyAbLtXoW5bOZUI9-XwfCEme-XBqvLyYTigoCY8xht0G3U7Y2SjZtCAqNc-EmRfFyxMRDon6obdYHDT2yC0JLzGpQDZ4nBtVyGTKPD_vo

Requested by

Host: 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
URL: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:25:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 822D 2 KB
3 KB 21ms
20ms Script
text/javascript 37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=59499586;adfm_dvio=1009221872;adfm_dvli=18538519830;adfm_dvcr=455155828;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CoBPw1u6JY6mRGuqW9u8PgeOC6AL_ss7QbbPFkfT9EGQQASCqgMMiYJWCgICYB6AB8NTEnyjIAQmpAkSiiByjq7E-qAMBqgTzAU_QG5ZJCfAuhKxcpC9C_v6ba_wG36AX2xtfc-Jt_uU-rBgyGQuqGQ46wWJKPJQpk3UE1lEZZW05fD_qpo8Jl47ZpNTepe3YJvOjdyv3r20SoUHzvbOeDja0AKIP2eto5Mj7nepy_P28ucxDDY9Z7gAG9bI902CsF2hhHqPiF7TinWhZz1Y0UBdj9t-meO2Ew28mnlneSN8HtvQepfG-uZ47Eh4mX_ibvVm-zxZLeM-EcfNNeBhD0YtvuHCAuc4a5_XGsK6p0YG1FKdF9n404ohfXVbW5MYrZzfaaAiAz8Ey1_TdAmYVbWjFAoPkf9bEANLpesAEyJ3k25ME4AQDkAYBoAZNgAfwjJX_AqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tNzk0NDcyNjcwMDYwNDcwMYAKA5gLAcgLAYAMAbAT5c2rEdATANgTCogUAdgUAdAVAfgWAYAXAQ&ae=1&num=1&cid=CAQSTADq26N9P1vSCUwF_Hw56ALD7w_XMSzOHCGSVwRtPgdL2zKuqt3poRoI8DkphZbna0FF5ib352xXAz-UH95uIMiI1bl34wWFFQQCs7UYASAT&sig=AOD64_2iD8sX0BuifyrWXIeohndqJdtlTg&client=ca-pub-5512390705137507&dbm_c=AKAmf-BU-h_jqIi3d0LOfM_-EXGFkW6iYLTJM3EZ0qQ7Li3ZWP1Jbvf870FhCRkIOPPixTkT7LjGPAkjwdM4nmcB-afqUCB3SUV4HWlcEH4oIZ1b-GraHhM3Jwk6z4h2h5yVnpXkOJb2fWEev_7WS5JrKo17n3ARy--CP22cn0S9NI45HjWxNDg&cry=1&dbm_d=AKAmf-CebcAJxLSLQRU_x3tCMpKG5xBGu677rczIMDvn-7khoZ40OMrpwxHdn5hgFlVNyp5BEHgoxWhkot5zZU_b7SEWa5DsooVO9B95GFzKGDxUCBaGBBJGefnN9goB86cgqbCPb6bgEZwClBuI-kpAoM6BrMKssFsP8hk2iETKHO-njTT0ufbT4OkUV-X9XchKOKml9ahMkNmV3wXow2xWXwIjljPgKE6hl12wFoHWnC1TjYUk1pfe0-jr888Bs6_p3vVySTvSGhygnetvp_xajFf0K5ldEBGcBJeVEGTodGo4KiYWt3LmU-Ha6J0Jh39j_SKZqEqjVuci23lKJpbK9mKtTf758JSdTP9GVTme5rnAoDc1HYhXwPbLGmJQzav9CJ5HZJjsI4XXU8NBNwqMiruZ36qr1TOHT10gGd2vXN4gJn6kMtkYHvT3QXW5Szq3YdIJ4Tj2FXFELUYBmZToOefzuOfPtaUOyNBU6lUb_1Ehr4nonAzxDQ54pq_YfJ02sbFoAv-K_yfQqjUY8HaEmQl3Mew5uc_z5Co9mX2vsy6K_ZjVaTxkcnvStcT85cvMB86Gteg2&adurl=

Requested by

Host: 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
URL: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

07a1fa2fe7d9f076fb533312f3df606cba4febdc17c4bcb4ee763d6294d4ce13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:25:59 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 2430
expires: -1

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 822D 3 KB
1 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Host: 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
URL: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 14:38:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78435
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Dec 2022 14:38:44 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 822D 18 KB
7 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
URL: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 10:10:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8110
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:10:49 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 822D 155 KB
48 KB 1346ms
1271ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
URL: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

302e69dd5cd67c33a01a5d0308c1ead25d5967bd0810b0c073f9fe18124de7bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:26:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48508
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1669811598765935"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 02 Dec 2022 12:26:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ Frame F833 4 B
443 B 58ms
19ms XHR
text/plain 2a00:1450:400c:c09::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-135216642-1&cid=1953490166.1669983959&jid=30703565&gjid=456733467&_gid=529838787.1669983959&_u=IGhAAEAAAAAAACAAsD~&z=226666287

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c09::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 02 Dec 2022 12:25:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://no.gottamentor.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ Frame F833 42 B
63 B 81ms
28ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-135216642-1&cid=1953490166.1669983959&jid=30703565&_u=IGhAAEAAAAAAACAAsD~&z=422547999

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:25:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ Frame F833 42 B
501 B 73ms
38ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-135216642-1&cid=1953490166.1669983959&jid=30703565&_u=IGhAAEAAAAAAACAAsD~&z=422547999

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:25:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E9BE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKGxDCbIdMUXHFs004GItbc&google_cver=1

43 B
766 B

31ms
27ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKGxDCbIdMUXHFs004GItbc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMbfsgIQlY2jgQMY9MCE2QEwAQ&v=APEucNVSLEx6Ocfpdl9FPLeRSr_p73fHytAeMBVWZXXHOeVXbsJoJ52_jL6PqR6i7JnVZme_2gfXpR9yd-7mzSbAANB2Jh1vcv6AY_8wuEjnIBecULGqTsVgEioNipcQJl0OJH3__F0VHLb5liKF37zmOOWzIACuNwp4lFPExcibLLPZ0Kei1gb7nl9adTEmg75hFRvN3OQYKVkwkw2ivoopb_MeGk-UKQ
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 02 Dec 2022 12:25:59 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:25:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKGxDCbIdMUXHFs004GItbc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E9BE
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y4nu18.vn3BQOGgCKy887QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKGxDCbIdMUXHFs004GItbc&google_cver=1&google_hm=2

43 B
766 B

30ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKGxDCbIdMUXHFs004GItbc&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMbfsgIQlY2jgQMY9MCE2QEwAQ&v=APEucNVSLEx6Ocfpdl9FPLeRSr_p73fHytAeMBVWZXXHOeVXbsJoJ52_jL6PqR6i7JnVZme_2gfXpR9yd-7mzSbAANB2Jh1vcv6AY_8wuEjnIBecULGqTsVgEioNipcQJl0OJH3__F0VHLb5liKF37zmOOWzIACuNwp4lFPExcibLLPZ0Kei1gb7nl9adTEmg75hFRvN3OQYKVkwkw2ivoopb_MeGk-UKQ
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 02 Dec 2022 12:25:59 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:25:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKGxDCbIdMUXHFs004GItbc&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame E9BE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEKz0c9WaWOVQrFxVo9hYrcU&google_cver=1

43 B
1020 B

24ms
20ms

Image
image/gif

185.89.210.82
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEKz0c9WaWOVQrFxVo9hYrcU&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMbfsgIQlY2jgQMY9MCE2QEwAQ&v=APEucNVSLEx6Ocfpdl9FPLeRSr_p73fHytAeMBVWZXXHOeVXbsJoJ52_jL6PqR6i7JnVZme_2gfXpR9yd-7mzSbAANB2Jh1vcv6AY_8wuEjnIBecULGqTsVgEioNipcQJl0OJH3__F0VHLb5liKF37zmOOWzIACuNwp4lFPExcibLLPZ0Kei1gb7nl9adTEmg75hFRvN3OQYKVkwkw2ivoopb_MeGk-UKQ

Protocol

HTTP/1.1

Server

185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 02 Dec 2022 12:25:59 GMT
AN-X-Request-Uuid: 76654da9-8cac-4c0b-a9d9-ff751d19e6ee
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 178.162.209.129; 178.162.209.129; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:25:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEKz0c9WaWOVQrFxVo9hYrcU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame E9BE
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjYyMTI2NjM0MzU2NTM0MTk5Mg%3D%3D

170 B
243 B

214ms
24ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjYyMTI2NjM0MzU2NTM0MTk5Mg%3D%3D

Requested by

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:25:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 02 Dec 2022 12:25:59 GMT
AN-X-Request-Uuid: f754540b-7944-40b3-9dc0-0c7ae402a85b
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjYyMTI2NjM0MzU2NTM0MTk5Mg%3D%3D
Connection: keep-alive
X-Proxy-Origin: 178.162.209.129; 178.162.209.129; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/ Frame 822D 29 KB
11 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DCp6W38GewkqX-cWqndC8h_dvUpgbGQRqrMki8StDq8NdIPRpwE6fbHGEDYwiYwX74ZTi0PysxjGrjIMnLD7IH05P7sbt_uJfcw-lfjmJd3vrRj1Tk7Ngy72Guf8SwzRbrHPASlgbidlJvUTXYGLaTmMUJgjyvLN4B5kicdSXsxAIBFeE&cry=1&dbm_d=AKAmf-D_4HXaz_B5MeOggX4W0Aj4e4kMMExpck4U89wmDbXfMxezsedUbNj98bf979HvmtA_mlWF2VfGI2Pcn5QoSzdgsa2CF837uXvZypE-OA8N-WZyte2L9t7MpzjNqipowx7yUilOCeCQK-RW36eeU5xnBiIuMyUGS3KQsAENvDKX7yqtlDWdW80KgI82mReCritDobhFpXXQcPYbBuyGoMyun-9cyIfZEVFd3OTGOBeQxDqoUliLwiIMuS50iHyOvpC6BJnxPkh--_YLLsv9AmlYsPzKSvizK_1qBQDiVq6zIsUGHrBI6-kZIgdyDhRs6Qpnog1kYdRqW-sya4DXpTM9u6Mws5IoDbzaQgWIUBlHQSSWoUXezxm0mEL_WkGCZyikYfoqSb1a_FMj7b-c33kaoGRvRpiNskUnknHVavtdKYfIkIOGEONTsDgJI_piZunrKU1z1cQXytRQBnpD6exv4fBstng1mqorbPvwkOMw9DECUJIepA8xGNsAn3o0wjJZWuThBhrF1JgQaGoAIWhHPteiUJeODZRI7TfpoLLFbiZV_pnEstdj5j1N77vgy2M1QQfDPZ2JviokLJcFU3GtGgRNXipzUsP8PwDfXFF05U-5I2JTi0fnMnOeP8m2iY_CDDN8o1bDgzOmFmxYbAhgQlRLTOx-OraWpevRdBrj6iY53X7m8PBQjuM23rd2lHnpGmL4j_i0Xj5kpDdsHEtdj0mnL2WXvqyN8h7ClNYzNdxR9XOqcrK4SAM_JdUTew2OOXULpH_iA8y6M7OdrTAJv5hfHwLdwagDQ9b75dAgODZS0D57w7cIYpEBN8mOeSvk9RRHuTyadymr9PwqQHmZz-qh2z9h_tFt0XQ6Q8UpzNJHbfx2JGok5SiKUNZCOmfOLjXX7JyTOYMF5lKMWHH70ZUlGXBEhoIr27WqLK8tUWjeye2b-jgTFb0-77Gdj9p3dMzOK4IugvACskq_531XPMI39DsPdKIrbKo-P2WKb2CEdCPy4bNuIiN5YjLrASQ_dZ8HCB6mQetibW9-pYcDQXSqquliMLm_WILB6nUs3iL9ouG8URYmBEG6YFvoL6d-p-_l3f-1SFnzOZZtOHYz7p7xD-WybLlxYu80PZxv93q18PTK8ZdcGGNg2ug8gH0rKCYukphXK86NldAarAYCH5d9W2c4rZzJaLjqIgY_5gcYvmeXqcwp3XxSo31u6oq8GXOeCP8KZ-qDU8QRZG623G44TyeBVflBc2UCtsni73CUpMMmjJdgqT3oitucLTlqctFKch7-jE0X23od-UcCFTx4CMMYXOak9OfSdO1AzS6j1rvL-LJdbkmnoKlDyhApP31_0t7Pi1NmTLQAosE4OYKW0J5Cb0Ck2Tt9HS20VMMMVSAFHcjw_JQHOBQlJG7-tXMfCKFSmLjPkoWSwfVrJ3JZrV2PMN8NE8-Wv6SnZHvtbHIvb1sMkbeleOk9Dfu5nuiu3r6Cd-xOHc39EG2dsXMa4Ddu8YJfyJuRVUEQIm_L8Fxi4QQzJMcZulL2EBdPHMu9WpNpdOHWnZf7eKvcJjNimnDa0ADvFbZEi7ItCeffYLc_z-M1E0KtAQuyOltczdPif-158wdQ4GODB5i-SrNw0RA4B5YAnz0wNxkaN794G6ue7XiwRFYSjVe3E_DNubz_LlXIwlOHqp4q250SKWBejoXDSmKGYHHu5AWdHi3yDVVynmhrTtRNhx5HHCyAxFdUur5JMLq_92jULkT3ChyzmfcqwSdctfDgaTUXO9SwIXwJwPo1LU3MCovBPmuhP5OMuBZ-8kcvYdXkvLP7S7Wq_7QGhfm7NO84W94h5DOS0GeKyKiuvfq-VW0jELZqXguuXoIUtunnZf6YBd-vWnMDIo5v3QBDNe5Vu74MqdQBwnawag08mT5jAEEkInl0vBWOMtl_78Yfw1me5HhzhLPpZsnIrnKGzPF1OIa75yeJyntxoTYDdLQMuTgkCtO9xyd2RPO8pcMXLapNXwbGrphvQ7B_RJlGtbe7Ol_AP5F1MaM6M6k4IhIpmoBB9SsvCkm2FgmDY1-v30EtO7Xfq95Kg1bCB9i9igXixpDA5K45qXY58crGuwSWJey_WSRiYHSBMBGkfEDGyVtQBrlC0N2u6cbEbp_dlIjbo8Dodxtnxh2fCU7xLtcNXhAGph9ig0rkvSZpQexkRyGD9FMXis1yNEgJw5Z35bS1u-w3vZCvk9gA5ALZzBwVBVSRKdn4qz_TeTyUvx-BJlo_QoSqgxsGogVJu-ggJYK2v6NCrOjK91BfESIOsZCEueUtehoJzzjY4DFoBFn4LCPgTlfhHbb1qlRu2kcM-lGq_ZVqzWe-PxawiuFdI3a_nYSV4ayRBuOwPPdx4Hkgc46d42INMc7wNHiQmdwibkuxOmMrZhHSguv9bqxB74XFNlasNY1fH2gFggizp91D0NzHcuSCSVUfAsV3rPpLt2lrpPrGFbDYPKYCICqqB2lUEw6uXBIfxn0-LScCzn4sJHwRMVggFwsnuta45EEWvY8KR5a7V5GftCSVZ6FYv5UDKKjgRwIZbA6_U2B8ERyLp0Jm_fxYs3EeGHirV40jdBjR1KatLqfy40sTB4pEbxpyEtTEKo9x2w1JkOEIVKFeWpgdZ59UZF76ysYePZPy_XybD6-j_CZr7suc_LxN2HnIbOeKQqg26JduSdhWetIdxmwz_PoMQ9PRvVPiAQLRIbKOso_dyDEOXvIncsUbCAEz8DEQAAIxZn5dIrIrFAW1FwT3sxu-lTLTbLyBwi3mYpYRrNYAsNJdSfpWtg8JgF4SEa7sBJpbu8g3d7jyYH9c-0TJWb_MIOyYihNWSup9rDAxYqSkj5TfxonRlxiv3tViv1PCAZziASul0zua029kbpJuCRALtFxm5OMTLGIyVbiTqG-6GLRlPfmcY9vnsx8NJUPXq5om0J2apyZRpUoPk13XeETfrnz82mFxFL0KO1TMVUKRkV7Z4mWIkiD1ZETC9jDEG_87S1e13E35W2RIZIK5llGvmYdU5MNPnpmvOrN9-oqmihG7G0Tjv3lGEA59TcHrJRCsfZa71_pwVE7Z81hQaEa1kYC_NOIH2zND9q_BaF5wx0T1aRn41pWUn_1XI2vAlsbQNd7UNx1xfKwBDJsHInnf_OYy5FmFQBmyGWvzVwLw0Wi6x5DG4fCevz1b6k1VmdwVlCkWS7bilZw8_NJfxs9E2Id29mnKk3cFb1grBDftlKGZHZPaXD6p-Id2158jA5rKiD5ZnuF29etqoHWGTB16MXIVjA8VO3jqBoV08YAiuYtTz2bM5mDPF6MwM31mL1NmHZOf3N6lXEVhbegCmbIPC6MxMdTzvxWTDlGofOnnDNF1NCgV7y4cbLdFyu0hAXd-crtz6X2IWRXG_R_r0iJwoiNw32EGPw61fpx25CWQmLzxkCLuXcgOAcrxy3dlCyfXTvpIifzLRJ_gqqmk-XnsC0Wm0ffBXZyKhtEqKoX2CLjG2RcyLvdWKysvurzO3NWoQ1vve9dBdydvePwp-2OBXZMVopmwWFwJkDTkHaUekbLN1u2Ac3Bw0UTw4_jzTXfvPasSYIvlaqTufccDUllnB0czWO2wXRCrkrfYDnfLeJd6EDQbaueSiuHFc7zufggcWb8mkfOgB4xLTDXcWgjDK1gsGQ&cid=CAQSTADq26N9P1vSCUwF_Hw56ALD7w_XMSzOHCGSVwRtPgdL2zKuqt3poRoI8DkphZbna0FF5ib352xXAz-UH95uIMiI1bl34wWFFQQCs7UYASAT&rfl=1%2Chttps%253A%252F%252Fno.gottamentor.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2c19d105106bf6f55dd15da3523b88f88921e03cf54e1efaa138922fc12397c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 226
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11206
x-xss-protection: 0
server: cafe
etag: 16690196781007480285
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Dec 2022 12:22:13 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 822D 41 KB
15 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Tue, 29 Nov 2022 10:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 267309
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Nov 2023 10:10:50 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 822D 34 KB
16 KB 231ms
34ms Script
text/javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=59499586;adfm_dvio=1009221872;adfm_dvli=18538519830;adfm_dvcr=455155828;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CoBPw1u6JY6mRGuqW9u8PgeOC6AL_ss7QbbPFkfT9EGQQASCqgMMiYJWCgICYB6AB8NTEnyjIAQmpAkSiiByjq7E-qAMBqgTzAU_QG5ZJCfAuhKxcpC9C_v6ba_wG36AX2xtfc-Jt_uU-rBgyGQuqGQ46wWJKPJQpk3UE1lEZZW05fD_qpo8Jl47ZpNTepe3YJvOjdyv3r20SoUHzvbOeDja0AKIP2eto5Mj7nepy_P28ucxDDY9Z7gAG9bI902CsF2hhHqPiF7TinWhZz1Y0UBdj9t-meO2Ew28mnlneSN8HtvQepfG-uZ47Eh4mX_ibvVm-zxZLeM-EcfNNeBhD0YtvuHCAuc4a5_XGsK6p0YG1FKdF9n404ohfXVbW5MYrZzfaaAiAz8Ey1_TdAmYVbWjFAoPkf9bEANLpesAEyJ3k25ME4AQDkAYBoAZNgAfwjJX_AqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tNzk0NDcyNjcwMDYwNDcwMYAKA5gLAcgLAYAMAbAT5c2rEdATANgTCogUAdgUAdAVAfgWAYAXAQ&ae=1&num=1&cid=CAQSTADq26N9P1vSCUwF_Hw56ALD7w_XMSzOHCGSVwRtPgdL2zKuqt3poRoI8DkphZbna0FF5ib352xXAz-UH95uIMiI1bl34wWFFQQCs7UYASAT&sig=AOD64_2iD8sX0BuifyrWXIeohndqJdtlTg&client=ca-pub-5512390705137507&dbm_c=AKAmf-BU-h_jqIi3d0LOfM_-EXGFkW6iYLTJM3EZ0qQ7Li3ZWP1Jbvf870FhCRkIOPPixTkT7LjGPAkjwdM4nmcB-afqUCB3SUV4HWlcEH4oIZ1b-GraHhM3Jwk6z4h2h5yVnpXkOJb2fWEev_7WS5JrKo17n3ARy--CP22cn0S9NI45HjWxNDg&cry=1&dbm_d=AKAmf-CebcAJxLSLQRU_x3tCMpKG5xBGu677rczIMDvn-7khoZ40OMrpwxHdn5hgFlVNyp5BEHgoxWhkot5zZU_b7SEWa5DsooVO9B95GFzKGDxUCBaGBBJGefnN9goB86cgqbCPb6bgEZwClBuI-kpAoM6BrMKssFsP8hk2iETKHO-njTT0ufbT4OkUV-X9XchKOKml9ahMkNmV3wXow2xWXwIjljPgKE6hl12wFoHWnC1TjYUk1pfe0-jr888Bs6_p3vVySTvSGhygnetvp_xajFf0K5ldEBGcBJeVEGTodGo4KiYWt3LmU-Ha6J0Jh39j_SKZqEqjVuci23lKJpbK9mKtTf758JSdTP9GVTme5rnAoDc1HYhXwPbLGmJQzav9CJ5HZJjsI4XXU8NBNwqMiruZ36qr1TOHT10gGd2vXN4gJn6kMtkYHvT3QXW5Szq3YdIJ4Tj2FXFELUYBmZToOefzuOfPtaUOyNBU6lUb_1Ehr4nonAzxDQ54pq_YfJ02sbFoAv-K_yfQqjUY8HaEmQl3Mew5uc_z5Co9mX2vsy6K_ZjVaTxkcnvStcT85cvMB86Gteg2&adurl=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: a46228d57faaf3cd1ec77fbed362c13944f30d9e92a4e1e5d3603c3902555df7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 08:06:48 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Sat, 03 Dec 2022 15:22:32 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9F8B 22 KB
8 KB 14ms
13ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 5429
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 10:55:30 GMT
expires: Sat, 02 Dec 2023 10:55:30 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012211060024000/ Frame 585C 221 KB
61 KB 118ms
14ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01f9f2f5ba1812441a49f7f1dc0b04fb56a18b486005289b8df4212381f10ce

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 28 Nov 2022 09:52:43 GMT
age: 354796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61592
x-xss-protection: 0
server: sffe
etag: "a2fca7132416d151"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Nov 2023 09:52:43 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 585C 14 KB
5 KB 139ms
36ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 28 Nov 2022 09:52:42 GMT
age: 354797
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5218
x-xss-protection: 0
server: sffe
etag: "abd4378f71571d78"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Nov 2023 09:52:42 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 585C 94 KB
28 KB 140ms
37ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 28 Nov 2022 09:52:43 GMT
age: 354796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28809
x-xss-protection: 0
server: sffe
etag: "dd6615029de85e23"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Nov 2023 09:52:43 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 585C 5 KB
2 KB 153ms
51ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 28 Nov 2022 09:52:43 GMT
age: 354796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
etag: "403438c4d550ee88"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Nov 2023 09:52:43 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 585C 40 KB
13 KB 154ms
51ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 28 Nov 2022 09:52:42 GMT
age: 354797
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12946
x-xss-protection: 0
server: sffe
etag: "0bacd3f1ce38a7db"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Nov 2023 09:52:42 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 585C 8 KB
895 B 52ms
24ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 02 Dec 2022 12:25:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 02 Dec 2022 12:19:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 02 Dec 2022 12:25:59 GMT

GET
H3 200 no.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 585C 3 KB
3 KB 13ms
13ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/no.png

Requested by

Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f2021e21c056b0aa47e7133e957ec82c3835780fe37eb1736428c42146e6907

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:45:50 GMT
x-content-type-options: nosniff
server: cafe
age: 81609
etag: 7127422092083725281
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2706
x-xss-protection: 0
expires: Fri, 02 Dec 2022 13:45:50 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 585C 295 B
319 B 14ms
13ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 09:52:43 GMT
x-content-type-options: nosniff
server: cafe
age: 9196
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sat, 03 Dec 2022 09:52:43 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 585C 0
0 59ms
58ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CTI4B1u6JY6HmN6mt9u8P262O6A-Oxdb4ZYKUlo_aD9CnveDwLxABIKqAwyJglYKAgJgHoAHV8_jSA8gBAeACAKgDAaoEhQJP0Bq71t3Mleac5dn_Phs8hn0nkFgbLNRsaiPnmdntqP6M7O8Tp-wYsUAmcLXxTJNwZn2WdDL6QyCUjhgXd5_kiP4wOm6anL4aTyUFVVRndJd1iPbratcgrcPb8msCs9nwy4VuPlwguci_bhAdzHadw2v9LD1suRv760tPwcrkEoeYY399vZKn8bl2g3qMLFgwmwBN5e9_4hhQRRkhc6nL_Ou_gyk3XKAulCThUuXXMdUB1k0jBK4-4rjSWFuhm33Hx5wxHW82wIGC1UkRIL2xgZn6ABXLwg9OP9AL7i1BhZyRTiNt_vGN3LnogwViiPI6T9FICjv6Z1evjsni4DUwfNkFuXTABKP-2YjZA-AEAZIFBAgEGAGSBQQIBRgEgAeTjIctqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQ96YX0ggRCIDhgBAQARgdMgKqAjoCgEDyCBthZHgtc3Vic3luLTc5NDQ3MjY3MDA2MDQ3MDGACgPICwHYEwyIFALQFQGYFgGAFwGyFx4KHAgAEhRwdWItNTUxMjM5MDcwNTEzNzUwNxiS7yE&sigh=JqnDuncuHIA&uach_m=[UACH]&cid=CAQSTADq26N9xCs1-ZDjvBCo1U7_vVhhcuurU7rffIu7PZGSALPvRS01bRFPL2964sgvqJhBuVoTgz17tm6CeYvRB_CpOzKLqwsbmcGlbaoYASAT&template_id=5001
Requested by: Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/12688093403216609526/ Frame 585C 4 KB
4 KB 13ms
13ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12688093403216609526/downsize_200k_v1?w=100&h=100

Requested by

Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7275f0fb8158cedd2aca99a9bb760d297331473511835855cf2614badbef18ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Tue, 29 Nov 2022 04:06:01 GMT
x-content-type-options: nosniff
age: 289198
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3610
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 10:45:29 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 29 Nov 2023 04:06:01 GMT

GET
DATA 200
OK truncated
/ Frame 585C 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9932ee9cf425170b0cdd8e02fd4a533850fc5bb0b0c489fa49670efe49490675

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 585C 28 KB
28 KB 72ms
17ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://no.gottamentor.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 21:35:41 GMT
x-content-type-options: nosniff
age: 53418
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Dec 2023 21:35:41 GMT

GET
H3 200 HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js Show response
pagead2.googlesyndication.com/bg/ Frame 9F8B 36 KB
16 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HXK1UBO5dJ_nYlUyX89SMP4zFPzfcfFy3F4kBoREzco.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d72b55013b9749fe76255325fcf5230fe3314fcdf71f172dc5e24068444cdca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 14:16:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79771
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16085
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 01 Dec 2023 14:16:28 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 822D 13 KB
4 KB 22ms
21ms Script
text/javascript 37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?CC=1&bn=59499586;adfm_dvio=1009221872;adfm_dvli=18538519830;adfm_dvcr=455155828;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CoBPw1u6JY6mRGuqW9u8PgeOC6AL_ss7QbbPFkfT9EGQQASCqgMMiYJWCgICYB6AB8NTEnyjIAQmpAkSiiByjq7E-qAMBqgTzAU_QG5ZJCfAuhKxcpC9C_v6ba_wG36AX2xtfc-Jt_uU-rBgyGQuqGQ46wWJKPJQpk3UE1lEZZW05fD_qpo8Jl47ZpNTepe3YJvOjdyv3r20SoUHzvbOeDja0AKIP2eto5Mj7nepy_P28ucxDDY9Z7gAG9bI902CsF2hhHqPiF7TinWhZz1Y0UBdj9t-meO2Ew28mnlneSN8HtvQepfG-uZ47Eh4mX_ibvVm-zxZLeM-EcfNNeBhD0YtvuHCAuc4a5_XGsK6p0YG1FKdF9n404ohfXVbW5MYrZzfaaAiAz8Ey1_TdAmYVbWjFAoPkf9bEANLpesAEyJ3k25ME4AQDkAYBoAZNgAfwjJX_AqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tNzk0NDcyNjcwMDYwNDcwMYAKA5gLAcgLAYAMAbAT5c2rEdATANgTCogUAdgUAdAVAfgWAYAXAQ&ae=1&num=1&cid=CAQSTADq26N9P1vSCUwF_Hw56ALD7w_XMSzOHCGSVwRtPgdL2zKuqt3poRoI8DkphZbna0FF5ib352xXAz-UH95uIMiI1bl34wWFFQQCs7UYASAT&sig=AOD64_2iD8sX0BuifyrWXIeohndqJdtlTg&client=ca-pub-5512390705137507&dbm_c=AKAmf-BU-h_jqIi3d0LOfM_-EXGFkW6iYLTJM3EZ0qQ7Li3ZWP1Jbvf870FhCRkIOPPixTkT7LjGPAkjwdM4nmcB-afqUCB3SUV4HWlcEH4oIZ1b-GraHhM3Jwk6z4h2h5yVnpXkOJb2fWEev_7WS5JrKo17n3ARy--CP22cn0S9NI45HjWxNDg&cry=1&dbm_d=AKAmf-CebcAJxLSLQRU_x3tCMpKG5xBGu677rczIMDvn-7khoZ40OMrpwxHdn5hgFlVNyp5BEHgoxWhkot5zZU_b7SEWa5DsooVO9B95GFzKGDxUCBaGBBJGefnN9goB86cgqbCPb6bgEZwClBuI-kpAoM6BrMKssFsP8hk2iETKHO-njTT0ufbT4OkUV-X9XchKOKml9ahMkNmV3wXow2xWXwIjljPgKE6hl12wFoHWnC1TjYUk1pfe0-jr888Bs6_p3vVySTvSGhygnetvp_xajFf0K5ldEBGcBJeVEGTodGo4KiYWt3LmU-Ha6J0Jh39j_SKZqEqjVuci23lKJpbK9mKtTf758JSdTP9GVTme5rnAoDc1HYhXwPbLGmJQzav9CJ5HZJjsI4XXU8NBNwqMiruZ36qr1TOHT10gGd2vXN4gJn6kMtkYHvT3QXW5Szq3YdIJ4Tj2FXFELUYBmZToOefzuOfPtaUOyNBU6lUb_1Ehr4nonAzxDQ54pq_YfJ02sbFoAv-K_yfQqjUY8HaEmQl3Mew5uc_z5Co9mX2vsy6K_ZjVaTxkcnvStcT85cvMB86Gteg2&adurl=;js=1;adfxid=1x;595;set=en-US|en-US|1600X1200|0|750|100|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fno.gottamentor.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

cd193dea506a5bb4f3a80af22c91f74733d2f187bd53d14b5a5e5de7a0a4fcb6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:25:59 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 4079
expires: -1

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 585C
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

57ms
29ms

Image
text/html

2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H3
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

Redirect headers

date: Fri, 02 Dec 2022 12:25:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 822D 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f24f39142688312dfb248c6d85bbe72c725c887ccc8192654ffb68f1831cd9f1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/ Frame 822D 90 KB
39 KB 30ms
29ms Script
text/javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 8e16ad2005bc4c19f8560189ef6e7b7475f2b3def2c60a57f9041fac5b4f94cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 08:06:48 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Sat, 03 Dec 2022 15:22:50 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F8B 0
20 B 163ms
163ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BUqK-1-6JY7D1C4TQ3gO_vJ2gCAAAAAA4AeAEAg&bg=!aWqlai7NAAbvMpMzzzI7ACkAdvg8WuQogEdqmk2_qhJwaLmqi464bwGLo8Qq884N6YusLZBOlPhD9gIAAACaUgAAAANoAQcKAEp7qZ3uTs8Vn00CO7dykePf49gwbSB58v5OMyjelKT5wvY5WRKXpkgz8qSCiqpdZLs9ZBHWlkp1-opUr6TI-aFs7eSGTTCqnjSTfJkC6eFXJQuXSVQW967weyXwPXVuBdMgLXEXyW83Hj0wBk80na6LFod7bsR--Vgtq34C1Fz_iI-doYazZkA569KM75waGPWqAjwyfm6_pt1B8xJpNlfSTnLsHEwZNb37dacU8kpCCzXKEr1Mszdrl3BM-O0OKFq1WGAF82ELfls51Ipa29RCKQQUdWfW_9mWA6NN1jFUhEJEqXm5yEoBA9XdALFPyuVsXjQZALGLMC2TQdwM7HzGWe04m2smdxJZclxV5NsMrPBVJLtc9PZeJXgs9OtcYFTaH4smL-SJ-zeT9xH9nj7b6ChaNxR2choMiovft-SsHldF4Be5GxHXNAEg58YfjPd30_mj8D28y72N06WfTV7e9ENkPlf8WDuI5GhEhWjXMJkZtirKEtEVVYkexIsSWC4ywFcFOv1Q7rkDys3O_tSoXl69F69DvKE7kozjXQVOglXiprIJ2wMCU2qrjysdKh2AY_5DcVDtqkry_-7XMg4LHgELpO_NDf51nTJvp2CrWoinlqPo2ri2gMpvH6O1IyaE1hrFlOCytsAyju5whSHsOCKEbr7vvcnRor6GFXgYob0SFGhGSjXYZjK93nKrjZTdmdjE_dtoxmQnZi3dtqXk54vrWtnwRe45gGxkSoWnpIKYdGTY9-ZVeYPflzkv4S7yRaPzQzDJ9TZ6WbJdy7a9x5JBbFaPbnp9h9gIiKbrLkG0XRE5DfaIIPGpytlupAB-uODpzRnfIEwSo9WkmZUUGtEvVA_e8hYQMJtDrjAnc3F-1wkIZ1Yj98oov_fVO6grd1O5yQw6jNXkErcCzyquCPzd2nub-rOwol5iLR1t6QApApspUMXe1plh9AWMW2dLEsqdIbbfGlFCOoipQW9XuwDPHm-yaQrzlvS2MhrP9UeVSFKTFdSgGH5Upx4KHQLGYUcE2QreGoP_tJMKQvTxuIcxmWdkB9MbrTcdkKfw9yNVIA3_MFNEmxlfoarRh-Bk839ujX8

Requested by

Host: 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
URL: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:25:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 165ms
164ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022111501&jk=504992986827039&bg=!fX6lfjrNAAbvMpMzzzI7ACkAdvg8Wiv0-5LwzeeSkYUFn0xAuTn3aHKCzt4suTavUQPbtH8G3J6InAIAAAGMUgAAAAJoAQeZAp5dku9NNZeBHVXlBvQ04GR-NLGBWZCtionq38xnd8flk1E_CHvxLsBbdX1vU4Gzw1OWbV52-eQBugF0X61Iv7eM81KgUgyXqZhujie_PFYPGd108kwHaH6Qj01eymb-dwpwhdUw1oektw1d_5Z0KZYya3tx66d2wLUK-QOtZO7199rg9GuyVnMLBVTpolT-vdh533S7KWyCL4EXOrinpJbC5O7Hhf0gS0DoPM25aSM7dmO2clyLGOX0mzKCZ510WvoBpE6NXrj9-lh9xNVOmXdyyLNMYgqZCXy5iBHrr-oDt37ync0oFtDVNBduH86pixKMq_kkwraozpdDQtq-f9QE-O2Y08go-5fSeLOgHKZxC9XSWCusyNzcnoKOR32l4iG67lmqSytBOHNXGxCOo_xHcLXU6Y66ziyPeGDSUizP9K-Pg0_9ZPaE-GtEBNP3ezuiDNhCXJFxjpO_q6UoTc6YIUiZLOl3PdDIvSRYbXIRz0Mww-whXNjBlUsQl3TOnpDyZkBw49ViGOxKUdEIJUibG4ftwk6PsCWz7QeMIAHP1SBkCu8NBlj383YASlq6dYzGZMoR13xI-ikhzH1hhptDmeSvlDvh7z5KN8AWjBxdW5Qao0WJngU_Ml48DTQcKCd-l-rR17QxOfk35uGQwFoY95NOovW2JRolfWzEjMdXTqjdit6G5SV5VxzIIjTbRTqIxve6lYw3Epu6zRMVOfq0QjoI63JBUcVS8HE5R856d56mTXpoWYU0KAhLZ144HOeeMpcoYr0CQoDl1fmAopvv6IdcN-EruN_N6K_3Mf5LjSTUNrnYX--2aSIQ049SuFSF531fxlgSbobHolcdd7mkcRgPz4E3XiPT7TIvCj9XyYMD24lbIV3jzF67bP1M
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

POST
H2 200 /
track.adform.net/csimpr/ Frame 822D 35 B
503 B 23ms
22ms Ping
image/gif 37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=59499586&csi=Q4h9hHWC1gGFYc5mmkNal0nfmTw4ehP9gmXp3mvE5FzrygPkIxxfk-ZqSIFaOm1Q-ar_7jb8tHg1kPelEtCms96vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:25:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 11990643.js Show response
s1.adform.net/Banners/Elements/Files/2088929/11990643/ Frame 1520 40 KB
7 KB 22ms
22ms Script
application/x-javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/11990643.js?ADFassetID=11990643&bv=516
Requested by: Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 4050a19d655eea8eed0457110b47f1a06d4e1cb11c7941bc08c0d540e46c5c77

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
content-encoding: gzip
last-modified: Thu, 10 Nov 2022 09:30:08 GMT
server: nginx
x-amz-request-id: tx00000bbbeb4d15baa46d3-00637d54f8-3293aae9-default
etag: W/"e836c9861d3571066e4c2efa52ea20bc"
x-cache-status: STALE
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 gwdpage_style.css
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 55 B
382 B 21ms
20ms Stylesheet
text/css 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/gwdpage_style.css
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 2afb3cf38deea01d461f29b961c8aab0da4f121a84a9c843f49dc7cced99b6a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
last-modified: Thu, 10 Nov 2022 09:30:08 GMT
server: nginx
x-amz-request-id: tx00000b462ff6fcd56ec98-00637d54f8-3293aae9-default
etag: "ee980c669c9c9f1f1e9f2db915149942"
x-cache-status: STALE
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 55

GET
H2 200 gwdpagedeck_style.css
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 731 B
586 B 22ms
21ms Stylesheet
text/css 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/gwdpagedeck_style.css
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 3974624ff80521dbd81d3ed32f8ec10c7baef11c272f46626a6284538e90e44b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
content-encoding: gzip
last-modified: Thu, 10 Nov 2022 09:30:08 GMT
server: nginx
x-amz-request-id: tx0000096be6d5f8505e245-00637d54f8-32940f80-default
etag: W/"0c8f2d607364fbbc9f4617373d1a2b2d"
x-cache-status: STALE
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 gwdimage_style.css
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 303 B
515 B 22ms
21ms Stylesheet
text/css 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/gwdimage_style.css
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 4e17f25a33727defde4f0e88b24844c00e48ed88484c4440d978025a82567287

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
content-encoding: gzip
last-modified: Thu, 10 Nov 2022 09:30:08 GMT
server: nginx
x-amz-request-id: tx00000b79816b8e59a05fc-00637d54f8-3293aae9-default
etag: W/"39ddb2a4f7c3f5b30beb8796693910d0"
x-cache-status: STALE
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 gwdtaparea_style.css
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 157 B
454 B 22ms
22ms Stylesheet
text/css 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/gwdtaparea_style.css
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 20160b923de864cdf44fa26bfd6281a9e0aba7eb800fac86804d9a41a93c2394

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
content-encoding: gzip
last-modified: Thu, 10 Nov 2022 09:30:08 GMT
server: nginx
x-amz-request-id: tx000003c955ec472acb3bd-00637d54f8-32940f80-default
etag: W/"fc6bca4841fd1d769d06a9d31ba74cf4"
x-cache-status: STALE
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 gwd_webcomponents_v1_min.js Show response
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 20 KB
7 KB 22ms
22ms Script
application/x-javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/gwd_webcomponents_v1_min.js
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bddbf7e9ab14ce92ecc37640bf54fcb90d8a02da52d87ec12e252cfde4432e66

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
content-encoding: gzip
last-modified: Thu, 10 Nov 2022 09:30:08 GMT
server: nginx
x-amz-request-id: tx00000551febec70f595c6-00637d54f8-329354d9-default
etag: W/"770f88e1f0870d90c27122497413b4d7"
x-cache-status: STALE
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 googbase_min.js Show response
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 403 B
636 B 23ms
21ms Script
application/x-javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/googbase_min.js
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: e13459782d7fc46c73821602bedc17cc2b3a2dc5ec07e91e30ed715193698a94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
content-encoding: gzip
last-modified: Thu, 10 Nov 2022 09:30:08 GMT
server: nginx
x-amz-request-id: tx0000044adb12b3bdf8478-00637d54f8-32940f80-default
etag: W/"949562c4e46f3bf65ccb54226a15f555"
x-cache-status: STALE
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 gwdpage_min.js Show response
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 3 KB
2 KB 24ms
22ms Script
application/x-javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/gwdpage_min.js
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: da1b1dba110f3d97894949bedfc60fe7fec3659813c957f88e51d550bc95ad88

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
content-encoding: gzip
last-modified: Thu, 10 Nov 2022 09:30:08 GMT
server: nginx
x-amz-request-id: tx00000c6d5bedfda78e78b-00637d54f8-329373d4-default
etag: W/"bff6d6d081acfb28c5ef62e7927f30ed"
x-cache-status: STALE
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 gwdpagedeck_min.js Show response
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 8 KB
4 KB 24ms
23ms Script
application/x-javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/gwdpagedeck_min.js
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: cfc5afa3cbf80ed8a39987d2f4cc9215f915cfde9c83e86d5ee4a874bd69a401

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
content-encoding: gzip
last-modified: Thu, 10 Nov 2022 09:30:08 GMT
server: nginx
x-amz-request-id: tx00000aa6dd3e77731736c-00637d54f8-3293aae9-default
etag: W/"e96943be53ad05de057baec386dfbe17"
x-cache-status: STALE
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 gwdgenericad_min.js Show response
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 3 KB
2 KB 25ms
24ms Script
application/x-javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/gwdgenericad_min.js
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 5f4f80a6350fd7e6eaff214b3c5cdfb46b0b07123fdf398eb591248a3ee4a54b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
content-encoding: gzip
last-modified: Thu, 10 Nov 2022 09:30:08 GMT
server: nginx
x-amz-request-id: tx00000605d6d6329fcf2b4-00637d54f8-32941e2b-default
etag: W/"6cdef62b22594c62e8ec944a6200793f"
x-cache-status: STALE
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 gwdimage_min.js Show response
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 5 KB
2 KB 25ms
24ms Script
application/x-javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/gwdimage_min.js
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 32ab0a5c85cabdb695704b5128a8fb7c9a8dfa3242cc36ceda6bb0650a45b35f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
content-encoding: gzip
last-modified: Thu, 10 Nov 2022 09:30:08 GMT
server: nginx
x-amz-request-id: tx00000ec2471cfe8ca1a7b-00637d54f8-329354d9-default
etag: W/"15309af2f01af7e606d2d5199dd21892"
x-cache-status: STALE
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 gwd-events-support.1.0.js Show response
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 7 KB
3 KB 37ms
36ms Script
application/x-javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/gwd-events-support.1.0.js
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: ef4565eb9e6b1d15cccfd52037ac6734876ee56d0d5146bd452ba422c3d15606

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
content-encoding: gzip
last-modified: Thu, 10 Nov 2022 09:30:08 GMT
server: nginx
x-amz-request-id: tx00000a0bc0ba9b055cd8e-00637d54f8-329354d9-default
etag: W/"4b53d65810ded5351f53f97be4526613"
x-cache-status: STALE
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 gwdtaparea_min.js Show response
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 3 KB
2 KB 37ms
37ms Script
application/x-javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/gwdtaparea_min.js
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b0e4d6e13eb1fd414025e5c3c3f18b9212fd0cd69890e7f69804ae69dec5bbb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
content-encoding: gzip
last-modified: Thu, 10 Nov 2022 09:30:08 GMT
server: nginx
x-amz-request-id: tx0000094d5873ac9eeac43-00637d54f8-32940f80-default
etag: W/"78432843b54323657f77616a1a4be791"
x-cache-status: STALE
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 Adform.DHTML.js Show response
s1.adform.net/banners/scripts/rmb/ Frame 1520 30 KB
14 KB 23ms
23ms Script
application/javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.225/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
content-encoding: gzip
last-modified: Wed, 08 Jun 2022 12:02:22 GMT
server: nginx
x-amz-request-id: tx00000a37373505363f9f8-0063766185-329354d9-default
etag: W/"4731aef0a5114a59b4311776d270e848"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 SIMon_BlackWeek_Motiv_Flug_kanonne_maske2_300x600.png
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 6 KB
6 KB 60ms
19ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/SIMon_BlackWeek_Motiv_Flug_kanonne_maske2_300x600.png
Requested by: Host: 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
URL: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 178b2bc4b3396814141988acf676e2b02b5556b43ecddcdd2fc895190d725d83

Request headers

Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
Origin: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
last-modified: Thu, 10 Nov 2022 09:30:09 GMT
server: nginx
x-amz-request-id: tx0000004d21b6e68c57e63-00637d54f8-3293aae9-default
etag: "057d61d40f81c5625993435ca380593f"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5737

GET
H2 200 SIMon_BlackWeek_Motiv_Flug_CTA_728x90.png
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 1 KB
2 KB 22ms
19ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/SIMon_BlackWeek_Motiv_Flug_CTA_728x90.png
Requested by: Host: 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
URL: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 2b712d4dfec80632eb7037cf52759a0e8142dde4f4f25203ad782d6409715068

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
last-modified: Thu, 10 Nov 2022 09:30:09 GMT
server: nginx
x-amz-request-id: tx0000049af4c7080cafc32-00637d54f9-3293868f-default
etag: "4effc3d687e110afc99b24fdd9bfc8ab"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1426

GET
H2 200 SIMon_BlackWeek_Motiv_Flug_Logo_728x90.png
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 2 KB
3 KB 23ms
19ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/SIMon_BlackWeek_Motiv_Flug_Logo_728x90.png
Requested by: Host: 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
URL: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: f0322ab56d747cdb41b9ba5652c8153283392895eb30b52379280438b83cf16c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
last-modified: Thu, 10 Nov 2022 09:30:09 GMT
server: nginx
x-amz-request-id: tx0000087be161482413634-00637d54f9-329373d4-default
etag: "5783fa1e02a1343b8b0a036fc645258f"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 2447

GET
H2 200 SIMon_BlackWeek_Motiv_Flug_HL1_728x90.png
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 8 KB
8 KB 24ms
21ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/SIMon_BlackWeek_Motiv_Flug_HL1_728x90.png
Requested by: Host: 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
URL: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 12472fa774b18c826349b53eaca1b5d8476b1e82f9ea3f32de23ea94ac6068bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
last-modified: Thu, 10 Nov 2022 09:30:09 GMT
server: nginx
x-amz-request-id: tx0000034e5a97a501d6677-00637d54f9-329354d9-default
etag: "442fbc79ecf90f1b74f92247c107702a"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 7840

GET
H2 200 SIMon_BlackWeek_Motiv_Flug_HL2_728x90.png
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 8 KB
9 KB 25ms
22ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/SIMon_BlackWeek_Motiv_Flug_HL2_728x90.png
Requested by: Host: 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
URL: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: ab7348cc166f8248fcb0a2ded01a5711c1130cf4b2b739d6e8ba8fc23de07e96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
last-modified: Thu, 10 Nov 2022 09:30:09 GMT
server: nginx
x-amz-request-id: tx00000606c9c72f3757bbe-00637d54f9-3293aae9-default
etag: "d31bd817e4f7e4820012112f1b2ab80f"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 8552

GET
H2 200 SIMon_BlackWeek_Motiv_Flug_Stoerer_p2_728x90.png
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 2 KB
3 KB 26ms
23ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/SIMon_BlackWeek_Motiv_Flug_Stoerer_p2_728x90.png
Requested by: Host: 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
URL: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 3ca4eb91f7dfdb6aa2b4c2ce9461bdc2844fcd06c71a69079335fde67af0833b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
last-modified: Thu, 10 Nov 2022 09:30:09 GMT
server: nginx
x-amz-request-id: tx00000061fe5241779f056-00637d54f9-3293aae9-default
etag: "4b81276d76a6390028d72419fbda978a"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 2332

GET
H2 200 SIMon_BlackWeek_Motiv_Flug_Stoerer_p1_728x90.png
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 5 KB
5 KB 27ms
24ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/SIMon_BlackWeek_Motiv_Flug_Stoerer_p1_728x90.png
Requested by: Host: 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
URL: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 5f23fff9711723f0dfc8bfba1f1d4d7891b512c136077f676a6ebbb2f25a85ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
last-modified: Thu, 10 Nov 2022 09:30:09 GMT
server: nginx
x-amz-request-id: tx0000020a59a8a2df3eeac-00637d54f9-3293868f-default
etag: "390cf23b46945f8871e89f696f827960"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5200

GET
H2 200 SIMon_BlackWeek_Motiv_Flug_kanonne_300x600.jpg
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 36 KB
37 KB 29ms
27ms Image
image/jpeg 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/SIMon_BlackWeek_Motiv_Flug_kanonne_300x600.jpg
Requested by: Host: 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
URL: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: be6ab8ab5e47c84e5a857dfc7ab22bca734fc317f72dd3b07751340a53e54871

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
last-modified: Thu, 10 Nov 2022 09:30:09 GMT
server: nginx
x-amz-request-id: tx00000dea968e48da8f614-00637d54f9-32941e2b-default
etag: "7404a1527224fef247a2e93b493795ba"
x-cache-status: STALE
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 37205

GET
H2 200 SIMon_BlackWeek_Motiv_Flug_Simon_300x600.jpg
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 28 KB
29 KB 36ms
34ms Image
image/jpeg 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/SIMon_BlackWeek_Motiv_Flug_Simon_300x600.jpg
Requested by: Host: 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
URL: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bfde53f50ce848921cc626be7a39a5b5c61390ff8cd89d8cd11d91e2988f2779

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
last-modified: Thu, 10 Nov 2022 09:30:09 GMT
server: nginx
x-amz-request-id: tx000004787998190c0f3e6-00637d54f9-329373d4-default
etag: "c6f2cb553d2f4cdcaa33cac64eda36cf"
x-cache-status: STALE
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 29022

GET
H2 200 SIMon_BlackWeek_Motiv_Flug_Konfetti_Blau_300x600.png
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 9 KB
9 KB 40ms
38ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/SIMon_BlackWeek_Motiv_Flug_Konfetti_Blau_300x600.png
Requested by: Host: 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
URL: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 9387fd1ace87614cf793b71482e6614cb25a213fc46069bf8ed25d080cb57e34

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
last-modified: Thu, 10 Nov 2022 09:30:09 GMT
server: nginx
x-amz-request-id: tx00000c74c5660ac47b64f-00637d54f9-3293aae9-default
etag: "13c0c16423c608568edab0a50443a8d0"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 8813

GET
H2 200 SIMon_BlackWeek_Motiv_Flug_Konfetti_Gold_300x600.png
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 12 KB
12 KB 41ms
40ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/SIMon_BlackWeek_Motiv_Flug_Konfetti_Gold_300x600.png
Requested by: Host: 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
URL: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: f1e593d55e322f110dabd90d040cc9a9c3715bbe6efd2c3e8f404d422b9cfc57

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
last-modified: Thu, 10 Nov 2022 09:30:09 GMT
server: nginx
x-amz-request-id: tx00000211d0b07ef0aabed-00637d54f9-32940f80-default
etag: "ef797c06752ecae14dd9d2592dbb915f"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 12017

GET
H2 200 SIMon_BlackWeek_Motiv_Flug_BG_728x90.jpg
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 4 KB
5 KB 42ms
40ms Image
image/jpeg 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/SIMon_BlackWeek_Motiv_Flug_BG_728x90.jpg
Requested by: Host: 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
URL: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: f1fa7b55e534c91a6aef6d7b0a92c865d8457f0d1f080346f943e2a10e89705c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
last-modified: Thu, 10 Nov 2022 09:30:09 GMT
server: nginx
x-amz-request-id: tx0000049b9aae3521ee0d5-00637d54f9-3293868f-default
etag: "93d1cb356c7171125c2cfbc61443d29b"
x-cache-status: STALE
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 4367

GET
H2 200 a_cntg.png
cdn.onnetwork.tv/cnt/ Frame F833 126 B
329 B 18ms
17ms Image
image/png 37.59.235.100
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.onnetwork.tv/cnt/a_cntg.png?ts=1669983959825&d=9074&wsc=ab&typ=embed&mobile=0&c=24
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.59.235.100 , France, ASN16276 (OVH, FR),
Reverse DNS: vh11b.eris-w24.of.pl
Software: XO.webservantpro /
Resource Hash: a607b3c3e0d09d7f339e0035f16f99bf93637dee0eb27b2b9c447701fefa2ace

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:25:59 GMT
last-modified: Friday, 02-Dec-2022 12:25:59 GMT
server: XO.webservantpro
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-length: 126

GET
H3 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012211060024000/ Frame C68C 221 KB
60 KB 48ms
17ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01f9f2f5ba1812441a49f7f1dc0b04fb56a18b486005289b8df4212381f10ce

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 28 Nov 2022 09:52:43 GMT
age: 354796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61592
x-xss-protection: 0
server: sffe
etag: "a2fca7132416d151"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Nov 2023 09:52:43 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame C68C 14 KB
5 KB 80ms
49ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 28 Nov 2022 09:52:42 GMT
age: 354797
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5218
x-xss-protection: 0
server: sffe
etag: "abd4378f71571d78"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Nov 2023 09:52:42 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame C68C 94 KB
28 KB 81ms
50ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 28 Nov 2022 09:52:43 GMT
age: 354796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28809
x-xss-protection: 0
server: sffe
etag: "dd6615029de85e23"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Nov 2023 09:52:43 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame C68C 5 KB
2 KB 71ms
40ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 28 Nov 2022 09:52:43 GMT
age: 354796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
etag: "403438c4d550ee88"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Nov 2023 09:52:43 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame C68C 40 KB
13 KB 71ms
41ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 28 Nov 2022 09:52:42 GMT
age: 354797
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12946
x-xss-protection: 0
server: sffe
etag: "0bacd3f1ce38a7db"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Nov 2023 09:52:42 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame C68C 8 KB
895 B 23ms
22ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 02 Dec 2022 12:25:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 02 Dec 2022 12:17:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 02 Dec 2022 12:25:59 GMT

GET
H3 200 no.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame C68C 3 KB
3 KB 13ms
13ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/no.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f2021e21c056b0aa47e7133e957ec82c3835780fe37eb1736428c42146e6907

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:45:50 GMT
x-content-type-options: nosniff
server: cafe
age: 81609
etag: 7127422092083725281
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2706
x-xss-protection: 0
expires: Fri, 02 Dec 2022 13:45:50 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame C68C 295 B
319 B 14ms
14ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 09:52:43 GMT
x-content-type-options: nosniff
server: cafe
age: 9196
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sat, 03 Dec 2022 09:52:43 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame C68C 0
0 67ms
67ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C-MTQ1-6JY6LSEeShlQeWyKvAAaO50etck-qV0agIZBABIKqAwyJglYKAgJgHoAGYot3-A8gBCakCRKKIHKOrsT7gAgCoAwHIAwqqBIgCT9Dfs-deBNfgYAhh07KKR6woa7vI0Q18kiDwlJU-hdmxvARJFxN0ryDkESpvZZcO4iRm1ZX6Yj1ANOWMH1YohuiY0yJV1WfjPs7fqJRFudI85DNn3ddssRTpq5Fl7I2krfXAzWl1EK9ZHH8OCGdH-ct1mzq7KzOzkrK_9ZhTtlegxCTflYN3cpG8t5cQs71OnTxwGVYJLa5MmdyEi-kuenoYZm31C9Cz9xLjdFRI9ysy7NS6QLcKJqt1dGuoV_5lzTijmLbOTN76kN_c80B-31DAtO4uuA2A_LfSbLlYjpja3RCqMpUpqGa36nhnhNl6hqnWTaL6tT_ln0TXgWXkcLij0JxmOurFwASMhd39vQHgBAGSBQQIBBgBkgUECAUYBKAGLoAH0N2iAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEKunD9IIEQiA4YAQEAEYHTICqgI6AoBA8ggbYWR4LXN1YnN5bi03OTQ0NzI2NzAwNjA0NzAxgAoDyAsB2BMLiBQC0BUBgBcBshceChwIABIUcHViLTU1MTIzOTA3MDUxMzc1MDcYku8h&sigh=eNA2jiLFd5E&uach_m=[UACH]&cid=CAQSSwDq26N954yJxOW77DUt9knyQKOeZx0dFNI9TK9TU0u83J68oq-tRORYKi4dmYieP3RinR4hzjmcfPRYX0x0RaOAyy6M8Vk8yJRnVRgBIBM&template_id=5000
Requested by: Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

GET
H3 200 2728354180183721846
tpc.googlesyndication.com/simgad/11379843648621071431/ Frame C68C 21 KB
21 KB 14ms
13ms Image
image/jpeg 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11379843648621071431/2728354180183721846?w=600&h=314

Requested by

Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25922e2c49e09b0e033cf93a43ab317fee97b0f160d74e2c54aafd4bd58349a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 20:56:38 GMT
x-content-type-options: nosniff
age: 314961
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21734
x-xss-protection: 0
last-modified: Wed, 29 Jun 2022 10:14:58 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 28 Nov 2023 20:56:38 GMT

GET
DATA 200
OK truncated
/ Frame C68C 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame C68C 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame C68C 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0c92f5914f58ed3472e7d16f976bc26c4216b0779cf6b283f0cc381dcd3fc31f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame C68C 28 KB
28 KB 13ms
13ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://no.gottamentor.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 21:35:41 GMT
x-content-type-options: nosniff
age: 53418
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Dec 2023 21:35:41 GMT

GET
H3 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012211060024000/ Frame 2E18 221 KB
60 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01f9f2f5ba1812441a49f7f1dc0b04fb56a18b486005289b8df4212381f10ce

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 28 Nov 2022 09:52:43 GMT
age: 354797
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61592
x-xss-protection: 0
server: sffe
etag: "a2fca7132416d151"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Nov 2023 09:52:43 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 2E18 14 KB
5 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 28 Nov 2022 09:52:42 GMT
age: 354798
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5218
x-xss-protection: 0
server: sffe
etag: "abd4378f71571d78"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Nov 2023 09:52:42 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 2E18 94 KB
28 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 28 Nov 2022 09:52:43 GMT
age: 354797
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28809
x-xss-protection: 0
server: sffe
etag: "dd6615029de85e23"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Nov 2023 09:52:43 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 2E18 5 KB
2 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 28 Nov 2022 09:52:43 GMT
age: 354797
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
etag: "403438c4d550ee88"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Nov 2023 09:52:43 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 2E18 40 KB
13 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 28 Nov 2022 09:52:42 GMT
age: 354798
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12946
x-xss-protection: 0
server: sffe
etag: "0bacd3f1ce38a7db"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Nov 2023 09:52:42 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 2E18 8 KB
895 B 30ms
29ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 02 Dec 2022 12:26:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 02 Dec 2022 12:14:17 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 02 Dec 2022 12:26:00 GMT

GET
H3 200 no.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 2E18 3 KB
3 KB 16ms
16ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/no.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f2021e21c056b0aa47e7133e957ec82c3835780fe37eb1736428c42146e6907

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:45:50 GMT
x-content-type-options: nosniff
server: cafe
age: 81610
etag: 7127422092083725281
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2706
x-xss-protection: 0
expires: Fri, 02 Dec 2022 13:45:50 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 2E18 295 B
321 B 17ms
17ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 09:52:43 GMT
x-content-type-options: nosniff
server: cafe
age: 9197
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sat, 03 Dec 2022 09:52:43 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 2E18 0
0 58ms
58ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CK2tQ1-6JY5OWMNGE9u8P8NSvgASdjIK2bY2o1OnPEJaCzYWIFhABIKqAwyJglYKAgJgHoAH7jPPwAsgBCakCRKKIHKOrsT7gAgCoAwHIAwqqBK4CT9AOG4Q84OLPAMHO9JyMw7U-X65RkpPn7KuoMT5lrEZLE5oUAC4IPZw3f-nJjiGEztr3WlYzNnpb7wj6-wDDbKdd-amCZ-n_KpG0R0y7ANYgm9PK_8jxeHvrpvhF9QUGPUk2aNgy4CU84IC8OW3h3slxsWYnd1cmYjj0Wz3LSDVD9j9Bhc8DWgK1aMdR8M3eVGqm5EilSUSbp03Z8enKdQ_DytymrdcSv173XO8Jk6rxtNZsMW0VZC8yPclAyIMpEOanJE4qQ7xNR7xbEiQc9Z7yJoGU75suck7b2zaMiLXgMa7HqerXJBEt7ayYJKlGViRVvK4U8p0ujMAFLOvyhslhW1Fkei8IiuckpCBe98QlCVhMHAfzZWHWImoaa18K71_NLpAa-yIOceH41MPABJ3bt86LBOAEAZIFBAgEGAGSBQQIBRgEoAYugAeu-oKXAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEMPXB9IIEQiA4YAQEAEYHTICqgI6AoBA8ggbYWR4LXN1YnN5bi03OTQ0NzI2NzAwNjA0NzAxgAoDyAsB2BMM0BUBgBcBshceChwIABIUcHViLTU1MTIzOTA3MDUxMzc1MDcYku8h&sigh=als9UH0Wd1Y&uach_m=[UACH]&cid=CAQSTADq26N999frh7MyvceLz9onMaw5cVGFKIavwLIhAvT4g8riqKVWivHEe8zsU_fgtmpJJx0ZraHudkG6E0WfvLap5zbjl6d-V1u4dM8YASAT&template_id=5000
Requested by: Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/16145935433861144391/ Frame 2E18 19 KB
19 KB 17ms
17ms Image
image/jpeg 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16145935433861144391/downsize_200k_v1?w=400&h=209

Requested by

Host: no.gottamentor.com
URL: https://no.gottamentor.com/now-dasher-now-dancer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ffb397c6ef7c621b61585a6cf09e4414f94ba11e240b09cb0d4c07c3062289d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Tue, 29 Nov 2022 01:47:59 GMT
x-content-type-options: nosniff
age: 297481
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19315
x-xss-protection: 0
last-modified: Fri, 07 Jun 2019 08:12:47 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 29 Nov 2023 01:47:59 GMT

GET
DATA 200
OK truncated
/ Frame 2E18 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 2E18 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 2E18 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44ae20714e8b6d5c75e7be870d01195031fd91df3ca85d37380936b0dd2c8c65

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 2E18 28 KB
28 KB 13ms
13ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://no.gottamentor.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 21:35:41 GMT
x-content-type-options: nosniff
age: 53419
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Dec 2023 21:35:41 GMT

GET
H2 200 SIMon_BlackWeek_Motiv_Flug_Simon_Maske_300x600.png
s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/ Frame 1520 3 KB
3 KB 20ms
20ms Image
image/png 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/2088929/11990643/bvpath_516/SIMon_BlackWeek_Motiv_Flug_Simon_Maske_300x600.png
Requested by: Host: 4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
URL: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 737339d61af3049b943b5f7ba99d1a70ca8c639fad790322dc154c93c51983b7

Request headers

Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
Origin: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:26:00 GMT
last-modified: Thu, 10 Nov 2022 09:30:09 GMT
server: nginx
x-amz-request-id: tx0000031b048a792236d2e-00637d54f9-329354d9-default
etag: "6171effd72f739da8dc98935ece5836f"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 2715

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 585C 42 B
64 B 164ms
164ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsumwpc7MRKmqXEDXAm46lYKbwGDphnGjkQQ9nLndY7zeOF7PCw934OYTgV4kzoPg3_aA29tf1xLtIPqVrOYaO7r-OysnaEjyPjJ8akIkEwV_2afV8sTAraZw6SEUQsiCj107LwHjg&sai=AMfl-YQdNhwsiTUNT-FIaJYudVs1sKF7mzuP6c52mvIUoyHhxkh81AL0vr-uxMvrac_XSP12xiwn5gpatChQNlEF-kshfVP2bLwksmFPRYL0s_gGKB4Ts2JGLdaO-n7VOo8mLUAZdxL45JY7XgJCS3lI&sig=Cg0ArKJSzORXKff6-EWIEAE&cid=CAQSTADq26N9xCs1-ZDjvBCo1U7_vVhhcuurU7rffIu7PZGSALPvRS01bRFPL2964sgvqJhBuVoTgz17tm6CeYvRB_CpOzKLqwsbmcGlbaoYASAT&id=ampim&o=315,1100&d=970,100&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=278&tls=1278&g=100&h=100&tt=1279&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:26:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 /
track.adform.net/serving/unload/ Frame 822D 35 B
503 B 20ms
20ms Ping
image/gif 37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=6436852272809430576@@59499586,1683293777832909632,100|1100|0|0|0|0|0|0|0||38|1|||1100|0|1|0|0|Y_im0i81R79cPlakbYq96dD4mZoyiNO-4MHkIXL9bEJ_81Yru-W9kvL_QlhaeLlf0|||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:26:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 187ms
19ms Preflight
application/json 2a02:2638::1c

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fno.gottamentor.com%2F&domain=no.gottamentor.com&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://no.gottamentor.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://no.gottamentor.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Fri, 02 Dec 2022 12:26:01 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 421379
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET

sid
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fno.gottamentor.com%2F&domain=no.gottamentor.com&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=Q9C_vnxEK3BaUFZGN2JrYndWMzdVR1R3QTgwdXg1TVBWaXQ0eXJMZzg1RU5QbU5GVGs5RHpFbUN2cnppSkthOVBiUkduaEl5Z0JLUnhMZ1BLTlhjNVJlRW9wWVJtYk91N0c0ZU9za3N3d0U1WE5sMWd0VEZQbFQ4UXFXSk...

0
0

GET
H2 200 rid
match.adsrvr.org/track/ 63 B
391 B 203ms
30ms XHR
application/json 15.197.193.217

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=prebid&fmt=json
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://no.gottamentor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://no.gottamentor.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 63
expires: Sun, 01 Jan 2023 12:26:01 GMT

GET
H2 200 /
csync.smilewanted.com/ Frame 2A89 6 KB
2 KB 67ms
51ms Document
text/html 104.22.69.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://csync.smilewanted.com/
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://no.gottamentor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
cf-cache-status: DYNAMIC
cf-ray: 77340c6e894c9c06-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 02 Dec 2022 12:26:01 GMT
server: cloudflare
vary: Accept-Encoding

GET
H2 200 pbjs
sync.quantumdex.io/usersync/ Frame F82B 4 KB
965 B 144ms
128ms Document
text/html 2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.quantumdex.io/usersync/pbjs
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://no.gottamentor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 77340c6e89a08fdc-FRA
content-encoding: gzip
content-type: text/html
date: Fri, 02 Dec 2022 12:26:01 GMT
server: cloudflare

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 67EC 52 KB
17 KB 173ms
6ms Document
text/html 151.101.129.108

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

Referer: https://no.gottamentor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 28476
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Fri, 02 Dec 2022 12:26:01 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 27 Nov 2022 04:52:13 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 34, 183914
X-Served-By: cache-lga13626-LGA, cache-fra-eddf8230048-FRA
X-Timer: S1669983962.516740,VS0,VE0

GET
H2 200 pbjs
sync.quantumdex.io/usersync/ Frame 2F48 4 KB
963 B 163ms
149ms Document
text/html 2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.quantumdex.io/usersync/pbjs
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://no.gottamentor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 77340c6e89a38fdc-FRA
content-encoding: gzip
content-type: text/html
date: Fri, 02 Dec 2022 12:26:01 GMT
server: cloudflare

GET
H2 200 /
csync.smilewanted.com/ Frame 4AC3 6 KB
2 KB 50ms
38ms Document
text/html 104.22.69.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://csync.smilewanted.com/
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://no.gottamentor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
cf-cache-status: DYNAMIC
cf-ray: 77340c6e894f9c06-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 02 Dec 2022 12:26:01 GMT
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 6343 52 KB
17 KB 174ms
10ms Document
text/html 151.101.129.108

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

Referer: https://no.gottamentor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 28476
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Fri, 02 Dec 2022 12:26:01 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 27 Nov 2022 04:52:13 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 34, 186055
X-Served-By: cache-lga13626-LGA, cache-fra-eddf8230072-FRA
X-Timer: S1669983962.517250,VS0,VE0

GET
H2 200 pbjs
sync.quantumdex.io/usersync/ Frame F7AF 4 KB
957 B 139ms
128ms Document
text/html 2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.quantumdex.io/usersync/pbjs
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://no.gottamentor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 77340c6e89a58fdc-FRA
content-encoding: gzip
content-type: text/html
date: Fri, 02 Dec 2022 12:26:01 GMT
server: cloudflare

GET
H2 200 /
csync.smilewanted.com/ Frame 1B78 6 KB
2 KB 42ms
34ms Document
text/html 104.22.69.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://csync.smilewanted.com/
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://no.gottamentor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
cf-cache-status: DYNAMIC
cf-ray: 77340c6e89519c06-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 02 Dec 2022 12:26:01 GMT
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame C442 52 KB
17 KB 169ms
9ms Document
text/html 151.101.129.108

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

Referer: https://no.gottamentor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 28475
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Fri, 02 Dec 2022 12:26:01 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 27 Nov 2022 04:52:13 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 34, 184258
X-Served-By: cache-lga13626-LGA, cache-fra-eddf8230094-FRA
X-Timer: S1669983962.517154,VS0,VE0

GET
H2 200 /
csync.smilewanted.com/ Frame BCAC 6 KB
2 KB 45ms
39ms Document
text/html 104.22.69.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://csync.smilewanted.com/
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://no.gottamentor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
cf-cache-status: DYNAMIC
cf-ray: 77340c6e89539c06-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 02 Dec 2022 12:26:01 GMT
server: cloudflare
vary: Accept-Encoding

GET
H2 200 pbjs
sync.quantumdex.io/usersync/ Frame A357 4 KB
1 KB 133ms
127ms Document
text/html 2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.quantumdex.io/usersync/pbjs
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://no.gottamentor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 77340c6e89a78fdc-FRA
content-encoding: gzip
content-type: text/html
date: Fri, 02 Dec 2022 12:26:01 GMT
server: cloudflare

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 0FB1 52 KB
17 KB 168ms
10ms Document
text/html 151.101.129.108

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid7.17.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

Referer: https://no.gottamentor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 28476
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Fri, 02 Dec 2022 12:26:01 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 27 Nov 2022 04:52:13 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 34, 185112
X-Served-By: cache-lga13626-LGA, cache-fra-eddf8230032-FRA
X-Timer: S1669983962.517103,VS0,VE0

GET
H2

200

setuid
a-prebid.vidoomy.com/
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fa-prebid.vidoomy.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D0%26gdpr_consent%3Dundefined%26uid%3D%24UID
https://a-prebid.vidoomy.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=undefined&uid=2621266343565341992

0
427 B

15ms
7ms

Image
text/plain

52.58.56.102
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a-prebid.vidoomy.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=undefined&uid=2621266343565341992
Protocol: H2
Server: 52.58.56.102 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-56-102.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:26:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Accept-Encoding, Origin
expires: 0

Redirect headers

Pragma: no-cache
Date: Fri, 02 Dec 2022 12:26:01 GMT
AN-X-Request-Uuid: d18f579a-2f73-4228-809e-7424773b652d
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://a-prebid.vidoomy.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=undefined&uid=2621266343565341992
Connection: keep-alive
X-Proxy-Origin: 178.162.209.129; 178.162.209.129; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ 0
191 B 179ms
24ms Image
text/plain 66.155.71.25

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=120&gdpr=0&gdpr_consent=undefined&redir=https%3A%2F%2Fa.vidoomy.com%2Fapi%2Frtbserver%2Fcookie%3Fi%3DCEN%26uid%3D%7BuserId%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.25 -, , ASN (),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Fri, 02 Dec 2022 12:26:01 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

setuid
a-prebid.vidoomy.com/
Redirect Chain

https://ups.analytics.yahoo.com/ups/58531/occ?gdpr=0&gdpr_consent=undefined
https://ups.analytics.yahoo.com/ups/58531/occ?gdpr=0&gdpr_consent=undefined&verify=true
https://a-prebid.vidoomy.com/setuid?bidder=verizonmedia&uid=y-uMgjUy1E2uGgOMQQS7x9cPAku9sbbW2eSNFjNaE-~A&gdpr=0&gdpr_consent=

0
636 B

8ms
8ms

Image
text/plain

52.58.56.102
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a-prebid.vidoomy.com/setuid?bidder=verizonmedia&uid=y-uMgjUy1E2uGgOMQQS7x9cPAku9sbbW2eSNFjNaE-~A&gdpr=0&gdpr_consent=
Protocol: H2
Server: 52.58.56.102 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-56-102.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:26:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Accept-Encoding, Origin
expires: 0

Redirect headers

location: https://a-prebid.vidoomy.com/setuid?bidder=verizonmedia&uid=y-uMgjUy1E2uGgOMQQS7x9cPAku9sbbW2eSNFjNaE-~A&gdpr=0&gdpr_consent=
date: Fri, 02 Dec 2022 12:26:01 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

setuid
a-prebid.vidoomy.com/
Redirect Chain

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fa-prebid.vidoomy.com%2Fsetuid%3Fbidder%3Dadf%26gdpr%3D0%26gdpr_consent%3Dundefined%26uid%3D%24UID
https://a-prebid.vidoomy.com/setuid?bidder=adf&gdpr=0&gdpr_consent=undefined&uid=6436852272809430576

0
515 B

8ms
7ms

Image
text/plain

52.58.56.102
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a-prebid.vidoomy.com/setuid?bidder=adf&gdpr=0&gdpr_consent=undefined&uid=6436852272809430576
Protocol: H2
Server: 52.58.56.102 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-56-102.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Dec 2022 12:26:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Accept-Encoding, Origin
expires: 0

Redirect headers

location: https://a-prebid.vidoomy.com/setuid?bidder=adf&gdpr=0&gdpr_consent=undefined&uid=6436852272809430576
date: Fri, 02 Dec 2022 12:26:01 GMT
server: nginx
content-length: 0
content-type: text/plain

GET
H/1.1

200
OK

setuid
rtb.adxpremium.services/
Redirect Chain

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Frtb.adxpremium.services%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID
https://rtb.adxpremium.services/setuid?bidder=adform&gdpr=0&gdpr_consent=&us_privacy=&uid=6436852272809430576

86 B
596 B

18ms
18ms

Image
image/png

148.251.44.111
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adxpremium.services/setuid?bidder=adform&gdpr=0&gdpr_consent=&us_privacy=&uid=6436852272809430576
Protocol: HTTP/1.1
Server: 148.251.44.111 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: sundoro
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

expires: 0
pragma: no-cache
date: Fri, 02 Dec 2022 12:26:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 86
vary: Origin
content-type: image/png

Redirect headers

location: https://rtb.adxpremium.services/setuid?bidder=adform&gdpr=0&gdpr_consent=&us_privacy=&uid=6436852272809430576
date: Fri, 02 Dec 2022 12:26:01 GMT
server: nginx
content-length: 0
content-type: text/plain

GET

sync
x.bidswitch.net/
Redirect Chain

https://x.bidswitch.net/sync?ssp=vidoomy
https://x.bidswitch.net/ul_cb/sync?ssp=vidoomy
https://sonata-notifications.taptapnetworks.com/web/cookie/bidswitch/sync?bidswitch_ssp_id=vidoomy&bsw_custom_parameter=2ee812e6-c5dd-4452-a6e1-20f8163d78fe&gdpr=&gdpr_consent=&gdpr_pd=
https://x.bidswitch.net/sync?dsp_id=413&ssp=vidoomy&user_id=csonata_9218f959-4db7-4993-93fe-923182ee2d8e&bsw_param=2ee812e6-c5dd-4452-a6e1-20f8163d78fe&expires=10

0
0

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ 0
239 B 181ms
7ms Image
image/gif 69.173.144.138

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-lupon&gdpr=0&gdpr_consent=&us_privacy=
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.138 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://no.gottamentor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

setuid
sync.quantumdex.io/ Frame A357
Redirect Chain

https://ups.analytics.yahoo.com/ups/58424/occ
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-uMgjUy1E2uGgOMQQS7x9cPAku9sbbW2eSNFjNaE-~A

43 B
94 B

141ms
140ms

Image
image/gif

2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-uMgjUy1E2uGgOMQQS7x9cPAku9sbbW2eSNFjNaE-~A
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77340c700c448fdc-FRA
content-length: 43
content-type: image/gif

Redirect headers

location: https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-uMgjUy1E2uGgOMQQS7x9cPAku9sbbW2eSNFjNaE-~A
date: Fri, 02 Dec 2022 12:26:01 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame A357 0
277 B 57ms
15ms Image
text/plain 216.52.2.48

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 02 Dec 2022 12:26:01 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

GET
H2

200

setuid
sync.quantumdex.io/ Frame A357
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=2621266343565341992

43 B
94 B

118ms
117ms

Image
image/gif

2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=2621266343565341992
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77340c703c9b8fdc-FRA
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Fri, 02 Dec 2022 12:26:01 GMT
AN-X-Request-Uuid: 644ee326-6ea7-4e4a-9c8a-bfa473a3a25d
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=2621266343565341992
Connection: keep-alive
X-Proxy-Origin: 178.162.209.129; 178.162.209.129; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 /
s.ad.smaato.net/c/ Frame A357 0
240 B 15ms
11ms Image
text/plain 2600:9000:223f:e00:1b:5138:8a40:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ad.smaato.net/c/?adExInit=p&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsmaato%26uid%3D%24UID
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:e00:1b:5138:8a40:93a1 -, , ASN (),
Reverse DNS
Software: CloudFront /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT
cache-control: no-cache, must-revalidate
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: -lctnDMwK4szkoo-YpeAcBY0SOekxgAYX5tpdFJZS1YSUPjN3MQA6g==
x-cache: FunctionGeneratedResponse from cloudfront

GET /
ssp.disqus.com/redirectuser/ Frame A357 0
0

GET 0.gif
id5-sync.com/i/495/ Frame A357 0
0

GET cksync.php
hbx.media.net/ Frame A357 0
0

GET
H2 204 v1
match.sharethrough.com/FGMrCMMc/ Frame A357 0
34 B 162ms
12ms Image
text/plain 3.122.182.165

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsharethrough%26uid%3D%24UID
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.182.165 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT

GET

match
ads.betweendigital.com/ Frame A357
Redirect Chain

https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D
https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1

0
0

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame F82B 0
277 B 58ms
21ms Image
text/plain 216.52.2.48

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 02 Dec 2022 12:26:01 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

GET
H2

200

setuid
sync.quantumdex.io/ Frame F82B
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=2621266343565341992

43 B
105 B

119ms
118ms

Image
image/gif

2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=2621266343565341992
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77340c701c628fdc-FRA
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Fri, 02 Dec 2022 12:26:01 GMT
AN-X-Request-Uuid: 70aa0b49-580f-4a93-86a6-21adb27f4302
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=2621266343565341992
Connection: keep-alive
X-Proxy-Origin: 178.162.209.129; 178.162.209.129; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 /
s.ad.smaato.net/c/ Frame F82B 0
239 B 9ms
7ms Image
text/plain 2600:9000:223f:e00:1b:5138:8a40:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ad.smaato.net/c/?adExInit=p&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsmaato%26uid%3D%24UID
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:e00:1b:5138:8a40:93a1 -, , ASN (),
Reverse DNS
Software: CloudFront /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT
cache-control: no-cache, must-revalidate
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: 3p5eYzFdxTpwuV8E05eO0vLsTb9mWolJb7t8YKTnRB6Evn5p4uf6yg==
x-cache: FunctionGeneratedResponse from cloudfront

GET /
ssp.disqus.com/redirectuser/ Frame F82B 0
0

GET
H/1.1 200 0.gif
id5-sync.com/i/495/ Frame F82B 43 B
1 KB 190ms
23ms Image
image/gif 162.19.138.120

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/495/0.gif?callback=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dinmobi%26uid%3D%7BID5UID%7D

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.120 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Fri, 02 Dec 2022 12:26:01 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

GET cksync.php
hbx.media.net/ Frame F82B 0
0

GET
H2 204 v1
match.sharethrough.com/FGMrCMMc/ Frame F82B 0
34 B 153ms
13ms Image
text/plain 3.122.182.165

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsharethrough%26uid%3D%24UID
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.182.165 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT

GET

setuid
sync.quantumdex.io/ Frame F82B
Redirect Chain

https://ups.analytics.yahoo.com/ups/58424/occ
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-uMgjUy1E2uGgOMQQS7x9cPAku9sbbW2eSNFjNaE-~A

0
0

GET

match
ads.betweendigital.com/ Frame F82B
Redirect Chain

https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D
https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1

0
0

GET
H2

200

setuid
sync.quantumdex.io/ Frame F7AF
Redirect Chain

https://ups.analytics.yahoo.com/ups/58424/occ
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-uMgjUy1E2uGgOMQQS7x9cPAku9sbbW2eSNFjNaE-~A

43 B
94 B

112ms
109ms

Image
image/gif

2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-uMgjUy1E2uGgOMQQS7x9cPAku9sbbW2eSNFjNaE-~A
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77340c702c7f8fdc-FRA
content-length: 43
content-type: image/gif

Redirect headers

location: https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-uMgjUy1E2uGgOMQQS7x9cPAku9sbbW2eSNFjNaE-~A
date: Fri, 02 Dec 2022 12:26:01 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 204 /
s.ad.smaato.net/c/ Frame F7AF 0
242 B 40ms
8ms Image
text/plain 2600:9000:223f:e00:1b:5138:8a40:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ad.smaato.net/c/?adExInit=p&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsmaato%26uid%3D%24UID
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:e00:1b:5138:8a40:93a1 -, , ASN (),
Reverse DNS
Software: CloudFront /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT
cache-control: no-cache, must-revalidate
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: b4k7EGx9uI5CkdaZLB5LI0R73qAcLNm3lHFGfZcaxxOsFBNYDlDpjw==
x-cache: FunctionGeneratedResponse from cloudfront

GET
H2

200

setuid
sync.quantumdex.io/ Frame F7AF
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=2621266343565341992

43 B
94 B

129ms
129ms

Image
image/gif

2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=2621266343565341992
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77340c704ccd8fdc-FRA
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Fri, 02 Dec 2022 12:26:01 GMT
AN-X-Request-Uuid: 505bca1b-1678-4390-a1d3-3ebfec3a6ca3
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=2621266343565341992
Connection: keep-alive
X-Proxy-Origin: 178.162.209.129; 178.162.209.129; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame F7AF 0
277 B 17ms
14ms Image
text/plain 216.52.2.48

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 02 Dec 2022 12:26:01 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

GET /
ssp.disqus.com/redirectuser/ Frame F7AF 0
0

GET cksync.php
hbx.media.net/ Frame F7AF 0
0

GET
H2 204 v1
match.sharethrough.com/FGMrCMMc/ Frame F7AF 0
35 B 146ms
9ms Image
text/plain 3.122.182.165

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsharethrough%26uid%3D%24UID
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.182.165 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT

GET

match
ads.betweendigital.com/ Frame F7AF
Redirect Chain

https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D
https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1

0
0

GET
H/1.1 200 0.gif
id5-sync.com/i/495/ Frame F7AF 43 B
1 KB 182ms
19ms Image
image/gif 162.19.138.120

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/495/0.gif?callback=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dinmobi%26uid%3D%7BID5UID%7D

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.120 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Fri, 02 Dec 2022 12:26:01 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

GET
H2 204 /
s.ad.smaato.net/c/ Frame 2F48 0
240 B 33ms
9ms Image
text/plain 2600:9000:223f:e00:1b:5138:8a40:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ad.smaato.net/c/?adExInit=p&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsmaato%26uid%3D%24UID
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:e00:1b:5138:8a40:93a1 -, , ASN (),
Reverse DNS
Software: CloudFront /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT
cache-control: no-cache, must-revalidate
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: ISxbGEoqmFfYbyJo_-OirJCRlR2eA2yg2EJZ6rSFIHIzelfF_rpk0w==
x-cache: FunctionGeneratedResponse from cloudfront

GET /
ssp.disqus.com/redirectuser/ Frame 2F48 0
0

GET
H/1.1 200 0.gif
id5-sync.com/i/495/ Frame 2F48 43 B
1 KB 181ms
24ms Image
image/gif 162.19.138.120

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/495/0.gif?callback=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dinmobi%26uid%3D%7BID5UID%7D

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.120 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Fri, 02 Dec 2022 12:26:01 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

GET cksync.php
hbx.media.net/ Frame 2F48 0
0

GET
H2 204 v1
match.sharethrough.com/FGMrCMMc/ Frame 2F48 0
34 B 142ms
11ms Image
text/plain 3.122.182.165

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsharethrough%26uid%3D%24UID
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.182.165 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT

GET

setuid
sync.quantumdex.io/ Frame 2F48
Redirect Chain

https://ups.analytics.yahoo.com/ups/58424/occ
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-uMgjUy1E2uGgOMQQS7x9cPAku9sbbW2eSNFjNaE-~A

0
0

GET

match
ads.betweendigital.com/ Frame 2F48
Redirect Chain

https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D
https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1

0
0

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame 2F48 0
277 B 16ms
15ms Image
text/plain 216.52.2.48

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 02 Dec 2022 12:26:01 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

GET
H2

200

setuid
sync.quantumdex.io/ Frame 2F48
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=2621266343565341992

43 B
94 B

119ms
119ms

Image
image/gif

2606:4700:10::6816:2560
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=2621266343565341992
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Server: 2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77340c704cde8fdc-FRA
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Fri, 02 Dec 2022 12:26:01 GMT
AN-X-Request-Uuid: 12da8f2e-3e69-4030-87e4-6b8dedb0191f
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=2621266343565341992
Connection: keep-alive
X-Proxy-Origin: 178.162.209.129; 178.162.209.129; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 pbsync
usermatch.targeting.unrulymedia.com/ Frame 5F74 0
0 191ms
12ms Document
text/plain 213.19.147.44

General

Check archive.org

Show headers Download Go to

Full URL: https://usermatch.targeting.unrulymedia.com/pbsync?gdpr=${GDPR}&consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&rurl=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%24UID
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.44 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT

GET usermatch
ssum-sec.casalemedia.com/ Frame B4DA 0
0

GET

usync.html
eus.rubiconproject.com/ Frame 9615
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-valueimpression&endpoint=us-east
https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east

0
0

GET
H2 200 user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 5E20 15 KB
0 178ms
5ms Document
text/html 23.35.236.201

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=22423
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Fri, 02 Dec 2022 12:26:01 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Fri, 02 Dec 2022 18:39:44 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 204 /
onetag-sys.com/usync/ Frame 2D97 0
0 190ms
15ms Document
text/plain 51.38.120.206

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=2bb78272a859ca6

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.38.120.206 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET activeview
pagead2.googlesyndication.com/pcs/ Frame 822D 0
0

GET
H2 204 pbsync
usermatch.targeting.unrulymedia.com/ Frame 98D4 0
0 67ms
11ms Document
text/plain 213.19.147.44

General

Check archive.org

Show headers Download Go to

Full URL: https://usermatch.targeting.unrulymedia.com/pbsync?gdpr=${GDPR}&consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&rurl=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%24UID
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.44 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT

GET usermatch
ssum-sec.casalemedia.com/ Frame 2EC8 0
0

GET

usync.html
eus.rubiconproject.com/ Frame 9DDD
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-valueimpression&endpoint=us-east
https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east

0
0

GET
H2 200 user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 3814 15 KB
0 58ms
7ms Document
text/html 23.35.236.201

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=22423
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Fri, 02 Dec 2022 12:26:01 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Fri, 02 Dec 2022 18:39:44 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 204 /
onetag-sys.com/usync/ Frame 5CDB 0
0 70ms
16ms Document
text/plain 51.38.120.206

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=2bb78272a859ca6

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.38.120.206 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET usermatch
ssum-sec.casalemedia.com/ Frame 3493 0
0

GET
H2 204 pbsync
usermatch.targeting.unrulymedia.com/ Frame BECA 0
0 64ms
12ms Document
text/plain 213.19.147.44

General

Check archive.org

Show headers Download Go to

Full URL: https://usermatch.targeting.unrulymedia.com/pbsync?gdpr=${GDPR}&consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&rurl=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%24UID
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.44 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT

GET
H2 200 user_sync.html
ads.pubmatic.com/AdServer/js/ Frame E941 15 KB
0 60ms
12ms Document
text/html 23.35.236.201

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=22423
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Fri, 02 Dec 2022 12:26:01 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Fri, 02 Dec 2022 18:39:44 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET

usync.html
eus.rubiconproject.com/ Frame A97A
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-valueimpression&endpoint=us-east
https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east

0
0

GET
H2 204 /
onetag-sys.com/usync/ Frame 7DE8 0
0 66ms
16ms Document
text/plain 51.38.120.206

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=2bb78272a859ca6

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.38.120.206 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2 200 decode_consent.js
static.smilewanted.com/js/decode_consent/ Frame 1B78 48 KB
12 KB 63ms
43ms Script
application/javascript 104.22.69.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.smilewanted.com/js/decode_consent/decode_consent.js

Requested by

Host: csync.smilewanted.com
URL: https://csync.smilewanted.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://csync.smilewanted.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 591747
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 15 Apr 2021 17:11:55 GMT
server: cloudflare
etag: W/"607873db-c1ce"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 77340c702d0d9c06-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 decode_consent.js
static.smilewanted.com/js/decode_consent/ Frame 4AC3 48 KB
12 KB 61ms
41ms Script
application/javascript 104.22.69.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.smilewanted.com/js/decode_consent/decode_consent.js

Requested by

Host: csync.smilewanted.com
URL: https://csync.smilewanted.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://csync.smilewanted.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 591747
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 15 Apr 2021 17:11:55 GMT
server: cloudflare
etag: W/"607873db-c1ce"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 77340c702d129c06-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET usermatch
ssum-sec.casalemedia.com/ Frame F3FF 0
0

GET
H2 200 user_sync.html
ads.pubmatic.com/AdServer/js/ Frame D65A 15 KB
0 58ms
13ms Document
text/html 23.35.236.201

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=22423
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Fri, 02 Dec 2022 12:26:01 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Fri, 02 Dec 2022 18:39:44 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 204 /
onetag-sys.com/usync/ Frame 4DAD 0
0 64ms
16ms Document
text/plain 51.38.120.206

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=2bb78272a859ca6

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.38.120.206 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2 204 pbsync
usermatch.targeting.unrulymedia.com/ Frame 8A1B 0
0 59ms
12ms Document
text/plain 213.19.147.44

General

Check archive.org

Show headers Download Go to

Full URL: https://usermatch.targeting.unrulymedia.com/pbsync?gdpr=${GDPR}&consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&rurl=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%24UID
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.44 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT

GET

usync.html
eus.rubiconproject.com/ Frame A408
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-valueimpression&endpoint=us-east
https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east

0
0

GET
H2 200 decode_consent.js
static.smilewanted.com/js/decode_consent/ Frame BCAC 48 KB
12 KB 72ms
62ms Script
application/javascript 104.22.69.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.smilewanted.com/js/decode_consent/decode_consent.js

Requested by

Host: csync.smilewanted.com
URL: https://csync.smilewanted.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://csync.smilewanted.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 591747
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 15 Apr 2021 17:11:55 GMT
server: cloudflare
etag: W/"607873db-c1ce"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 77340c702d209c06-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK async_usersync
ib.adnxs.com/ Frame 67EC 0
747 B 25ms
13ms Script
text/html 185.89.210.82
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 02 Dec 2022 12:26:01 GMT
AN-X-Request-Uuid: 23505678-0973-4281-b2aa-d57ffa095d0b
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 178.162.209.129; 178.162.209.129; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync
ib.adnxs.com/ Frame C442 0
747 B 22ms
12ms Script
text/html 185.89.210.82
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 02 Dec 2022 12:26:01 GMT
AN-X-Request-Uuid: 4b2b9a51-d3dc-407a-b7bb-21847f58ba0c
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 178.162.209.129; 178.162.209.129; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync
ib.adnxs.com/ Frame 6343 0
747 B 24ms
13ms Script
text/html 185.89.210.82
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 02 Dec 2022 12:26:01 GMT
AN-X-Request-Uuid: c89dc3b5-6d37-4a2a-b214-d3eb59ccf8a8
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 178.162.209.129; 178.162.209.129; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync
ib.adnxs.com/ Frame 0FB1 0
747 B 60ms
49ms Script
text/html 185.89.210.82
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 02 Dec 2022 12:26:01 GMT
AN-X-Request-Uuid: 4210bcf0-0bf7-4db1-a157-4d71741b63d5
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 178.162.209.129; 178.162.209.129; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 decode_consent.js
static.smilewanted.com/js/decode_consent/ Frame 2A89 48 KB
12 KB 47ms
46ms Script
application/javascript 104.22.69.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.smilewanted.com/js/decode_consent/decode_consent.js

Requested by

Host: csync.smilewanted.com
URL: https://csync.smilewanted.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://csync.smilewanted.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 12:26:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 591747
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 15 Apr 2021 17:11:55 GMT
server: cloudflare
etag: W/"607873db-c1ce"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 77340c703d369c06-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 157ms
14ms Preflight
application/json 178.250.0.157

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=Q9C_vnxEK3BaUFZGN2JrYndWMzdVR1R3QTgwdXg1TVBWaXQ0eXJMZzg1RU5QbU5GVGs5RHpFbUN2cnppSkthOVBiUkduaEl5Z0JLUnhMZ1BLTlhjNVJlRW9wWVJtYk91N0c0ZU9za3N3d0U1WE5sMWd0VEZQbFQ4UXFXSklzTkNMM2plVjZqZXJscXR4TWphM3pYUmNMSnRCZXkzY2tGVEg3Wk9ieTlHT1RHTUY1c2RvT21CNUhHWGZmbnpZck1BMC8zbDQrUm1vcjBNV2hwU2VjdFNKNUtKTnp5OTcvQzMwOUVVVUs3YXE0Zkd6Z3UvRDQ5NmE0YWJpV0NYVVpTYWJWczg2fA&cppv=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Fri, 02 Dec 2022 12:26:01 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 455970
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 drop_cookie_sw.php
csync.smilewanted.com/ Frame CD49 0
0 76ms
74ms Document
text/html 104.22.69.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://csync.smilewanted.com/drop_cookie_sw.php
Requested by: Host: csync.smilewanted.com
URL: https://csync.smilewanted.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://csync.smilewanted.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
cf-cache-status: DYNAMIC
cf-ray: 77340c70decf9c06-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 02 Dec 2022 12:26:01 GMT
server: cloudflare
vary: Accept-Encoding

GET user-matching
ads.stickyadstv.com/ Frame BB1D 0
0

GET
H2 200 drop_cookie_sw.php
csync.smilewanted.com/ Frame 1689 0
0 53ms
52ms Document
text/html 104.22.69.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://csync.smilewanted.com/drop_cookie_sw.php
Requested by: Host: csync.smilewanted.com
URL: https://csync.smilewanted.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://csync.smilewanted.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
cf-cache-status: DYNAMIC
cf-ray: 77340c70ded49c06-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 02 Dec 2022 12:26:01 GMT
server: cloudflare
vary: Accept-Encoding

GET user-matching
ads.stickyadstv.com/ Frame BB39 0
0

GET drop_cookie_sw.php
csync.smilewanted.com/ Frame 8D3C 0
0

GET drop_cookie_sw.php
csync.smilewanted.com/ Frame 96CA 0
0

GET user-matching
ads.stickyadstv.com/ Frame 8A0B 0
0

GET user-matching
ads.stickyadstv.com/ Frame 08EA 0
0

GET PugMaster
image6.pubmatic.com/AdServer/ Frame 5E20 0
0

GET v1
match.sharethrough.com/universal/ Frame CE42 0
0

GET v1
match.sharethrough.com/universal/ Frame 58AB 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: mug.criteo.com
URL: https://mug.criteo.com/sid?cpp=Q9C_vnxEK3BaUFZGN2JrYndWMzdVR1R3QTgwdXg1TVBWaXQ0eXJMZzg1RU5QbU5GVGs5RHpFbUN2cnppSkthOVBiUkduaEl5Z0JLUnhMZ1BLTlhjNVJlRW9wWVJtYk91N0c0ZU9za3N3d0U1WE5sMWd0VEZQbFQ4UXFXSklzTkNMM2plVjZqZXJscXR4TWphM3pYUmNMSnRCZXkzY2tGVEg3Wk9ieTlHT1RHTUY1c2RvT21CNUhHWGZmbnpZck1BMC8zbDQrUm1vcjBNV2hwU2VjdFNKNUtKTnp5OTcvQzMwOUVVVUs3YXE0Zkd6Z3UvRDQ5NmE0YWJpV0NYVVpTYWJWczg2fA&cppv=2

Domain: x.bidswitch.net
URL: https://x.bidswitch.net/sync?dsp_id=413&ssp=vidoomy&user_id=csonata_9218f959-4db7-4993-93fe-923182ee2d8e&bsw_param=2ee812e6-c5dd-4452-a6e1-20f8163d78fe&expires=10

Domain: ssp.disqus.com
URL: https://ssp.disqus.com/redirectuser/?partner=valueimpression&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dzeta-global%26uid%3DBUYERUID

Domain: id5-sync.com
URL: https://id5-sync.com/i/495/0.gif?callback=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dinmobi%26uid%3D%7BID5UID%7D

Domain: hbx.media.net
URL: https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dmedianet%26uid%3D%3Cvsid%3E

Domain: ads.betweendigital.com
URL: https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1

Domain: ssp.disqus.com
URL: https://ssp.disqus.com/redirectuser/?partner=valueimpression&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dzeta-global%26uid%3DBUYERUID

Domain: hbx.media.net
URL: https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dmedianet%26uid%3D%3Cvsid%3E

Domain: sync.quantumdex.io
URL: https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-uMgjUy1E2uGgOMQQS7x9cPAku9sbbW2eSNFjNaE-~A

Domain: ads.betweendigital.com
URL: https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1

Domain: ssp.disqus.com
URL: https://ssp.disqus.com/redirectuser/?partner=valueimpression&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dzeta-global%26uid%3DBUYERUID

Domain: hbx.media.net
URL: https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dmedianet%26uid%3D%3Cvsid%3E

Domain: ads.betweendigital.com
URL: https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1

Domain: ssp.disqus.com
URL: https://ssp.disqus.com/redirectuser/?partner=valueimpression&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dzeta-global%26uid%3DBUYERUID

Domain: hbx.media.net
URL: https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dmedianet%26uid%3D%3Cvsid%3E

Domain: sync.quantumdex.io
URL: https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-uMgjUy1E2uGgOMQQS7x9cPAku9sbbW2eSNFjNaE-~A

Domain: ads.betweendigital.com
URL: https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1

Domain: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D

Domain: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvifDG6EFxwddw7F0UCEzNT8VP_A4rQAESNxlMBxWGKxORH6wnS1UPNAQAu6D15hBxYC-OXBad4Cr7nAVvjoRVYy7N94Scx0dPljexHGTGMcb6T9tZ4UPDmUUJ-f9ui7H-I90rE1A&sai=AMfl-YRr_l7sD0HgBzCKUagpxVaSzoAtSauxd3oU0zFMBc6m9tfqUYstnIbJrgR_Zst55ET5awVD4oI9zDdhuMCLJSljYRNDIA7pJ93rvgcufpmWuHvutObHgo1ezwLsBYnYPkpL4WYPv5hGcPwfHPsY&sig=Cg0ArKJSzKAzMOhnjbIXEAE&cid=CAQSTADq26N9P1vSCUwF_Hw56ALD7w_XMSzOHCGSVwRtPgdL2zKuqt3poRoI8DkphZbna0FF5ib352xXAz-UH95uIMiI1bl34wWFFQQCs7UYASAT&id=lidar2&mcvt=1057&p=443,436,537,1164&mtos=0,1057,1057,1057,1057&tos=0,1057,0,0,0&v=20221130&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=20&adk=2483656142&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1669983958999&rpt=1533&isd=0&lsd=0&met=mue&wmsd=0&pbe=0

Domain: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D

Domain: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east

Domain: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D

Domain: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east

Domain: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D

Domain: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east

Domain: ads.stickyadstv.com
URL: https://ads.stickyadstv.com/user-matching?id=3602&gdpr=0&gdpr_consent=

Domain: ads.stickyadstv.com
URL: https://ads.stickyadstv.com/user-matching?id=3602&gdpr=0&gdpr_consent=

Domain: csync.smilewanted.com
URL: https://csync.smilewanted.com/drop_cookie_sw.php

Domain: csync.smilewanted.com
URL: https://csync.smilewanted.com/drop_cookie_sw.php

Domain: ads.stickyadstv.com
URL: https://ads.stickyadstv.com/user-matching?id=3602&gdpr=0&gdpr_consent=

Domain: ads.stickyadstv.com
URL: https://ads.stickyadstv.com/user-matching?id=3602&gdpr=0&gdpr_consent=

Domain: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=85569543&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=

Domain: match.sharethrough.com
URL: https://match.sharethrough.com/universal/v1?supply_id=GmfSCHMu&gdpr=0&gdpr_consent=

Domain: match.sharethrough.com
URL: https://match.sharethrough.com/universal/v1?supply_id=GmfSCHMu&gdpr=0&gdpr_consent=

Verdicts & Comments Add Verdict or Comment

116 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

24 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.dr6.biz/	1970-01-20 08:36:15	Name: uuid Value: bb7e7d84-f1f7-439a-bc7a-468ce9d091a3
no.gottamentor.com/	1970-01-20 08:36:15	Name: _pbjs_userid_consent_data Value: 6683316680106290
.gottamentor.com/	1970-01-20 16:38:39	Name: _sharedID Value: afdec434-2658-43e8-a4c7-45cc620c4381
.quantumdex.io/	1970-01-20 08:36:15	Name: uid Value: eb3caf3b-f3c9-4b05-a4df-ca458b9a9f76
.adnxs.com/	1970-01-20 10:02:39	Name: uuid2 Value: 2621266343565341992
.adnxs.com/	1970-01-20 10:02:39	Name: icu Value: ChgI8Jt7EAoYAiACKAIw1t2nnAY4AkACSAIQ1t2nnAYYAQ..
.gottamentor.com/	1970-01-20 17:29:03	Name: _ga Value: GA1.2.1953490166.1669983959
.gottamentor.com/	1970-01-20 07:54:30	Name: _gid Value: GA1.2.529838787.1669983959
.gottamentor.com/	1970-01-20 07:53:04	Name: _gat_onn_tracker Value: 1
.no.gottamentor.com/	1970-01-20 17:29:03	Name: _ga Value: GA1.3.1953490166.1669983959
.no.gottamentor.com/	1970-01-20 07:54:30	Name: _gid Value: GA1.3.529838787.1669983959
.adform.net/	1970-01-20 08:37:42	Name: C Value: 1
.doubleclick.net/	1970-01-20 17:14:39	Name: IDE Value: AHWqTUm0Orb1pgGO_5-t3_6iZ2WbbHaTPGGQyP-slo1QDu7CnuHyuqddpPbdXZR01MQ
.casalemedia.com/	1970-01-20 16:38:39	Name: CMID Value: Y4nu18.vn3BQOGgCKy887QAA
.casalemedia.com/	1970-01-20 10:02:39	Name: CMPS Value: 5258
.casalemedia.com/	1970-01-20 10:02:39	Name: CMPRO Value: 5258
.doubleclick.net/	1970-01-20 07:53:04	Name: test_cookie Value: CheckForPermission
.adnxs.com/	1970-01-20 10:02:39	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GU(uaBlq!]tbPl1M>e)ZlrFUfJ+tGXxoeTxQbjK`j47AGD:v:=M=<:Z$E>[82+@gRL-%3If)y3KL9D3I?+FI^gKR
.casalemedia.com/	1970-01-20 10:02:39	Name: CMTS Value: 1213
.adform.net/	1970-01-20 09:19:27	Name: uid Value: 6436852272809430576
.adform.net/	1970-01-20 08:03:08	Name: TPC Value: 1669983959499
.doubleclick.net/	1970-01-20 07:53:07	Name: DSID Value: NO_DATA
.gottamentor.com/	1970-01-20 17:14:39	Name: __gads Value: ID=a3a92a51092d91b1:T=1669983958:S=ALNI_MbjO5cPMIepV1qyFCF0GFi5vHLtFg
.gottamentor.com/	1970-01-20 17:14:39	Name: __gpi Value: UID=00000b8bee453671:T=1669983958:RT=1669983958:S=ALNI_MavaQ9uwnVkQRhX7yIq9nvXKJuD6A

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4b89d2ab8d3e6a06875b33faa5a7cae7.safeframe.googlesyndication.com
a-prebid.vidoomy.com
acdn.adnxs.com
ads.betweendigital.com
ads.pubmatic.com
ads.stickyadstv.com
adservice.google.com
adservice.google.de
adx.adform.net
ap.lijit.com
cdn.ampproject.org
cdn.jsdelivr.net
cdn.onnetwork.tv
cdnt.onnetwork.tv
cm.adform.net
cm.g.doubleclick.net
csync.smilewanted.com
d.vidoomy.com
dr6.biz
dsum-sec.casalemedia.com
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
get.optad360.io
googleads.g.doubleclick.net
gottamentor.com
gum.criteo.com
hbx.media.net
ib.adnxs.com
id5-sync.com
image6.pubmatic.com
imasdk.googleapis.com
match.adsrvr.org
match.sharethrough.com
mug.criteo.com
no.gottamentor.com
onetag-sys.com
optad360.mgr.consensu.org
p.skimresources.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.rubiconproject.com
prebid-eu.creativecdn.com
prebid.a-mo.net
prebid.smilewanted.com
r.skimresources.com
rtb.adxpremium.services
s.ad.smaato.net
s.skimresources.com
s0.2mdn.net
s1.adform.net
securepubads.g.doubleclick.net
ssp.disqus.com
ssum-sec.casalemedia.com
static.smilewanted.com
stats.g.doubleclick.net
sync.quantumdex.io
t.skimresources.com
tpc.googlesyndication.com
track.adform.net
ups.analytics.yahoo.com
useast.quantumdex.io
usermatch.targeting.unrulymedia.com
video.onnetwork.tv
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
x.bidswitch.net
ads.betweendigital.com
ads.stickyadstv.com
csync.smilewanted.com
eus.rubiconproject.com
hbx.media.net
id5-sync.com
image6.pubmatic.com
match.sharethrough.com
mug.criteo.com
pagead2.googlesyndication.com
ssp.disqus.com
ssum-sec.casalemedia.com
sync.quantumdex.io
x.bidswitch.net
104.22.69.131
137.74.20.12
147.75.85.234
148.251.44.111
15.197.193.217
151.101.129.108
151.139.128.10
162.19.138.120
172.217.18.2
178.250.0.157
18.156.0.31
185.177.92.30
185.184.8.90
185.80.39.216
185.89.210.82
213.19.147.44
216.52.2.48
23.35.236.201
2600:9000:223f:e00:1b:5138:8a40:93a1
2600:9000:225e:fe00:11:a4de:2580:93a1
2606:4700:10::6816:2560
2606:4700:3037::ac43:d08b
2606:4700::6810:5914
2a00:1450:4001:800::2001
2a00:1450:4001:806::200a
2a00:1450:4001:80b::2002
2a00:1450:4001:80e::2006
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2001
2a00:1450:4001:810::2004
2a00:1450:4001:811::2002
2a00:1450:4001:812::200a
2a00:1450:4001:813::2002
2a00:1450:4001:827::2003
2a00:1450:4001:828::2002
2a00:1450:4001:829::2001
2a00:1450:4001:831::2002
2a00:1450:4001:831::2003
2a00:1450:4001:831::200e
2a00:1450:400c:c09::9c
2a02:2638::1c
3.122.182.165
35.190.59.101
35.190.91.160
35.201.67.47
37.157.6.236
37.157.6.245
37.157.6.247
37.59.235.100
51.38.120.206
52.222.214.2
52.58.56.102
66.155.71.25
69.173.144.138
04bde04ecda49fbc137152641575dd31d7f6180a67d152479ca5abb4f4cdf8f0
07a1fa2fe7d9f076fb533312f3df606cba4febdc17c4bcb4ee763d6294d4ce13
0b3b1222ac3ed02cbd2db738f018a3e8b0693aab2990ba87e66dbebbc0a707fa
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0be502b9446e16b338d36ccadac232f4a68ab74655f98fec415ccdbbccbf5729
0c84b90184116759a7aeb7afd45829e8da77c69c9a8ee3fe12c43061698aa2b3
0c92f5914f58ed3472e7d16f976bc26c4216b0779cf6b283f0cc381dcd3fc31f
12472fa774b18c826349b53eaca1b5d8476b1e82f9ea3f32de23ea94ac6068bd
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1399b1bf428b32bd6a69bbaa89167cfe776f650d9cac6980bc96f5e2166d7961
143e61f341f2a9c692f5c4da3376571f8eceb3bd522100ced05fecd474fbb3d6
178b2bc4b3396814141988acf676e2b02b5556b43ecddcdd2fc895190d725d83
1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0
1ca40611d10ac24d19be3dbaef22025ceee07aac60a50e6ace1baa57169f18c3
1d72b55013b9749fe76255325fcf5230fe3314fcdf71f172dc5e24068444cdca
20160b923de864cdf44fa26bfd6281a9e0aba7eb800fac86804d9a41a93c2394
21e2349686b7e697ee0f1a996c68505226660f60b2c2fd7f6ddaa2ca9196e3aa
22cc4a7bc0c7006ea5be08a4a51073e31c9ddd9a2b76c6fbb01c03325a33eb03
25922e2c49e09b0e033cf93a43ab317fee97b0f160d74e2c54aafd4bd58349a4
2a3f5688e753d3843a4975b2604136b480e56cd27614fdc6f925906f3672160a
2afb3cf38deea01d461f29b961c8aab0da4f121a84a9c843f49dc7cced99b6a5
2b712d4dfec80632eb7037cf52759a0e8142dde4f4f25203ad782d6409715068
2c19d105106bf6f55dd15da3523b88f88921e03cf54e1efaa138922fc12397c5
2f95e36b04e23bffeb83e056d7f27b8ea8e0113da68c41b305c1f67498ca8abf
2ffb397c6ef7c621b61585a6cf09e4414f94ba11e240b09cb0d4c07c3062289d
302e69dd5cd67c33a01a5d0308c1ead25d5967bd0810b0c073f9fe18124de7bd
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
32ab0a5c85cabdb695704b5128a8fb7c9a8dfa3242cc36ceda6bb0650a45b35f
37cb31effe0fa7997e40575b2d239b9fd99fa789fa7f4a9e16cd8c55cb86163c
396387372e521a2859b66d8ba258fa48a469738cdfdabdb44ce7b8f6530fee53
3974624ff80521dbd81d3ed32f8ec10c7baef11c272f46626a6284538e90e44b
3ca4eb91f7dfdb6aa2b4c2ce9461bdc2844fcd06c71a69079335fde67af0833b
4050a19d655eea8eed0457110b47f1a06d4e1cb11c7941bc08c0d540e46c5c77
44ae20714e8b6d5c75e7be870d01195031fd91df3ca85d37380936b0dd2c8c65
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
48b3cef92295572e8c4ef939348c8141b17c12e9365b34c24b4e132b371548ed
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e17f25a33727defde4f0e88b24844c00e48ed88484c4440d978025a82567287
4f2ba2bfe1eb64214229713ccd780bd1507170c13f11f2e28305614a1e25b123
504867782586fad9c6efd023992df14d977196b24825de28cc59b51aca206165
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50972fc41f894ed8acbad2e88268b464252de21576b80740541cc6d807f3356d
529d5a06e1e90ceadfad7e6c2eaed6e9b868a35798345d5431c90f6024f15b55
530040ebbfc1cd7a18f0537709371ccd55ec5ed96756cb4c121c2a56a33f8f19
555995e2499646fa341aecca1a19f77231ec6c3c6c14162c668d08560e7ac4ad
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5f23fff9711723f0dfc8bfba1f1d4d7891b512c136077f676a6ebbb2f25a85ad
5f4f80a6350fd7e6eaff214b3c5cdfb46b0b07123fdf398eb591248a3ee4a54b
60e70619e42d5f5a364383d83867d95a84d0133e43b3cd2bc78942eb468c7d4e
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6212a4c6fd9be62d0795e3957471693cb344af6f21c2bbe0e957f3ed82520f1b
62b1cff44a5e34b9587ad49f7ca951160f1559c5c545bcf99e13574ccaa5425a
634c7a6099396c9382029aa927edfc1e84583592d97a96fa6dd2fe8d7a0c2602
6e86fcfa5caff72f05cf3c9113e96d3b489df50ea5e48fb339f8e4d02d4c1b94
6f2021e21c056b0aa47e7133e957ec82c3835780fe37eb1736428c42146e6907
7260b4a4163f2e458b462ed77194205e12e7d8352f0ec3cb2e4d1475f7419a9a
7275f0fb8158cedd2aca99a9bb760d297331473511835855cf2614badbef18ef
737339d61af3049b943b5f7ba99d1a70ca8c639fad790322dc154c93c51983b7
759256c335c2ddc42e40f32debca9f0d57f0f14413724241689b57dfb3cbfd67
78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
8e16ad2005bc4c19f8560189ef6e7b7475f2b3def2c60a57f9041fac5b4f94cf
8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178
920230cba1a6e09330a6cc76c634c78e547fcf67b7a9cc03213dde43ceea0baa
9387fd1ace87614cf793b71482e6614cb25a213fc46069bf8ed25d080cb57e34
9932ee9cf425170b0cdd8e02fd4a533850fc5bb0b0c489fa49670efe49490675
9a2effff80e62dd0c63de66518ab84d16d6fe474c6c3daf6c2102670e16c455f
9d172e4a65be0295624eff225a515158c7959e40041303be754edb04e01b541f
9e56b7b82263ae7a915472e90f57e1e9b5a32a2e44d9264c1422de8e55dce8a9
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a01f9f2f5ba1812441a49f7f1dc0b04fb56a18b486005289b8df4212381f10ce
a46228d57faaf3cd1ec77fbed362c13944f30d9e92a4e1e5d3603c3902555df7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4c7748a8849068a7262049472b6b640aea77d843c16a57de3e34d3c47e4a01f
a607b3c3e0d09d7f339e0035f16f99bf93637dee0eb27b2b9c447701fefa2ace
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
a8a40c9bcf21990fcc91eb186c3e674a0af8c9c572807675daea2b13d3057fd4
a8ff02979e73ddc14664b0809679bded65d8e2e61c712c846efb4bc14ce808e9
a93f37c5c32d030a1d831b5023b6b29bc93290f5423debaf47c83b6444528059
ab7348cc166f8248fcb0a2ded01a5711c1130cf4b2b739d6e8ba8fc23de07e96
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b0e4d6e13eb1fd414025e5c3c3f18b9212fd0cd69890e7f69804ae69dec5bbb3
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b42cdce8a41bd8076fdd464a537ad64ad3f25a2ce0c8fc0e91abe2756d6ee970
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b47ff21e0bb6bdd13562a5f1d52f66074a63f44d2121ad91655e42133189b772
b9ec65827bb7aa4ea5ff5f9b379bb44765cb3d6d800281e32196e675f6a91e6a
bcbed99682f898f0fa16fa0f0c4baf1ac2b8d9ba65cff14fe563e28f5285fddd
bd9207c1f37483c675ff7793523f5d5b5eab933d4380e586d43636ccf1b7c27f
bddbf7e9ab14ce92ecc37640bf54fcb90d8a02da52d87ec12e252cfde4432e66
be6ab8ab5e47c84e5a857dfc7ab22bca734fc317f72dd3b07751340a53e54871
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a
bfde53f50ce848921cc626be7a39a5b5c61390ff8cd89d8cd11d91e2988f2779
c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f
c42ac47a2cf8ca8ed138b3538b35ed4d8d6e7b462dfd39c48f4feebb3b738d2b
c9aeb20d3aeaa0bdd38044f5fa39ac5f68c376d5cf1857f01031db91e4f719fd
cab552598c313ec62fe89766dd35aeff2441972ccf6665487fc9c9805bff3b57
cd193dea506a5bb4f3a80af22c91f74733d2f187bd53d14b5a5e5de7a0a4fcb6
cd5525bc887734465161af57feaa4d63c3f5681cb477816b23b6e17d94995707
cfc5afa3cbf80ed8a39987d2f4cc9215f915cfde9c83e86d5ee4a874bd69a401
d04a8585ca1c9cbff59e413fe76da6b8dcf3c567cbc68ec436b852d7f1694df1
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d
d3db2e5ccf8f6bfb963ab88463e09d992c67a4c37258b8f99714e7822abe6d79
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d79caf876bd38b43ea665e758bee70d4f2c86942140b3035dc6653aa41abd497
d7f93b1f8397f310070ad8dd6ddfe96401d90d637d16bbb8359dcf0aa6cc65f7
d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd
da1b1dba110f3d97894949bedfc60fe7fec3659813c957f88e51d550bc95ad88
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e13459782d7fc46c73821602bedc17cc2b3a2dc5ec07e91e30ed715193698a94
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee6c40b0c921fd7b3bbc39971c9c34f277885ef09ddde5032bb6e8db65ba9d1d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef4565eb9e6b1d15cccfd52037ac6734876ee56d0d5146bd452ba422c3d15606
f0322ab56d747cdb41b9ba5652c8153283392895eb30b52379280438b83cf16c
f06646a7054dd13cc5d038e17ad3bc5d9eed8e4b26026a5c3f729e160007dc9c
f1e593d55e322f110dabd90d040cc9a9c3715bbe6efd2c3e8f404d422b9cfc57
f1fa7b55e534c91a6aef6d7b0a92c865d8457f0d1f080346f943e2a10e89705c
f24f39142688312dfb248c6d85bbe72c725c887ccc8192654ffb68f1831cd9f1
f461e1e3fb47ce63a8d28c453253784cc233481904428c57a361fc93fd987327
f71eb60faf969bf70ee1521aeca9b1d6c8990f81cc5d879b3109232133ce1a7c
f8816e84666e9f5617099091a1422c343cd30ae4ba0680e5795e338e6aad95df
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

no.gottamentor.com Open in urlscan Pro 2606:4700:3037::ac43:d08b Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

290 Requests

83 %HTTPS

43 %IPv6

43 Domains

69 Subdomains

53 IPs

8 Countries

2739 kBTransfer

7610 kBSize

24 Cookies

37 Outgoing links

Redirected requests

290 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

no.gottamentor.com Open in urlscan Pro
2606:4700:3037::ac43:d08b Public Scan

Screenshot
Live screenshot

Full Image

290
Requests

83 %
HTTPS

43 %
IPv6

43
Domains

69
Subdomains

53
IPs

8
Countries

2739 kB
Transfer

7610 kB
Size

24
Cookies

290 HTTP transactions
8 data transactions