gofile.io Open in urlscan Pro
51.178.66.33 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://href.li/?https://gofile.io/d/lm18aB
Effective URL:
https://gofile.io/d/lm18aB
Submission: On March 16 via manual (March 16th 2022, 4:22:57 am UTC) from US — Scanned from DE

Summary HTTP 220 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 70 IPs in 9 countries across 68 domains to perform 220 HTTP transactions. The main IP is 51.178.66.33, located in France and belongs to OVH, FR. The main domain is gofile.io. The Cisco Umbrella rank of the primary domain is 108122.
TLS certificate: Issued by R3 on January 25th 2022. Valid for: 3 months.

This is the only time gofile.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	192.0.78.26 192.0.78.26	2635 (AUTOMATTIC) (AUTOMATTIC)
38	51.178.66.33 51.178.66.33	16276 (OVH) (OVH)
2	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
3	149.202.85.166 149.202.85.166	16276 (OVH) (OVH)
5	94.31.29.32 94.31.29.32	33438 (STACKPATH) (STACKPATH)
3	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	2a06:98c1:312... 2a06:98c1:3120::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	159.203.25.119 159.203.25.119	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	2606:4700:20:... 2606:4700:20::ac43:4bf1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	52.28.203.152 52.28.203.152	16509 (AMAZON-02) (AMAZON-02)
2	2602:803:c003... 2602:803:c003:200::51	26667 (RUBICONPR...) (RUBICONPROJECT)
2 5	185.33.221.88 185.33.221.88	29990 (ASN-APPNEX) (ASN-APPNEX)
4	18.159.54.110 18.159.54.110	16509 (AMAZON-02) (AMAZON-02)
10	52.19.209.179 52.19.209.179	16509 (AMAZON-02) (AMAZON-02)
4	51.38.120.206 51.38.120.206	16276 (OVH) (OVH)
1	185.255.84.151 185.255.84.151	200271 (IGUANE-) (IGUANE-)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	2606:4700::68... 2606:4700::6812:372	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.107.148.139 34.107.148.139	15169 (GOOGLE) (GOOGLE)
1	178.250.0.165 178.250.0.165	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 8	46.4.10.47 46.4.10.47	24940 (HETZNER-AS) (HETZNER-AS)
8	185.33.221.90 185.33.221.90	29990 (ASN-APPNEX) (ASN-APPNEX)
2	151.101.193.108 151.101.193.108	54113 (FASTLY) (FASTLY)
1 3	185.29.132.246 185.29.132.246	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
6	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
2	88.99.65.215 88.99.65.215	24940 (HETZNER-AS) (HETZNER-AS)
1 2	104.92.94.3 104.92.94.3	16625 (AKAMAI-AS) (AKAMAI-AS)
1	185.85.15.31 185.85.15.31	200107 (KL-EXT) (KL-EXT)
13	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
2	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
1 5	104.92.74.8 104.92.74.8	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2.18.232.130 2.18.232.130	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2.21.140.74 2.21.140.74	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2620:1ec:bdf::60 2620:1ec:bdf::60	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 4	37.157.6.241 37.157.6.241	198622 (ADFORM) (ADFORM)
2 2	213.155.156.169 213.155.156.169	1299 (TWELVE99 ...) (TWELVE99 Arelion)
5	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	178.250.2.151 178.250.2.151	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
6 10	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
3 3	51.210.112.63 51.210.112.63	16276 (OVH) (OVH)
2 2	54.229.233.249 54.229.233.249	16509 (AMAZON-02) (AMAZON-02)
6 8	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700:10:... 2606:4700:10::6816:1957	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	169.50.137.182 169.50.137.182	36351 (SOFTLAYER) (SOFTLAYER)
1 1	2620:116:800d... 2620:116:800d:21:36a9:ecb:e518:b308	16509 (AMAZON-02) (AMAZON-02)
5 5	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	2a05:d018:d29... 2a05:d018:d29:3602:741:642f:e5f9:56af	16509 (AMAZON-02) (AMAZON-02)
3	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2a00:1288:80:... 2a00:1288:80:807::1	203220 (YAHOO-DEB) (YAHOO-DEB)
1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	99.80.137.87 99.80.137.87	16509 (AMAZON-02) (AMAZON-02)
2	67.202.105.23 67.202.105.23	32748 (STEADFAST) (STEADFAST)
2	185.86.139.93 185.86.139.93	201081 (SMARTADSE...) (SMARTADSERVER)
2 4	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	216.52.2.19 216.52.2.19	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1	216.52.2.30 216.52.2.30	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
6 7	213.19.147.44 213.19.147.44	26120 (RHYTHMONE) (RHYTHMONE)
1 1	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
1	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 1	145.40.89.200 145.40.89.200	54825 (PACKET) (PACKET)
3 3	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
1 1	185.183.112.155 185.183.112.155	60350 (VP) (VP)
2	185.86.139.89 185.86.139.89	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 3	64.74.236.159 64.74.236.159	19024 (INTERNAP-...) (INTERNAP-BLK5)
1	185.255.84.152 185.255.84.152	200271 (IGUANE-) (IGUANE-)
1	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1 1	185.33.221.87 185.33.221.87	29990 (ASN-APPNEX) (ASN-APPNEX)
1 11	54.194.49.117 54.194.49.117	16509 (AMAZON-02) (AMAZON-02)
3 3	18.157.49.120 18.157.49.120	16509 (AMAZON-02) (AMAZON-02)
2 2	35.156.203.69 35.156.203.69	16509 (AMAZON-02) (AMAZON-02)
3 4	70.42.32.255 70.42.32.255	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
2 2	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1	132.226.41.106 132.226.41.106	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	169.197.150.8 169.197.150.8	398989 (DEEPINTENT) (DEEPINTENT)
1 1	104.111.215.191 104.111.215.191	() ()
2 2	52.210.102.59 52.210.102.59	16509 (AMAZON-02) (AMAZON-02)
2	52.19.170.216 52.19.170.216	16509 (AMAZON-02) (AMAZON-02)
1 1	198.148.27.140 198.148.27.140	() ()
1 1	103.229.206.240 103.229.206.240	() ()
2 2	151.101.194.49 151.101.194.49	54113 (FASTLY) (FASTLY)
1	18.195.155.181 18.195.155.181	16509 (AMAZON-02) (AMAZON-02)
1 1	124.146.215.47 124.146.215.47	() ()
2 2	185.184.8.65 185.184.8.65	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
220	70

1 192.0.78.26 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

href.li	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 51.178.66.33 (France)

ASN16276 (OVH, FR)
PTR: ns31226493.ip-51-178-66.eu

gofile.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.gofile.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 149.202.85.166 (France)

ASN16276 (OVH, FR)
PTR: mail.gofile.io

umami.gofile.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
plausible.gofile.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 94.31.29.32 (Maida Vale, United Kingdom)

ASN33438 (STACKPATH, US)
PTR: 94.31.29.32.IPYX-077437-ZYO.above.net

cdn4.buysellads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::7 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.plyr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 159.203.25.119 (Toronto, Canada)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: srv-ca-to-1.buysellads.com

srv.buysellads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4bf1 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.28.203.152 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2602:803:c003:200::51 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.33.221.88 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.159.54.110 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-159-54-110.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 52.19.209.179 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-209-179.eu-west-1.compute.amazonaws.com

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 51.38.120.206 (France)

ASN16276 (OVH, FR)
PTR: ip206.ip-51-38-120.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.255.84.151 (France)

ASN200271 (IGUANE-, FR)

hb-api.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:372 (United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.148.139 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 139.148.107.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.165 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.par.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 46.4.10.47 (Germany) 2 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.47.10.4.46.clients.your-server.de

ad.ad-srv.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad2.ad-srv.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.33.221.90 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ams1-ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.193.108 (United States)

ASN54113 (FASTLY, US)

cdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.132.246 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.99.65.215 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.215.65.99.88.clients.your-server.de

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.92.94.3 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-94-3.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.85.15.31 (Germany)

ASN200107 (KL-EXT, CH)

media.kaspersky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.92.74.8 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-74-8.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.232.130 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-130.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.21.140.74 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-140-74.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:bdf::60 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

public.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.6.241 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.169 (Uppsala, Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)
PTR: 213-155-156-169.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.151 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.185.226 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.210.112.63 (France) 3 redirects

ASN16276 (OVH, FR)
PTR: pikafka-eu-3.cloudy.ovh

pixel.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.229.233.249 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-233-249.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 3.33.220.150 (United States) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:1957 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

spl.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 169.50.137.182 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: b6.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:36a9:ecb:e518:b308 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 69.173.144.138 (Frankfurt am Main, Germany) 5 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:d29:3602:741:642f:e5f9:56af (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:807::1 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.80.137.87 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-137-87.eu-west-1.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.202.105.23 (United States)

ASN32748 (STEADFAST, US)
PTR: ip23.67-202-105.static.steadfastdns.net

pixel.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.139.93 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.19 (United States) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.52.2.30 (United States)

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 213.19.147.44 (United Kingdom) 6 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.128 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.162.133.149 (Rijswijk, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 145.40.89.200 (Ashburn, United States) 1 redirects

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.126.56.137 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.183.112.155 (Paris, France) 1 redirects

ASN60350 (VP, FR)

sync.adotmob.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.139.89 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 64.74.236.159 (United States) 2 redirects

ASN19024 (INTERNAP-BLK5, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.255.84.152 (France)

ASN200271 (IGUANE-, FR)

visitor.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.221.87 (Amsterdam, Netherlands) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 54.194.49.117 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-49-117.eu-west-1.compute.amazonaws.com

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.157.49.120 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-157-49-120.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.156.203.69 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-203-69.eu-central-1.compute.amazonaws.com

a.sportradarserving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 70.42.32.255 (United States) 3 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 132.226.41.106 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.197.150.8 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.215.191 (None, ) 1 redirects

ASN- ()

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.210.102.59 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-102-59.eu-west-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.19.170.216 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-170-216.eu-west-1.compute.amazonaws.com

usersync.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.140 (None, ) 1 redirects

ASN- ()

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.229.206.240 (None, ) 1 redirects

ASN- ()

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.194.49 (United States) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com

cs.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 124.146.215.47 (None, ) 1 redirects

ASN- ()

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.65 (Amsterdam, Netherlands) 2 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
41	gofile.io gofile.io — Cisco Umbrella Rank: 108122 umami.gofile.io — Cisco Umbrella Rank: 437215 plausible.gofile.io api.gofile.io — Cisco Umbrella Rank: 392533	752 KB
18	doubleclick.net 6 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159 googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 cm.g.doubleclick.net — Cisco Umbrella Rank: 176	176 KB
17	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 205 ams1-ib.adnxs.com — Cisco Umbrella Rank: 6750 cdn.adnxs.com — Cisco Umbrella Rank: 1232 acdn.adnxs.com — Cisco Umbrella Rank: 523 secure.adnxs.com — Cisco Umbrella Rank: 359	98 KB
16	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 90 tpc.googlesyndication.com — Cisco Umbrella Rank: 122	105 KB
15	rubiconproject.com 6 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 412 eus.rubiconproject.com — Cisco Umbrella Rank: 503 token.rubiconproject.com — Cisco Umbrella Rank: 595 pixel.rubiconproject.com — Cisco Umbrella Rank: 289 secure-assets.rubiconproject.com — Cisco Umbrella Rank: 944	25 KB
14	gumgum.com 1 redirects g2.gumgum.com — Cisco Umbrella Rank: 1487 rtb.gumgum.com — Cisco Umbrella Rank: 991 usersync.gumgum.com — Cisco Umbrella Rank: 4784	4 KB
13	pubmatic.com hbopenbid.pubmatic.com — Cisco Umbrella Rank: 417 ads.pubmatic.com — Cisco Umbrella Rank: 419 image6.pubmatic.com — Cisco Umbrella Rank: 571 image2.pubmatic.com — Cisco Umbrella Rank: 774 simage2.pubmatic.com — Cisco Umbrella Rank: 554 image4.pubmatic.com Failed	33 KB
11	servenobid.com ads.servenobid.com — Cisco Umbrella Rank: 1811 public.servenobid.com — Cisco Umbrella Rank: 3714	7 KB
10	yahoo.com 5 redirects c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 682 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 416 ads.yahoo.com — Cisco Umbrella Rank: 816 ups.analytics.yahoo.com — Cisco Umbrella Rank: 268	4 KB
8	adsrvr.org 6 redirects match.adsrvr.org — Cisco Umbrella Rank: 293	3 KB
8	ad-srv.net 2 redirects ad.ad-srv.net — Cisco Umbrella Rank: 33086 ad2.ad-srv.net — Cisco Umbrella Rank: 217473	7 KB
6	gstatic.com fonts.gstatic.com	82 KB
5	1rx.io 5 redirects sync.1rx.io — Cisco Umbrella Rank: 491	3 KB
5	mathtag.com 2 redirects tags.mathtag.com — Cisco Umbrella Rank: 2892 pixel.mathtag.com — Cisco Umbrella Rank: 1093 sync.mathtag.com Failed	2 KB
5	criteo.com 2 redirects bidder.criteo.com — Cisco Umbrella Rank: 689 gum.criteo.com — Cisco Umbrella Rank: 347 mug.criteo.com — Cisco Umbrella Rank: 3185 dis.criteo.com — Cisco Umbrella Rank: 617	7 KB
5	buysellads.net cdn4.buysellads.net — Cisco Umbrella Rank: 13573	226 KB
4	outbrain.com 3 redirects sync.outbrain.com — Cisco Umbrella Rank: 720	1 KB
4	casalemedia.com 2 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 476 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 496	5 KB
4	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 1266 rtb-csync.smartadserver.com — Cisco Umbrella Rank: 603	2 KB
4	adform.net 3 redirects c1.adform.net — Cisco Umbrella Rank: 524	2 KB
4	onetag-sys.com onetag-sys.com — Cisco Umbrella Rank: 797	2 KB
4	sharethrough.com btlr.sharethrough.com — Cisco Umbrella Rank: 989	433 B
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 257	2 KB
3	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 528	1 KB
3	lijit.com 2 redirects ce.lijit.com — Cisco Umbrella Rank: 734 ap.lijit.com — Cisco Umbrella Rank: 594	2 KB
3	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 707	1 KB
3	onaudience.com 3 redirects pixel.onaudience.com — Cisco Umbrella Rank: 1868	1 KB
3	4dex.io script.4dex.io — Cisco Umbrella Rank: 1689 mp.4dex.io — Cisco Umbrella Rank: 2262	24 KB
3	buysellads.com srv.buysellads.com — Cisco Umbrella Rank: 15816	1 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 147	93 KB
2	creativecdn.com 2 redirects creativecdn.com — Cisco Umbrella Rank: 614	695 B
2	everesttech.net 2 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 490	638 B
2	360yield.com 2 redirects ad.360yield.com — Cisco Umbrella Rank: 630	624 B
2	openx.net 2 redirects us-u.openx.net — Cisco Umbrella Rank: 323	427 B
2	sportradarserving.com 2 redirects a.sportradarserving.com — Cisco Umbrella Rank: 2159	1 KB
2	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 829	868 B
2	33across.com pixel.33across.com — Cisco Umbrella Rank: 2310 ssc-cms.33across.com
2	zeotap.com 1 redirects spl.zeotap.com — Cisco Umbrella Rank: 1469 mwzeom.zeotap.com — Cisco Umbrella Rank: 1307	898 B
2	crwdcntrl.net 2 redirects sync.crwdcntrl.net — Cisco Umbrella Rank: 628	886 B
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 4364	637 B
2	criteo.net static.criteo.net — Cisco Umbrella Rank: 600	63 KB
2	awin1.com 1 redirects www.awin1.com — Cisco Umbrella Rank: 13937	1 KB
2	contentspread.net cdn.contentspread.net — Cisco Umbrella Rank: 45661	2 KB
2	media.net prebid.media.net — Cisco Umbrella Rank: 1081 contextual.media.net — Cisco Umbrella Rank: 469	9 KB
2	omnitagjs.com hb-api.omnitagjs.com — Cisco Umbrella Rank: 3978 visitor.omnitagjs.com — Cisco Umbrella Rank: 1452	1 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	2 KB
1	socdm.com 1 redirects tg.socdm.com	691 B
1	emxdgt.com cs.emxdgt.com — Cisco Umbrella Rank: 806
1	contextweb.com 1 redirects bh.contextweb.com	374 B
1	bluekai.com 1 redirects stags.bluekai.com	1 KB
1	deepintent.com match.deepintent.com — Cisco Umbrella Rank: 813	44 B
1	technoratimedia.com sync.technoratimedia.com — Cisco Umbrella Rank: 1024	293 B
1	taboola.com sync.taboola.com — Cisco Umbrella Rank: 724	99 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1438	487 B
1	adotmob.com 1 redirects sync.adotmob.com — Cisco Umbrella Rank: 1385	711 B
1	a-mo.net 1 redirects prebid.a-mo.net — Cisco Umbrella Rank: 1055	311 B
1	sonobi.com sync.go.sonobi.com — Cisco Umbrella Rank: 843	474 B
1	rfihub.com 1 redirects p.rfihub.com — Cisco Umbrella Rank: 631	755 B
1	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 434	705 B
1	quantserve.com 1 redirects pixel.quantserve.com — Cisco Umbrella Rank: 381	537 B
1	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	299 B
1	kaspersky.com media.kaspersky.com — Cisco Umbrella Rank: 98638	62 KB
1	plyr.io cdn.plyr.io — Cisco Umbrella Rank: 14030	3 KB
1	href.li href.li — Cisco Umbrella Rank: 63325	324 B
0	ipredictive.com Failed sync.ipredictive.com Failed
0	stackadapt.com Failed sync.srv.stackadapt.com Failed
0	adentifi.com Failed rtb.adentifi.com Failed
0	amazon-adsystem.com Failed s.amazon-adsystem.com Failed
220	68

	Domain	Requested by
34	gofile.io	href.li gofile.io
13	tpc.googlesyndication.com	href.li googleads.g.doubleclick.net tpc.googlesyndication.com
11	rtb.gumgum.com	1 redirects g2.gumgum.com
10	cm.g.doubleclick.net	6 redirects ssum-sec.casalemedia.com g2.gumgum.com
10	ads.servenobid.com	cdn4.buysellads.net public.servenobid.com ssbsync.smartadserver.com ssum-sec.casalemedia.com g2.gumgum.com
8	match.adsrvr.org	6 redirects ssum-sec.casalemedia.com
8	ams1-ib.adnxs.com	href.li cdn4.buysellads.net cdn.adnxs.com gofile.io
6	googleads.g.doubleclick.net	cdn4.buysellads.net googleads.g.doubleclick.net
6	fonts.gstatic.com	fonts.googleapis.com
5	sync.1rx.io	5 redirects
5	token.rubiconproject.com	5 redirects
5	image2.pubmatic.com	ads.pubmatic.com
5	ib.adnxs.com	2 redirects cdn4.buysellads.net acdn.adnxs.com
5	cdn4.buysellads.net	gofile.io cdn4.buysellads.net
4	sync.outbrain.com	3 redirects g2.gumgum.com
4	c1.adform.net	3 redirects ads.pubmatic.com
4	eus.rubiconproject.com	cdn4.buysellads.net eus.rubiconproject.com g2.gumgum.com
4	ad2.ad-srv.net	ad.ad-srv.net
4	ad.ad-srv.net	2 redirects href.li ad.ad-srv.net
4	onetag-sys.com	cdn4.buysellads.net public.servenobid.com
4	btlr.sharethrough.com	cdn4.buysellads.net
4	c2shb.ssp.yahoo.com	cdn4.buysellads.net
4	api.gofile.io	gofile.io
3	x.bidswitch.net	3 redirects
3	b1sync.zemanta.com	2 redirects ssbsync.smartadserver.com
3	ups.analytics.yahoo.com	3 redirects
3	pixel.rubiconproject.com	eus.rubiconproject.com
3	um.simpli.fi	1 redirects ads.pubmatic.com ssum-sec.casalemedia.com
3	pixel.onaudience.com	3 redirects
3	simage2.pubmatic.com	ads.pubmatic.com
3	ads.pubmatic.com	cdn4.buysellads.net ads.pubmatic.com g2.gumgum.com
3	pagead2.googlesyndication.com	cdn4.buysellads.net tpc.googlesyndication.com www.googletagservices.com
3	tags.mathtag.com	1 redirects gofile.io
3	srv.buysellads.com	cdn4.buysellads.net
3	www.googletagservices.com	cdn4.buysellads.net googleads.g.doubleclick.net
2	creativecdn.com	2 redirects
2	sync-tm.everesttech.net	2 redirects
2	usersync.gumgum.com	g2.gumgum.com
2	ad.360yield.com	2 redirects
2	us-u.openx.net	2 redirects
2	a.sportradarserving.com	2 redirects
2	dsum-sec.casalemedia.com	1 redirects ssum-sec.casalemedia.com
2	rtb-csync.smartadserver.com	ssbsync.smartadserver.com
2	sync.targeting.unrulymedia.com	1 redirects g2.gumgum.com
2	ce.lijit.com	2 redirects
2	ssum-sec.casalemedia.com	1 redirects public.servenobid.com
2	ssbsync.smartadserver.com	public.servenobid.com g2.gumgum.com
2	pr-bh.ybp.yahoo.com	2 redirects
2	sync.crwdcntrl.net	2 redirects
2	d5p.de17a.com	2 redirects
2	gum.criteo.com	1 redirects static.criteo.net
2	static.criteo.net	cdn4.buysellads.net static.criteo.net
2	www.awin1.com	1 redirects ad.ad-srv.net
2	cdn.contentspread.net	ad.ad-srv.net
2	cdn.adnxs.com	cdn4.buysellads.net
2	fastlane.rubiconproject.com	cdn4.buysellads.net
2	script.4dex.io	cdn4.buysellads.net script.4dex.io
2	securepubads.g.doubleclick.net	www.googletagservices.com
2	plausible.gofile.io	gofile.io plausible.gofile.io
2	fonts.googleapis.com	gofile.io tpc.googlesyndication.com
1	tg.socdm.com	1 redirects
1	cs.emxdgt.com	g2.gumgum.com
1	secure-assets.rubiconproject.com	1 redirects
1	ssc-cms.33across.com	g2.gumgum.com
1	bh.contextweb.com	1 redirects
1	stags.bluekai.com	1 redirects
1	match.deepintent.com	g2.gumgum.com
1	sync.technoratimedia.com	g2.gumgum.com
1	secure.adnxs.com	1 redirects
1	sync.taboola.com	ssum-sec.casalemedia.com
1	visitor.omnitagjs.com	ssbsync.smartadserver.com
1	dsp.adfarm1.adition.com	1 redirects
1	sync.adotmob.com	1 redirects
1	prebid.a-mo.net	1 redirects
1	sync.go.sonobi.com	public.servenobid.com
1	p.rfihub.com	1 redirects
1	ap.lijit.com	public.servenobid.com
1	pixel.33across.com	public.servenobid.com
1	g2.gumgum.com	public.servenobid.com
1	px.ads.linkedin.com
1	ads.yahoo.com
1	pixel.quantserve.com	1 redirects
1	mwzeom.zeotap.com	ads.pubmatic.com
1	spl.zeotap.com	1 redirects
1	dis.criteo.com	1 redirects
1	sync.mathtag.com	ads.pubmatic.com
1	image6.pubmatic.com	ads.pubmatic.com
1	public.servenobid.com	cdn4.buysellads.net
1	contextual.media.net	cdn4.buysellads.net
1	acdn.adnxs.com	cdn4.buysellads.net
1	mug.criteo.com
1	www.google.com	1 redirects
1	media.kaspersky.com	ad.ad-srv.net
1	pixel.mathtag.com	gofile.io
1	bidder.criteo.com	cdn4.buysellads.net
1	prebid.media.net	cdn4.buysellads.net
1	mp.4dex.io	cdn4.buysellads.net
1	hbopenbid.pubmatic.com	cdn4.buysellads.net
1	hb-api.omnitagjs.com	cdn4.buysellads.net
1	cdn.plyr.io	gofile.io
1	umami.gofile.io	gofile.io
1	href.li
0	sync.ipredictive.com Failed	g2.gumgum.com
0	sync.srv.stackadapt.com Failed	ssum-sec.casalemedia.com g2.gumgum.com
0	rtb.adentifi.com Failed	ssum-sec.casalemedia.com
0	s.amazon-adsystem.com Failed	ssum-sec.casalemedia.com
0	image4.pubmatic.com Failed	ads.pubmatic.com
220	107

This site contains links to these domains. Also see Links.

Domain
www.buymeacoffee.com
www.patreon.com
twitter.com
go.nordvpn.net
file24.gofile.io

Subject Issuer	Validity	Valid
tls.automattic.com R3	`2022-02-20` - `2022-05-21`	3 months	crt.sh
*.gofile.io R3	`2022-01-25` - `2022-04-25`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.buysellads.net Sectigo RSA Domain Validation Secure Server CA	`2021-08-03` - `2022-09-03`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-03-03` - `2023-03-03`	a year	crt.sh
*.buysellads.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-18` - `2022-05-18`	2 years	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-03-08` - `2022-08-31`	6 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.sharethrough.com Amazon	`2021-08-13` - `2022-09-11`	a year	crt.sh
ads.servenobid.com Amazon	`2021-06-28` - `2022-07-27`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-10` - `2023-01-03`	a year	crt.sh
omnitagjs.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-24` - `2022-06-23`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.media.net Sectigo RSA Domain Validation Secure Server CA	`2021-04-12` - `2022-05-05`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-04` - `2022-05-03`	3 months	crt.sh
ad-srv.net R3	`2022-01-27` - `2022-04-27`	3 months	crt.sh
cdn.adnxs.com GlobalSign Organization Validated CA - SHA256 - G4	`2021-05-10` - `2022-06-11`	a year	crt.sh
pixel.mathtag.com DigiCert SHA2 Secure Server CA	`2021-06-29` - `2022-07-07`	a year	crt.sh
*.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2022-04-22`	2 years	crt.sh
contentspread.net R3	`2022-01-27` - `2022-04-27`	3 months	crt.sh
www.awin1.com DigiCert SHA2 Secure Server CA	`2021-06-11` - `2022-06-16`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-02` - `2022-05-03`	3 months	crt.sh
public.servenobid.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-17` - `2023-02-17`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.simpli.fi DigiCert TLS RSA SHA256 2020 CA1	`2021-10-27` - `2022-11-27`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.gumgum.com Amazon	`2021-06-05` - `2022-07-04`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2021-12-08` - `2023-01-09`	a year	crt.sh
*.zemanta.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-29` - `2022-08-29`	a year	crt.sh
*.taboola.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
*.technoratimedia.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-17` - `2022-10-05`	a year	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2020-04-09` - `2022-06-08`	2 years	crt.sh
*.ad-server.k8s.ie.ggops.com Amazon	`2022-02-15` - `2023-03-16`	a year	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2021-05-18` - `2022-06-19`	a year	crt.sh

This page contains 35 frames:

Primary Page: https://gofile.io/d/lm18aB
Frame ID: 1EC2CDA14EAC95ECB62004B6063C800A
Requests: 82 HTTP requests in this frame

Frame: https://cdn4.buysellads.net/pub/prebid-universal-creative.js?1.13.0
Frame ID: 27FFE495194A225C30D5A627075E947A
Requests: 9 HTTP requests in this frame

Frame: https://cdn4.buysellads.net/pub/prebid-universal-creative.js?1.13.0
Frame ID: 7CD68FF6EC2A29DCA6AF9BF7E1512D75
Requests: 9 HTTP requests in this frame

Frame: https://ad.ad-srv.net/request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D2806915869715378998%26mt_id%3D7515751%26mt_adid%3D234495%26redirect%3D&subid=5637254_2806915869715378998&random=2806915869715378998&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=MM_SSP:apn&extVar[]=MM_DOM_RTB:gofile.io&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&documentReferer=https%3A%2F%2Fgofile.io%2Fd%2Flm18aB&ancestorOrigins=https%3A%2F%2Fgofile.io&uidRedirect=1
Frame ID: 8CC08F9A52A9287C6458D5B4DCEDFC6A
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Frame ID: 3977AC231D3C3EFA97F25990718FAF21
Requests: 9 HTTP requests in this frame

Frame: https://ad.ad-srv.net/request.php?zone=nmigdcx4avw9&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=a5f982f93bcaEbPW1NDYFAcbSSdeB5UwXc1LOiFmA1fYCy8FdFjdkd48mZgZYl_vli0vGW58FDWqIF_LmYG9FAaZGC_00CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=45609000012480501319921011900002&redirectClick=https%3A%2F%2Fad2.ad-srv.net%2Fc%2Fp9wptj5eudvunrt%3Ftprde%3D&uidRedirect=1
Frame ID: 995578EAC0CCD171227810F1FAE4E76E
Requests: 6 HTTP requests in this frame

Frame: https://www.awin1.com/cshow.php?s=2519508&v=14098&q=379082&r=559379&pv=1&pref1=83467900012480801649445011900002
Frame ID: 3724C6354A94AD21084B113DED7109AA
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/index.html
Frame ID: 5CE4736680FC8E5519CA5D85EA0915E5
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 33C0EAB2415EF7988ACBAF05DBA7EB26
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=gofile.io
Frame ID: C2F8920F3CF5496AA7949A938E1480B7
Requests: 2 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1647404572564
Frame ID: 83237D8E24F8507B10E03B2E4B28F87F
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102
Frame ID: 3178E2C5541123DC72B13CE9576ADDEC
Requests: 12 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 903172640AD7BBFA49C9ADB14642857D
Requests: 10 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: DDD54262DA0E05B208416EECCB4E8F31
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU18831I&prvid=2034%2C2033%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C237%2C2025%2C117%2C97%2C99%2C55%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C203%2C9%2C2011%2C3022%2C3020%2C172%2C173%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C214%2C3014%2C338%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C229%2C108%2C307&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: D1DCF263F61E86566FBA4DF1482AF749
Requests: 1 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: C384C865BC387A0A981BA7695BAA3D5C
Requests: 9 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=DCC50ABB-A51F-42BB-B968-385825186F75
Frame ID: F5985FA23ED6FF5FFF8CE270DCA1AA7E
Requests: 1 HTTP requests in this frame

Frame: https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D
Frame ID: 7809E2958951D05B6CF52201551E268F
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7858187179105290502
Frame ID: BDCD9EE36124D910432957B2BD0BC096
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Frame ID: A13D18A8F8DAB4D3E672D7707C6332F8
Requests: 1 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: DA2318FF505CC65C1263F01BE132D5FB
Requests: 16 HTTP requests in this frame

Frame: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Frame ID: 60F801B919B9325382CE1982244489E9
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: 5835FFAC8476E4453972E178BD3E0B3D
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: F9B5732D7F4DE6B5214B6B8A7C905095
Requests: 6 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Frame ID: 5038B400A5743106A66C07DB424E7A2F
Requests: 10 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=6f8b6231-661d-4400-ac10-576cf4c60b13&gdpr=0&gdpr_consent=
Frame ID: 7E14829FA855A6DF3DED90A498F1D575
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=atm&i=YjFmIAANYxwqkQAy&gdpr=0&gdpr_consent=&_test=YjFmIAANYxwqkQAy
Frame ID: F99FC0865C1782C359F43460EC3EB092
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9iMzU1ZDFhNC1jNDQ3LTRiZTAtYWFmYS0wMzYzMWRiNDY5N2I=&gdpr=0&gdpr_consent=
Frame ID: B0C54D73E45B0F68D3445DA9EF49783D
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: CD8DD1F9A2FA6EB6861646B7CA790BA4
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Frame ID: 61B8B4C8EEB27AAD24DB7CD780BC06EA
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=ttd&i=5542b651-74e0-43b0-bcc0-e55e758f3242&t=1649996576
Frame ID: C3F3FA0CB86518A739AF4862922B04D6
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: DEE31824421E32256B83FBE366554579
Requests: 3 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Frame ID: C0E28DCE90F75E4C10B512281D8A6C1C
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YjFmIMCo8YwAAEY8LeIAAAAA
Frame ID: F9FE76EE98C10C3E5D73440BB7C3589A
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=zzRgTLYREJu97APeWUUD&pi=gumgum&tc=1
Frame ID: 98E025FD089059AA4E726E19EDA8A178
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Gofile - Free file sharing and storage platform

Page URL History Show full URLs

https://href.li/?https://gofile.io/d/lm18aB Page URL
https://gofile.io/d/lm18aB Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Plyr (Video players) Expand

Overall confidence: 100%
Detected patterns

https://cdn\.plyr\.io/([0-9.]+)/.+\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Bootstrap Table (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+href="[^>]*bootstrap-table(?:\.min)?\.css
bootstrap-table(?:\.min)?\.js

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Marked (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/marked(?:\.min)?\.js

Moment.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

moment(?:\.min)?\.js

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

SweetAlert2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+?href="[^"]+sweetalert2(?:\.min)?\.css
sweetalert2(?:\.all)?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

220
Requests

80 %
HTTPS

20 %
IPv6

68
Domains

107
Subdomains

70
IPs

9
Countries

1790 kB
Transfer

5473 kB
Size

97
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.buymeacoffee.com/gofile

Search URL Search Domain Scan URL

URL: https://www.patreon.com/gofile/membership

Search URL Search Domain Scan URL

URL: https://twitter.com/Gofile_io
Title: @gofile_io

Search URL Search Domain Scan URL

URL: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=28850
Title: subscribing to a VPN

Search URL Search Domain Scan URL

URL: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=28850&url_id=902
Title: using a VPN

Search URL Search Domain Scan URL

URL: https://file24.gofile.io/download/52292549-a093-49d2-aabb-7945027db476/OnlyFans-5.mp4
Title: OnlyFans-5.mp4

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://href.li/?https://gofile.io/d/lm18aB Page URL
https://gofile.io/d/lm18aB Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 80

https://ad.ad-srv.net/request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D2806915869715378998%26mt_id%3D7515751%26mt_adid%3D234495%26redirect%3D&subid=5637254_2806915869715378998&random=2806915869715378998&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=MM_SSP:apn&extVar[]=MM_DOM_RTB:gofile.io&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&documentReferer=https%3A%2F%2Fgofile.io%2Fd%2Flm18aB&ancestorOrigins=https%3A%2F%2Fgofile.io HTTP 302
https://ad.ad-srv.net/request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D2806915869715378998%26mt_id%3D7515751%26mt_adid%3D234495%26redirect%3D&subid=5637254_2806915869715378998&random=2806915869715378998&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=MM_SSP:apn&extVar[]=MM_DOM_RTB:gofile.io&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&documentReferer=https%3A%2F%2Fgofile.io%2Fd%2Flm18aB&ancestorOrigins=https%3A%2F%2Fgofile.io&uidRedirect=1

Request Chain 84

https://tags.mathtag.com/notify/img?exch=apn&s_exch=apn&id=5aW95q2jLzIzLyAvTjJWbFltVTJNamd0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzI4MDY5MTU4Njk3MTUzNzg5OTgvNzUxNTc1MS81NjM3MjU0LzEzL3YwN0RYdC1sa2FTN1BWUVZaLXBJbHJVRUZqVDh4R1BYX2V0UE01UU5XU2svMS8xMy8wLzAvMTE4MzQ3Ny8zMTE3NzgzOTg0LzIzNDQ5NS83NDYzNDUvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8yODA2OTE1ODY5NzE1Mzc4OTk4L3pyaC8wLzIwMDEvMjIvOTk5LzI1OC8xODUuMjEzLjE1NS4wLzAuMDAwLzE2NDc0MDQ1NzIvMTY0NzQxNzE3Mi8xMy84Mzk0Lw/mpv5r-e6rdurXFEbboWDghuJPmw&nodeid=1621&group=zrh&auctionid=2806915869715378998&shardkey=2806915869715378998&sid=5637254&cid=7515751&bp=a_acjcch&nfy_act=LD5wew&bfip=185.29.133.59&type=imp&client=c2s HTTP 302
https://tags.mathtag.com/ck-confirm?bid_id=2806915869715378998&node_id=1621&exch_id=13

Request Chain 94

https://ad.ad-srv.net/request.php?zone=nmigdcx4avw9&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=a5f982f93bcaEbPW1NDYFAcbSSdeB5UwXc1LOiFmA1fYCy8FdFjdkd48mZgZYl_vli0vGW58FDWqIF_LmYG9FAaZGC_00CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=45609000012480501319921011900002&redirectClick=https%3A%2F%2Fad2.ad-srv.net%2Fc%2Fp9wptj5eudvunrt%3Ftprde%3D HTTP 302
https://ad.ad-srv.net/request.php?zone=nmigdcx4avw9&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=a5f982f93bcaEbPW1NDYFAcbSSdeB5UwXc1LOiFmA1fYCy8FdFjdkd48mZgZYl_vli0vGW58FDWqIF_LmYG9FAaZGC_00CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=45609000012480501319921011900002&redirectClick=https%3A%2F%2Fad2.ad-srv.net%2Fc%2Fp9wptj5eudvunrt%3Ftprde%3D&uidRedirect=1

Request Chain 101

https://www.awin1.com/cshow.php?s=2519508&v=14098&q=379082&r=559379&pv=0&pref1=83467900012480801649445011900002 HTTP 302
https://media.kaspersky.com/de/affiliates/evergreen-kis-728x90.jpg

Request Chain 116

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 133

https://gum.criteo.com/sid/json?origin=publishertag&domain=gofile.io&sn=ChromeSyncframe&so=0&topUrl=gofile.io&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=lStrhXxsYlcwYTNWSThTUFdqZ0JjMnllVm5tbmw3elZxZ3RQTXMrT2Y0ZFpIVWNVVE1Pa0kzQjU3RlBydkJaOHNuYitUZ2s3MVNzQlBhR20xM2NtTGtGRHJidW5GWkNPTExDRGhpQkxRZFcwV21WSmNOdytvUkF6TUJBVWdkeThtZWQ0MVh3MHdUdjhHZjNGMUJ2U1BjcU5manJUZy95a0JKRFBZVWpiVVgvL1BkU3VjSFdUZC9jTEtvb2pOUW13RFdpMUdaSFhsN2llL0FLVVlPdUJCdS9BQkY4Y21Pd1crR2dtSU9LcXp5M1lRdmxDeEpyMGlaUExOQUZDQjlhemhyQWFjcVFBNVJMT0VIRU8vdC9xWmh2cTh4QT09fA&cppv=2

Request Chain 147

https://c1.adform.net/serving/cookie/match?party=14&cid=DCC50ABB-A51F-42BB-B968-385825186F75 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=DCC50ABB-A51F-42BB-B968-385825186F75

Request Chain 149

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7858187179105290502

Request Chain 150

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@ HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=

Request Chain 151

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3MUKu6UfQru5aDhYJRhvdQ%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 152

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=6f8b6231-661d-4400-ac10-576cf4c60b13

Request Chain 153

https://pixel.onaudience.com/?partner=214&mapped=DCC50ABB-A51F-42BB-B968-385825186F75 HTTP 302
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/gdpr=1/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD/gdpr=1/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D HTTP 302
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=2b2f53d6c095692368fb96c3e51117c9&gdpr=1 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1 HTTP 302
https://pixel.onaudience.com/?partner=147&mapped=5542b651-74e0-43b0-bcc0-e55e758f3242&icm HTTP 302
https://spl.zeotap.com/?zdid=1332&zcluid=b2582d779e93e2cc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=df8b58e1-255a-4428-7adc-22a649ef2ade&reqId=db69811f-40b9-4239-7f25-723ebbf837c8&zcluid=b2582d779e93e2cc&zdid=1332 HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESEK7r680ToZRV3SToB4VkTIU&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=df8b58e1-255a-4428-7adc-22a649ef2ade&reqId=db69811f-40b9-4239-7f25-723ebbf837c8&zcluid=b2582d779e93e2cc&zdid=1332

Request Chain 154

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RENDNTBBQkItQTUxRi00MkJCLUI5NjgtMzg1ODI1MTg2Rjc1&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 155

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESENesrz6HCIZO5cDlpp1O1CY&google_cver=1

Request Chain 157

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=889783701472308710

Request Chain 158

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=5542b651-74e0-43b0-bcc0-e55e758f3242

Request Chain 159

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=690900610146768093&gdpr=0&gdpr_consent=

Request Chain 160

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=sYXUMbGB1TCqh4VhtIHKY7_W1DSqjtBlt4Dse5Nq

Request Chain 161

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MTYxZTFiYTFhMTkzYTdmOWNlNGViMTc5ZjU4YmJhMWQxYzg1MGY4Mw

Request Chain 163

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/jqH52YgOgf6LFSKw2820isn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8896300024226115066

Request Chain 164

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBUMjVCSzEtMUktR1MzMQ==

Request Chain 165

https://token.rubiconproject.com/token?pid=26594 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L0T25BK1-1I-GS31&sigv=1&esig=2~72a3c549e3366b73c4a6694ee80cde98d98c2d88

Request Chain 166

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L0T25BK1-1I-GS31

Request Chain 167

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESED3NkHKIdtQavBxTKNJJr7c&google_cver=1

Request Chain 173

https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1

Request Chain 174

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
https://ads.servenobid.com/sync?pid=312&uid=690900610146768093

Request Chain 175

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D HTTP 302
https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1 HTTP 302
https://ads.servenobid.com/sync?pid=310&uid=82e1398f1e3d8f43899e7919

Request Chain 177

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1647404576173 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1668328608 HTTP 302
https://sync.1rx.io/usersync/tradedesk/5542b651-74e0-43b0-bcc0-e55e758f3242 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-0b72df76-fc21-48b2-91f4-f400686849e2-003?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3DRX-0b72df76-fc21-48b2-91f4-f400686849e2-003 HTTP 302
https://ads.servenobid.com/sync?pid=321&uid=RX-0b72df76-fc21-48b2-91f4-f400686849e2-003

Request Chain 178

https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
https://ads.servenobid.com/sync?pid=324&uid=5107433822890608144

Request Chain 180

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
https://ads.servenobid.com/sync?pid=327&uid=bfa67b4e-b5ce-467b-9b81-5663b94118fd&gdpr=0&gdpr_consent=&us_privacy=1YN-

Request Chain 181

https://ups.analytics.yahoo.com/ups/58559/occ HTTP 302
https://ups.analytics.yahoo.com/ups/58559/occ?verify=true HTTP 302
https://ads.servenobid.com/sync?pid=337&uid=y-O6qqRyRE2uEGPAynN_zW7pxwqvw_a858Y1plCNw-~A

Request Chain 183

https://sync.adotmob.com/cookie/smart?r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D66%26partneruserid%3D%7Bamob_user_id%7D&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=66&partneruserid=076c220400979217c0ef4a7a&gdpr=0&gdprConsent=

Request Chain 184

https://dsp.adfarm1.adition.com/cookie/?ssp=5&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7075548777203562640&gdpr=0&gdpr_consent=

Request Chain 187

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YjFmICj7uT3ZSy5NFm43QQAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEJATwYOivVM3c6UeYMfIzt8&google_cver=1&gdpr=1

Request Chain 193

https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1 HTTP 302
https://um.simpli.fi/no_match_opted_out

Request Chain 196

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
https://rtb.gumgum.com/usersync?b=apn&i=690900610146768093

Request Chain 197

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_b355d1a4-c447-4be0-aafa-03631db4697b&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_b355d1a4-c447-4be0-aafa-03631db4697b&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2 HTTP 302
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2 HTTP 302
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=52ba1fe4-52f5-499e-86f0-9980a2edbeb2&ssp=gumgum2 HTTP 302
https://rtb.gumgum.com/usersync?b=bsw&i=990a7c93-5e2b-4736-9ca6-01adce6e9523

Request Chain 198

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
https://rtb.gumgum.com/usersync?b=obn&i=ENC%281WNwqea2D3cDkZn_gFgXutd8betaPKGpscMCVeK4g5Q7pgWgB1kHJGhKrBcBW_ta%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%281WNwqea2D3cDkZn_gFgXutd8betaPKGpscMCVeK4g5Q7pgWgB1kHJGhKrBcBW_ta%29 HTTP 302
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_b355d1a4-c447-4be0-aafa-03631db4697b&obuid=ENC(1WNwqea2D3cDkZn_gFgXutd8betaPKGpscMCVeK4g5Q7pgWgB1kHJGhKrBcBW_ta) HTTP 302
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
https://ups.analytics.yahoo.com/ups/58523/occ?gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING&redir=true HTTP 302
https://sync.outbrain.com/cookie-sync?p=oath_display&uid=y-O6qqRyRE2uEGPAynN_zW7pxwqvw_a858Y1plCNw-~A

Request Chain 199

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=opx&i=5af467b1-efa9-4733-b95c-fce926490942

Request Chain 201

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=oth&i=y-cID2Cz1E2pfSnXHbe_sIdL2tkQjwKdw2b36Y~A

Request Chain 205

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_b355d1a4-c447-4be0-aafa-03631db4697b&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://stags.bluekai.com/site/23178?id=_epFcD8HzjKJxHQcgswj&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2X3FOBDGGRBYJB5GUS2KPBEFCY3HON3WUJTVONPXA4TJOZQWG6J5GEWS2LI&gdpr=0&us_privacy=1--- HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2X3FOBDGGRBYJB5GUS2KPBEFCY3HON3WUJTVONPXA4TJOZQWG6J5GEWS2LI HTTP 302
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=_epFcD8HzjKJxHQcgswj&us_privacy=1---

Request Chain 206

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://usersync.gumgum.com/usersync?b=idi&i=bafd550c-a77f-4d5d-be29-8ec921152409

Request Chain 207

https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6070004013 HTTP 302
https://sync.1rx.io/usersync/tradedesk/5542b651-74e0-43b0-bcc0-e55e758f3242 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-0b72df76-fc21-48b2-91f4-f400686849e2-003

Request Chain 208

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
https://rtb.gumgum.com/usersync?b=pln&i=YUWIgLxkB9O2&ev=1&pid=558355

Request Chain 211

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
https://rtb.gumgum.com/usersync?b=mmh&i=6f8b6231-661d-4400-ac10-576cf4c60b13&gdpr=0&gdpr_consent=

Request Chain 212

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=YjFmIAANYxwqkQAy HTTP 302
https://usersync.gumgum.com/usersync?b=atm&i=YjFmIAANYxwqkQAy&gdpr=0&gdpr_consent=&_test=YjFmIAANYxwqkQAy

Request Chain 216

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=ttd&i=5542b651-74e0-43b0-bcc0-e55e758f3242&t=1649996576

Request Chain 217

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
https://eus.rubiconproject.com/usync.html?p=gumgum

Request Chain 219

https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
https://rtb.gumgum.com/usersync?b=sus&i=YjFmIMCo8YwAAEY8LeIAAAAA

Request Chain 220

https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
https://rtb.gumgum.com/usersync?b=rth&i=zzRgTLYREJu97APeWUUD&pi=gumgum&tc=1

220 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 /
href.li/ 446 B
324 B 150ms
127ms Document
text/html 192.0.78.26
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://href.li/?https://gofile.io/d/lm18aB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.26 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

server: nginx
date: Wed, 16 Mar 2022 04:22:51 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: br
x-ac: 2.hhn _dfw

GET
H2 200 Primary Request lm18aB Show response
gofile.io/d/ 28 KB
8 KB 103ms
12ms Document
text/html 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/d/lm18aB
Requested by: Host: href.li
URL: https://href.li/?https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: aa486dfb8b2e63ada84bbef7b8e69d90e400510f3c1e2bfeb22c5367c95ff927

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

cache-control: public, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 16 Mar 2022 04:22:51 GMT
etag: W/"7101-17f7a531e26"
last-modified: Fri, 11 Mar 2022 18:52:21 GMT
vary: Accept-Encoding
x-powered-by: Express

GET
H2 200 css
fonts.googleapis.com/ 9 KB
1 KB 136ms
48ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700&display=fallback

Requested by

Host: gofile.io
URL: https://gofile.io/d/lm18aB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c57098847132558434bebf01809e4be5dee35a9e4e67104f5325d0004dce68f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 02:42:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 16 Mar 2022 04:22:51 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 16 Mar 2022 04:22:51 GMT

GET
H2 200 all.min.css
gofile.io/plugins/fontawesome-free/css/ 58 KB
13 KB 22ms
20ms Stylesheet
text/css 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/fontawesome-free/css/all.min.css
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"e7d0-17e08e1ef29"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 adminlte.min.css
gofile.io/dist/css/ 1 MB
133 KB 21ms
20ms Stylesheet
text/css 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/dist/css/adminlte.min.css
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: 150fa4d262057d65d54da5b56ab877a8ac7c2175f9066e5fe901bed299148da1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"151a3f-17e08e1eec1"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 dark.min.css
gofile.io/plugins/sweetalert2/ 24 KB
4 KB 20ms
19ms Stylesheet
text/css 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/sweetalert2/dark.min.css
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: ddde9a4395ec0a76e64e0745068854bf75fd27848d5ec208df787dfe716642fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"5fac-17e08e1efd1"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 dropzone.min.css
gofile.io/plugins/dropzone/min/ 10 KB
2 KB 22ms
20ms Stylesheet
text/css 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/dropzone/min/dropzone.min.css
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: 9ff0aecab9bebf5e4d8a6d2627666b1251e50a4f2b689b3fe7b59e0ac2330ebe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"2666-17e08e1ef11"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
content-length: 1649

GET
H2 200 bootstrap-table.css
gofile.io/plugins/bootstrap-table/ 10 KB
2 KB 29ms
28ms Stylesheet
text/css 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/bootstrap-table/bootstrap-table.css
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: 9f2941c83a623b1ea748b494f9aeee6c0ac1f04716671b1f0e9258fd1b765b71

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"275e-17e08e1eee1"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
content-length: 2430

GET
H2 200 plyr.css
gofile.io/plugins/plyr/ 37 KB
6 KB 29ms
28ms Stylesheet
text/css 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/plyr/plyr.css
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: f8e7e4de1e9f1853967930e65e54635ba278937653525e048ec92f5639139f6d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"938f-17e08e1efbd"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 easymde.min.css
gofile.io/plugins/easymde/ 12 KB
3 KB 30ms
29ms Stylesheet
text/css 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/easymde/easymde.min.css
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: 0aed7796e0fc7c38c5d07d735facccdb22b8da8d819fddd6932613ed093ba388

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"3099-17e08e1ef11"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
content-length: 3252

GET
H2 200 tempusdominus-bootstrap-4.min.css
gofile.io/plugins/tempusdominus-bootstrap-4/css/ 12 KB
2 KB 31ms
29ms Stylesheet
text/css 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/tempusdominus-bootstrap-4/css/tempusdominus-bootstrap-4.min.css
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: 54bf53f507e33bf1060b3baee42b53596cc892c0241834ecf9f3b9d402ea3238

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"2ebf-17e08e1efd1"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
content-length: 1972

GET
H2 200 tagsinput.css
gofile.io/plugins/tagsinput/ 2 KB
824 B 30ms
29ms Stylesheet
text/css 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/tagsinput/tagsinput.css
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: 543eed863c785ee28516e5cca6e1ac5949e9ef069e3a3b795aed4724f5d442dc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"8cc-17e08e1efd1"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
content-length: 776

GET
H2 200 logo-small.png
gofile.io/dist/img/ 7 KB
7 KB 48ms
47ms Image
image/png 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gofile.io/dist/img/logo-small.png
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: d01dffdef6c5011e22a9fa1bebd9fcbb6d61f026316e1eaeac15e5da1aa7b2e1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"1d42-17e08e1eed5"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=0

GET
H2 200 bmac.png
gofile.io/dist/img/ 6 KB
6 KB 48ms
47ms Image
image/png 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gofile.io/dist/img/bmac.png
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: 0a3778ae563dd5b1c69c9ab4d7d2e22a228a9cbd28dac16295d334d67b7e3f57

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"1858-17e08e1eed5"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=0

GET
H2 200 patreon.png
gofile.io/dist/img/ 6 KB
7 KB 49ms
48ms Image
image/png 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gofile.io/dist/img/patreon.png
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: 0c68395ad843ce5107774011154103ae8d17d44f3cafc73e6395bdd05da753c7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"19b3-17e08e1eed5"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=0

GET
H2 200 user2-160x160.jpg
gofile.io/dist/img/ 7 KB
7 KB 49ms
48ms Image
image/jpeg 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gofile.io/dist/img/user2-160x160.jpg
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: 680f6c82f8fa9c070ae385a67ef92c0bbcba6759c5a5845a725102e7ec299622

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"1af9-17e08e1eedd"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=0

GET
H2 200 jquery.min.js Show response
gofile.io/plugins/jquery/ 87 KB
32 KB 34ms
31ms Script
application/javascript 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/jquery/jquery.min.js
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"15d9d-17e08e1ef45"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 bootstrap.bundle.min.js Show response
gofile.io/plugins/bootstrap/js/ 82 KB
23 KB 39ms
36ms Script
application/javascript 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/bootstrap/js/bootstrap.bundle.min.js
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"1499a-17e08e1eef1"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 gofile.js Show response
gofile.io/plugins/gofile/ 0
40 B 36ms
33ms Script
application/javascript 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/gofile/gofile.js
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"0-17e08e1ef35"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 0

GET
H2 200 adminlte.min.js Show response
gofile.io/dist/js/ 43 KB
11 KB 37ms
35ms Script
application/javascript 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/dist/js/adminlte.min.js
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: 755b3b63190824c756288c7e13867b28622bb07d8fecc1e3e160cdbf34f3b105

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"acd4-17e08e1eedd"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 blockies.min.js Show response
gofile.io/plugins/blockies/ 1 KB
775 B 37ms
34ms Script
application/javascript 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/blockies/blockies.min.js
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: 7d51de4d3843ea8ce29b55f76a92be3411aaed3a37f4bb90d8fd6562c2b612c1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"55b-17e08e1eedd"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
content-length: 727

GET
H2 200 sweetalert2.min.js Show response
gofile.io/plugins/sweetalert2/ 47 KB
15 KB 40ms
37ms Script
application/javascript 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/sweetalert2/sweetalert2.min.js
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: cad04f1e55ed6543d1dbd9672e6ea9f9d658c0053e8345e9c8cb160f88b4947e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"bb5d-17e08e1efd1"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 dropzone.min.js Show response
gofile.io/plugins/dropzone/min/ 112 KB
38 KB 43ms
40ms Script
application/javascript 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/dropzone/min/dropzone.min.js
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: fc4734a05c8fef24aff435e66dd05ac37e6a6ce3659862c9b8043fa3ebd7d457

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"1c06b-17e08e1ef11"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 qrcode.min.js Show response
gofile.io/plugins/qrcode/ 19 KB
7 KB 39ms
37ms Script
application/javascript 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/qrcode/qrcode.min.js
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: 85bd0e28180f06b7f944d35dd07ef1ce75d6d9b63c2d70cb8e65f8b566c43db4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"4dda-17e08e1efc1"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 bootstrap-table.min.js Show response
gofile.io/plugins/bootstrap-table/ 118 KB
36 KB 44ms
42ms Script
application/javascript 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/bootstrap-table/bootstrap-table.min.js
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: 80ca123439be07d55e834d09f2249ed7256307fb6b87500a8dabca7789437dee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"1d781-17e08e1eee5"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 moment.min.js Show response
gofile.io/plugins/moment/ 57 KB
19 KB 43ms
41ms Script
application/javascript 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/moment/moment.min.js
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: 73de4254959530e4d1d9bec586379184f96b4953dacf9cd5e5e2bdd7bfeceef7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"e5ee-17e08e1ef65"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 plyr.js Show response
gofile.io/plugins/plyr/ 117 KB
34 KB 45ms
43ms Script
application/javascript 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/plyr/plyr.js
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: 185eba1d38f44850f08ac5b08f3804f664e16d4bfcf2182577c36d492c23a94d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"1d2a5-17e08e1efbd"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 easymde.min.js Show response
gofile.io/plugins/easymde/ 311 KB
108 KB 45ms
43ms Script
application/javascript 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/easymde/easymde.min.js
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: f3ccbc819fab7a4b6d0865f260c6881016e28335d0681f49d2a6600fd48a9690

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"4dd16-17e08e1ef11"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 tempusdominus-bootstrap-4.min.js Show response
gofile.io/plugins/tempusdominus-bootstrap-4/js/ 60 KB
14 KB 45ms
44ms Script
application/javascript 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/tempusdominus-bootstrap-4/js/tempusdominus-bootstrap-4.min.js
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: 569a98cd5a225d69c9e8e586cea6eb7968d64b9a6ede62e8ab24122f2403e9a1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"f094-17e08e1efd5"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 tagsinput.js Show response
gofile.io/plugins/tagsinput/ 22 KB
6 KB 42ms
41ms Script
application/javascript 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/tagsinput/tagsinput.js
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: 57295e104846443dbc29750f239b02f5a399f19965af058889216450cb985387

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"5948-17e08e1efd1"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 marked.min.js Show response
gofile.io/plugins/marked/ 43 KB
16 KB 45ms
44ms Script
application/javascript 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/marked/marked.min.js
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: d10fcd57fbc3eb87320fe1469bcb522ded6c480f48ed51c511ef6da20f165760

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"aca2-17e08e1ef59"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 sha256.min.js Show response
gofile.io/plugins/sha256/ 9 KB
4 KB 45ms
44ms Script
application/javascript 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/sha256/sha256.min.js
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: 7157511697db744d384a5a2a8646af23f3c90560abf93bb240fdd690b29a898a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/d/lm18aB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"2339-17e08e1efc5"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
content-length: 3701

GET
H2 200 fa-solid-900.woff2
gofile.io/plugins/fontawesome-free/webfonts/ 76 KB
77 KB 30ms
29ms Font
font/woff2 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/fontawesome-free/webfonts/fa-solid-900.woff2
Requested by: Host: gofile.io
URL: https://gofile.io/plugins/fontawesome-free/css/all.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef

Request headers

Referer: https://gofile.io/plugins/fontawesome-free/css/all.min.css
Origin: https://gofile.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"13174-17e08e1ef31"
vary: Accept-Encoding
content-type: font/woff2
cache-control: public, max-age=0

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v19/ 13 KB
13 KB 160ms
79ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v19/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700&display=fallback

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

122854df4f39cf922db317714c2ff0eccab27a1028c14a5aa2211f48b7e0eade

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://gofile.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 18:06:53 GMT
x-content-type-options: nosniff
age: 555358
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12956
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 17:36:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 09 Mar 2023 18:06:53 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v19/ 13 KB
13 KB 128ms
47ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v19/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700&display=fallback

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://gofile.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 18:03:30 GMT
x-content-type-options: nosniff
age: 555561
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 17:39:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 09 Mar 2023 18:03:30 GMT

GET
H2 200 fa-brands-400.woff2
gofile.io/plugins/fontawesome-free/webfonts/ 75 KB
75 KB 31ms
31ms Font
font/woff2 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/fontawesome-free/webfonts/fa-brands-400.woff2
Requested by: Host: gofile.io
URL: https://gofile.io/plugins/fontawesome-free/css/all.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: 43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af

Request headers

Referer: https://gofile.io/plugins/fontawesome-free/css/all.min.css
Origin: https://gofile.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"12bdc-17e08e1ef2d"
vary: Accept-Encoding
content-type: font/woff2
cache-control: public, max-age=0

GET
H2 200 6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2
fonts.gstatic.com/s/sourcesanspro/v19/ 12 KB
13 KB 100ms
40ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v19/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700&display=fallback

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e286a9ef7d2064a4cf7026449941a557c7123aa84ef2a17cf79a38820f5474bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://gofile.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 18:07:06 GMT
x-content-type-options: nosniff
age: 555345
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12580
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 17:37:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 09 Mar 2023 18:07:06 GMT

GET
H2 404 umami.js
umami.gofile.io/ 0
0 143ms
16ms Script
text/plain 149.202.85.166
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://umami.gofile.io/umami.js
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.202.85.166 , France, ASN16276 (OVH, FR),
Reverse DNS: mail.gofile.io
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 plausible.js Show response
plausible.gofile.io/js/ 1 KB
1 KB 134ms
17ms Script
application/javascript 149.202.85.166
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://plausible.gofile.io/js/plausible.js

Requested by

Host: gofile.io
URL: https://gofile.io/d/lm18aB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.202.85.166 , France, ASN16276 (OVH, FR),

Reverse DNS

mail.gofile.io

Software

Cowboy /

Resource Hash

7eec3429c76cb48e5fd457c5afb71b7cf34bc4298d53023bae8aea715443b4a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
x-content-type-options: nosniff
server: Cowboy
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
cross-origin-resource-policy: cross-origin
content-length: 1332

GET
H2 200 getGeo Show response
api.gofile.io/ 214 B
447 B 72ms
9ms XHR
application/json 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://api.gofile.io/getGeo

Requested by

Host: gofile.io
URL: https://gofile.io/plugins/jquery/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.178.66.33 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31226493.ip-51-178-66.eu

Software

/ Express

Resource Hash

bd7138d876634edcb99c1d87639d87093533659531776ab2177d3a7f98bc01f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
x-content-type-options: nosniff
x-powered-by: Express
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: *
etag: W/"d6-5G/qvzQK8+GUfL1P3UhAB6RyHj4"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 214
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 263 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f97c1b98e687c3c6c00f53eb11a7795a511656bfd533099ac5ea353cc0ea3990

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 gofile.js Show response
cdn4.buysellads.net/pub/ 582 KB
205 KB 42ms
6ms Script
application/javascript 94.31.29.32
STACKPATH

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.32 Maida Vale, United Kingdom, ASN33438 (STACKPATH, US),
Reverse DNS: 94.31.29.32.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: fa2c12db4e6c27170f5bb79af6de8b2c9bdd94f7dc2acee94b6706c826f3dc9b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
content-encoding: gzip
last-modified: Tue, 15 Mar 2022 13:14:46 GMT
server: NetDNA-cache/2.2
x-amz-request-id: FVAHAQABKW9YD2AF
etag: W/"424e745af549c5bf55f05be346ef3c99"
x-cache: HIT
content-type: application/javascript
cache-control: max-age=31104000
x-amz-id-2: EFcHsXfb7BIODzJgD8oSjbzG0riewtwETG5HxWVxmbHufIbgBKnjqfVdjzaKTp/wONzXOifAzqc=
expires: Sat, 11 Mar 2023 04:22:51 GMT

GET
H2 200 createAccount Show response
api.gofile.io/ 67 B
130 B 57ms
57ms XHR
application/json 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://api.gofile.io/createAccount

Requested by

Host: gofile.io
URL: https://gofile.io/plugins/jquery/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.178.66.33 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31226493.ip-51-178-66.eu

Software

/ Express

Resource Hash

7b95179ac6f73e2caef39b3a782c523ad2ce768b72f9d2a9a2938836f489934b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
x-content-type-options: nosniff
x-powered-by: Express
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: *
etag: W/"43-/mFtDCivX8IgWGKBvx+niFSCvR4"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 67
x-xss-protection: 1; mode=block

POST
H2 202 event Show response
plausible.gofile.io/api/ 2 B
191 B 100ms
19ms XHR
text/plain 149.202.85.166
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://plausible.gofile.io/api/event
Requested by: Host: plausible.gofile.io
URL: https://plausible.gofile.io/js/plausible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.202.85.166 , France, ASN16276 (OVH, FR),
Reverse DNS: mail.gofile.io
Software: Cowboy /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
server: Cowboy
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 2
x-request-id: FtzBut4158-bDyUI-8RB

GET
H2 200 getAccountDetails Show response
api.gofile.io/ 296 B
359 B 22ms
22ms XHR
application/json 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://api.gofile.io/getAccountDetails?token=6r2G8MWgJExjqZ042yuyAOCgIdi1VHw7

Requested by

Host: gofile.io
URL: https://gofile.io/plugins/jquery/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.178.66.33 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31226493.ip-51-178-66.eu

Software

/ Express

Resource Hash

7f6aabe00294f5aa9538ac398d01f6f35c910c09fdb42ea64bef7f2db32e40c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:51 GMT
x-content-type-options: nosniff
x-powered-by: Express
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: *
etag: W/"128-Exly14gks3YbcxRkK562t6Xm4+Y"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 296
x-xss-protection: 1; mode=block

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 82 KB
28 KB 140ms
53ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3bca31a2b4885fc441f2ba7a1a4ae16d5f8c1103b337ad3a3c6a5e2169277f04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27823
x-xss-protection: 0
server: sffe
etag: "1159 / 209 of 1000 / last-modified: 1647382627"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 16 Mar 2022 04:22:52 GMT

GET
H2 200 acceptable.gif
cdn4.buysellads.net/ 43 B
368 B 195ms
195ms Image
image/gif 94.31.29.32
STACKPATH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn4.buysellads.net/acceptable.gif?ch=1&rn=8.844589299773169
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.32 Maida Vale, United Kingdom, ASN33438 (STACKPATH, US),
Reverse DNS: 94.31.29.32.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:52 GMT
last-modified: Fri, 19 Jul 2019 16:45:51 GMT
server: NetDNA-cache/2.2
x-amz-request-id: TNT49P55XJK3Y8ZX
etag: "b4491705564909da7f9eaf749dbbfbb1"
x-cache: MISS
content-type: image/gif
cache-control: max-age=31104000
accept-ranges: bytes
content-length: 43
x-amz-id-2: nXM+7NBQ2utQGqvTr07SsYs5zY0JaB2cD9GnaJw/3NtbdGXQh8m0K/C2LycTS2MCQBKPOV/VMWU=
expires: Sat, 11 Mar 2023 04:22:52 GMT

GET
H2 200 acceptable.gif
cdn4.buysellads.net/ 43 B
368 B 204ms
204ms Image
image/gif 94.31.29.32
STACKPATH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn4.buysellads.net/acceptable.gif?ch=2&rn=8.844589299773169
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.32 Maida Vale, United Kingdom, ASN33438 (STACKPATH, US),
Reverse DNS: 94.31.29.32.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:52 GMT
last-modified: Fri, 19 Jul 2019 16:45:51 GMT
server: NetDNA-cache/2.2
x-amz-request-id: TNTCJ67J2QHK6YKD
etag: "b4491705564909da7f9eaf749dbbfbb1"
x-cache: MISS
content-type: image/gif
cache-control: max-age=31104000
accept-ranges: bytes
content-length: 43
x-amz-id-2: 9UcFqxTic2Wsx3cXcCYdE+i6npB/yMTIsyl0CZFSDSD9XIZObM97h1wABsBJZlbsNeX3YqDD7U4=
expires: Sat, 11 Mar 2023 04:22:52 GMT

GET
DATA 200
OK truncated
/ 273 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c056c09f2bb6050b35013cc7746df64f135013292e3d173d1a4311cbe86409fc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 files.html Show response
gofile.io/contents/ 91 KB
18 KB 14ms
13ms XHR
text/html 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/contents/files.html
Requested by: Host: gofile.io
URL: https://gofile.io/plugins/jquery/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: f0db559643757236da1b7b82a1855c9d95339241e3ff9a77184dc37404ae7f5f

Request headers

Accept: text/html, */*; q=0.01
Referer: https://gofile.io/d/lm18aB
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:52 GMT
content-encoding: gzip
last-modified: Mon, 07 Mar 2022 21:21:59 GMT
x-powered-by: Express
etag: W/"16bd8-17f6642aa06"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 getContent Show response
api.gofile.io/ 843 B
929 B 185ms
185ms XHR
application/json 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://api.gofile.io/getContent?contentId=lm18aB&token=6r2G8MWgJExjqZ042yuyAOCgIdi1VHw7&websiteToken=websiteToken

Requested by

Host: gofile.io
URL: https://gofile.io/plugins/jquery/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.178.66.33 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31226493.ip-51-178-66.eu

Software

/ Express

Resource Hash

ede776a5364be2c5b90736033c8c1213ec14ec309ca3bc31a01448eb068d14f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:52 GMT
x-content-type-options: nosniff
x-powered-by: Express
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: *
etag: W/"34b-bUwFi6YPpD0kePY0GhDO9Ybmu+o"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 843
x-xss-protection: 1; mode=block

GET
H2 200 pubads_impl_2022030702.js Show response
securepubads.g.doubleclick.net/gpt/ 364 KB
122 KB 124ms
39ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030702.js?cb=31065569

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

bf21717eb9d6b396f3a9a20f66d264678ebbffac2b8bdce1a864b61b7346eaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 18:37:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35133
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124753
x-xss-protection: 0
last-modified: Mon, 07 Mar 2022 21:16:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 15 Mar 2023 18:37:19 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 158 B
741 B 132ms
48ms XHR
application/json 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=gofile.io

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

7ec9a66beb8a31694180b2ca6564511b740659bffa8faee4b0824ef05370797c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Mar 2022 04:22:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 105
x-xss-protection: 0
expires: Wed, 16 Mar 2022 04:22:52 GMT

GET
H2 200 fa-regular-400.woff2
gofile.io/plugins/fontawesome-free/webfonts/ 13 KB
13 KB 10ms
10ms Font
font/woff2 51.178.66.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gofile.io/plugins/fontawesome-free/webfonts/fa-regular-400.woff2
Requested by: Host: gofile.io
URL: https://gofile.io/plugins/fontawesome-free/css/all.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.66.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31226493.ip-51-178-66.eu
Software: / Express
Resource Hash: 8afc6e5e842baab16010c2ce6fcf48ec4ded8e1579a37c1f1bc027e120d04951

Request headers

Referer: https://gofile.io/plugins/fontawesome-free/css/all.min.css
Origin: https://gofile.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:52 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 01:08:51 GMT
x-powered-by: Express
etag: W/"33dc-17e08e1ef2d"
vary: Accept-Encoding
content-type: font/woff2
cache-control: public, max-age=0

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v19/ 13 KB
13 KB 40ms
40ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v19/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700&display=fallback

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://gofile.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 18:04:09 GMT
x-content-type-options: nosniff
age: 555523
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12924
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 17:39:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 09 Mar 2023 18:04:09 GMT

GET
H2 200 plyr.svg Show response
cdn.plyr.io/3.6.4/ 6 KB
3 KB 43ms
16ms XHR
image/svg+xml 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.plyr.io/3.6.4/plyr.svg
Requested by: Host: gofile.io
URL: https://gofile.io/plugins/plyr/plyr.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4846018760f6e11a8a1dea7639a5c75c712f198d978eccf117840820bb8c37d7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:52 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6038167
x-cache: HIT, HIT, HIT
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 3CPFMF5BYNK9NS81
x-amz-id-2: PBY7GZw2IccippWepZJ/wPcoqzRORrv6Jd5j1H+mf6CRYj6xeiKIiGnogrHiabalZSwa5keMXgo=
x-served-by: cache-dca12922-DCA, cache-iad-kcgs7200104-IAD, cache-fra19142-FRA
last-modified: Fri, 29 Jan 2021 12:37:51 GMT
server: cloudflare
x-timer: S1641366405.161985,VS0,VE0
etag: W/"3a727a9b7eef825081d78cc6e48aaadf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iygUm%2FgcMAlpPkvraHmCcRDw%2FaRGo5lkta3RnftTRDGR%2BSjtV1r2wqNf5lJdFcKRxF2HFNzuuun9IjZkMafzP%2Fza3XmNUKpz0Y00z1lo35pW%2BwR5TcQQFR6DcEnsBkPSvVl9XmsTqG4xrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Date, Cache-Control, Content-Type, Accept, Origin, Accept
cache-control: max-age=31536000, immutable
cf-ray: 6ecab5d0be115c56-FRA
x-cache-hits: 1, 1, 3

GET
H2 200 CEAIT27Y.json Show response
srv.buysellads.com/ads/ 931 B
664 B 381ms
107ms Fetch
application/json 159.203.25.119
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://srv.buysellads.com/ads/CEAIT27Y.json?forcebanner=443748&ignoretargeting=yes
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.203.25.119 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: srv-ca-to-1.buysellads.com
Software: //srv.buysellads.com /
Resource Hash: 907fd0bf7d06cbd2ec108f95dffeee6095abf558973991fc1cc5d07be859ae56

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 16 Mar 2022 04:22:52 GMT
content-encoding: gzip
server: //srv.buysellads.com
content-length: 551
vary: Accept-Encoding
content-type: application/json; charset=utf-8

GET
H2 200 localstore.js Show response
script.4dex.io/ 483 B
941 B 41ms
15ms Script
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 50543
x-amz-request-id: tx49bf2f54a4dc42ebbf858-006230a0ad
x-amz-id-2: tx49bf2f54a4dc42ebbf858-006230a0ad
last-modified: Tue, 15 Mar 2022 14:20:20 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8p%2FQYlT63h1wfcJK5AhgGcko65TazQEpZKXGDZa91CG8w3811r4zlAtIgkc3c1OMmy%2B1SDDbRL5FMA%2F6gZ5gYfC2qfiO%2BihG2oiDdT99hkmRzpj4t4L8p%2BgNYIYxr8N%2F0rV7t7hb3YjePn2K"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-version-id: 1647354020753810
cf-ray: 6ecab5d26cd59b49-FRA

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 112ms
71ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969544017c7c276e6e27f4ecfe0019&pos=8a969544017c7c276e6e280a57d4001b&cmd=bid&secure=1
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 6d65d278ec9eb780d03ddc84b9b8df46fa4f50754f36677cb7d284d5b27870b0

Request headers

Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 16 Mar 2022 04:22:52 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
287 B 109ms
68ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969544017c7c276e6e27f4ecfe0019&pos=8a969d17017c7c2764ee2809e73b0016&cmd=bid&secure=1
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: c032f457a22939a4ffc32054beb78ec9a083aac1d3afa09ce6286ca77762eb25

Request headers

Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 16 Mar 2022 04:22:52 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 113ms
73ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969544017c7c276e6e27f4ecfe0019&pos=8a969544017c7c276e6e280a57d4001b&cmd=bid&secure=1
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: c763dd2017f51a33c4dcf135434388b7ac300c9595d4e5bb567960e596358f39

Request headers

Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 16 Mar 2022 04:22:52 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 118ms
77ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969544017c7c276e6e27f4ecfe0019&pos=8a969d17017c7c2764ee2809e73b0016&cmd=bid&secure=1
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 21cd44e7d4bbf13a5df9e60c0245680c5e23cc9733db60422c579db95a5f3b58

Request headers

Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 16 Mar 2022 04:22:52 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-credentials: true
content-length: 62

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 303 B
1 KB 92ms
16ms XHR
application/json 2602:803:c003:200::51
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=403740&zone_id=2261212&size_id=2&alt_size_ids=55&rp_schain=1.0,1!buysellads.com,14948,1,,,&rf=https%3A%2F%2Fgofile.io%2Fd%2Flm18aB&tk_flint=pbjs_lite_v4.43.0&x_source.tid=5b77d8ce-50cd-4704-8817-faa418603603&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.44960951660880566
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::51 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: b9884967d513a83c3f78d34cea62c19f0e4656c747ea333a897269eed5cd3d18

Request headers

Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 04:22:52 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://gofile.io
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 303
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 303 B
1 KB 92ms
16ms XHR
application/json 2602:803:c003:200::51
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=403740&zone_id=2261212&size_id=2&alt_size_ids=55&rp_schain=1.0,1!buysellads.com,14948,1,,,&rf=https%3A%2F%2Fgofile.io%2Fd%2Flm18aB&tk_flint=pbjs_lite_v4.43.0&x_source.tid=501c40cc-f804-415e-a9f9-7c0e1613334e&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8945824191972176
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::51 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 27c49b3975aa858e509627f334a552d16873858ab26aac92f34fb87ec96b6143

Request headers

Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 04:22:52 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://gofile.io
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 303
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 31 KB
12 KB 216ms
188ms XHR
application/json 185.33.221.88
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.88 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

783745ffc7062b10c2330658ae810693bdac5a5e0d06afa886807fc803af3305

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 16 Mar 2022 04:22:52 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 4445077c-9557-4f24-90b0-89c0187526bd
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://gofile.io
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
109 B 58ms
10ms XHR
text/plain 18.159.54.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.159.54.110 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-54-110.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://gofile.io
date: Wed, 16 Mar 2022 04:22:52 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
108 B 146ms
98ms XHR
text/plain 18.159.54.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.159.54.110 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-54-110.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://gofile.io
date: Wed, 16 Mar 2022 04:22:52 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
108 B 88ms
41ms XHR
text/plain 18.159.54.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.159.54.110 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-54-110.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://gofile.io
date: Wed, 16 Mar 2022 04:22:52 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
108 B 60ms
12ms XHR
text/plain 18.159.54.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.159.54.110 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-54-110.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://gofile.io
date: Wed, 16 Mar 2022 04:22:52 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 200 adreq Show response
ads.servenobid.com/ 87 B
415 B 106ms
31ms XHR
application/json 52.19.209.179
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=4143
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.209.179 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-209-179.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 067202c8cbcb9d03bd44cfa501da78fbfe7ae53dbb3031716d7c7f5da32e5168

Request headers

Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 16 Mar 2022 04:22:52 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://gofile.io
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
356 B 24ms
7ms XHR
application/json 51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.38.120.206 , France, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://gofile.io
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H2 200 v1 Show response
hb-api.omnitagjs.com/hb-api/prebid/ 714 B
1 KB 206ms
165ms XHR
application/json 185.255.84.151
IGUANE-

General

Check archive.org

Show headers Download Go to

Full URL

https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fgofile.io%2Fd%2Flm18aB&PublisherDomain=https%3A%2F%2Fgofile.io

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.151 , France, ASN200271 (IGUANE-, FR),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

a0cbaa60f56bdd8769b62ba1002b7c54306e2d28b35f7495cde94edcf5f7c539

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:52 GMT
x-content-type-options: nosniff
server: ayl-lb-fra02
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-max-age: 3600
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 149
access-control-allow-headers: Accept-Encoding, Content-Type
content-length: 714
expires: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
111 B 357ms
77ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://gofile.io
date: Wed, 16 Mar 2022 04:22:50 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 prebid Show response
mp.4dex.io/ 99 B
542 B 91ms
51ms XHR
application/json 2606:4700::6812:372
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:372 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5dc2cf343491eece9dde6fb0972278df0ade7bea4d47ea45a5b03b5dae890e31

Request headers

Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

cf-ray: 6ecab5d2ae718fe0-FRA
pragma: no-cache
date: Wed, 16 Mar 2022 04:22:52 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
x-warn: Selecting bids. No selected bids
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
server: cloudflare
expires: 0

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
920 B 117ms
78ms XHR
application/json 34.107.148.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CU18831I
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: af292b8cb1c745bd6c592fefaf9477c37efe47b1a65f04adaa824dbdd1cdf80d

Request headers

Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:52 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://gofile.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 cdb Show response
bidder.criteo.com/ 18 B
306 B 81ms
39ms XHR
application/json 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.43.0&cb=16160555751

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://gofile.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 16 Mar 2022 04:22:52 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 44

GET
H2 200 adagio.js Show response
script.4dex.io/ 72 KB
23 KB 52ms
22ms Fetch
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 327f60006e399d96d711bc4bc9b08b12cdd2f0a600a3c26edde260b30aa3e6b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 50524
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: txac06babcb9ad45bcaa7eb-006230a0af
x-amz-id-2: txac06babcb9ad45bcaa7eb-006230a0af
last-modified: Tue, 15 Mar 2022 14:20:19 GMT
server: cloudflare
etag: W/"ad0d3c45f41a818ade0dc83d4b687ff1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kzH1NanWa9dv1fzsrLZJ0anepWuur2AAuB9rYKW8DDw6%2BFOkuIk6KpvDQvUtpny%2FmoCVuixOhBLdrqOJ3yRPTHuCqWwpOe7YLrkSUYDDjXzsS4n%2BWIizpm1ecFXDCz8mbXdr1CC4YW63Y0N7"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1647354019224084
cf-ray: 6ecab5d2bbdf918e-FRA
access-control-allow-headers: Authorization

GET
H2 200 prebid-universal-creative.js Show response
cdn4.buysellads.net/pub/ Frame 27FF 26 KB
10 KB 7ms
7ms Script
application/javascript 94.31.29.32
STACKPATH

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.buysellads.net/pub/prebid-universal-creative.js?1.13.0
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.32 Maida Vale, United Kingdom, ASN33438 (STACKPATH, US),
Reverse DNS: 94.31.29.32.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 4b849c029d79403f00e62773f95223cfd9d2b9864d548ee7321d76be8ff08414

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:52 GMT
content-encoding: gzip
last-modified: Wed, 16 Mar 2022 04:16:09 GMT
server: NetDNA-cache/2.2
x-amz-request-id: RBACXS4SRFFH7J5A
etag: W/"b66808e5410bb259f426ef23fca602b6"
x-cache: HIT
content-type: application/javascript
cache-control: max-age=31104000
x-amz-id-2: NNnWGn0q7ynviEB595kgvoYYMNx/hemUeVwft7HRnwi0iR+sgbZ7lpecG9xoHD6cTZ8BtiztiNk=
expires: Sat, 11 Mar 2023 04:22:52 GMT

GET
H2 200 CESIE27I.json Show response
srv.buysellads.com/ads/ 935 B
587 B 106ms
106ms Fetch
application/json 159.203.25.119
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://srv.buysellads.com/ads/CESIE27I.json?forcebanner=443943&ignoretargeting=yes
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.203.25.119 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: srv-ca-to-1.buysellads.com
Software: //srv.buysellads.com /
Resource Hash: 5665b2e47fd5e606eb9472c714f7812a2fe489aeac592a6f5dd720558cf5b103

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 16 Mar 2022 04:22:52 GMT
content-encoding: gzip
server: //srv.buysellads.com
content-length: 557
vary: Accept-Encoding
content-type: application/json; charset=utf-8

GET
H2 200 prebid-universal-creative.js Show response
cdn4.buysellads.net/pub/ Frame 7CD6 26 KB
10 KB 12ms
12ms Script
application/javascript 94.31.29.32
STACKPATH

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.buysellads.net/pub/prebid-universal-creative.js?1.13.0
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.32 Maida Vale, United Kingdom, ASN33438 (STACKPATH, US),
Reverse DNS: 94.31.29.32.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 4b849c029d79403f00e62773f95223cfd9d2b9864d548ee7321d76be8ff08414

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:52 GMT
content-encoding: gzip
last-modified: Wed, 16 Mar 2022 04:16:09 GMT
server: NetDNA-cache/2.2
x-amz-request-id: RBACXS4SRFFH7J5A
etag: W/"b66808e5410bb259f426ef23fca602b6"
x-cache: HIT
content-type: application/javascript
cache-control: max-age=31104000
x-amz-id-2: NNnWGn0q7ynviEB595kgvoYYMNx/hemUeVwft7HRnwi0iR+sgbZ7lpecG9xoHD6cTZ8BtiztiNk=
expires: Sat, 11 Mar 2023 04:22:52 GMT

GET
H2 200 CEADT23L.json Show response
srv.buysellads.com/ads/ 0
52 B 106ms
106ms Fetch
application/json 159.203.25.119
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://srv.buysellads.com/ads/CEADT23L.json?forcebanner=443942&ignoretargeting=yes
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.203.25.119 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: srv-ca-to-1.buysellads.com
Software: //srv.buysellads.com /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 16 Mar 2022 04:22:52 GMT
content-encoding: gzip
server: //srv.buysellads.com
content-length: 23
vary: Accept-Encoding
content-type: application/json; charset=utf-8

GET
H/1.1

200
OK

request.php Show response
ad.ad-srv.net/ Frame 8CC0
Redirect Chain

https://ad.ad-srv.net/request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D2806915869715378998%26mt_id%3D7515751%26mt_adid%3D234495...
https://ad.ad-srv.net/request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D2806915869715378998%26mt_id%3D7515751%26mt_adid%3D234495...

5 KB
2 KB

62ms
40ms

Document
text/html

46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ad-srv.net/request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D2806915869715378998%26mt_id%3D7515751%26mt_adid%3D234495%26redirect%3D&subid=5637254_2806915869715378998&random=2806915869715378998&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=MM_SSP:apn&extVar[]=MM_DOM_RTB:gofile.io&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&documentReferer=https%3A%2F%2Fgofile.io%2Fd%2Flm18aB&ancestorOrigins=https%3A%2F%2Fgofile.io&uidRedirect=1
Requested by: Host: href.li
URL: https://href.li/?https://gofile.io/d/lm18aB
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: bafec5f524f6bea31f6ca01b7dd3ccd8c0cbf4a6c5b4d9783f9cb2bda56479e8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/

Response headers

Date: Wed, 16 Mar 2022 04:22:53 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Wed, 16 Mar 2022 04:22:53 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-NEORY-SubId: 45609000012480501319921011900002
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1733
Connection: close
Content-Type: text/html; charset=utf-8

Redirect headers

Date: Wed, 16 Mar 2022 04:22:52 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Wed, 16 Mar 2022 04:22:52 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D2806915869715378998%26mt_id%3D7515751%26mt_adid%3D234495%26redirect%3D&subid=5637254_2806915869715378998&random=2806915869715378998&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=MM_SSP:apn&extVar[]=MM_DOM_RTB:gofile.io&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&documentReferer=https%3A%2F%2Fgofile.io%2Fd%2Flm18aB&ancestorOrigins=https%3A%2F%2Fgofile.io&uidRedirect=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK rd_log Show response
ams1-ib.adnxs.com/ Frame 27FF 0
806 B 59ms
13ms Script
text/html 185.33.221.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fgofile.io%2Fd%2Flm18aB&e=wqT_3QL9Eej9CAAAAwDWAAUBCJzMxZEGEIGpl7TE_uz-AhgAKjYJXwmkxK7tnT8RfwdQnVjxlz8ZAAAAgBSu1z8hfw0SACkRJMgxAAAAQOF6pD8wyaevCzjKQUAdSAhQtP-uiwFYmNVSYABoz_hreNqOBYABAYoBA1VTRJIFBvBemAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgCAOACn_A_6gIaaHR0cHM6Ly9nb2ZpbGUuaW8vZC9sbTE4YULyAhwKD1tCSURfQVRUUi5zaXRlXRIJZ28NKBTyAhoKE1sVH_A-ZXhjaGFuZ2VdEgNhcG7yAiYKD1tSQU5ET01fTlVNQkVSXRITMjgwNjkxNTg2OTcxNTM3ODk5OPICHQoSW0FEDWTwhnRyYXRlZ3ldEgc1NjM3MjU08gLvAQoaW1VORU5DT0RFRF9DTElDS19SRURJUkVDVF0S0AFodHRwczovL3BpeGVsLm1hdGh0YWcuY29tL2NsaWNrL2ltZz9leGNoX2FpZD00NjIyMDA1MTA2NzI4ODcyODM2Jm10X2FpZD0yODA2OTE1ODY5NxGeNCZtdF9pZD03NTE1NzUxAQ4oYWRpZD0yMzQ0OTUBDwxzaWQ9DaoBDxhleGlkPTEzAQsYaW5hcHA9MAELCG9zPQEHDGxwPWgBq-glM0EvL3d3dy5rYXNwZXJza3kuZGUvJnJlZGlyZWN0PfICHgoUW0FEX0FUVFIuYWR2ZXJ0aXNlcl0SBgl5NjQBKGNyZWF0aXZlXRIHDagQ8gIoChE5mhRiaWRfaWRefwGAhQoKEltOT1RJRklDQVRJT05fVVJJXRLuCTxpbWcgc3JjCbUYOi8vdGFnczJfARRub3RpZnk1YBg9YXBuJnNfQQkFCyEbwGFXOTVxMmpMekl6THlBdlRqSldiRmx0VlRKTmFtZDBUVVJCZDAxRE1IZE5SRUYzVEYFEBBFUVhSTgUQCSAIRVFYCSDwsEx6STRNRFk1TVRVNE5qazNNVFV6TnpnNU9UZ3ZOelV4TlRjMU1TODFOak0zTWpVMEx6RXpMM1l3TjBSWWRDMXNhMkZUTjFCV1VWWmFMWEJKYkhKVlJVWnFWRGg0UjFCWVgyVjBVRTAxVVU1WFUyc3ZNUzh4TXk4d0x6QXZNVEU0TXpRM055OHpNVEUzTnpnek9UZzBMekl6TkRRNU5TODNORFl6TkRVdk1TOHdMekF2VDbAAMrwAAxBdk1DDYB8Qzh5T0RBMk9URTFPRFk1TnpFMU16YzRPVGs0TDNweWEFKJBJd01ERXZNakl2T1RrNUx6STFPQzh4T0RVdU1qRXpMakUxTlM0AZyIdU1EQXdMekUyTkRjME1EUTFOekl2TVRZME56UXhOekUzTWkF_PBANE16azBMdy9tcHY1ci1lNnJkdXJYRkViYm9XRGdodUpQbXcmbm9kZWlkPTE2MjEmZ3JvdXA9enJoJmF1Y3Rpb25hMEb4AyQmc2hhcmRrZXk9Uh0AQTyJAQQmY32B8JVicD1hX2FjamNjaCZuZnlfYWN0PUxENXdldyZiZmlwPTE4NS4yOS4xMzMuNTkmdHlwZT1pbXAmY2xpZW50PWMycyB3aWR0aD0xIGhlaWdodD0xPlx4M0NkaXYgd2lkdGg9JzEnIGhlaWdodD0nMScgc3R5bGU9J2Rpc3BsYXk6bm9uZTsgb3ZlcmZsb3c6aGlkZGVuJz4BQ2UtAHQFLjRsZWZ0Oi0xMHB4O3RvcA0KECBwb3NpIQ8kOmFic29sdXRlJ2VdACeFE1K-BBBldmVudGVeiYYYMTM2ODg3NYFLiYYcMTY3NjQmdjGBcgR2MlJJATB2Mz03NDYzNDUmdjQ9MVIIdjU9jSoBTERuc3luYz0xJm5vX2F0dHI9MSctJQAnNgwBBC8-UugAADkR5wEJguYAQkQEGeUAdCGuKG1tSW1wVHJhY2smlUgAYl5CAgB0FdIkdGltZT1bSU1QX6U0AQ8AXS6WAnLTAPB9L2Rpdj6AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AOT0cMB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDzE4NS4yMTMuMTU1LjE3NqgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8AS04c5YiAUBmAUAoAWE1_bE_6SqkkDABQDJBQAFARTwP9IFCQkFC3wAAADYBQHgBQHwBaXVPfoFBAgAEACQBgCYBgC4BgDBBgEhNAAA8D_QBrejAdoGFgoQCRIZAVwQABgA4AYB8gYCCACABwGIBwCgBwGqBwZJJAi6Bw8BUkgYACAAMAA4ugZAAMgH2o4F0gcNFYABQQjaBwYJJ0TgBwDqBwIIAPAH7PsDiggCEAA.&s=43e9a8a89469e37d185e0c29185571e043374627&bdref=https%3A%2F%2Fgofile.io%2Fd%2Flm18aB&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fgofile.io%2Fd%2Flm18aB,https%3A%2F%2Fgofile.io%2Fd%2Flm18aB&

Requested by

Host: href.li
URL: https://href.li/?https://gofile.io/d/lm18aB

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.90 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 04:22:52 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 2d1643bd-49e2-45fe-8ab5-40e9c854472e
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/224/ Frame 27FF 85 KB
29 KB 43ms
7ms Script
application/x-javascript 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/224/trk.js
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c652cb3dcc3b49133285c42c49b296c3a3af4f9fceffde1022a6e3539e2422b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 04:22:52 GMT
Content-Encoding: gzip
Age: 1711462
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 29216
X-Served-By: cache-lga21958-LGA, cache-hhn4032-HHN
Access-Control-Allow-Origin: *, *
Last-Modified: Thu, 24 Feb 2022 08:58:20 GMT
Server: AkamaiNetStorage
X-Timer: S1647404573.978218,VS0,VE0
ETag: "80cd3e09497c9fa4207d756c9d41697c:1645693100.060631"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Via: 1.1 varnish, 1.1 varnish
Expires: Fri, 24 Feb 2023 08:58:29 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 2, 294326

GET
H/1.1 200
OK it
ams1-ib.adnxs.com/ Frame 27FF 0
806 B 61ms
16ms Image
text/html 185.33.221.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ams1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fgofile.io%252Fd%252Flm18aB&e=wqT_3QK5Cug5BQAAAwDWAAUBCJzMxZEGEIGpl7TE_uz-AhgAKjYJXwmkxK7tnT8RfwdQnVjxlz8ZAAAAgBSu1z8hfw0SACkRJMgxAAAAQOF6pD8wyaevCzjKQUAdSAhQtP-uiwFYmNVSYABoz_hreNqOBYABAYoBA1VTRJIFBvS1BJgB2AWgAVqoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAgDgAp_wP-oCGmh0dHBzOi8vZ29maWxlLmlvL2QvbG0xOGFCgAMAiAMBkAMAmAMXoAMBqgOoBgrgBWh0dHA6Ly90YWdzLm1hdGh0YWcuY29tL25vdGlmeS9pbWc_ZXhjaD1hcG4mc19leGNoPWFwbiZpZD01YVc5NXEyakx6SXpMeUF2VGpKV2JGbHRWVEpOYW1kMFRVUkJkMDFETUhkTlJFRjNURlJCZDAxRVFYUk5SRUYzVFVSQmQwMUVRWGROUkVGM0x6STRNRFk1TVRVNE5qazNNVFV6TnpnNU9UZ3ZOelV4TlRjMU1TODFOak0zTWpVMEx6RXpMM1l3TjBSWWRDMXNhMkZUTjFCV1VWWmFMWEJKYkhGeWJtbDVOVTQwTW5SU1lVVlpVM05oUzNJeVlVMHZNUzh4TXk4d0x6QXZNVEU0TXpRM055OHpNVEUzTnpnek9UZzBMekl6TkRRNU5TODNORFl6TkRVdk1TOHdMekF2VFVSQmQwMUVRWGROUkVGMFRVUkJkMDFETUhkTlJFRjNURlJCZDAxRVFYUk5SRUYzVFVSQmQwMUVRWGROUkVGM0x6QXZNQzh3THpBdk1DOHlPREEyT1RFMU9EWTVOekUxTXpjNE9UazRMM3B5YUM4d0x6SXdNREV2TWpJdk9UazVMekkxT0M4eE9EVXVNakV6TGpFMU5TNHdMekF1TURBd0x6RTJORGMwTURRMU56SXZNVFkwTnpReE56RTNNaTh4TXk4NE16azBMdy9NY2N0SVhpZEJ0ZVNNRU5YUHNJYXZkaVJIWW8mbm9kZWlkPTE2MjEmZ3JvdXA9enJoJmF1Y3Rpb25pZD0yODA2OTE1ODY5NzE1Mzc4OTk4JnNoYXJka2V5PTI4MDY5MTU4Njk3MTUzNzg5OTgmcHJpY2U9JHtBVUNUSU9OX1BSSUNFfSZuZnlfYWN0PUxENXdmM1UmYmZpcD0xODUuMjkuMTMzLjU5JnNpZD01NjM3MjU0JmNpZD03NTE1NzUxJnNyYz1hcGkmdHlwZT1idXJsJmNsaWVudD1zMnMSEzI4MDY5MTU4Njk3MTUzNzg5OTgaEjIxNTUyNjIxODkyMDIxOTc3NyIJMjkyMjc0MTAwKgYxMDE2NDk6Bzc1MTU3NTHAA6wCyAMA2AOT0cMB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDzE4NS4yMTMuMTU1LjE3NqgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8AS0_66LAYgFAZgFAKAFhNf2xP-kqpJAwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFpdU9-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBrejAdoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHBjc0NjM0NboHDwgAEAAYACAAMAA4ugZAAMgH2o4F0gcNCQAAAAAAAAAAEAAYANoHBggAEAAYAOAHAOoHAggA8Afs-wOKCAIQAA..&s=8d35ba51df353be13422088db577423180293f18

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.90 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 04:22:52 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 64bb6cf9-ecfb-4685-8cba-f39bc0ffb2eb
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

ck-confirm
tags.mathtag.com/ Frame 27FF
Redirect Chain

https://tags.mathtag.com/notify/img?exch=apn&s_exch=apn&id=5aW95q2jLzIzLyAvTjJWbFltVTJNamd0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzI4MDY5MTU4Njk3MTUzNzg5OTgvNzUxNTc1MS81NjM3MjU0LzEzL3YwN0...
https://tags.mathtag.com/ck-confirm?bid_id=2806915869715378998&node_id=1621&exch_id=13

49 B
330 B

14ms
13ms

Image
image/gif

185.29.132.246
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=2806915869715378998&node_id=1621&exch_id=13
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: HTTP/1.1
Server: 185.29.132.246 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.304.1 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 04:22:53 GMT
Server: MMBD/3.304.1
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x82, zrh-bidder-x132
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Wed, 16 Mar 2022 04:22:52 GMT

Redirect headers

Date: Wed, 16 Mar 2022 04:22:53 GMT
x-mm-bid-request-time: 1647404572
Last-Modified: Wed, 16 Mar 2022 04:22:52 GMT
Server: MMBD/3.304.1
x-mm-latency: 1 (0)
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://tags.mathtag.com/ck-confirm?bid_id=2806915869715378998&node_id=1621&exch_id=13
x-mm-dbg: Invalid
Cache-Control: no-cache
x-mm-host: zrh-router-x78, zrh-bidder-x132
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Keep-Alive: timeout=360
Content-Length: 86
Expires: Wed, 16 Mar 2022 04:22:52 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 27FF 43 B
551 B 361ms
23ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=13&v2=2806915869715378998&v3=746345&v4=5637254&v5=7515751&mt_nsync=1&no_attr=1
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 4256 109297d master cdg-pixel-x27 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 04:22:53 GMT
Server: MT3 4256 109297d master cdg-pixel-x27 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 16 Mar 2022 04:22:52 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 27FF 49 B
330 B 303ms
12ms Image
image/gif 185.29.132.246
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=apn&bid=2806915869715378998&st=5637254&time=[IMP_ATTR.time]&nodeid=1621
Requested by: Host: gofile.io
URL: https://gofile.io/d/lm18aB
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.246 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.304.1 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 04:22:53 GMT
Server: MMBD/3.304.1
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x24, zrh-bidder-x132
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Wed, 16 Mar 2022 04:22:52 GMT

GET
H2 200 render_post_ads_v1.html Show response
googleads.g.doubleclick.net/pagead/ Frame 3977 13 KB
5 KB 121ms
38ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04f5d63c75f9fabede423b3d013e6efd9a448190898a34499a4010a59014a8d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4980
x-xss-protection: 0
date: Wed, 16 Mar 2022 04:09:13 GMT
expires: Thu, 17 Mar 2022 04:09:13 GMT
cache-control: public, max-age=86400
age: 820
etag: 12223946614886178233
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 xbfe_backfill.js Show response
googleads.g.doubleclick.net/pagead/ Frame 7CD6 12 KB
5 KB 124ms
40ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8996d7b9fba17a4ad4880bb154f6b56d33f9ff87ecf4f830bc0488cdc1616f55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 03:24:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3533
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5307
x-xss-protection: 0
server: cafe
etag: 5818309846818389003
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 16 Mar 2022 04:24:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7CD6 0
442 B 134ms
47ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=awbid&awbid_b=AKAmf-DCfpKB_SZIMm-Mt3mrbjwWrXOYW5YPrQ0Qj6mPm3--QLuuyFEiXO18tmvtLikWAGOntEgGfgehG8GiWCfaI5xW7aGLDg

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/224/ Frame 7CD6 85 KB
29 KB 37ms
6ms Script
application/x-javascript 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/224/trk.js
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c652cb3dcc3b49133285c42c49b296c3a3af4f9fceffde1022a6e3539e2422b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 04:22:52 GMT
Content-Encoding: gzip
Age: 1711462
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 29216
X-Served-By: cache-lga21958-LGA, cache-hhn4031-HHN
Access-Control-Allow-Origin: *, *
Last-Modified: Thu, 24 Feb 2022 08:58:20 GMT
Server: AkamaiNetStorage
X-Timer: S1647404573.977697,VS0,VE0
ETag: "80cd3e09497c9fa4207d756c9d41697c:1645693100.060631"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Via: 1.1 varnish, 1.1 varnish
Expires: Fri, 24 Feb 2023 08:58:29 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 2, 4264983

GET
H/1.1 200
OK it
ams1-ib.adnxs.com/ Frame 7CD6 0
806 B 55ms
14ms Image
text/html 185.33.221.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ams1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fgofile.io%252Fd%252Flm18aB&e=wqT_3QKABugAAwAAAwDWAAUBCJzMxZEGELravIDqu-7PJxgAKjYJUPutnSgJmT8RQPxXsVMHlD8ZAAAAgBSu1z8hQA0SACkRJMgxAAAAQOF6pD8wyaevCzjKQUDlHkhlUKeiyyVYmNVSYABoz_hreNqOBYABAYoBA1VTRJIFBvBemAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgCAOACn_A_6gIaaHR0cHM6Ly9nb2ZpbGUuaW8vZC9sbTE4YUKAAwCIAwGQAwCYAxegAwGqA-oBCr8BaHQJMHBwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQ0eRC9nZW5fMjA0P2lkPWF3YmlkJgUG9LYBX2I9QUtBbWYtQUFHajZZVkNzRmQtcEV1S0pWemwxSUhMNEZuNy1VSUZpY0hHbEswU1F3T3luOW1Sdm5HeXAwV090ZEdkMEFzdDRaOHhLcU9pZzkyTDBPQ2tTbjJDQnZLVjVRNlEmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTMjg1NTIwNTA1NDU5NTQxMTI1OCIINzg4Mjc4MTUqBDM5NDE6ATDAA6wCyAMA2AOT0cMB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDzE4NS4yMTMuMTU1LjE3NqgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAX63N3tqZDRlXvABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXq0Dz6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AG7o8B2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcMMTM5MDY3OTQ2NDUyugcPCAAQABgAIAAwADi6BkAAyAfajgXSBw0JAA1NHBAAGADaBwYIBQlE4AcA6gcCCADwB-z7A4oIAhAA&s=b48b73a5be3b7b694b3f59c6e2897fcbe2494425

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.90 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 04:22:52 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: b12a2ff9-b179-475d-a68f-8be11be39824
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
ams1-ib.adnxs.com/ Frame 27FF 0
822 B 13ms
13ms Ping
text/html 185.33.221.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fgofile.io%2Fd%2Flm18aB&e=wqT_3QK5Cug5BQAAAwDWAAUBCJzMxZEGEIGpl7TE_uz-AhgAKjYJXwmkxK7tnT8RfwdQnVjxlz8ZAAAAgBSu1z8hfw0SACkRJMgxAAAAQOF6pD8wyaevCzjKQUAdSAhQtP-uiwFYmNVSYABoz_hreNqOBYABAYoBA1VTRJIFBvS1BJgB2AWgAVqoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAgDgAp_wP-oCGmh0dHBzOi8vZ29maWxlLmlvL2QvbG0xOGFCgAMAiAMBkAMAmAMXoAMBqgOoBgrgBWh0dHA6Ly90YWdzLm1hdGh0YWcuY29tL25vdGlmeS9pbWc_ZXhjaD1hcG4mc19leGNoPWFwbiZpZD01YVc5NXEyakx6SXpMeUF2VGpKV2JGbHRWVEpOYW1kMFRVUkJkMDFETUhkTlJFRjNURlJCZDAxRVFYUk5SRUYzVFVSQmQwMUVRWGROUkVGM0x6STRNRFk1TVRVNE5qazNNVFV6TnpnNU9UZ3ZOelV4TlRjMU1TODFOak0zTWpVMEx6RXpMM1l3TjBSWWRDMXNhMkZUTjFCV1VWWmFMWEJKYkhGeWJtbDVOVTQwTW5SU1lVVlpVM05oUzNJeVlVMHZNUzh4TXk4d0x6QXZNVEU0TXpRM055OHpNVEUzTnpnek9UZzBMekl6TkRRNU5TODNORFl6TkRVdk1TOHdMekF2VFVSQmQwMUVRWGROUkVGMFRVUkJkMDFETUhkTlJFRjNURlJCZDAxRVFYUk5SRUYzVFVSQmQwMUVRWGROUkVGM0x6QXZNQzh3THpBdk1DOHlPREEyT1RFMU9EWTVOekUxTXpjNE9UazRMM3B5YUM4d0x6SXdNREV2TWpJdk9UazVMekkxT0M4eE9EVXVNakV6TGpFMU5TNHdMekF1TURBd0x6RTJORGMwTURRMU56SXZNVFkwTnpReE56RTNNaTh4TXk4NE16azBMdy9NY2N0SVhpZEJ0ZVNNRU5YUHNJYXZkaVJIWW8mbm9kZWlkPTE2MjEmZ3JvdXA9enJoJmF1Y3Rpb25pZD0yODA2OTE1ODY5NzE1Mzc4OTk4JnNoYXJka2V5PTI4MDY5MTU4Njk3MTUzNzg5OTgmcHJpY2U9JHtBVUNUSU9OX1BSSUNFfSZuZnlfYWN0PUxENXdmM1UmYmZpcD0xODUuMjkuMTMzLjU5JnNpZD01NjM3MjU0JmNpZD03NTE1NzUxJnNyYz1hcGkmdHlwZT1idXJsJmNsaWVudD1zMnMSEzI4MDY5MTU4Njk3MTUzNzg5OTgaEjIxNTUyNjIxODkyMDIxOTc3NyIJMjkyMjc0MTAwKgYxMDE2NDk6Bzc1MTU3NTHAA6wCyAMA2AOT0cMB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDzE4NS4yMTMuMTU1LjE3NqgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8AS0_66LAYgFAZgFAKAFhNf2xP-kqpJAwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFpdU9-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBrejAdoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHBjc0NjM0NboHDwgAEAAYACAAMAA4ugZAAMgH2o4F0gcNCQAAAAAAAAAAEAAYANoHBggAEAAYAOAHAOoHAggA8Afs-wOKCAIQAA..&s=8d35ba51df353be13422088db577423180293f18&type=nv&nvt=5&jm=1003&px=561&py=89&bw=728&bh=90&sid=4315675031925632016&vd=ct~0|rr~0&sv=224&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=23843785&sw=1600&sh=1200&pw=1600&ph=1200&ww=1600&wh=1200&ft=2

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/224/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.90 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 04:22:53 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: f6e8d37b-f33c-401a-8dc8-312218771bc7
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://gofile.io
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK viewability Show response
ad2.ad-srv.net/ Frame 8CC0 0
150 B 50ms
12ms Script
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.ad-srv.net/viewability?s=45609000012480501319921011900002&a=74c48f78&vb=m
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D2806915869715378998%26mt_id%3D7515751%26mt_adid%3D234495%26redirect%3D&subid=5637254_2806915869715378998&random=2806915869715378998&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=MM_SSP:apn&extVar[]=MM_DOM_RTB:gofile.io&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&documentReferer=https%3A%2F%2Fgofile.io%2Fd%2Flm18aB&ancestorOrigins=https%3A%2F%2Fgofile.io&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 04:22:53 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

request.php Show response
ad.ad-srv.net/ Frame 9955
Redirect Chain

https://ad.ad-srv.net/request.php?zone=nmigdcx4avw9&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=a5f982f93bcaEbPW1NDYFAcbSSdeB5UwXc1LOiFmA1fYCy8FdFjdkd48mZgZYl_vli0v...
https://ad.ad-srv.net/request.php?zone=nmigdcx4avw9&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=a5f982f93bcaEbPW1NDYFAcbSSdeB5UwXc1LOiFmA1fYCy8FdFjdkd48mZgZYl_vli0v...

5 KB
2 KB

57ms
35ms

Document
text/html

46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ad-srv.net/request.php?zone=nmigdcx4avw9&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=a5f982f93bcaEbPW1NDYFAcbSSdeB5UwXc1LOiFmA1fYCy8FdFjdkd48mZgZYl_vli0vGW58FDWqIF_LmYG9FAaZGC_00CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=45609000012480501319921011900002&redirectClick=https%3A%2F%2Fad2.ad-srv.net%2Fc%2Fp9wptj5eudvunrt%3Ftprde%3D&uidRedirect=1
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D2806915869715378998%26mt_id%3D7515751%26mt_adid%3D234495%26redirect%3D&subid=5637254_2806915869715378998&random=2806915869715378998&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=MM_SSP:apn&extVar[]=MM_DOM_RTB:gofile.io&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&documentReferer=https%3A%2F%2Fgofile.io%2Fd%2Flm18aB&ancestorOrigins=https%3A%2F%2Fgofile.io&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: 0d76b37bb92d235752c1495fc0bc68a363c9d89a028dbb95c171358ee275abff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D2806915869715378998%26mt_id%3D7515751%26mt_adid%3D234495%26redirect%3D&subid=5637254_2806915869715378998&random=2806915869715378998&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=MM_SSP:apn&extVar[]=MM_DOM_RTB:gofile.io&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&documentReferer=https%3A%2F%2Fgofile.io%2Fd%2Flm18aB&ancestorOrigins=https%3A%2F%2Fgofile.io&uidRedirect=1

Response headers

Date: Wed, 16 Mar 2022 04:22:53 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Wed, 16 Mar 2022 04:22:53 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-NEORY-SubId: 83467900012480801649445011900002
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1566
Connection: close
Content-Type: text/html; charset=utf-8

Redirect headers

Date: Wed, 16 Mar 2022 04:22:53 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Wed, 16 Mar 2022 04:22:53 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=nmigdcx4avw9&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=a5f982f93bcaEbPW1NDYFAcbSSdeB5UwXc1LOiFmA1fYCy8FdFjdkd48mZgZYl_vli0vGW58FDWqIF_LmYG9FAaZGC_00CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=45609000012480501319921011900002&redirectClick=https%3A%2F%2Fad2.ad-srv.net%2Fc%2Fp9wptj5eudvunrt%3Ftprde%3D&uidRedirect=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 8CC0 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/cynamics/tools/js/ Frame 8CC0 851 B
1 KB 63ms
11ms Script
application/javascript 88.99.65.215
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/cynamics/tools/js/addDoubleBorder.js
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D2806915869715378998%26mt_id%3D7515751%26mt_adid%3D234495%26redirect%3D&subid=5637254_2806915869715378998&random=2806915869715378998&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=MM_SSP:apn&extVar[]=MM_DOM_RTB:gofile.io&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&documentReferer=https%3A%2F%2Fgofile.io%2Fd%2Flm18aB&ancestorOrigins=https%3A%2F%2Fgofile.io&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.65.215 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.215.65.99.88.clients.your-server.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 04:22:53 GMT
Last-Modified: Tue, 03 May 2016 20:55:13 GMT
Server: nginx
ETag: "57291031-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H3 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7CD6 78 KB
29 KB 98ms
51ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b8e193386fed60dc19da4653d1110cfa763172435639667fe1fd2ac802c943c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29967
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1647258233706532"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 16 Mar 2022 04:22:53 GMT

GET
H/1.1 200
OK rd_log Show response
ams1-ib.adnxs.com/ Frame 7CD6 0
806 B 14ms
13ms Script
text/html 185.33.221.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: gofile.io
URL: https://gofile.io/d/lm18aB

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.90 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 04:22:53 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: fc86c2fe-843b-4e77-8f85-527b521489c9
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 200 adfetch Show response
googleads.g.doubleclick.net/pagead/ Frame 3977 112 KB
40 KB 132ms
85ms XHR
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adfetch

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3bc1db107f6b5f7a7f22066aaaa648c90814fe550177617ae8fb82c4b462e69e

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CM-siaPkyfYCFcfRuwgdD_0MEg&gqi=HWYxYuyMCaue7_UPt4eyoA8&layout=/sadbundle/%24csp%253Der3%24/3560900797449072010/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CM-siaPkyfYCFcfRuwgdD_0MEg&gqi=HWYxYuyMCaue7_UPt4eyoA8&layout=/sadbundle/%24csp%253Der3%24/3560900797449072010/index.html
content-encoding: br
x-content-type-options: nosniff
server: cafe
date: Wed, 16 Mar 2022 04:22:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41192
x-xss-protection: 0

POST
H/1.1 200
OK vevent
ams1-ib.adnxs.com/ Frame 7CD6 0
822 B 42ms
42ms Ping
text/html 185.33.221.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fgofile.io%2Fd%2Flm18aB&e=wqT_3QKABugAAwAAAwDWAAUBCJzMxZEGELravIDqu-7PJxgAKjYJUPutnSgJmT8RQPxXsVMHlD8ZAAAAgBSu1z8hQA0SACkRJMgxAAAAQOF6pD8wyaevCzjKQUDlHkhlUKeiyyVYmNVSYABoz_hreNqOBYABAYoBA1VTRJIFBvBemAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgCAOACn_A_6gIaaHR0cHM6Ly9nb2ZpbGUuaW8vZC9sbTE4YUKAAwCIAwGQAwCYAxegAwGqA-oBCr8BaHQJMHBwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQ0eRC9nZW5fMjA0P2lkPWF3YmlkJgUG9LYBX2I9QUtBbWYtQUFHajZZVkNzRmQtcEV1S0pWemwxSUhMNEZuNy1VSUZpY0hHbEswU1F3T3luOW1Sdm5HeXAwV090ZEdkMEFzdDRaOHhLcU9pZzkyTDBPQ2tTbjJDQnZLVjVRNlEmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTMjg1NTIwNTA1NDU5NTQxMTI1OCIINzg4Mjc4MTUqBDM5NDE6ATDAA6wCyAMA2AOT0cMB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDzE4NS4yMTMuMTU1LjE3NqgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAX63N3tqZDRlXvABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXq0Dz6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AG7o8B2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcMMTM5MDY3OTQ2NDUyugcPCAAQABgAIAAwADi6BkAAyAfajgXSBw0JAA1NHBAAGADaBwYIBQlE4AcA6gcCCADwB-z7A4oIAhAA&s=b48b73a5be3b7b694b3f59c6e2897fcbe2494425&type=nv&nvt=5&jm=1003&px=0&py=0&bw=728&bh=90&sid=4315675031925632016&vd=ct~0|rr~0&sv=224&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=23843785&sw=1600&sh=1200&pw=1600&ph=1200&ww=1600&wh=1200&ft=2

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/224/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.90 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 04:22:53 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 304a7e0f-d27a-427d-a40f-3738826e6fae
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://gofile.io
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

evergreen-kis-728x90.jpg
media.kaspersky.com/de/affiliates/ Frame 9955
Redirect Chain

https://www.awin1.com/cshow.php?s=2519508&v=14098&q=379082&r=559379&pv=0&pref1=83467900012480801649445011900002
https://media.kaspersky.com/de/affiliates/evergreen-kis-728x90.jpg

62 KB
62 KB

205ms
13ms

Image
image/jpeg

185.85.15.31
KL-EXT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.kaspersky.com/de/affiliates/evergreen-kis-728x90.jpg

Requested by

Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=nmigdcx4avw9&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=a5f982f93bcaEbPW1NDYFAcbSSdeB5UwXc1LOiFmA1fYCy8FdFjdkd48mZgZYl_vli0vGW58FDWqIF_LmYG9FAaZGC_00CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=45609000012480501319921011900002&redirectClick=https%3A%2F%2Fad2.ad-srv.net%2Fc%2Fp9wptj5eudvunrt%3Ftprde%3D&uidRedirect=1

Protocol

Server

185.85.15.31 , Germany, ASN200107 (KL-EXT, CH),

Reverse DNS

Software

/ Kaspersky Labs, Kaspersky Labs

Resource Hash

1eeaa9afd461c6df55ffad40e5b003b9f2303727cc0276e677cf61bf9023284a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 14 Sep 2021 12:09:22 GMT
server
x-powered-by: Kaspersky Labs, Kaspersky Labs
etag: "8ece3b5a61a9d71:0"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-xss-protection: 1; mode=block
x-server: fr2/FRA3
accept-ranges: bytes
content-length: 63391
date: Wed, 16 Mar 2022 04:22:51 GMT

Redirect headers

Date: Wed, 16 Mar 2022 04:22:53 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://media.kaspersky.com/de/affiliates/evergreen-kis-728x90.jpg
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK viewability Show response
ad2.ad-srv.net/ Frame 9955 0
150 B 39ms
16ms Script
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.ad-srv.net/viewability?s=83467900012480801649445011900002&a=0bdcbd43&vb=m
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=nmigdcx4avw9&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=a5f982f93bcaEbPW1NDYFAcbSSdeB5UwXc1LOiFmA1fYCy8FdFjdkd48mZgZYl_vli0vGW58FDWqIF_LmYG9FAaZGC_00CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=45609000012480501319921011900002&redirectClick=https%3A%2F%2Fad2.ad-srv.net%2Fc%2Fp9wptj5eudvunrt%3Ftprde%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 04:22:53 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK cshow.php Show response
www.awin1.com/ Frame 3724 43 B
705 B 61ms
12ms Document
image/gif 104.92.94.3
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.awin1.com/cshow.php?s=2519508&v=14098&q=379082&r=559379&pv=1&pref1=83467900012480801649445011900002

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.92.94.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-94-3.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/

Response headers

Content-Type: image/gif
Content-Length: 43
Expires: 0
Pragma: no-cache
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Date: Wed, 16 Mar 2022 04:22:53 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=86400
Awin-Akamai-Rule-Set: default

GET
DATA 200
OK truncated
/ Frame 9955 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/hofe/tools/js/ Frame 9955 851 B
1 KB 60ms
16ms Script
application/javascript 88.99.65.215
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/hofe/tools/js/addDoubleBorder.js
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=nmigdcx4avw9&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=a5f982f93bcaEbPW1NDYFAcbSSdeB5UwXc1LOiFmA1fYCy8FdFjdkd48mZgZYl_vli0vGW58FDWqIF_LmYG9FAaZGC_00CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=45609000012480501319921011900002&redirectClick=https%3A%2F%2Fad2.ad-srv.net%2Fc%2Fp9wptj5eudvunrt%3Ftprde%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.65.215 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.215.65.99.88.clients.your-server.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 04:22:53 GMT
Last-Modified: Fri, 05 Aug 2016 12:57:29 GMT
Server: nginx
ETag: "57a48d39-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/ Frame 5CE4 14 KB
5 KB 164ms
75ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/index.html

Requested by

Host: href.li
URL: https://href.li/?https://gofile.io/d/lm18aB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84bb42496434c289a0e24948952177395e6fad092d2203ecc89fce7d039e78cd

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin: *
content-length: 3931
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Tue, 15 Mar 2022 11:06:29 GMT
expires: Wed, 15 Mar 2023 11:06:29 GMT
cache-control: public, max-age=31536000
age: 62184
last-modified: Fri, 25 Feb 2022 13:24:42 GMT
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 abg_lite.js Show response
tpc.googlesyndication.com/pagead/js/r20220314/r20110914/ Frame 3977 25 KB
10 KB 127ms
40ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220314/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a18b0faf6a447454e134730303202f8416b72f1d4f744b1d3b4646636240eb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:00:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1314
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0
server: cafe
etag: 16576748017229546422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 30 Mar 2022 04:00:59 GMT

GET
H2 200 window_focus.js Show response
tpc.googlesyndication.com/pagead/js/r20220314/r20110914/client/ Frame 3977 2 KB
1 KB 138ms
52ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220314/r20110914/client/window_focus.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bd54241a6ef534d4fd55a95d52035292958c4a55c350f8bb38b396ef4f49c1e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:13:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 583
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1235
x-xss-protection: 0
server: cafe
etag: 218260476562286327
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 30 Mar 2022 04:13:10 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3977 117 KB
36 KB 71ms
71ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c39d994e33ee115b35d7872dbea911a99508c74e34629725343b269b5d5233e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36369
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1647258231097430"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 16 Mar 2022 04:22:53 GMT

GET
H2 200 qs_click_protection.js Show response
tpc.googlesyndication.com/pagead/js/r20220314/r20110914/client/ Frame 3977 18 KB
7 KB 132ms
46ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220314/r20110914/client/qs_click_protection.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

358cfc8eb339a8ee01040ab6926f11d3c8dd16f43a93764639e7e89f5a1923f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 01:39:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9813
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7502
x-xss-protection: 0
server: cafe
etag: 16841233975859622389
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 30 Mar 2022 01:39:20 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3977 0
20 B 51ms
50ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CAQOJHGYxYs6tKMq1gQfqhaEwkN2J0mickueBmQ_ngdD20y8QASDml9YlYJXikIKgB6ABvouR0APIAQmpAhFH6ZDxZrI-qAMByANIqgTMAU_Q1tzvGBMIuqNbYAjrXNEwDws0dy63rdRZ_13x_Q5F6gv1l4pV-3ofZspJSOqhQanqZlHtBGxSZBOX-cPyFlYCfBvfnO20TFdIyeWDYVbMR8OhEoOyf4nQmSXOQXueoAzWLU6sP9wxgyXGM2LTcjpzdzCIVBQXvbu0gqKIOyLFsd0EGwowR-Gc05yyYNTae2rg-RPA1eNlcR4aHNgz1IP4ONcbfz3ebTpLpfMYskPmAXA-_EMSG6zUWF7-hSvTg5Bux8rBubuq-5GFZcAE1OvhiIYEkgUECAQYAZIFBAgFGASgBi6AB-rSlTCoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHANIIBwiAYRABGADyCA5iaWRkZXItMzA1NjQ0N4AKBMgLAdgTCogUAdAVAYAXAbIXCAoGCAASABgA&sigh=VxhobNoSmRs&uach_m=[UACH]&pr=10:0.024449&template_id=419&vis=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 16 Mar 2022 04:22:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 16 Mar 2022 04:22:53 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 33C0 143 B
163 B 39ms
39ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Wed, 16 Mar 2022 04:06:49 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 964
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 5CE4 9 KB
3 KB 87ms
38ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 09:36:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67599
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 16 Mar 2022 09:36:14 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 5CE4 26 KB
10 KB 87ms
39ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 16:13:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 43754
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 16 Mar 2022 16:13:39 GMT

GET
H3 200 e0105a293c879019cc00b56c4ef9e0a2.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/ Frame 5CE4 72 KB
19 KB 97ms
49ms Script
application/x-javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/e0105a293c879019cc00b56c4ef9e0a2.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

624716d62cd430a7e0430a3e0b14b02e57a8164ebd1db63e06e4b00eb4906fea

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 62184
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19157
x-xss-protection: 0
last-modified: Fri, 25 Feb 2022 13:24:42 GMT
server: sffe
date: Tue, 15 Mar 2022 11:06:29 GMT
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 15 Mar 2023 11:06:29 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 33C0
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
18 B

58ms
57ms

Document
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 16 Mar 2022 04:22:53 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 16 Mar 2022 04:22:53 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 16 Mar 2022 04:22:53 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 3977 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c7dcd5dc99e695fd39786df2ebe02cc8acc961d3f7ab0f826a515563a3a44448

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame 5CE4 3 KB
617 B 96ms
49ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700|Scada:700

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/e0105a293c879019cc00b56c4ef9e0a2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32d285cd054745b43159a6fcfa2e4f5c7078b3aab534c0644e1c8468113861d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 03:02:57 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 16 Mar 2022 04:22:53 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 16 Mar 2022 04:22:53 GMT

GET
H3 200 c94dbb9248e2c6f16956df770f6d8c0d.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/media/ Frame 5CE4 21 KB
21 KB 41ms
40ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/media/c94dbb9248e2c6f16956df770f6d8c0d.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44fee36c75acf39bd566c3b426c1b2f52ecbb20555ee382fad5e3ae39a3df3dd

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 62183
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21629
x-xss-protection: 0
last-modified: Fri, 25 Feb 2022 13:24:42 GMT
server: sffe
date: Tue, 15 Mar 2022 11:06:30 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 15 Mar 2023 11:06:30 GMT

GET
H3 200 a0db650c97a30f633d8da619ac8f1f2e.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/media/ Frame 5CE4 4 KB
4 KB 49ms
48ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/media/a0db650c97a30f633d8da619ac8f1f2e.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

422190a100c0b2fe225bb86bbff667ccbb18a2e0344d57fcb25c00ef02d90eeb

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 62183
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3786
x-xss-protection: 0
last-modified: Fri, 25 Feb 2022 13:24:42 GMT
server: sffe
date: Tue, 15 Mar 2022 11:06:30 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 15 Mar 2023 11:06:30 GMT

GET
H3 200 37b3a5f97d0968e3b96b12afdf723758.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/media/ Frame 5CE4 2 KB
2 KB 51ms
50ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/media/37b3a5f97d0968e3b96b12afdf723758.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a32fdd00b25902a6d6fac18d592d8f6b5887fbb1e4d33f6ff83c591771a2530a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 62183
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1815
x-xss-protection: 0
last-modified: Fri, 25 Feb 2022 13:24:42 GMT
server: sffe
date: Tue, 15 Mar 2022 11:06:30 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 15 Mar 2023 11:06:30 GMT

GET
H3 200 877e2a5c5b37cbe3ad7a1e3318137583.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/media/ Frame 5CE4 3 KB
3 KB 53ms
52ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/media/877e2a5c5b37cbe3ad7a1e3318137583.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b1623d7e523fd7d283d6a6ab54ad51ab395355355f2b8b293d1e8c34ce3b9865

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 62183
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2722
x-xss-protection: 0
last-modified: Fri, 25 Feb 2022 13:24:42 GMT
server: sffe
date: Tue, 15 Mar 2022 11:06:30 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 15 Mar 2023 11:06:30 GMT

GET
H3 200 74378a70e7725bcba378a611acac3c93.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/media/ Frame 5CE4 4 KB
4 KB 56ms
55ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/media/74378a70e7725bcba378a611acac3c93.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8003da346d6da6032a44089cf7043a54e201a9f1e0309e3583301fe786c1ee8c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 84436
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3669
x-xss-protection: 0
last-modified: Fri, 25 Feb 2022 13:24:42 GMT
server: sffe
date: Tue, 15 Mar 2022 04:55:37 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 15 Mar 2023 04:55:37 GMT

GET
H3 200 baf352d4dc4cb52180a03429d4164a99.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/media/ Frame 5CE4 2 KB
2 KB 55ms
54ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/media/baf352d4dc4cb52180a03429d4164a99.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3560900797449072010/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f1bca04b7dec5de15be85d13c4ecfb46e4dc089bcfa5f39d6867b3005749bf7

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 62183
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2162
x-xss-protection: 0
last-modified: Fri, 25 Feb 2022 13:24:42 GMT
server: sffe
date: Tue, 15 Mar 2022 11:06:30 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 15 Mar 2023 11:06:30 GMT

GET
H3 200 RLp8K5Pv5qumeVrU6CEnT1Y.woff2
fonts.gstatic.com/s/scada/v12/ Frame 5CE4 15 KB
15 KB 46ms
45ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/scada/v12/RLp8K5Pv5qumeVrU6CEnT1Y.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700|Scada:700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

edefbb5bafbee7ae033639db39b94b1dc77540675dcda9daf488777f2bdfaedb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 06:04:51 GMT
x-content-type-options: nosniff
age: 512282
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15104
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 21:57:42 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 10 Mar 2023 06:04:51 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 5CE4 15 KB
15 KB 40ms
40ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700|Scada:700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 17:56:19 GMT
x-content-type-options: nosniff
age: 555994
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 09 Mar 2023 17:56:19 GMT

GET
H3 200 TjpYlOcWKM7YNRcoDyE6vgMo6zJPBqbQyyiG91AfIxw.js Show response
pagead2.googlesyndication.com/bg/ Frame 5CE4 35 KB
14 KB 85ms
38ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/TjpYlOcWKM7YNRcoDyE6vgMo6zJPBqbQyyiG91AfIxw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e3a5894e71628ced83517280f213abe0328eb324f06a6d0cb2886f7501f231c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 15:46:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 131809
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13855
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 Mar 2023 15:46:04 GMT

POST
H/1.1 200
OK vevent
ams1-ib.adnxs.com/ Frame 27FF 0
822 B 14ms
14ms Ping
text/html 185.33.221.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fgofile.io%2Fd%2Flm18aB&e=wqT_3QK5Cug5BQAAAwDWAAUBCJzMxZEGEIGpl7TE_uz-AhgAKjYJXwmkxK7tnT8RfwdQnVjxlz8ZAAAAgBSu1z8hfw0SACkRJMgxAAAAQOF6pD8wyaevCzjKQUAdSAhQtP-uiwFYmNVSYABoz_hreNqOBYABAYoBA1VTRJIFBvS1BJgB2AWgAVqoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAgDgAp_wP-oCGmh0dHBzOi8vZ29maWxlLmlvL2QvbG0xOGFCgAMAiAMBkAMAmAMXoAMBqgOoBgrgBWh0dHA6Ly90YWdzLm1hdGh0YWcuY29tL25vdGlmeS9pbWc_ZXhjaD1hcG4mc19leGNoPWFwbiZpZD01YVc5NXEyakx6SXpMeUF2VGpKV2JGbHRWVEpOYW1kMFRVUkJkMDFETUhkTlJFRjNURlJCZDAxRVFYUk5SRUYzVFVSQmQwMUVRWGROUkVGM0x6STRNRFk1TVRVNE5qazNNVFV6TnpnNU9UZ3ZOelV4TlRjMU1TODFOak0zTWpVMEx6RXpMM1l3TjBSWWRDMXNhMkZUTjFCV1VWWmFMWEJKYkhGeWJtbDVOVTQwTW5SU1lVVlpVM05oUzNJeVlVMHZNUzh4TXk4d0x6QXZNVEU0TXpRM055OHpNVEUzTnpnek9UZzBMekl6TkRRNU5TODNORFl6TkRVdk1TOHdMekF2VFVSQmQwMUVRWGROUkVGMFRVUkJkMDFETUhkTlJFRjNURlJCZDAxRVFYUk5SRUYzVFVSQmQwMUVRWGROUkVGM0x6QXZNQzh3THpBdk1DOHlPREEyT1RFMU9EWTVOekUxTXpjNE9UazRMM3B5YUM4d0x6SXdNREV2TWpJdk9UazVMekkxT0M4eE9EVXVNakV6TGpFMU5TNHdMekF1TURBd0x6RTJORGMwTURRMU56SXZNVFkwTnpReE56RTNNaTh4TXk4NE16azBMdy9NY2N0SVhpZEJ0ZVNNRU5YUHNJYXZkaVJIWW8mbm9kZWlkPTE2MjEmZ3JvdXA9enJoJmF1Y3Rpb25pZD0yODA2OTE1ODY5NzE1Mzc4OTk4JnNoYXJka2V5PTI4MDY5MTU4Njk3MTUzNzg5OTgmcHJpY2U9JHtBVUNUSU9OX1BSSUNFfSZuZnlfYWN0PUxENXdmM1UmYmZpcD0xODUuMjkuMTMzLjU5JnNpZD01NjM3MjU0JmNpZD03NTE1NzUxJnNyYz1hcGkmdHlwZT1idXJsJmNsaWVudD1zMnMSEzI4MDY5MTU4Njk3MTUzNzg5OTgaEjIxNTUyNjIxODkyMDIxOTc3NyIJMjkyMjc0MTAwKgYxMDE2NDk6Bzc1MTU3NTHAA6wCyAMA2AOT0cMB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDzE4NS4yMTMuMTU1LjE3NqgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8AS0_66LAYgFAZgFAKAFhNf2xP-kqpJAwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFpdU9-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBrejAdoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHBjc0NjM0NboHDwgAEAAYACAAMAA4ugZAAMgH2o4F0gcNCQAAAAAAAAAAEAAYANoHBggAEAAYAOAHAOoHAggA8Afs-wOKCAIQAA..&s=8d35ba51df353be13422088db577423180293f18&type=pv&jm=1003&px=561&py=89&bw=728&bh=90&sf=1&sid=4315675031925632016&vd=ct~0|rr~5&sv=224&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=23843785&ft=2

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/224/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.90 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 04:22:54 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 8c0aa996-7bf0-4380-94cb-9e8a90fee4ce
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://gofile.io
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 97 KB
31 KB 50ms
19ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

ff6956c6d9b77bdecabeef7eafb5625c810cf5694db1204d0a48e102ecd73c89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:54 GMT
content-encoding: gzip
last-modified: Tue, 08 Mar 2022 02:42:25 GMT
server: nginx
etag: W/"6226c291-1834f"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 17 Mar 2022 04:22:54 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame C2F8 13 KB
5 KB 51ms
17ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=gofile.io

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

ea26c78f630f8d3924b66a3966e9d96b6ce9217ee085f6db77fa191e13a59848

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 1959
date: Wed, 16 Mar 2022 04:22:53 GMT
content-length: 5147
strict-transport-security: max-age=31536000; preload;

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 97 KB
31 KB 44ms
16ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

ff6956c6d9b77bdecabeef7eafb5625c810cf5694db1204d0a48e102ecd73c89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:54 GMT
content-encoding: gzip
last-modified: Tue, 08 Mar 2022 02:42:25 GMT
server: nginx
etag: W/"6226c291-1834f"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 17 Mar 2022 04:22:54 GMT

GET
H/1.1 200
OK viewability Show response
ad2.ad-srv.net/ Frame 8CC0 0
150 B 40ms
17ms Script
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.ad-srv.net/viewability?s=45609000012480501319921011900002&a=74c48f78&vb=v
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=8wexqd9dxefc&renderingType=html&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D2806915869715378998%26mt_id%3D7515751%26mt_adid%3D234495%26redirect%3D&subid=5637254_2806915869715378998&random=2806915869715378998&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=MM_SSP:apn&extVar[]=MM_DOM_RTB:gofile.io&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&documentReferer=https%3A%2F%2Fgofile.io%2Fd%2Flm18aB&ancestorOrigins=https%3A%2F%2Fgofile.io&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 04:22:54 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2

200

sid Show response
mug.criteo.com/ Frame C2F8
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=gofile.io&sn=ChromeSyncframe&so=0&topUrl=gofile.io&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=lStrhXxsYlcwYTNWSThTUFdqZ0JjMnllVm5tbmw3elZxZ3RQTXMrT2Y0ZFpIVWNVVE1Pa0kzQjU3RlBydkJaOHNuYitUZ2s3MVNzQlBhR20xM2NtTGtGRHJidW5GWkNPTExDRGhpQkxRZFcwV21WSmNOdytvUkF6TUJBVW...

422 B
628 B

52ms
19ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=lStrhXxsYlcwYTNWSThTUFdqZ0JjMnllVm5tbmw3elZxZ3RQTXMrT2Y0ZFpIVWNVVE1Pa0kzQjU3RlBydkJaOHNuYitUZ2s3MVNzQlBhR20xM2NtTGtGRHJidW5GWkNPTExDRGhpQkxRZFcwV21WSmNOdytvUkF6TUJBVWdkeThtZWQ0MVh3MHdUdjhHZjNGMUJ2U1BjcU5manJUZy95a0JKRFBZVWpiVVgvL1BkU3VjSFdUZC9jTEtvb2pOUW13RFdpMUdaSFhsN2llL0FLVVlPdUJCdS9BQkY4Y21Pd1crR2dtSU9LcXp5M1lRdmxDeEpyMGlaUExOQUZDQjlhemhyQWFjcVFBNVJMT0VIRU8vdC9xWmh2cTh4QT09fA&cppv=2

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

10729e2e06613681edd9eff8668c8a276d888512669cf14d9548e8b608be091c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:53 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 4881
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:54 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=lStrhXxsYlcwYTNWSThTUFdqZ0JjMnllVm5tbmw3elZxZ3RQTXMrT2Y0ZFpIVWNVVE1Pa0kzQjU3RlBydkJaOHNuYitUZ2s3MVNzQlBhR20xM2NtTGtGRHJidW5GWkNPTExDRGhpQkxRZFcwV21WSmNOdytvUkF6TUJBVWdkeThtZWQ0MVh3MHdUdjhHZjNGMUJ2U1BjcU5manJUZy95a0JKRFBZVWpiVVgvL1BkU3VjSFdUZC9jTEtvb2pOUW13RFdpMUdaSFhsN2llL0FLVVlPdUJCdS9BQkY4Y21Pd1crR2dtSU9LcXp5M1lRdmxDeEpyMGlaUExOQUZDQjlhemhyQWFjcVFBNVJMT0VIRU8vdC9xWmh2cTh4QT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1991
content-length: 541
expires: 0

GET
H/1.1 200
OK viewability Show response
ad2.ad-srv.net/ Frame 9955 0
150 B 40ms
16ms Script
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.ad-srv.net/viewability?s=83467900012480801649445011900002&a=0bdcbd43&vb=v
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=nmigdcx4avw9&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=a5f982f93bcaEbPW1NDYFAcbSSdeB5UwXc1LOiFmA1fYCy8FdFjdkd48mZgZYl_vli0vGW58FDWqIF_LmYG9FAaZGC_00CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=45609000012480501319921011900002&redirectClick=https%3A%2F%2Fad2.ad-srv.net%2Fc%2Fp9wptj5eudvunrt%3Ftprde%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 04:22:54 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3977 42 B
64 B 96ms
49ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv7CfTcDYWD_M0RUbO6BnHf8n-MTvj7gttyUbG2GXGOeN8KmtutOwRsDr7-U9pCEKlEABnh_UCYLeeo1Y_quVG7O7OkiKAtg_fjd-b0lBR_B2Ib3Rk&sig=Cg0ArKJSzIEpzPT8anC_EAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220314&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=2&adk=1832494113&rs=5&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1647404572944&rpt=482&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK vevent
ams1-ib.adnxs.com/ Frame 7CD6 0
822 B 14ms
13ms Ping
text/html 185.33.221.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fgofile.io%2Fd%2Flm18aB&e=wqT_3QKABugAAwAAAwDWAAUBCJzMxZEGELravIDqu-7PJxgAKjYJUPutnSgJmT8RQPxXsVMHlD8ZAAAAgBSu1z8hQA0SACkRJMgxAAAAQOF6pD8wyaevCzjKQUDlHkhlUKeiyyVYmNVSYABoz_hreNqOBYABAYoBA1VTRJIFBvBemAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgCAOACn_A_6gIaaHR0cHM6Ly9nb2ZpbGUuaW8vZC9sbTE4YUKAAwCIAwGQAwCYAxegAwGqA-oBCr8BaHQJMHBwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQ0eRC9nZW5fMjA0P2lkPWF3YmlkJgUG9LYBX2I9QUtBbWYtQUFHajZZVkNzRmQtcEV1S0pWemwxSUhMNEZuNy1VSUZpY0hHbEswU1F3T3luOW1Sdm5HeXAwV090ZEdkMEFzdDRaOHhLcU9pZzkyTDBPQ2tTbjJDQnZLVjVRNlEmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTMjg1NTIwNTA1NDU5NTQxMTI1OCIINzg4Mjc4MTUqBDM5NDE6ATDAA6wCyAMA2AOT0cMB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDzE4NS4yMTMuMTU1LjE3NqgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAX63N3tqZDRlXvABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXq0Dz6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AG7o8B2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcMMTM5MDY3OTQ2NDUyugcPCAAQABgAIAAwADi6BkAAyAfajgXSBw0JAA1NHBAAGADaBwYIBQlE4AcA6gcCCADwB-z7A4oIAhAA&s=b48b73a5be3b7b694b3f59c6e2897fcbe2494425&type=pv&jm=1003&px=0&py=0&bw=728&bh=90&sf=1&sid=4315675031925632016&vd=ct~0|rr~5&sv=224&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=23843785&ft=2

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/224/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.90 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 04:22:54 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 846c4295-2fd5-4c37-beef-d95772eb5288
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://gofile.io
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 8323 2 KB
814 B 8ms
7ms Document
text/html 51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1647404572564

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.38.120.206 , France, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
strict-transport-security: max-age=15552000

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 3178 15 KB
6 KB 24ms
7ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/

Response headers

last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=47457
expires: Wed, 16 Mar 2022 17:33:52 GMT
date: Wed, 16 Mar 2022 04:22:55 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 9031 281 B
554 B 28ms
6ms Document
text/html 104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 16 Mar 2022 04:22:55 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame DDD5 52 KB
17 KB 60ms
7ms Document
text/html 2.18.232.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-130.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Thu, 17 Mar 2022 04:22:57 GMT
Date: Wed, 16 Mar 2022 04:22:55 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame D1DC 23 KB
8 KB 45ms
22ms Document
text/html 2.21.140.74
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU18831I&prvid=2034%2C2033%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C237%2C2025%2C117%2C97%2C99%2C55%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C203%2C9%2C2011%2C3022%2C3020%2C172%2C173%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C214%2C3014%2C338%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C229%2C108%2C307&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.21.140.74 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-21-140-74.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

1b46304fd8b0f479ceb597b36a8a086f2268ef7ef95c50ced939301e70ca330b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Fri, 18 Mar 2022 04:22:55 GMT
date: Wed, 16 Mar 2022 04:22:55 GMT
content-length: 8246

GET
H2 200 sync.html Show response
public.servenobid.com/ Frame C384 8 KB
4 KB 202ms
9ms Document
text/html 2620:1ec:bdf::60
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://public.servenobid.com/sync.html
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/gofile.js?1647404400000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::60 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0849eef021b381cb3f64d424bdd29839513dbb4e964aef0420136906426a18de

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/

Response headers

cache-control: max-age=86400
content-type: text/html
content-encoding: br
last-modified: Tue, 15 Mar 2022 23:39:48 GMT
accept-ranges: bytes
etag: "866b66bb3ccc5c8de41913672c69b8f7"
server: AmazonS3
x-cache: TCP_HIT
x-amz-id-2: JSLTUFrLrwb6RS1YNQfRvG7a9IwX+jyWsJexIFqcTN4SlpyYkVdYy9nTIH36D9RgSFTA9vxo9Og=
x-amz-request-id: 6CKHK45S0DMM94Z5
x-amz-meta-codebuild-content-sha256: 1bd3623b950dcf081744ebf0150c6ff72edcc5cbd4a3ea8293d7f9c29b2e9c0b
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:a4519585-d31b-4588-8499-6641ec459b43
x-amz-meta-codebuild-content-md5: d97b029b026ab1b5da9f71fc8f6cf19a
x-azure-ref-originshield: 0dTYxYgAAAABcyZpxeE6YRrEf2LxmQJVDQU1TMDRFREdFMTgxMQA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
x-azure-ref: 0IGYxYgAAAAB1Pvrk6Z1tRJS6x/5RBpxNRlJBRURHRTEwMTYAODRlN2RmYTItMTQ0Mi00MzM0LWIzNGYtZTQyZDNmN2RkYWQ5
date: Wed, 16 Mar 2022 04:22:55 GMT

GET
H2 204 /
onetag-sys.com/usync/ 0
52 B 7ms
7ms Image
text/plain 51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/usync/?tag=img

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.38.120.206 , France, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gofile.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 9031 32 KB
10 KB 7ms
7ms Script
text/html 104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 585270e94e864c25e5c174b8bd0ecf45dbca4408d851fecd14260431b79cc43d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 04:22:55 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=45555
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9538
Expires: Wed, 16 Mar 2022 17:02:10 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 3178 2 KB
3 KB 50ms
15ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=39774943&p=161102&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: ae117c0151118a5b6c98aaccaf17b9564a0670b51ef3d4a0f1a04ac025402ac3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:54 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame DDD5 0
746 B 14ms
13ms Script
text/html 185.33.221.88
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.88 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 04:22:55 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 4a315d85-bdbf-413a-9774-4e04513f0b01
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

match Show response
c1.adform.net/serving/cookie/ Frame F598
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=DCC50ABB-A51F-42BB-B968-385825186F75
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=DCC50ABB-A51F-42BB-B968-385825186F75

35 B
468 B

19ms
19ms

Document
image/gif

37.157.6.241
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=DCC50ABB-A51F-42BB-B968-385825186F75

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.241 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 16 Mar 2022 04:22:56 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

server: nginx
date: Wed, 16 Mar 2022 04:22:56 GMT
content-length: 0
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=DCC50ABB-A51F-42BB-B968-385825186F75
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

GET img
sync.mathtag.com/sync/ Frame 7809 0
0

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame BDCD
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7858187179105290502

42 B
520 B

240ms
14ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7858187179105290502
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 16 Mar 2022 04:22:55 GMT
content-type: image/gif; charset=utf-8
content-length: 42
x-lat: amspug018:0:416
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7858187179105290502
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame A13D
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCooki...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=

42 B
341 B

325ms
15ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 16 Mar 2022 04:22:56 GMT
content-type: image/gif; charset=utf-8
content-length: 42
x-lat: lhrpug020:0:369
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

date: Wed, 16 Mar 2022 04:22:55 GMT
server: Kestrel
content-length: 0
cache-control: no-cache
pragma: no-cache
expires: Wed, 16 Mar 2022 00:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1750583
strict-transport-security: max-age=31536000; preload;

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 3178
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3MUKu6UfQru5aDhYJRhvdQ%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

15 KB
15 KB

8ms
8ms

Image
text/html

2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102
Protocol: H2
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
content-encoding: gzip
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
server: Apache/2.2.15 (CentOS)
etag: "1300708-3de4-5d6ef246ef4cf"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=47456
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 5549
expires: Wed, 16 Mar 2022 17:33:52 GMT

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET

SPug
image4.pubmatic.com/AdServer/ Frame 3178
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=6f8b6231-661d-4400-ac10-576cf4c60b13

0
0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 3178
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=DCC50ABB-A51F-42BB-B968-385825186F75
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/gdpr=1/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD/gdpr=1/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=2b2f53d6c095692368fb96c3e51117c9&gdpr=1
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1
https://pixel.onaudience.com/?partner=147&mapped=5542b651-74e0-43b0-bcc0-e55e758f3242&icm
https://spl.zeotap.com/?zdid=1332&zcluid=b2582d779e93e2cc
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=df8b58e1-255a-4428-7adc-22a649ef2ade&reqId=db69811f-40b9-4239-7f25-723ebbf837c8&zclui...
https://mwzeom.zeotap.com/mw?google_gid=CAESEK7r680ToZRV3SToB4VkTIU&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=df8b58e1-255a-4428-7adc-22a649ef2ade&reqId=db69811f-40b9-4239-7f25-723...

95 B
164 B

22ms
21ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESEK7r680ToZRV3SToB4VkTIU&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=df8b58e1-255a-4428-7adc-22a649ef2ade&reqId=db69811f-40b9-4239-7f25-723ebbf837c8&zcluid=b2582d779e93e2cc&zdid=1332
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102
Protocol: H2
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 6ecab5ea6fda6957-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://mwzeom.zeotap.com/mw?google_gid=CAESEK7r680ToZRV3SToB4VkTIU&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=df8b58e1-255a-4428-7adc-22a649ef2ade&reqId=db69811f-40b9-4239-7f25-723ebbf837c8&zcluid=b2582d779e93e2cc&zdid=1332
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 469
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 3178
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RENDNTBBQkItQTUxRi00MkJCLUI5NjgtMzg1ODI1MTg2Rjc1&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
110 B

229ms
15ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:54 GMT
cache-control: no-store, no-cache, private
x-lat: amspug016:0:342
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 3178
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESENesrz6HCIZO5cDlpp1O1CY&google_cver=1

42 B
437 B

228ms
15ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESENesrz6HCIZO5cDlpp1O1CY&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
cache-control: no-store, no-cache, private
x-lat: amspug012:0:531
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESENesrz6HCIZO5cDlpp1O1CY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 3178 43 B
614 B 54ms
18ms Image
image/gif 169.50.137.182
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.182 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

b6.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Tue, 15 Mar 2022 04:22:56 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 3178
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=889783701472308710

42 B
309 B

286ms
16ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=889783701472308710
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug013:0:552
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:56 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=889783701472308710
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 3178
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=5542b651-74e0-43b0-bcc0-e55e758f3242

42 B
372 B

239ms
16ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=5542b651-74e0-43b0-bcc0-e55e758f3242
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug021:0:368
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:56 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=5542b651-74e0-43b0-bcc0-e55e758f3242
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 3178
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=690900610146768093&gdpr=0&gdpr_consent=

42 B
387 B

352ms
14ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=690900610146768093&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:54 GMT
cache-control: no-store, no-cache, private
x-lat: amspug015:0:388
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 04:22:56 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: bd638cc8-a275-42fb-aa2f-806c23cfc50d
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=690900610146768093&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 3178
Redirect Chain

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=sYXUMbGB1TCqh4VhtIHKY7_W1DSqjtBlt4Dse5Nq

42 B
312 B

313ms
16ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=sYXUMbGB1TCqh4VhtIHKY7_W1DSqjtBlt4Dse5Nq
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:55 GMT
cache-control: no-store, no-cache, private
x-lat: amspug001:0:570
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:56 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=sYXUMbGB1TCqh4VhtIHKY7_W1DSqjtBlt4Dse5Nq
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 9031
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MTYxZTFiYTFhMTkzYTdmOWNlNGViMTc5ZjU4YmJhMWQxYzg1MGY4Mw

170 B
232 B

52ms
50ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MTYxZTFiYTFhMTkzYTdmOWNlNGViMTc5ZjU4YmJhMWQxYzg1MGY4Mw

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MTYxZTFiYTFhMTkzYTdmOWNlNGViMTc5ZjU4YmJhMWQxYzg1MGY4Mw
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 9031 70 B
264 B 47ms
32ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:56 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 9031
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/jqH52YgOgf6LFSKw2820isn5EUdSAgOZEtemQ7w0kco?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8896300024226115066

0
239 B

15ms
7ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8896300024226115066
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

Redirect headers

date: Wed, 16 Mar 2022 04:22:56 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8896300024226115066
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 9031
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBUMjVCSzEtMUktR1MzMQ==

170 B
243 B

49ms
49ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBUMjVCSzEtMUktR1MzMQ==

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBUMjVCSzEtMUktR1MzMQ==
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

204

v1
ads.yahoo.com/cms/ Frame 9031
Redirect Chain

https://token.rubiconproject.com/token?pid=26594
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L0T25BK1-1I-GS31&sigv=1&esig=2~72a3c549e3366b73c4a6694ee80cde98d98c2d88

0
194 B

67ms
20ms

Image
text/plain

2a00:1288:80:807::1
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L0T25BK1-1I-GS31&sigv=1&esig=2~72a3c549e3366b73c4a6694ee80cde98d98c2d88

Protocol

Server

2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L0T25BK1-1I-GS31&sigv=1&esig=2~72a3c549e3366b73c4a6694ee80cde98d98c2d88
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

setuid
px.ads.linkedin.com/ Frame 9031
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L0T25BK1-1I-GS31

0
705 B

294ms
157ms

Image
text/plain

2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L0T25BK1-1I-GS31
Protocol: H2
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 5AA312FD778545378899E5E389A22993 Ref B: FRAEDGE1410 Ref C: 2022-03-16T04:22:56Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXaTkSSSNePzfo1SLrCJA==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L0T25BK1-1I-GS31
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 9031
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESED3NkHKIdtQavBxTKNJJr7c&google_cver=1

0
239 B

31ms
8ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESED3NkHKIdtQavBxTKNJJr7c&google_cver=1
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESED3NkHKIdtQavBxTKNJJr7c&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET dcm
s.amazon-adsystem.com/ Frame 9031 0
0

GET
H2 200 13926 Show response
g2.gumgum.com/usync/ Frame DA23 4 KB
2 KB 94ms
28ms Document
text/html 99.80.137.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.137.87 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-137-87.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 46e1f2a1964fc059f192752721d01324005cbc6a0c311fe1adf14a074499709e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
content-type: text/html;charset=UTF-8
server: nginx
etag: W/"0438fe6571c6faa4ca4f16c0f8fbae58a"
timing-allow-origin: *
content-encoding: gzip

GET
H2 204 ps
pixel.33across.com/ Frame 60F8 0
0 314ms
102ms Document
text/plain 67.202.105.23
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.23 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip23.67-202-105.static.steadfastdns.net
Software: 33XP002 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/

Response headers

x-33x-status: 2000208
server: 33XP002
date: Wed, 16 Mar 2022 04:22:56 GMT

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 5835 2 KB
814 B 9ms
7ms Document
text/html 51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.38.120.206 , France, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK sync Show response
ssbsync.smartadserver.com/api/ Frame F9B5 896 B
1 KB 54ms
17ms Document
text/html 185.86.139.93
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.93 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 2b17ec388370e87e9c0bb6b8fc5898c1bd9c907b0f01a5b22e6273945127c151

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/

Response headers

content-length: 896
content-type: text/html
date: Wed, 16 Mar 2022 04:22:55 GMT

GET
H/1.1

200
OK

usermatch Show response
ssum-sec.casalemedia.com/ Frame 5038
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1

2 KB
3 KB

18ms
18ms

Document
text/html

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a24420e501c338380768ef32454c987af4bc7b826f9a29c4c1da436e918c76c9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 45|241|39|230|188|26|90|123
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Expires: Wed, 16 Mar 2022 04:22:56 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 16 Mar 2022 04:22:56 GMT
Content-Length: 1611
Connection: keep-alive

Redirect headers

Server: Apache
Content-Length: 311
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Wed, 16 Mar 2022 04:22:56 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 16 Mar 2022 04:22:56 GMT
Connection: keep-alive

GET
H2

200

sync
ads.servenobid.com/ Frame C384
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
https://ads.servenobid.com/sync?pid=312&uid=690900610146768093

0
343 B

29ms
28ms

Image
image/avif

52.19.209.179
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=312&uid=690900610146768093
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 52.19.209.179 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-209-179.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 04:22:56 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 17d440b5-4b36-4501-8a5a-7b7a73328719
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ads.servenobid.com/sync?pid=312&uid=690900610146768093
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame C384
Redirect Chain

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1
https://ads.servenobid.com/sync?pid=310&uid=82e1398f1e3d8f43899e7919

0
348 B

29ms
29ms

Image
image/avif

52.19.209.179
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=310&uid=82e1398f1e3d8f43899e7919
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 52.19.209.179 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-209-179.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 04:22:56 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ads.servenobid.com/sync?pid=310&uid=82e1398f1e3d8f43899e7919
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame C384 0
277 B 64ms
20ms Image
text/plain 216.52.2.30
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 16 Mar 2022 04:22:56 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

GET
H2

200

sync
ads.servenobid.com/ Frame C384
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1647404576173
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1668328608
https://sync.1rx.io/usersync/tradedesk/5542b651-74e0-43b0-bcc0-e55e758f3242
https://sync.targeting.unrulymedia.com/csync/RX-0b72df76-fc21-48b2-91f4-f400686849e2-003?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3DRX-0b72df76-fc21-48b2-91f4-f400686849e2-003
https://ads.servenobid.com/sync?pid=321&uid=RX-0b72df76-fc21-48b2-91f4-f400686849e2-003

0
361 B

29ms
29ms

Image
image/avif

52.19.209.179
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=321&uid=RX-0b72df76-fc21-48b2-91f4-f400686849e2-003
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 52.19.209.179 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-209-179.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=321&uid=RX-0b72df76-fc21-48b2-91f4-f400686849e2-003
date: Wed, 16 Mar 2022 04:22:56 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX0b72df76fc2148b291f4f400686849e2003
content-type: text/html

GET
H2

200

sync
ads.servenobid.com/ Frame C384
Redirect Chain

https://p.rfihub.com/cm?pub=44007&in=1
https://ads.servenobid.com/sync?pid=324&uid=5107433822890608144

0
344 B

29ms
29ms

Image
image/avif

52.19.209.179
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=324&uid=5107433822890608144
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 52.19.209.179 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-209-179.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Location: https://ads.servenobid.com/sync?pid=324&uid=5107433822890608144
Date: Wed, 16 Mar 2022 04:22:56 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK usa
sync.go.sonobi.com/ Frame C384 0
474 B 74ms
14ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 04:22:56 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame C384
Redirect Chain

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
https://ads.servenobid.com/sync?pid=327&uid=bfa67b4e-b5ce-467b-9b81-5663b94118fd&gdpr=0&gdpr_consent=&us_privacy=1YN-

0
357 B

29ms
29ms

Image
image/avif

52.19.209.179
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=327&uid=bfa67b4e-b5ce-467b-9b81-5663b94118fd&gdpr=0&gdpr_consent=&us_privacy=1YN-
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 52.19.209.179 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-209-179.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=327&uid=bfa67b4e-b5ce-467b-9b81-5663b94118fd&gdpr=0&gdpr_consent=&us_privacy=1YN-
date: Wed, 16 Mar 2022 04:22:56 GMT
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 1
server: envoy
content-length: 0

GET
H2

200

sync
ads.servenobid.com/ Frame C384
Redirect Chain

https://ups.analytics.yahoo.com/ups/58559/occ
https://ups.analytics.yahoo.com/ups/58559/occ?verify=true
https://ads.servenobid.com/sync?pid=337&uid=y-O6qqRyRE2uEGPAynN_zW7pxwqvw_a858Y1plCNw-~A

0
367 B

29ms
29ms

Image
image/avif

52.19.209.179
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=337&uid=y-O6qqRyRE2uEGPAynN_zW7pxwqvw_a858Y1plCNw-~A
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 52.19.209.179 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-209-179.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=337&uid=y-O6qqRyRE2uEGPAynN_zW7pxwqvw_a858Y1plCNw-~A
date: Wed, 16 Mar 2022 04:22:56 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 sync
ads.servenobid.com/ Frame F9B5 0
344 B 29ms
28ms Image
image/avif 52.19.209.179
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=317&uid=4865258126216079024&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.209.179 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-209-179.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame F9B5
Redirect Chain

https://sync.adotmob.com/cookie/smart?r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D66%26partneruserid%3D%7Bamob_user_id%7D&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=66&partneruserid=076c220400979217c0ef4a7a&gdpr=0&gdprConsent=

43 B
413 B

46ms
17ms

Image
image/gif

185.86.139.89
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=66&partneruserid=076c220400979217c0ef4a7a&gdpr=0&gdprConsent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.139.89 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:55 GMT
cache-control: no-cache,no-store
content-type: image/gif
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=66&partneruserid=076c220400979217c0ef4a7a&gdpr=0&gdprConsent=
date: Wed, 16 Mar 2022 04:22:56 GMT
access-control-allow-credentials: true
x-powered-by: Express
content-length: 0
vary: Origin
keep-alive: timeout=5

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame F9B5
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=5&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7075548777203562640&gdpr=0&gdpr_consent=

43 B
408 B

53ms
17ms

Image
image/gif

185.86.139.89
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7075548777203562640&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.139.89 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:55 GMT
cache-control: no-cache,no-store
content-type: image/gif
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

Location: https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7075548777203562640&gdpr=0&gdpr_consent=
Date: Wed, 16 Mar 2022 04:22:56 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H/1.1 204
No Content /
b1sync.zemanta.com/usersync/smart/ Frame F9B5 0
64 B 405ms
97ms Image
text/plain 64.74.236.159
INTERNAP-BLK5

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://b1sync.zemanta.com/usersync/smart/?cb=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D116%26partneruserid%3D__ZUID__&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.74.236.159 , United States, ASN19024 (INTERNAP-BLK5, US),
Reverse DNS: chi.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 04:22:56 GMT

GET
H2 200 bsync
visitor.omnitagjs.com/visitor/ Frame F9B5 0
158 B 70ms
18ms Image
text/plain 185.255.84.152
IGUANE-

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://visitor.omnitagjs.com/visitor/bsync?uid=627080440e659fbe0f85333c665ae1de&name=SMARTADSERVER&url=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D117%26partneruserid%3DPARTNER_USER_ID%26gdpr%3DGDPR%26gdpr_consent%3DGDPR_CONSENT&gdpr=0&gdpr_consent=

Requested by

Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.152 , France, ASN200271 (IGUANE-, FR),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:55 GMT
x-content-type-options: nosniff
server: ayl-lb-fra02
vary: Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 1
content-length: 0
expires: 0

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 5038
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YjFmICj7uT3ZSy5NFm43QQAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEJATwYOivVM3c6UeYMfIzt8&google_cver=1&gdpr=1

43 B
1000 B

17ms
16ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEJATwYOivVM3c6UeYMfIzt8&google_cver=1&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 04:22:56 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 16 Mar 2022 04:22:56 GMT

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEJATwYOivVM3c6UeYMfIzt8&google_cver=1&gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET dcm
s.amazon-adsystem.com/ Frame 5038 0
0

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 5038 70 B
264 B 32ms
31ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:56 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 5038 170 B
188 B 97ms
50ms Image
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YjFmICj7uT3ZSy5NFm43QQAABIYAAAIB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET CookieIndex
rtb.adentifi.com/ Frame 5038 0
0

GET
H2 200 /
sync.taboola.com/sg/indexscod/1/cm/ Frame 5038 0
99 B 54ms
14ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/indexscod/1/cm/?us_privacy=&gdpr=1&gdpr_consent=&id=YjFmICj7uT3ZSy5NFm43QQAA%261158
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 13700

GET
H2

204

no_match_opted_out
um.simpli.fi/ Frame 5038
Redirect Chain

https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1
https://um.simpli.fi/no_match_opted_out

0
272 B

15ms
12ms

Image
text/plain

169.50.137.182
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/no_match_opted_out

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1

Protocol

Server

169.50.137.182 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

b6.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 16 Mar 2022 04:22:56 GMT
x-content-type-options: nosniff
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS

Redirect headers

date: Wed, 16 Mar 2022 04:22:56 GMT
x-content-type-options: nosniff
server: nginx
location: /no_match_opted_out
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Tue, 15 Mar 2022 04:22:56 GMT

GET sync
sync.srv.stackadapt.com/ Frame 5038 0
0

GET
H2 200 sync
ads.servenobid.com/ Frame 5038 0
357 B 33ms
32ms Image
image/avif 52.19.209.179
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=333&uid=YjFmICj7uT3ZSy5NFm43QQAABIYAAAIB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.209.179 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-209-179.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H2

200

usersync
rtb.gumgum.com/ Frame DA23
Redirect Chain

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
https://rtb.gumgum.com/usersync?b=apn&i=690900610146768093

35 B
208 B

105ms
34ms

Image
image/gif

54.194.49.117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=apn&i=690900610146768093
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:56 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 04:22:56 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 326b9b7b-10fc-440e-a5fd-2fe0d30cfa13
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://rtb.gumgum.com/usersync?b=apn&i=690900610146768093
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame DA23
Redirect Chain

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_b355d1a4-c447-4be0-aafa-03631db4697b&gdpr=0&gdpr_consent=&us_privacy=1---
https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_b355d1a4-c447-4be0-aafa-03631db4697b&gdpr=0&gdpr_consent=&us_privacy=1---
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=52ba1fe4-52f5-499e-86f0-9980a2edbeb2&ssp=gumgum2
https://rtb.gumgum.com/usersync?b=bsw&i=990a7c93-5e2b-4736-9ca6-01adce6e9523

35 B
208 B

33ms
33ms

Image
image/gif

54.194.49.117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=bsw&i=990a7c93-5e2b-4736-9ca6-01adce6e9523
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:56 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: //rtb.gumgum.com/usersync?b=bsw&i=990a7c93-5e2b-4736-9ca6-01adce6e9523
Date: Wed, 16 Mar 2022 04:22:56 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/ Frame DA23
Redirect Chain

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
https://rtb.gumgum.com/usersync?b=obn&i=ENC%281WNwqea2D3cDkZn_gFgXutd8betaPKGpscMCVeK4g5Q7pgWgB1kHJGhKrBcBW_ta%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_b355d1a4-c447-4be0-aafa-03631db4697b&obuid=ENC(1WNwqea2D3cDkZn_gFgXutd8betaPKGpscMCVeK4g5Q7pgWgB1kHJGhKrBcBW_ta)
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
https://ups.analytics.yahoo.com/ups/58523/occ?gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING&redir=true
https://sync.outbrain.com/cookie-sync?p=oath_display&uid=y-O6qqRyRE2uEGPAynN_zW7pxwqvw_a858Y1plCNw-~A

0
323 B

82ms
82ms

Image
text/plain

70.42.32.255
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=oath_display&uid=y-O6qqRyRE2uEGPAynN_zW7pxwqvw_a858Y1plCNw-~A
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 70.42.32.255 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 04:22:57 GMT
Cache-Control: no-cache
X-TraceId: 85486422056443db7f1249fac56a5630
Content-Length: 0

Redirect headers

location: https://sync.outbrain.com/cookie-sync?p=oath_display&uid=y-O6qqRyRE2uEGPAynN_zW7pxwqvw_a858Y1plCNw-~A
date: Wed, 16 Mar 2022 04:22:57 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

usersync
rtb.gumgum.com/ Frame DA23
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://rtb.gumgum.com/usersync?b=opx&i=5af467b1-efa9-4733-b95c-fce926490942

35 B
208 B

46ms
34ms

Image
image/gif

54.194.49.117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=opx&i=5af467b1-efa9-4733-b95c-fce926490942
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:56 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Wed, 16 Mar 2022 04:22:56 GMT
content-encoding: gzip
server: OXGW/17.2.1
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://rtb.gumgum.com/usersync?b=opx&i=5af467b1-efa9-4733-b95c-fce926490942
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET sync
sync.srv.stackadapt.com/ Frame DA23 0
0

GET
H2

200

usersync
rtb.gumgum.com/ Frame DA23
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=oth&i=y-cID2Cz1E2pfSnXHbe_sIdL2tkQjwKdw2b36Y~A

35 B
208 B

74ms
35ms

Image
image/gif

54.194.49.117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=oth&i=y-cID2Cz1E2pfSnXHbe_sIdL2tkQjwKdw2b36Y~A
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:56 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Wed, 16 Mar 2022 04:22:56 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://rtb.gumgum.com/usersync?b=oth&i=y-cID2Cz1E2pfSnXHbe_sIdL2tkQjwKdw2b36Y~A
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET generic
sync.ipredictive.com/d/sync/cookie/ Frame DA23 0
0

GET
H2 204 services
sync.technoratimedia.com/ Frame DA23 0
293 B 316ms
97ms Image
text/plain 132.226.41.106
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 132.226.41.106 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 462848378
access-control-allow-origin: https://g2.gumgum.com/
access-control-allow-credentials: true

GET
H2 200 142
match.deepintent.com/usersync/ Frame DA23 0
44 B 325ms
104ms Image
text/plain 169.197.150.8
DEEPINTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/142
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS: g.deepintent.com
Software: a /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
content-length: 0
server: a

GET
H2

200

usersync
rtb.gumgum.com/ Frame DA23
Redirect Chain

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_b355d1a4-c447-4be0-aafa-03631db4697b&gdpr=0&gdpr_consent=&us_privacy=1---
https://stags.bluekai.com/site/23178?id=_epFcD8HzjKJxHQcgswj&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2X3FOBDGGRBYJB5GUS2KPBEFCY3HON3WUJTVONPXA...
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=_epFcD8HzjKJxHQcgswj&us_privacy=1---

35 B
208 B

33ms
33ms

Image
image/gif

54.194.49.117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=_epFcD8HzjKJxHQcgswj&us_privacy=1---
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:56 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 04:22:56 GMT
P3p: CP="We do not support P3P header."
Location: https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=_epFcD8HzjKJxHQcgswj&us_privacy=1---
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 118
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1

200
OK

usersync
usersync.gumgum.com/ Frame DA23
Redirect Chain

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://usersync.gumgum.com/usersync?b=idi&i=bafd550c-a77f-4d5d-be29-8ec921152409

35 B
296 B

34ms
34ms

Image
image/gif

52.19.170.216
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=idi&i=bafd550c-a77f-4d5d-be29-8ec921152409
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 52.19.170.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-170-216.eu-west-1.compute.amazonaws.com
Software: envoy /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:56 GMT
server: envoy
content-type: image/gif
cache-control: private, no-store, must-revalidate, max-age=0
x-envoy-upstream-service-time: 5
x-region: ireland
content-length: 35
expires: 0

Redirect headers

location: https://usersync.gumgum.com/usersync?b=idi&i=bafd550c-a77f-4d5d-be29-8ec921152409
date: Wed, 16 Mar 2022 04:22:56 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

RX-0b72df76-fc21-48b2-91f4-f400686849e2-003
sync.targeting.unrulymedia.com/csync/ Frame DA23
Redirect Chain

https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6070004013
https://sync.1rx.io/usersync/tradedesk/5542b651-74e0-43b0-bcc0-e55e758f3242
https://sync.targeting.unrulymedia.com/csync/RX-0b72df76-fc21-48b2-91f4-f400686849e2-003

43 B
395 B

14ms
13ms

Image
image/gif

213.19.147.44
RHYTHMONE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.targeting.unrulymedia.com/csync/RX-0b72df76-fc21-48b2-91f4-f400686849e2-003
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 213.19.147.44 , United Kingdom, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
server: Tengine
content-length: 43
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

location: https://sync.targeting.unrulymedia.com/csync/RX-0b72df76-fc21-48b2-91f4-f400686849e2-003
pragma: no-cache
date: Wed, 16 Mar 2022 04:22:56 GMT
cache-control: no-store, no-cache, must-revalidate
server: Tengine
content-type: text/html
expires: 0

GET
H2

200

usersync
rtb.gumgum.com/ Frame DA23
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
https://rtb.gumgum.com/usersync?b=pln&i=YUWIgLxkB9O2&ev=1&pid=558355

35 B
208 B

39ms
38ms

Image
image/gif

54.194.49.117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=pln&i=YUWIgLxkB9O2&ev=1&pid=558355
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 04:22:56 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: de-DE
location: https://rtb.gumgum.com/usersync?b=pln&i=YUWIgLxkB9O2&ev=1&pid=558355
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-stage-0
expires: -1

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame DA23 0
75 B 18ms
17ms Image
text/plain 185.86.139.93
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=15
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.93 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:55 GMT
content-length: 0

GET
H2 200 sync
ads.servenobid.com/ Frame DA23 0
358 B 34ms
28ms Image
image/avif 52.19.209.179
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=309&uid=e_b355d1a4-c447-4be0-aafa-03631db4697b
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.209.179 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-209-179.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 7E14
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
https://rtb.gumgum.com/usersync?b=mmh&i=6f8b6231-661d-4400-ac10-576cf4c60b13&gdpr=0&gdpr_consent=

35 B
208 B

36ms
36ms

Document
image/gif

54.194.49.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=mmh&i=6f8b6231-661d-4400-ac10-576cf4c60b13&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/

Response headers

date: Wed, 16 Mar 2022 04:22:57 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Wed, 16 Mar 2022 04:22:57 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=360
Access-Control-Allow-Origin: *
Server: MT3 4256 109297d master hkg-pixel-x8 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://rtb.gumgum.com/usersync?b=mmh&i=6f8b6231-661d-4400-ac10-576cf4c60b13&gdpr=0&gdpr_consent=
Expires: Wed, 16 Mar 2022 04:22:56 GMT

GET
H/1.1

200
OK

usersync Show response
usersync.gumgum.com/ Frame F99F
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=YjFmIAANYxwqkQAy
https://usersync.gumgum.com/usersync?b=atm&i=YjFmIAANYxwqkQAy&gdpr=0&gdpr_consent=&_test=YjFmIAANYxwqkQAy

35 B
296 B

125ms
33ms

Document
image/gif

52.19.170.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=atm&i=YjFmIAANYxwqkQAy&gdpr=0&gdpr_consent=&_test=YjFmIAANYxwqkQAy
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.170.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-170-216.eu-west-1.compute.amazonaws.com
Software: envoy /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/

Response headers

cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
content-type: image/gif
content-length: 35
date: Wed, 16 Mar 2022 04:22:56 GMT
x-envoy-upstream-service-time: 5
x-region: ireland
server: envoy

Redirect headers

server: Varnish
retry-after: 0
location: https://usersync.gumgum.com/usersync?b=atm&i=YjFmIAANYxwqkQAy&gdpr=0&gdpr_consent=&_test=YjFmIAANYxwqkQAy
accept-ranges: bytes
date: Wed, 16 Mar 2022 04:22:56 GMT
via: 1.1 varnish
x-served-by: cache-hhn4039-HHN
x-cache: HIT
x-cache-hits: 0
x-timer: S1647404576.358853,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 0

GET
H3 200 pixel Show response
cm.g.doubleclick.net/ Frame B0C5 170 B
188 B 64ms
51ms Document
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9iMzU1ZDFhNC1jNDQ3LTRiZTAtYWFmYS0wMzYzMWRiNDY5N2I=&gdpr=0&gdpr_consent=

Requested by

Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/

Response headers

content-type: image/png
date: Wed, 16 Mar 2022 04:22:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame CD8D 15 KB
6 KB 9ms
7ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/

Response headers

last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=47456
expires: Wed, 16 Mar 2022 17:33:52 GMT
date: Wed, 16 Mar 2022 04:22:56 GMT
vary: Accept-Encoding

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame 61B8 0
0 632ms
105ms Document
text/plain 67.202.105.23
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.23 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip23.67-202-105.static.steadfastdns.net
Software: 33XP002 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/

Response headers

x-33x-status: 2000208
server: 33XP002
date: Wed, 16 Mar 2022 04:22:56 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame C3F3
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=ttd&i=5542b651-74e0-43b0-bcc0-e55e758f3242&t=1649996576

35 B
209 B

107ms
33ms

Document
image/gif

54.194.49.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=ttd&i=5542b651-74e0-43b0-bcc0-e55e758f3242&t=1649996576
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

date: Wed, 16 Mar 2022 04:22:56 GMT
content-type: text/html
content-length: 209
location: https://rtb.gumgum.com/usersync?b=ttd&i=5542b651-74e0-43b0-bcc0-e55e758f3242&t=1649996576
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame DEE3
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
https://eus.rubiconproject.com/usync.html?p=gumgum

281 B
554 B

7ms
6ms

Document
text/html

104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 16 Mar 2022 04:22:56 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?p=gumgum
date: Wed, 16 Mar 2022 04:22:56 GMT
access-control-allow-credentials: true
access-control-allow-origin: *

GET
H2 204 um
cs.emxdgt.com/ Frame C0E2 0
0 49ms
7ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/

Response headers

content-type: text/html
date: Wed, 16 Mar 2022 04:22:56 GMT
content-length: 0

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame F9FE
Redirect Chain

https://tg.socdm.com/aux/idsync?proto=gumgum
https://rtb.gumgum.com/usersync?b=sus&i=YjFmIMCo8YwAAEY8LeIAAAAA

35 B
208 B

34ms
33ms

Document
image/gif

54.194.49.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=sus&i=YjFmIMCo8YwAAEY8LeIAAAAA
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/

Response headers

date: Wed, 16 Mar 2022 04:22:57 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Server: nginx
Date: Wed, 16 Mar 2022 04:22:56 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private
Location: https://rtb.gumgum.com/usersync?b=sus&i=YjFmIMCo8YwAAEY8LeIAAAAA
P3P: CP="See also http://www.scaleout.jp/privacy/"
X-SO-Ads-Time: 3
X-SO-HostName: m-ad130.dc4p.scaleout.jp
X-SO-LB-Hostname: m-tgng40.dc4p.scaleout.jp
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":63,"gdpr":true,"ipv4":"0.0.0.0","key":"YjFmIMCo8YwAAEY8LeIAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad130"}
X-SO-Key: YjFmIMCo8YwAAEY8LeIAAAAA
X-SO-IP: 185.213.155.176
X-SO-Cluster-ID: 63
X-SO-Upstream-ID: m-ad130

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 98E0
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://creativecdn.com/cm-notify?pi=gumgum&tc=1
https://rtb.gumgum.com/usersync?b=rth&i=zzRgTLYREJu97APeWUUD&pi=gumgum&tc=1

35 B
208 B

91ms
52ms

Document
image/gif

54.194.49.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=rth&i=zzRgTLYREJu97APeWUUD&pi=gumgum&tc=1
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/

Response headers

date: Wed, 16 Mar 2022 04:22:56 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

date: Wed, 16 Mar 2022 04:22:56 GMT Wed, 16 Mar 2022 04:22:56 GMT
location: https://rtb.gumgum.com/usersync?b=rth&i=zzRgTLYREJu97APeWUUD&pi=gumgum&tc=1
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 0

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame DEE3 32 KB
10 KB 8ms
7ms Script
text/html 104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 585270e94e864c25e5c174b8bd0ecf45dbca4408d851fecd14260431b79cc43d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 04:22:56 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=45554
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9538
Expires: Wed, 16 Mar 2022 17:02:10 GMT

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame DEE3 0
239 B 10ms
8ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&khaos=L0T25BK1-1I-GS31
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame DDD5 0
746 B 14ms
13ms Script
text/html 185.33.221.88
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.88 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 04:22:56 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 75fc3eea-ff9d-4c0c-bd71-c8acc0b3709c
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync.mathtag.com
URL: https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D

Domain: image4.pubmatic.com
URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=6f8b6231-661d-4400-ac10-576cf4c60b13

Domain: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=

Domain: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YjFmICj7uT3ZSy5NFm43QQAABIYAAAIB

Domain: rtb.adentifi.com
URL: https://rtb.adentifi.com/CookieIndex

Domain: sync.srv.stackadapt.com
URL: https://sync.srv.stackadapt.com/sync?nid=68&gdpr=1

Domain: sync.srv.stackadapt.com
URL: https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=

Domain: sync.ipredictive.com
URL: https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D

Verdicts & Comments Add Verdict or Comment

121 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

97 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.gofile.io/	1969-12-31 23:59:59	Name: accountToken Value: 6r2G8MWgJExjqZ042yuyAOCgIdi1VHw7
.rubiconproject.com/	1970-01-20 10:22:20	Name: audit Value: 1\|naVuGyos1qqJbnvE866saj5APvdogVCbaTd6KyMQnat7y9GyzaExIcGu8D4hCK5q/mPHhSw6P7MzmVBy+hO93FIAbBVu7i8M0A+VO7RH1E0=
.rubiconproject.com/	1970-01-20 10:22:20	Name: khaos Value: L0T25BK1-1I-GS31
.adnxs.com/	1970-01-20 03:46:20	Name: icu Value: ChgIvahBEAoYASABKAEwnMzFkQY4AUABSAEQnMzFkQYYAA..
.adnxs.com/	1970-01-20 03:46:20	Name: uuid2 Value: 690900610146768093
.ad-srv.net/	1970-01-20 03:46:20	Name: u8x7eovwf3h6_uid Value: 48333a6b24b02e60
.ad-srv.net/	1970-01-20 03:46:20	Name: v0rur7gqspb3_uid Value: 3335e64c503673fa
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 379079:2519508
.awin1.com/	1970-01-20 01:46:49	Name: awpv14098 Value: 559379\|1647404573\|bf680e61-a4e0-11ec-931c-22627d215c9c
.mathtag.com/	1970-01-20 11:02:39	Name: uuid Value: 6f8b6231-661d-4400-ac10-576cf4c60b13
.doubleclick.net/	1970-01-20 01:36:48	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 10:58:20	Name: IDE Value: AHWqTUlWf4af1dWkPICR-v8RnBc8v4ce-3H5ldr5oQfX3I7HhVBMn1qVmTIE5H6A
.criteo.com/	1970-01-20 10:58:20	Name: uid Value: ed445869-c512-4b18-9b9b-afd2c0b6f4c6
.gofile.io/	1970-01-20 10:58:20	Name: cto_bundle Value: 1brteV8xeHlmN3NsTThVdlNjd0kxMXRtYUhnZjhSN09MY3BrZVNITmk5Z1pmUHVqTGV6N1ZkWERUZ0FRRW1OUVhQTUQ1WHVGaHNlVncwdUNLYWxiN21NVDEzUDVQcHRGT0RtTE9TRXEweTdkNTRKSjlrJTJGJTJCZUJlUWZkc0xkQ21VOEU4ZEZLblNkVWNrV2k1NHpUcEhGZHFqcDlBJTNEJTNE
.ads.pubmatic.com/	1970-01-20 01:38:10	Name: KCCH Value: YES
.pubmatic.com/	1970-01-20 03:46:20	Name: KADUSERCOOKIE Value: DCC50ABB-A51F-42BB-B968-385825186F75
.pubmatic.com/	1970-01-20 03:46:20	Name: chkChromeAb67Sec Value: 1
.pubmatic.com/	1970-01-20 01:38:10	Name: pi Value: 161102:2
.pubmatic.com/	1970-01-20 03:46:20	Name: DPSync3 Value: 1648598400%3A201_197_219%7C1647475200%3A174
.pubmatic.com/	1970-01-20 03:46:20	Name: SyncRTB3 Value: 1648598400%3A56_3_220_7_161_54_8_21_13%7C1648684800%3A35
.simpli.fi/	1970-01-20 10:23:46	Name: suid Value: F7D5F03D7DDA4FB3B5D3CF788E60BB1E
.quantserve.com/	1970-01-20 03:46:20	Name: d Value: ELMBCwHWJfijAA
.quantserve.com/	1970-01-20 11:06:58	Name: mc Value: 62316620-0ba36-c8a34-97e07
.adform.net/	1970-01-20 02:21:22	Name: C Value: 1
.onaudience.com/	1970-01-20 10:22:20	Name: cookie Value: b2582d779e93e2cc
.onaudience.com/	1970-01-20 01:38:10	Name: done_redirects104 Value: 1
.adform.net/	1970-01-20 03:03:08	Name: uid Value: 889783701472308710
.de17a.com/	1970-01-20 10:15:08	Name: guid2 Value: 1.7858187179105290502
.adsrvr.org/	1970-01-20 10:22:20	Name: TDID Value: 5542b651-74e0-43b0-bcc0-e55e758f3242
.analytics.yahoo.com/	1970-01-20 10:22:20	Name: IDSYNC Value: 196n~23s4
.casalemedia.com/	1970-01-20 10:22:20	Name: CMID Value: YjFmICj7uT3ZSy5NFm43QQAA
.casalemedia.com/	1970-01-20 03:46:20	Name: CMPS Value: 3276
.servenobid.com/	1970-01-20 01:46:49	Name: pid_312 Value: 690900610146768093
.smartadserver.com/	1970-01-20 11:06:58	Name: pid Value: 4865258126216079024
.casalemedia.com/	1970-01-20 03:46:20	Name: CMPRO Value: 1158
.casalemedia.com/	1970-01-20 01:38:10	Name: CMST Value: YjFmIGIxZiAA
.servenobid.com/	1970-01-20 01:46:49	Name: pid_337 Value: y-O6qqRyRE2uEGPAynN_zW7pxwqvw_a858Y1plCNw-~A
.crwdcntrl.net/	1970-01-20 08:05:31	Name: _cc_dc Value: 1
.crwdcntrl.net/	1970-01-20 08:05:31	Name: _cc_id Value: 2b2f53d6c095692368fb96c3e51117c9
.lijit.com/	1970-01-20 10:22:20	Name: ljt_reader Value: 82e1398f1e3d8f43899e7919
.gumgum.com/	1970-01-20 10:22:20	Name: vst Value: e_b355d1a4-c447-4be0-aafa-03631db4697b
.servenobid.com/	1970-01-20 01:46:49	Name: pid_317 Value: 4865258126216079024
.onaudience.com/	1970-01-20 01:38:10	Name: done_redirects147 Value: 1
.adfarm1.adition.com/	1970-01-20 03:46:20	Name: UserID1 Value: 7075548777203562640
.servenobid.com/	1970-01-20 01:46:49	Name: pid_333 Value: YjFmICj7uT3ZSy5NFm43QQAABIYAAAIB
.lijit.com/	1970-01-20 10:22:20	Name: _ljtrtb_273657 Value: 273657
.rfihub.com/	1970-01-20 10:58:20	Name: eud Value: H4sIAAAAAAAAADslzmtoZmJuYmBiam5mZGIIAMzYpMQQAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjU0MDcxNrYwMrKwNDAzsDA0MRHiM9TN0jWM9_cw9cyIqkgHAHoxI2IlAAAA
.rfihub.com/	1970-01-20 10:58:20	Name: rud Value: H4sIAAAAAAAAAOMSNjU0MDcxNrYwMrKwNDAzsDA0MRHiM9TN0jWM9_cw9cyIqkiX4jU0MzE3MTAxNTczMjEEAISUpRg0AAAA
.1rx.io/	1970-01-20 10:22:20	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-0b72df76-fc21-48b2-91f4-f400686849e2-003%22%7D
.adotmob.com/	1970-01-20 11:05:32	Name: uid Value: 076c220400979217c0ef4a7a
.adotmob.com/	1970-01-20 11:05:32	Name: uuid Value: 076c220400979217c0ef4a7a
.adotmob.com/	1970-01-20 11:05:32	Name: partners Value: SMA%3A1647404576247
.servenobid.com/	1970-01-20 01:46:49	Name: pid_309 Value: e_b355d1a4-c447-4be0-aafa-03631db4697b
.servenobid.com/	1970-01-20 01:46:49	Name: pid_310 Value: 82e1398f1e3d8f43899e7919
.openx.net/	1970-01-20 10:22:20	Name: i Value: 7e65fc98-6e3b-4092-84f1-24ec8a3e3bf9\|1647404576
.servenobid.com/	1970-01-20 01:46:49	Name: pid_324 Value: 5107433822890608144
.creativecdn.com/	1970-01-20 10:22:20	Name: u Value: zzRgTLYREJu97APeWUUD
.creativecdn.com/	1970-01-20 10:22:20	Name: ts Value: 1647404576
.adsrvr.org/	1970-01-20 10:22:20	Name: TDCPM Value: CAESFwoIcHVibWF0aWMSCwjul8HZ1cPDOhAFGAEgASgCMgsImq3hh-zDwzoQBTgBWgthZGNvbmR1Y3RvcmAC
.onaudience.com/	1970-01-20 01:38:10	Name: done_redirects219 Value: 1
.yahoo.com/	1970-01-20 10:22:42	Name: A3 Value: d=AQABBCBmMWICEKKzXkPVuSkTKorv224eN_AFEgEBAQG3MmI7YgAAAAAA_eMAAA&S=AQAAAjlnjB_MnAWkLg6-MlJe-cU
.smartadserver.com/	1970-01-20 11:06:58	Name: csync Value: 66:076c220400979217c0ef4a7a
.targeting.unrulymedia.com/	1970-01-20 10:22:20	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-0b72df76-fc21-48b2-91f4-f400686849e2-003%22%7D
.casalemedia.com/	1970-01-20 10:22:20	Name: CMRUM3 Value: 7b6231662005a0&27623166200b40&e6623166202760&f16231662005a0&1a6231662005a0&5a6231662005a0&2d623166202760CAESEJATwYOivVM3c6UeYMfIzt8&bc6231662005a00
.zeotap.com/	1970-01-20 10:22:20	Name: zc Value: df8b58e1-255a-4428-7adc-22a649ef2ade
.zeotap.com/	1970-01-20 01:38:10	Name: zsc Value: %91-%BA%00G%CD%8Ed%C5i%88%D3%BC%FEjP%60%5E%EB%F8w%1B%D9%F6%CD%D7%1C%03%26%22%8E%CA%89%C5%88%C4%AA%24%7B%A2%F3h%99%C4%8E%1EDj%E6%1A5%1ECk7%AD%F1%AAn%A9%29%8E1%EC1%299S%C1%82%1A%87%1C%FC%EB%A5%D4v%2A%2B%5E%96%B1
.servenobid.com/	1970-01-20 01:46:49	Name: pid_321 Value: RX-0b72df76-fc21-48b2-91f4-f400686849e2-003
.everesttech.net/	1970-01-20 10:22:20	Name: everest_g_v2 Value: g_surferid~YjFmIAANYxwqkQAy
.pubmatic.com/	1970-01-20 02:19:56	Name: KRTBCOOKIE_336 Value: 5844-7858187179105290502
.pubmatic.com/	1970-01-20 03:46:20	Name: PUBMDCID Value: 3
.pubmatic.com/	1970-01-20 03:46:20	Name: KRTBCOOKIE_57 Value: 22776-690900610146768093&KRTB&23339-690900610146768093
.pubmatic.com/	1970-01-20 03:46:20	Name: KRTBCOOKIE_80 Value: 22987-CAESENesrz6HCIZO5cDlpp1O1CY&KRTB&16514-CAESENesrz6HCIZO5cDlpp1O1CY&KRTB&23025-CAESENesrz6HCIZO5cDlpp1O1CY
.pubmatic.com/	1970-01-20 03:46:20	Name: KRTBCOOKIE_153 Value: 1923-sYXUMbGB1TCqh4VhtIHKY7_W1DSqjtBlt4Dse5Nq&KRTB&19420-sYXUMbGB1TCqh4VhtIHKY7_W1DSqjtBlt4Dse5Nq&KRTB&22979-sYXUMbGB1TCqh4VhtIHKY7_W1DSqjtBlt4Dse5Nq
.pubmatic.com/	1970-01-20 03:46:20	Name: KRTBCOOKIE_377 Value: 6810-5542b651-74e0-43b0-bcc0-e55e758f3242&KRTB&22918-5542b651-74e0-43b0-bcc0-e55e758f3242&KRTB&23031-5542b651-74e0-43b0-bcc0-e55e758f3242
.pubmatic.com/	1970-01-20 02:19:56	Name: PugT Value: 1647404576
.pubmatic.com/	1970-01-20 02:19:56	Name: KRTBCOOKIE_391 Value: 22924-889783701472308710&KRTB&23263-889783701472308710
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 19:08:38	Name: bcookie Value: "v=2&c1c28f1f-92db-48a0-851e-b1f7d4911758"
.linkedin.com/	1970-01-20 18:58:55	Name: li_gc Value: MTswOzE2NDc0MDQ1NzY7MjswMjHHxu/vp4RKYxdj2Bk3vJhjvQQ9v2qAlUYM9ngcA5+3Bg==
.linkedin.com/	1970-01-20 01:38:10	Name: lidc Value: "b=TGST08:s=T:r=T:a=T:p=T:g=2261:u=1:x=1:i=1647404576:t=1647490976:v=2:sig=AQFbx2Mbb6FNwTLfuHRrglRYtntIkkfk"
.bidswitch.net/	1970-01-20 10:22:20	Name: tuuid Value: 990a7c93-5e2b-4736-9ca6-01adce6e9523
.bidswitch.net/	1970-01-20 10:22:20	Name: c Value: 1647404576
.bidswitch.net/	1970-01-20 10:22:20	Name: tuuid_lu Value: 1647404576
.a-mo.net/	1970-01-20 10:22:20	Name: amuid2 Value: bfa67b4e-b5ce-467b-9b81-5663b94118fd
.servenobid.com/	1970-01-20 01:46:49	Name: pid_327 Value: bfa67b4e-b5ce-467b-9b81-5663b94118fd
.360yield.com/	1970-01-20 03:46:20	Name: tuuid Value: bafd550c-a77f-4d5d-be29-8ec921152409
.360yield.com/	1970-01-20 03:46:20	Name: tuuid_lu Value: 1647404576
.sportradarserving.com/	1970-01-20 10:22:20	Name: zuuid Value: 52ba1fe4-52f5-499e-86f0-9980a2edbeb2
.sportradarserving.com/	1970-01-20 10:22:20	Name: c Value: 1647404576
.sportradarserving.com/	1970-01-20 10:22:20	Name: zuuid_lu Value: 1647404576
.sportradarserving.com/	1970-01-20 10:22:20	Name: zuuid_k Value: 1
.sportradarserving.com/	1970-01-20 10:22:20	Name: zuuid_k_lu Value: 1647404576
.technoratimedia.com/	1970-01-21 21:24:44	Name: tads_uid Value: GDPR
.outbrain.com/	1970-01-20 03:46:20	Name: obuid Value: 474114db-3b2a-47e6-ae7f-0a78526325ba
.zemanta.com/	1970-01-20 10:22:20	Name: zuid Value: _epFcD8HzjKJxHQcgswj
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: 7f1d394445d58343

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://umami.gofile.io/umami.js Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.sportradarserving.com
acdn.adnxs.com
ad.360yield.com
ad.ad-srv.net
ad2.ad-srv.net
ads.pubmatic.com
ads.servenobid.com
ads.yahoo.com
ams1-ib.adnxs.com
ap.lijit.com
api.gofile.io
b1sync.zemanta.com
bh.contextweb.com
bidder.criteo.com
btlr.sharethrough.com
c1.adform.net
c2shb.ssp.yahoo.com
cdn.adnxs.com
cdn.contentspread.net
cdn.plyr.io
cdn4.buysellads.net
ce.lijit.com
cm.g.doubleclick.net
contextual.media.net
creativecdn.com
cs.emxdgt.com
d5p.de17a.com
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
g2.gumgum.com
gofile.io
googleads.g.doubleclick.net
gum.criteo.com
hb-api.omnitagjs.com
hbopenbid.pubmatic.com
href.li
ib.adnxs.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
match.adsrvr.org
match.deepintent.com
media.kaspersky.com
mp.4dex.io
mug.criteo.com
mwzeom.zeotap.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pixel.33across.com
pixel.mathtag.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
plausible.gofile.io
pr-bh.ybp.yahoo.com
prebid.a-mo.net
prebid.media.net
public.servenobid.com
px.ads.linkedin.com
rtb-csync.smartadserver.com
rtb.adentifi.com
rtb.gumgum.com
s.amazon-adsystem.com
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
spl.zeotap.com
srv.buysellads.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssum-sec.casalemedia.com
stags.bluekai.com
static.criteo.net
sync-tm.everesttech.net
sync.1rx.io
sync.adotmob.com
sync.crwdcntrl.net
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.srv.stackadapt.com
sync.taboola.com
sync.targeting.unrulymedia.com
sync.technoratimedia.com
tags.mathtag.com
tg.socdm.com
token.rubiconproject.com
tpc.googlesyndication.com
um.simpli.fi
umami.gofile.io
ups.analytics.yahoo.com
us-u.openx.net
usersync.gumgum.com
visitor.omnitagjs.com
www.awin1.com
www.google.com
www.googletagservices.com
x.bidswitch.net
image4.pubmatic.com
rtb.adentifi.com
s.amazon-adsystem.com
sync.ipredictive.com
sync.mathtag.com
sync.srv.stackadapt.com
103.229.206.240
104.111.215.191
104.92.74.8
104.92.94.3
124.146.215.47
132.226.41.106
141.226.228.48
142.250.184.226
142.250.185.226
145.40.89.200
149.202.85.166
151.101.193.108
151.101.194.49
159.203.25.119
169.197.150.8
169.50.137.182
178.162.133.149
178.250.0.157
178.250.0.165
178.250.2.151
18.157.49.120
18.159.54.110
18.195.155.181
185.183.112.155
185.184.8.65
185.255.84.151
185.255.84.152
185.29.132.246
185.33.221.87
185.33.221.88
185.33.221.90
185.64.189.110
185.64.189.112
185.64.190.78
185.64.190.80
185.85.15.31
185.86.139.89
185.86.139.93
192.0.78.26
193.0.160.128
198.148.27.140
2.18.232.130
2.18.233.180
2.18.233.201
2.18.234.21
2.21.140.74
213.155.156.169
213.19.147.44
216.52.2.19
216.52.2.30
2602:803:c003:200::51
2606:4700:10::6816:1957
2606:4700:20::ac43:4bf1
2606:4700::6812:372
2620:116:800d:21:36a9:ecb:e518:b308
2620:1ec:21::14
2620:1ec:bdf::60
2a00:1288:80:807::1
2a00:1450:4001:803::2003
2a00:1450:4001:809::2002
2a00:1450:4001:810::2004
2a00:1450:4001:812::2001
2a00:1450:4001:812::2002
2a00:1450:4001:82b::200a
2a00:1450:4001:831::2002
2a02:2638:1::3
2a02:2638::1c
2a05:d018:d29:3602:741:642f:e5f9:56af
2a06:98c1:3120::7
3.126.56.137
3.33.220.150
34.107.148.139
34.98.64.218
35.156.203.69
37.157.6.241
46.4.10.47
51.178.66.33
51.210.112.63
51.38.120.206
52.19.170.216
52.19.209.179
52.210.102.59
52.28.203.152
54.194.49.117
54.229.233.249
64.74.236.159
67.202.105.23
69.173.144.138
69.173.144.139
70.42.32.255
85.114.159.93
88.99.65.215
94.31.29.32
99.80.137.87
04f5d63c75f9fabede423b3d013e6efd9a448190898a34499a4010a59014a8d2
067202c8cbcb9d03bd44cfa501da78fbfe7ae53dbb3031716d7c7f5da32e5168
0849eef021b381cb3f64d424bdd29839513dbb4e964aef0420136906426a18de
0a3778ae563dd5b1c69c9ab4d7d2e22a228a9cbd28dac16295d334d67b7e3f57
0aed7796e0fc7c38c5d07d735facccdb22b8da8d819fddd6932613ed093ba388
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c68395ad843ce5107774011154103ae8d17d44f3cafc73e6395bdd05da753c7
0d76b37bb92d235752c1495fc0bc68a363c9d89a028dbb95c171358ee275abff
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
10729e2e06613681edd9eff8668c8a276d888512669cf14d9548e8b608be091c
122854df4f39cf922db317714c2ff0eccab27a1028c14a5aa2211f48b7e0eade
150fa4d262057d65d54da5b56ab877a8ac7c2175f9066e5fe901bed299148da1
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
185eba1d38f44850f08ac5b08f3804f664e16d4bfcf2182577c36d492c23a94d
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1b46304fd8b0f479ceb597b36a8a086f2268ef7ef95c50ced939301e70ca330b
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
1eeaa9afd461c6df55ffad40e5b003b9f2303727cc0276e677cf61bf9023284a
21cd44e7d4bbf13a5df9e60c0245680c5e23cc9733db60422c579db95a5f3b58
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
27c49b3975aa858e509627f334a552d16873858ab26aac92f34fb87ec96b6143
2b17ec388370e87e9c0bb6b8fc5898c1bd9c907b0f01a5b22e6273945127c151
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
327f60006e399d96d711bc4bc9b08b12cdd2f0a600a3c26edde260b30aa3e6b1
32d285cd054745b43159a6fcfa2e4f5c7078b3aab534c0644e1c8468113861d6
358cfc8eb339a8ee01040ab6926f11d3c8dd16f43a93764639e7e89f5a1923f8
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
3bc1db107f6b5f7a7f22066aaaa648c90814fe550177617ae8fb82c4b462e69e
3bca31a2b4885fc441f2ba7a1a4ae16d5f8c1103b337ad3a3c6a5e2169277f04
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
422190a100c0b2fe225bb86bbff667ccbb18a2e0344d57fcb25c00ef02d90eeb
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
44fee36c75acf39bd566c3b426c1b2f52ecbb20555ee382fad5e3ae39a3df3dd
46e1f2a1964fc059f192752721d01324005cbc6a0c311fe1adf14a074499709e
4846018760f6e11a8a1dea7639a5c75c712f198d978eccf117840820bb8c37d7
4a18b0faf6a447454e134730303202f8416b72f1d4f744b1d3b4646636240eb7
4b849c029d79403f00e62773f95223cfd9d2b9864d548ee7321d76be8ff08414
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e3a5894e71628ced83517280f213abe0328eb324f06a6d0cb2886f7501f231c
543eed863c785ee28516e5cca6e1ac5949e9ef069e3a3b795aed4724f5d442dc
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
54bf53f507e33bf1060b3baee42b53596cc892c0241834ecf9f3b9d402ea3238
5665b2e47fd5e606eb9472c714f7812a2fe489aeac592a6f5dd720558cf5b103
569a98cd5a225d69c9e8e586cea6eb7968d64b9a6ede62e8ab24122f2403e9a1
57295e104846443dbc29750f239b02f5a399f19965af058889216450cb985387
585270e94e864c25e5c174b8bd0ecf45dbca4408d851fecd14260431b79cc43d
5dc2cf343491eece9dde6fb0972278df0ade7bea4d47ea45a5b03b5dae890e31
5f1bca04b7dec5de15be85d13c4ecfb46e4dc089bcfa5f39d6867b3005749bf7
624716d62cd430a7e0430a3e0b14b02e57a8164ebd1db63e06e4b00eb4906fea
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
680f6c82f8fa9c070ae385a67ef92c0bbcba6759c5a5845a725102e7ec299622
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d65d278ec9eb780d03ddc84b9b8df46fa4f50754f36677cb7d284d5b27870b0
7157511697db744d384a5a2a8646af23f3c90560abf93bb240fdd690b29a898a
7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4
73de4254959530e4d1d9bec586379184f96b4953dacf9cd5e5e2bdd7bfeceef7
755b3b63190824c756288c7e13867b28622bb07d8fecc1e3e160cdbf34f3b105
783745ffc7062b10c2330658ae810693bdac5a5e0d06afa886807fc803af3305
7b95179ac6f73e2caef39b3a782c523ad2ce768b72f9d2a9a2938836f489934b
7d51de4d3843ea8ce29b55f76a92be3411aaed3a37f4bb90d8fd6562c2b612c1
7ec9a66beb8a31694180b2ca6564511b740659bffa8faee4b0824ef05370797c
7eec3429c76cb48e5fd457c5afb71b7cf34bc4298d53023bae8aea715443b4a9
7f6aabe00294f5aa9538ac398d01f6f35c910c09fdb42ea64bef7f2db32e40c0
8003da346d6da6032a44089cf7043a54e201a9f1e0309e3583301fe786c1ee8c
80ca123439be07d55e834d09f2249ed7256307fb6b87500a8dabca7789437dee
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84bb42496434c289a0e24948952177395e6fad092d2203ecc89fce7d039e78cd
85bd0e28180f06b7f944d35dd07ef1ce75d6d9b63c2d70cb8e65f8b566c43db4
8996d7b9fba17a4ad4880bb154f6b56d33f9ff87ecf4f830bc0488cdc1616f55
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8afc6e5e842baab16010c2ce6fcf48ec4ded8e1579a37c1f1bc027e120d04951
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
907fd0bf7d06cbd2ec108f95dffeee6095abf558973991fc1cc5d07be859ae56
9b8e193386fed60dc19da4653d1110cfa763172435639667fe1fd2ac802c943c
9f2941c83a623b1ea748b494f9aeee6c0ac1f04716671b1f0e9258fd1b765b71
9ff0aecab9bebf5e4d8a6d2627666b1251e50a4f2b689b3fe7b59e0ac2330ebe
a0cbaa60f56bdd8769b62ba1002b7c54306e2d28b35f7495cde94edcf5f7c539
a24420e501c338380768ef32454c987af4bc7b826f9a29c4c1da436e918c76c9
a32fdd00b25902a6d6fac18d592d8f6b5887fbb1e4d33f6ff83c591771a2530a
aa486dfb8b2e63ada84bbef7b8e69d90e400510f3c1e2bfeb22c5367c95ff927
abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
ae117c0151118a5b6c98aaccaf17b9564a0670b51ef3d4a0f1a04ac025402ac3
af292b8cb1c745bd6c592fefaf9477c37efe47b1a65f04adaa824dbdd1cdf80d
b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1623d7e523fd7d283d6a6ab54ad51ab395355355f2b8b293d1e8c34ce3b9865
b9884967d513a83c3f78d34cea62c19f0e4656c747ea333a897269eed5cd3d18
bafec5f524f6bea31f6ca01b7dd3ccd8c0cbf4a6c5b4d9783f9cb2bda56479e8
bd54241a6ef534d4fd55a95d52035292958c4a55c350f8bb38b396ef4f49c1e5
bd7138d876634edcb99c1d87639d87093533659531776ab2177d3a7f98bc01f0
bf21717eb9d6b396f3a9a20f66d264678ebbffac2b8bdce1a864b61b7346eaf3
c032f457a22939a4ffc32054beb78ec9a083aac1d3afa09ce6286ca77762eb25
c056c09f2bb6050b35013cc7746df64f135013292e3d173d1a4311cbe86409fc
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c39d994e33ee115b35d7872dbea911a99508c74e34629725343b269b5d5233e4
c57098847132558434bebf01809e4be5dee35a9e4e67104f5325d0004dce68f5
c652cb3dcc3b49133285c42c49b296c3a3af4f9fceffde1022a6e3539e2422b1
c763dd2017f51a33c4dcf135434388b7ac300c9595d4e5bb567960e596358f39
c7dcd5dc99e695fd39786df2ebe02cc8acc961d3f7ab0f826a515563a3a44448
cad04f1e55ed6543d1dbd9672e6ea9f9d658c0053e8345e9c8cb160f88b4947e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d01dffdef6c5011e22a9fa1bebd9fcbb6d61f026316e1eaeac15e5da1aa7b2e1
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
d10fcd57fbc3eb87320fe1469bcb522ded6c480f48ed51c511ef6da20f165760
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
ddde9a4395ec0a76e64e0745068854bf75fd27848d5ec208df787dfe716642fd
e286a9ef7d2064a4cf7026449941a557c7123aa84ef2a17cf79a38820f5474bc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
ea26c78f630f8d3924b66a3966e9d96b6ce9217ee085f6db77fa191e13a59848
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ede776a5364be2c5b90736033c8c1213ec14ec309ca3bc31a01448eb068d14f9
edefbb5bafbee7ae033639db39b94b1dc77540675dcda9daf488777f2bdfaedb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0db559643757236da1b7b82a1855c9d95339241e3ff9a77184dc37404ae7f5f
f3ccbc819fab7a4b6d0865f260c6881016e28335d0681f49d2a6600fd48a9690
f8e7e4de1e9f1853967930e65e54635ba278937653525e048ec92f5639139f6d
f97c1b98e687c3c6c00f53eb11a7795a511656bfd533099ac5ea353cc0ea3990
fa2c12db4e6c27170f5bb79af6de8b2c9bdd94f7dc2acee94b6706c826f3dc9b
fc4734a05c8fef24aff435e66dd05ac37e6a6ce3659862c9b8043fa3ebd7d457
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ff6956c6d9b77bdecabeef7eafb5625c810cf5694db1204d0a48e102ecd73c89

gofile.io Open in urlscan Pro 51.178.66.33 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

220 Requests

80 %HTTPS

20 %IPv6

68 Domains

107 Subdomains

70 IPs

9 Countries

1790 kBTransfer

5473 kBSize

97 Cookies

6 Outgoing links

Page URL History

Redirected requests

220 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

gofile.io Open in urlscan Pro
51.178.66.33 Public Scan

Screenshot
Live screenshot

Full Image

220
Requests

80 %
HTTPS

20 %
IPv6

68
Domains

107
Subdomains

70
IPs

9
Countries

1790 kB
Transfer

5473 kB
Size

97
Cookies

220 HTTP transactions
5 data transactions