www.winhelponline.com Open in urlscan Pro
2606:4700:20::681a:c Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.winhelponline.com/
Effective URL:
https://www.winhelponline.com/
Submission: On August 16 via manual (August 16th 2022, 4:28:47 pm UTC) from US — Scanned from DE

Summary HTTP 173 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 49 IPs in 8 countries across 37 domains to perform 173 HTTP transactions. The main IP is 2606:4700:20::681a:c, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.winhelponline.com. The Cisco Umbrella rank of the primary domain is 458460.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 3rd 2022. Valid for: a year.

This is the only time www.winhelponline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 44	2606:4700:20:... 2606:4700:20::681a:c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400e:80f::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
16	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
3	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
5	108.138.4.10 108.138.4.10	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
3	23.205.241.117 23.205.241.117	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2606:4700:10:... 2606:4700:10::6816:3556	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	162.19.138.82 162.19.138.82	16276 (OVH) (OVH)
2	141.95.98.70 141.95.98.70	16276 (OVH) (OVH)
1	104.96.145.101 104.96.145.101	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	52.41.7.133 52.41.7.133	16509 (AMAZON-02) (AMAZON-02)
1	34.96.70.87 34.96.70.87	15169 (GOOGLE) (GOOGLE)
1	18.66.97.109 18.66.97.109	16509 (AMAZON-02) (AMAZON-02)
1	3.143.73.72 3.143.73.72	16509 (AMAZON-02) (AMAZON-02)
1 2	52.31.65.246 52.31.65.246	16509 (AMAZON-02) (AMAZON-02)
12	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1 4	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
2	35.190.39.111 35.190.39.111	15169 (GOOGLE) (GOOGLE)
1 2	34.120.107.143 34.120.107.143	15169 (GOOGLE) (GOOGLE)
1 2	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3 4	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
3 5	104.18.19.126 104.18.19.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 5	185.89.210.46 185.89.210.46	29990 (ASN-APPNEX) (ASN-APPNEX)
1	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2600:9000:206... 2600:9000:206e:1000:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
6	2600:1f18:1ac... 2600:1f18:1aca:4282:66a7:18bc:d1f9:4f18	14618 (AMAZON-AES) (AMAZON-AES)
1	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1 8	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
4	54.93.94.47 54.93.94.47	16509 (AMAZON-02) (AMAZON-02)
1	147.75.85.234 147.75.85.234	54825 (PACKET) (PACKET)
1	3.90.126.211 3.90.126.211	14618 (AMAZON-AES) (AMAZON-AES)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	51.38.120.206 51.38.120.206	16276 (OVH) (OVH)
6	172.67.10.198 172.67.10.198	() ()
1	216.52.2.19 216.52.2.19	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1 1	52.48.53.23 52.48.53.23	16509 (AMAZON-02) (AMAZON-02)
1	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
173	49

44 2606:4700:20::681a:c (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.winhelponline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400e:80f::200a (Ireland)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

go.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
basher.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 108.138.4.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-4-10.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.205.241.117 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-241-117.deploy.static.akamaitechnologies.com

c.aaxads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
l3.aaxads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:3556 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.82 (France)

ASN16276 (OVH, FR)
PTR: ns31532337.ip-162-19-138.eu

lb.eu-1-id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.95.98.70 (France)

ASN16276 (OVH, FR)
PTR: ns3216620.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.96.145.101 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a104-96-145-101.deploy.static.akamaitechnologies.com

www.aaxdetect.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.41.7.133 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-41-7-133.us-west-2.compute.amazonaws.com

id.sharedid.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.109 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-109.fra56.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.143.73.72 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-143-73-72.us-east-2.compute.amazonaws.com

prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.31.65.246 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-65-246.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.39.111 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 111.39.190.35.bc.googleusercontent.com

esp.rtbhouse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.107.143 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 143.107.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::13 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.130 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.18.19.126 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.89.210.46 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:206e:1000:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:1f18:1aca:4282:66a7:18bc:d1f9:4f18 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.2.137 (United States) 1 redirects

ASN54113 (FASTLY, US)

capi.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cd.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cds.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.93.94.47 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-93-94-47.eu-central-1.compute.amazonaws.com

pb-server.ezoic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.85.234 (Schiphol, Netherlands)

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.90.126.211 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-90-126-211.compute-1.amazonaws.com

hb.yellowblue.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.38.120.206 (France)

ASN16276 (OVH, FR)
PTR: ip206.ip-51-38-120.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.67.10.198 (None, )

ASN- ()

prebid.smilewanted.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.52.2.19 (United States)

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.53.23 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-53-23.eu-west-1.compute.amazonaws.com

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	winhelponline.com 1 redirects www.winhelponline.com — Cisco Umbrella Rank: 458460	325 KB
25	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 124 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 160	190 KB
16	doubleclick.net 3 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 222 googleads.g.doubleclick.net — Cisco Umbrella Rank: 55 cm.g.doubleclick.net — Cisco Umbrella Rank: 208	271 KB
11	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 801 static.adsafeprotected.com — Cisco Umbrella Rank: 594 dt.adsafeprotected.com — Cisco Umbrella Rank: 538	108 KB
8	connatix.com 1 redirects capi.connatix.com — Cisco Umbrella Rank: 3936 cd.connatix.com — Cisco Umbrella Rank: 3596 cds.connatix.com — Cisco Umbrella Rank: 3700 capi-tier-2-us-east-2.connatix.com Failed img.connatix.com	412 KB
6	smilewanted.com prebid.smilewanted.com	533 B
6	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 98 www.google.com — Cisco Umbrella Rank: 10	1 KB
6	ezodn.com go.ezodn.com — Cisco Umbrella Rank: 8459 ezodn.com — Cisco Umbrella Rank: 8178 g.ezodn.com — Cisco Umbrella Rank: 54288 basher.ezodn.com — Cisco Umbrella Rank: 9952	217 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 238	12 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 530 ssum.casalemedia.com — Cisco Umbrella Rank: 1365	5 KB
5	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 323	46 KB
4	ezoic.com pb-server.ezoic.com — Cisco Umbrella Rank: 6445	2 KB
4	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1443 id5-sync.com — Cisco Umbrella Rank: 541	26 KB
3	gstatic.com www.gstatic.com	15 KB
3	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 401 mug.criteo.com — Cisco Umbrella Rank: 2755	8 KB
3	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 3853 google-bidout-d.openx.net — Cisco Umbrella Rank: 3639	584 B
3	aaxads.com c.aaxads.com — Cisco Umbrella Rank: 2620 l3.aaxads.com — Cisco Umbrella Rank: 3912	161 KB
3	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 267 fonts.googleapis.com — Cisco Umbrella Rank: 67 imasdk.googleapis.com Failed	33 KB
2	rtbhouse.com esp.rtbhouse.com — Cisco Umbrella Rank: 27961	235 B
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 187	87 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 8117	914 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 52	20 KB
1	wp.com pixel.wp.com — Cisco Umbrella Rank: 2171	126 B
1	servenobid.com 1 redirects ads.servenobid.com — Cisco Umbrella Rank: 1885	315 B
1	lijit.com ap.lijit.com — Cisco Umbrella Rank: 679	750 B
1	onetag-sys.com onetag-sys.com — Cisco Umbrella Rank: 792	368 B
1	pubmatic.com hbopenbid.pubmatic.com — Cisco Umbrella Rank: 518	121 B
1	yellowblue.io hb.yellowblue.io — Cisco Umbrella Rank: 7566	411 B
1	a-mo.net prebid.a-mo.net — Cisco Umbrella Rank: 1237	283 B
1	uidapi.com prod.uidapi.com — Cisco Umbrella Rank: 6484	5 KB
1	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1275	9 KB
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 27625	2 KB
1	sharedid.org id.sharedid.org — Cisco Umbrella Rank: 5604	904 B
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 627 csm.nl.eu.criteo.net Failed	13 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 4006	8 KB
1	aaxdetect.com www.aaxdetect.com — Cisco Umbrella Rank: 5473	323 B
1	eu-1-id5-sync.com lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 1685	335 B
173	37

	Domain	Requested by
44	www.winhelponline.com	1 redirects www.winhelponline.com
12	tpc.googlesyndication.com	010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com securepubads.g.doubleclick.net
10	pagead2.googlesyndication.com	www.winhelponline.com 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com securepubads.g.doubleclick.net
7	securepubads.g.doubleclick.net	www.winhelponline.com securepubads.g.doubleclick.net cd.connatix.com
6	prebid.smilewanted.com	go.ezodn.com
6	dt.adsafeprotected.com	010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com www.winhelponline.com
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net go.ezodn.com
5	googleads.g.doubleclick.net	pagead2.googlesyndication.com 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com www.winhelponline.com
5	c.amazon-adsystem.com	www.winhelponline.com c.amazon-adsystem.com
4	cds.connatix.com	cd.connatix.com
4	pb-server.ezoic.com	go.ezodn.com
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	www.google.com	1 redirects 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com tpc.googlesyndication.com
3	www.gstatic.com	010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
3	static.adsafeprotected.com	010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
3	010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	capi.connatix.com	www.winhelponline.com cd.connatix.com
2	fonts.googleapis.com	010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
2	gum.criteo.com	1 redirects static.criteo.net
2	oajs.openx.net	1 redirects www.winhelponline.com
2	esp.rtbhouse.com	www.winhelponline.com
2	www.googletagservices.com	010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
2	fw.adsafeprotected.com	1 redirects 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
2	id5-sync.com	cdn.id5-sync.com
2	cdn.id5-sync.com	www.winhelponline.com securepubads.g.doubleclick.net
2	c.aaxads.com	www.winhelponline.com
2	adservice.google.com	securepubads.g.doubleclick.net
2	adservice.google.de	securepubads.g.doubleclick.net
2	basher.ezodn.com	www.winhelponline.com
2	g.ezodn.com	ezodn.com www.winhelponline.com
2	www.google-analytics.com	www.winhelponline.com www.google-analytics.com
1	img.connatix.com
1	pixel.wp.com
1	ads.servenobid.com	1 redirects
1	cd.connatix.com	1 redirects
1	ssum.casalemedia.com	1 redirects
1	ap.lijit.com	go.ezodn.com
1	onetag-sys.com	go.ezodn.com
1	hbopenbid.pubmatic.com	go.ezodn.com
1	hb.yellowblue.io	go.ezodn.com
1	prebid.a-mo.net	go.ezodn.com
1	google-bidout-d.openx.net	oa.openxcdn.net
1	mug.criteo.com	www.winhelponline.com
1	prod.uidapi.com	securepubads.g.doubleclick.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	id.sharedid.org	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	l3.aaxads.com	www.winhelponline.com
1	www.aaxdetect.com	www.winhelponline.com
1	lb.eu-1-id5-sync.com	cdn.id5-sync.com
1	ezodn.com	www.winhelponline.com
1	go.ezodn.com	www.winhelponline.com
1	ajax.googleapis.com	www.winhelponline.com
0	csm.nl.eu.criteo.net Failed	gum.criteo.com
0	imasdk.googleapis.com Failed	cd.connatix.com
0	capi-tier-2-us-east-2.connatix.com Failed	cd.connatix.com
173	59

This site contains links to these domains. Also see Links.

Domain
support.microsoft.com
www.microsoft.com
www.twitter.com
www.facebook.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-04-03` - `2023-04-03`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-18`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.aaxads.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-11` - `2023-03-15`	a year	crt.sh
*.eu-1-id5-sync.com R3	`2022-06-01` - `2022-08-30`	3 months	crt.sh
*.id5-sync.com R3	`2022-05-31` - `2022-08-29`	3 months	crt.sh
*.aaxdetect.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-11` - `2023-03-15`	a year	crt.sh
oa.openxcdn.net GTS CA 1D4	`2022-08-09` - `2022-11-07`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-21` - `2022-09-23`	3 months	crt.sh
id.sharedid.org Amazon	`2021-12-09` - `2023-01-06`	a year	crt.sh
invstatic101.creativecdn.com R3	`2022-07-29` - `2022-10-27`	3 months	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh
*.uidapi.com Amazon	`2022-02-10` - `2023-03-11`	a year	crt.sh
fw.adsafeprotected.com Amazon	`2022-04-28` - `2023-05-27`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
esp.rtbhouse.com GTS CA 1D4	`2022-07-29` - `2022-10-27`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-15` - `2022-09-18`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2022-08-06` - `2023-09-04`	a year	crt.sh
dt.adsafeprotected.com Amazon	`2022-04-10` - `2023-05-08`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.connatix.com Go Daddy Secure Certificate Authority - G2	`2021-08-20` - `2022-09-21`	a year	crt.sh
*.ezoic.com Amazon	`2021-09-29` - `2022-10-28`	a year	crt.sh
*.a-mo.net R3	`2022-07-04` - `2022-10-02`	3 months	crt.sh
*.yellowblue.io Amazon	`2022-04-23` - `2023-05-22`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-10` - `2023-01-03`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2022-06-27` - `2023-06-05`	a year	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-11` - `2023-07-12`	a year	crt.sh

This page contains 16 frames:

Primary Page: https://www.winhelponline.com/
Frame ID: B4D28E5274F010477BC8D0F472836FE9
Requests: 137 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220811/r20190131/zrt_lookup.html
Frame ID: 45795222B104E95BBCEDD8D55CB245A1
Requests: 1 HTTP requests in this frame

Frame: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: F33C1D079AA146A77AC32D85C057D859
Requests: 1 HTTP requests in this frame

Frame: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9E83B62D3F8476C5C276F440045C5258
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIXULRDioeABGIjjwNABMAE&v=APEucNW9StuqMTzIILNWozRDRp8ZDH68Ht5vG25TenbudnzO6vsHow-wZjl4ZVlf4qV2EVC333W30mfmgHdJXyJ00JZfs84sVfYLf8mqTYjv6RzSGG3DSUiJqg2iiFlR8glIGwzaLEJqLVRvF-dDIig-DI49rINwdS8XcSCSJGyw-q5CLZjxlUmGQqLjZW5L23xsRX_SDrziw8v1QMtziQrGTdIkLyCRrQ
Frame ID: AF603C9BDFC4AB2E6F086AD71C722C35
Requests: 5 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.winhelponline.com
Frame ID: 347495DC9420585D5CAF2C47C929EC7E
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 7063C7019F1CA4C655DC7F7A575D0B29
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: A68CAC6B27283FBBAC454879B11C816C
Requests: 1 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 529FE35632108D3EABC49DFFC1E26528
Requests: 1 HTTP requests in this frame

Frame: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 6F484109862502A2248E651C4E27D1A3
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Open%20Sans%3A400%2C500
Frame ID: 8FD27193FE9B67FC59D67EAB122F4882
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 87D6C4AFA01C9B4033310AF221A1C6DF
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/lIG_-rjQweUtsPTJkqViasoL1XPo6OtXzg5InKx-NMQ.js
Frame ID: FD19B38C883CBE2D655730416BC479BC
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 91C8D3E8D41B79990F78AE2AD0C4447F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 8F22938B781044AFAA139AAFC7BF4EAA
Requests: 2 HTTP requests in this frame

Frame: https://cds.connatix.com/p/176221/connatix.player.dc.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Frame ID: BDDB5BE5B6838DBC403FB6F04DD5775D
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Winhelponline » Windows Help, How-Tos, and Tech Reviews

Page URL History Show full URLs

http://www.winhelponline.com/ HTTP 301
https://www.winhelponline.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

173
Requests

91 %
HTTPS

41 %
IPv6

37
Domains

59
Subdomains

49
IPs

8
Countries

1972 kB
Transfer

6215 kB
Size

40
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://support.microsoft.com/en-us/topic/september-10-2019-kb4516065-monthly-rollup-2ed6d10e-dd65-1507-2e76-1fab172e6daf
Title: KB4516065

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-us/download/details.aspx?id=103668
Title: Reference Spreadsheet

Search URL Search Domain Scan URL

URL: https://www.twitter.com/winhelponline

Search URL Search Domain Scan URL

URL: https://www.facebook.com/winhelponline

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.winhelponline.com/ HTTP 301
https://www.winhelponline.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 112

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.winhelponline.com%2F&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.winhelponline.com%2F&rid=esp&cc=1

Request Chain 114

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE_b4gYa8lnu8RZkJh6Ww8g&google_cver=1

Request Chain 115

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YvvFumtqNix8WP46dvetiwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHPz0_Joxox1HMFzoxuCnFs&google_cver=1

Request Chain 116

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEEZEWxZJ5i7bqvXS2NTSsqk&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEEZEWxZJ5i7bqvXS2NTSsqk%26google_cver%3D1

Request Chain 117

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDUyNDQ0OTQwMjgxMTQ4MzY5OA%3D%3D

Request Chain 119

https://gum.criteo.com/sid/json?origin=publishertagids&domain=winhelponline.com&sn=ChromeSyncframe&so=0&topUrl=www.winhelponline.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=NTade3xVTHVjU2hMVjVaV083THU5dkY4b25RT09tUnJvNzVlLzhTZU41VTlXSGREZGFCcEM0UjRmeW9NdHFQN1dTZGVOVU41aVVld1dVNTI4c01wampSaFIrK0hTNC9wZmhwZ3ZFU1Z4L3J0V1V6cXZSODRBd0ZSdXdXd3JsRUlLZU5qUG91U2lha0ZLTEhjMXY5eEJnUHFoRFNxMlZ2Wi9ZaWFXU3FRcGdkaTNzWjlpRnJTVk9LUkVGaUdXNDB2bHlITEhiQTRkRTE3M0IvUG5DVENZM0xWdHYzZ1ZWV3Y5SU9kWDJ3aG9vbzRUU0dQSmdaTncwSHJ0eUlsQ2RoenRwTTVLUkpBU2ZZVXZLSHZramExdHlwREl0dz09fA&cppv=2

Request Chain 121

https://fw.adsafeprotected.com/rfw/bgd/1124391/64930536/xbbe/creative/adj?p=APEucNUgesl61hj9FjY31ZylvQN4kWuSOMeOXk0fpIAynFDceWrj3P8&d=CokBAKAmf-DlOtniprm_T2kiPUX0HAAHDWrM2zm_w3t1ke_G27Q3hx6CgNSkTIpE_dDi7JKlfrgWPLDynyPoT_2aXLmU3XWxzz0ptpfT40BpR2jMO_o9f9G5xLVXXuTylhvUkqZOIz7vGXinYLTAfxNFlBtvkH-vhGaPSRyL1g2rPWplBKOVY-u5JLISiRQAoCZ_4N8ngcYCpyPqv03zOrtIVm8m9k02HjDib_05TZMh3Eoe55OHn8_Uay52EPy6i35dfqdIWjhhibdmZ0vpuW82OkOilnseATzGQ4AonlOZO8T6oalyvabDNrIkwU74w--Tr-wP43epDLxImGnEolxAJ567xdtYKK6y3hTQYn7xL7wnrVwlX-lwoVJAzVRLcnxwtkNwK5vZkJR4ZnKdo9xth2Nk7VEiMkbbpEX4ddRf4q65VZZp73FPskU8eqhvfFits1aJXVFoavJWL_c7zVKKGF9HTqXTRlbkxUWtxIpM_WtlTToxKm1IsyS-FqtJiKw0A65FOJ3-WoLLTl4TA86uUoHV9n2ZyhAI28freSXIFUUSxg2BSNKvdyJSlFh3oPI9Jol4_zMtFACotZXaoadqFnrsI7HYyDBoNFOPaozwvwEXtr3IPiAfvbuyfCWP-mGo-E4hKG_1yfbGZmxrI2jRCaPVy865dI-PLA7X6RvB7hDN5zJjiTp2qlLXLY3_2r7owXL4jNcIg41u8TLje2aYNhGpkmMGE2VADVBxwwuO2k0V1Mdlsp06gKwVDLDzieU9g-4Dgr6najSLSO2RLgU8hVjzUBYBiuExqXLkUYV3VRNHs-9r96RTL848-oDJG3TrY__ik_fMKJW12H9X1fDp90TC8-3pDbK9ERVTUb-TV7WXk7GjkbYqyxpt9_qPedWS51-eeD6m2tHaTmEXwWxUIeuARNcc70C4VYQAhexRz8dkfCg0X8Byjl-1ls3gA-rXC6Ks1ieV2Bft1mpgS7HaGEZEymHyvGK079bz4J8YekeYchYgXtVfBLiJbkxNOjxY7KyD7r5zDDpdjAk3YMV6NvTAvoLdXo-oUx_QtoYu8svktSe-JPha0goTiwW8oPbz4IlopOrrdVybotOj7fzLZc3V6rwlbt1S5j1ewJzimrlv9wBVwcD2CjuBYN9Tp7WtTUA2PXajQasMXgwpm1R3tiwt6Gej7j1i1yfIRNwdOpApvymLT_OYzkFGKwC8G3RyubZBu4Qf-bzmw3JOfI2gR4AURuWrttYqSYq0h5l42Y-R1F_xUy3M2fFkdt79M7ATQw9M5YJQk4_7-nXet6YzEUhISwYIrQcS3_QjIN_Dn3L1gKle64IOD1OEjuow2oQW61j3CP6F9tAP4Z9Kpew91bjVMjXfTMrA4uR1QExFwLiWI-WUpFJbMT2j1xqyoOM9Wwn5i6la7-Etw_V0nhK_cXXgS5vxyXKC-10XcwLZfqLj7mDFA7Aia_e0czuneX-dESTK8isbYf3V9jJC0RehSAoWfCCUYPTfhYmBf6Bv1fp0MTCPx10GpEG4pZOKzPA-hLZnrjT1iAW7-UtiHu-1ypWWHkvoeTYjGORGEM1UaFx1mFECK2zgSOtxCr8DoG0HbcKmTf4aTjrOX69CfcHTwD2ykxeA8t6tntffXBWZnBEW7EHUIghSKEJalsTvZeH5Ay7cLr9lc5DlWdshVlDd_tuEbvhpEb_Mp9z61CwPZAtPKjw8sFYRfGReXKyAAV-dkYO3GUSyz8YJion1uzPnYGUfc8_uQ7VU6gFLRoQYo7FaIidZjtKCIturhQsq_DEj6D099RaYn-IZ815heaMkefyvIt9sjxXQczKqam_thMXBcWE0eTOUQMejg7QhetkFD_KS0kpE2KHHqmCRXnSMwle5AUQ9Xq5ZCQ03x3tYyBx4Yau9XlEw14SaiTeFHpAyudsVcbJbcn3sDe00hP1x0kLds3fb6fCQpOAyCPbUaAjsTesYCFs5uxshRcc_WIs-0md34cBi0aaVDIvbbnKCB8gIq1_oU6NQNCI3xahQ4_McbphZrBI6w85e2EOK1pQcDOtTvMpIme8GFMQvgvo38zrQ84m_m1Mvi-6B3RnebMmOL10s4NHxLhVgxNjSyVuk1TurkDADqz3Z8wIwXvQAK2jUTgpB0hRQeRlRddqZZjWDt6_Iawsozj9vO0douitP_VeLfzSgxXDaLrSC87yqaMb4e_5JBh5dpycv1SZ-5NNESWHkHlbIM-_r6wrZOJGpy3KqPuZOAhlDwVszoYnWGaNp2jPGpmwPK5bROYOK4OR19pvrrQbWNX3ubYdnJ13AqxTynTvpkfmV9O4dZXdk4UVr1cuK99h3iKzELh-dShyha3UrTXXHD3Ng37KAGlE6x9z7FIeSQheFGfdyi534ccVpmbMH4gQ8UccEwEYOUFkTGCW-l0lTIYv0v2HZt7tpaQxztwRACpQdt0BH33LEmQfpgHn7jIIE23jx4WG6RvCuy4LNM92ay6qQoRcbAYpmzoLTbbelIiTdnmrE6sllnQD_Jv-B6T3j6WPLZsk0tC91sZv1rFU2HiSxXLy7lndhxe5s1aG3DStF1D6yydXBBaGGfcjLUFnqSh5gYq4VpV4JdRIe8TZmnbjIM7UeK3BTfpezonwNQWxikoyYmGLC2JWCPnzVdTaCOIjqFzuwMbrU6g_zBW7ig1n5p2IzTCGDsZT7GYuBnFYt-abbGlji7yN6hQPoKpjPGQEgdevKW4p7mS5RWjo1__dSfAWdDek-S__a6kT8-8SF9zevn04ACkcK3wLr4zwybXQMurbLpSpOEiQBDvLG-KvuzEO0Kdj-FKc7fRVcoDJoDQRi1UzIdPDx-Vge6ljK4XP381AV7hSO6hJVnj31oMw_6Txmdqlby_w9h4GFDxEq7wWTmAXiGs6xWMFYUSwRp3sxvr12PaSRT7XuG_l53BS3Wy4ldjr44zzvv2_jW_7nOH2WKDTofaDSg9ohw4SW9nC7Fl9RZ6yC1bngGvEFc6Uj6FhCjRAYVp8UP6mitg_aAYXphAurbjGVNullJhP8Zz-_KdIYB3bbBS68KDtvneszSw0ZB_c1AUXKK35oaqeoBiGz0B3bSS2eLBWaa6ffRFBRbExaRnqTOB1Cxpq-nj4ivRva_LVGIQBMuAQ1xT_OL08wlEdNmPHR41gRVa_z75zzIlDE7ZzyAEnEt_ji1qr4qQjSv7Ex0eRpDZlfM_Nsu0xkNisLkBVY80T8ME4esEeivxag3CH2prj725EiDso2Ngmz4bOGq14Lia5WcknjsheNmBkhaAvffRz8rdK_b6i0ZvgV1WW4nk5khaoOD_DEh29HOeeMhI7pNxrEghPonBxem_revjUhyTmntd_9ewqikTNgcS3UwBNcW1yZXknVaqio9JGNwZVgL2TsfNgDgokfEZKyw-P-AmZ1TGtnX_-sdNe9okAFt1ZFkElv6gmDS5leJvO2duco3EzztZJTVUmEMAUDT-jvjCPoBJ1L2MdYQ0QTBeI_fvdOi5zlwafomNU3knZWNbzfKFQrocIXoinzyWtPIemWtcudMUk40qYdHxeB4_Q3IoeUvSNYPk8OqGIAlwf_YDZEakeX1Cyyu3RgSKX7ygSGzJ3MGisIABIn5GjQ5JKupW1TvrSBSUw8VRGO5oFY9ltEikQXSAecyd5X1kMzqkc2YAE&cry=1&ias_dspID=3&ias_campId=1008627756&ias_pubId=pub-6396844742497208&ias_chanId=1&ias_placementId=17996878247&bidurl=https://www.winhelponline.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hqFNVuN0oTEHPwPYM9T3CG&adsafe_url=https%3A%2F%2Fwww.winhelponline.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:abb90f39-95ce-a9c4-c0bf-0bd5a6545371,c:ltkdMP,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-94958994c-9rf2l,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,an:n,oam:0,mtim:3,mot:0,app:0,maw:0,fm:teGWQyD+11%7C12%7C13*.1124391-64930536%7C131%7C132%7C14,idMap:13*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:21,oid:7e0bb80d-1d80-11ed-b102-120b15564505,v:19.8.343,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/passback_728x90.js

Request Chain 148

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 176

https://ssum.casalemedia.com/usermatchredir?s=194962&gdpr=&gdpr_consent=&us_privacy=1---&cb=https%3A%2F%2Fpb-server.ezoic.com%2Fsetuid%3Fbidder%3Dix%26gdpr%3D%26gdpr_consent%3D%26f%3Di%26uid%3D HTTP 302
https://pb-server.ezoic.com/setuid?bidder=ix&gdpr=&gdpr_consent=&f=i&uid=YvvFumtqNix8WP46dvetiwAA%261134

Request Chain 181

https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882 HTTP 302
https://cds.connatix.com/p/176221/connatix.player.dc.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882

Request Chain 185

https://ads.servenobid.com/getsync?tek=pbs&ver=1&gdpr=&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fpb-server.ezoic.com%2Fsetuid%3Fbidder%3Dnobid%26gdpr%3D%26gdpr_consent%3D%26f%3Di%26uid%3D%24UID HTTP 302
https://pb-server.ezoic.com/setuid?bidder=nobid&gdpr=&gdpr_consent=&f=i&uid=

173 HTTP transactions
28 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.winhelponline.com/
Redirect Chain

http://www.winhelponline.com/
https://www.winhelponline.com/

301 KB
60 KB

1236ms
1157ms

Document
text/html

2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1023776d2aaa6a61c6b887e6ffaf9cb2c8a7f5c41e7609a67e23d617c6249420

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 73bb8b5beaf9bb97-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 16 Aug 2022 16:28:40 GMT
display: pub_site_sol
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Mon, 15 Aug 2022 16:28:40 GMT
link: <https://www.winhelponline.com/blog/wp-json/>; rel="https://api.w.org/"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pagespeed: off
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GkbeFJI3z96GRUv09WCxtEx%2FdM5cXOerqUKylEyRiI3vVDGECrfBPO4zGOBBCEA5AiiekuBgo06ukOvhk4GE20kXDoL%2Bsr40gX6CisG74jOs8JDE5jYEiL%2BWKK7ZalU43q5E2UdGPg%2B24CX5DDNAXrezhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
response: 200
server: cloudflare
vary: Accept-Encoding
x-ez-minify-html: 6.21% 248658 / 265109
x-ez-proxy-out: true 2.3
x-middleton-display: pub_site_sol
x-middleton-response: 200
x-sol: pub_site
x-ua-compatible: IE=edge

Redirect headers

CF-Cache-Status: DYNAMIC
CF-RAY: 73bb8b5aaa449b6a-FRA
Cache-Control: public, max-age=86400
Connection: keep-alive
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Tue, 16 Aug 2022 16:28:39 GMT
Location: https://www.winhelponline.com/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dcs5Mjrgkbdt4xqS63OEhdnJaC3%2FF8fTu%2FENOv8TrczdAXw4pn%2Ba6vLf8LLS%2FalJsxg9HPe2QTewwek7CAkZSGRegfGG3mQIYEAitsnUbtD9q3hDhoJZk5hgY%2FdLI7Fm3AZlBlAV26c%2Fp3qftnwXsv6XVw%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
X-Middleton-Display: redirect

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ 87 KB
31 KB 149ms
43ms Script
text/javascript 2a00:1450:400e:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80f::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 11 Aug 2022 09:42:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 456366
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31017
x-xss-protection: 0
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Aug 2023 09:42:34 GMT

GET
H2 200 austin.js Show response
www.winhelponline.com/tardisrocinante/ 2 KB
1 KB 50ms
48ms Script
application/javascript 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/tardisrocinante/austin.js?cb=14
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 597830acea0420d0c95ceae70e1db6fcfb1d35d259922ff472b1b6fb083e193f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:40 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 11 Aug 2022 05:36:45 GMT
server: cloudflare
age: 471115
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oDMRs0MHnMSi6ohdjoM7CMt2a040FvgTBYZKst2hCakwvShT7ME1ASfwv%2BrTwNoT8mKo5DfUCL5gBFYEN0GBZaauTcnOdJ%2FSoky3MQvVAxAJLUzZ85Xi%2FRAHgrWDvX2x86X8RRTjjMIA5KAc6foGLw3epA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 73bb8b634f5bbb97-FRA
x-robots-tag: noindex

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 169 KB
57 KB 164ms
81ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e7e1c78297ceadd08f53253541d2711b0e808911cfd60ed3f70e7681a9e3cea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
Origin: https://www.winhelponline.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57360
x-xss-protection: 0
server: cafe
etag: 18115260624950703110
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 16 Aug 2022 16:28:41 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 83 KB
29 KB 155ms
50ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

07dc2e48ef051b38cc4841495a54a57efd4b1b8c12f4dd47af04ebf5dc60b5ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28647
x-xss-protection: 0
server: sffe
etag: "1305 / 795 of 1000 / last-modified: 1660648063"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 16 Aug 2022 16:28:40 GMT

GET
H2 200 dall.js Show response
go.ezodn.com/hb/ 326 KB
98 KB 1014ms
926ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/hb/dall.js?b=amx,ix,nobid,oftmedia,onetag,pubmatic,rise,smilewanted,sovrn&cb=195-8-45
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9025ea9fed8a9cc7e801a1f0ce56eb4f564aab555a3debb3eb34ee37afc0eb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 16 Aug 2022 16:28:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CiK%2Bvic8sd%2B8VMZ2AazOJbhC4ckLDW5pHUZEHydOYs3LO2zWeUgCdcad8jQ1Vqt%2FqVuWtIqDFpkD6%2BmfID2wdUheTHBjyr%2B9i6%2Bt1CP9YgNA3YmRRXAi2lBWuVbU9mTq1Aa4SNPlz0UwUSo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 73bb8b63dca4bb4d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 blocks.style.build.css
www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/js/post-editor/dist/ 0
396 B 54ms
52ms Stylesheet
text/css 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=6.0.1&ez_used_css_s=13
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:40 GMT
vary: Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
x-sol: orig
age: 509694
x-ezoic-cdn: Hit ds;mm;edf650d51c765761d8da0035e0247ed2;2-105367-57;7509776b-7c93-4d98-443d-fc3328f10aeb
x-middleton-display: staticcontent_sol, orig_site_sol
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-middleton-response: 200
content-length: 0
x-origin-cache-control
response: 200
last-modified: Wed, 03 Aug 2022 21:41:46 GMT
server: cloudflare
etag: W/"8a1-5c79151797f5f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-ez-minify-css: NaN% 0 / 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BdFtBaTBI%2F3x3g3uvcgKuMz7t4y57bkY0qlGrFOiWk%2FY8pPz9euT3alagbo5Pm%2Fc2nvCZ2QlIOhvFj%2Bk3mVt7EPGB0pIbBcuKJkM%2BiN5g36mifvN24L1BJzuYmnsccfxOPs%2FdvP%2Bmpgv4tpC72rBafBYgw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-ez-proxy-out: true 2.3
accept-ranges: bytes
cf-ray: 73bb8b635f62bb97-FRA
display: staticcontent_sol, orig_site_sol

GET
H2 200 wp-show-posts-min.css
www.winhelponline.com/blog/wp-content/plugins/wp-show-posts/css/ 1 KB
957 B 53ms
51ms Stylesheet
text/css 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/wp-show-posts/css/wp-show-posts-min.css?ver=1.1.3&ez_used_css_s=13
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ba6041869db135482cd3b94ec40f4391bbf0a5ca77bc6c1a9702d877fd9d88c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:40 GMT
content-encoding: br
vary: Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
x-sol: orig
age: 95047
x-ezoic-cdn: Hit ds;mm;17a02595fb98e9a0ff74ef18f320f2d5;2-105367-57;c11bb48d-14ee-474c-51de-7ad202a4af97
x-middleton-display: staticcontent_sol, orig_site_sol
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Thu, 11 Aug 2022 19:43:05 GMT
server: cloudflare
etag: W/"d9e-5e5b93337d344-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-ez-minify-css: 1.18% 1503 / 1521
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pDOqWcehr9pNjHElUIncvbkc%2Fhe1H%2BxSK%2BVbvsO0TI9oKB%2BM%2Fpud%2F766%2BUgJYSwled8ZSYoGUIH%2BqGKqXnPqwrWMDWseHuABZIXvepIICxdQnBB13RIvMnmL6DUvRNxp1hTd1PLbZxCjto9C5LJGs%2BOQsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-ez-proxy-out: true 2.3
cf-ray: 73bb8b635f63bb97-FRA
display: staticcontent_sol, orig_site_sol

GET
H2 200 style.min.css
www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/css/ 24 KB
4 KB 50ms
49ms Stylesheet
text/css 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/css/style.min.css?ver=4.3.0&ez_used_css_s=13
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ee5fa1c3b3dc042135847f4435851a8131259b8e4693f9cfef968d871596e89

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:40 GMT
content-encoding: br
vary: Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
x-sol: orig
age: 552036
x-ezoic-cdn: Hit ds;mm;eb6f16fa5d02d88589d61d0e3dd91f9f;2-105367-57;042d1698-7be4-4e07-457e-43081809f03c
x-middleton-display: staticcontent_sol, orig_site_sol
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Wed, 03 Aug 2022 21:41:46 GMT
server: cloudflare
etag: W/"15c19-5c7915179601f-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-ez-minify-css: 1.06% 24710 / 24975
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FBQOttkRJH2Nazu56hR91yKLzCeft40qAMRzSTtYXteKT5M%2FuN5v5r57UUUewo1aL%2F8pqobC6qtpfX2mYu8iG0ut6saxOYvyoB9fBBiEgC1Th1Dw9F2rddhCWlEvu6u4ihb6FjjkGfZPqJefPV%2FmQU%2FVkA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-ez-proxy-out: true 2.3
cf-ray: 73bb8b635f64bb97-FRA
display: staticcontent_sol, orig_site_sol

GET
H2 200 widget-areas.min.css
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/components/ 2 KB
933 B 57ms
55ms Stylesheet
text/css 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/components/widget-areas.min.css?ver=3.1.3&ez_used_css_s=13
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: faec8eb1d835361aefcf57fb0c55d7ad0d90a3ca389a17f85ad8bb71436059d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:40 GMT
content-encoding: br
vary: Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
x-sol: orig
age: 552036
x-ezoic-cdn: Hit ds;mm;ddcbcde0c343b333c37ac742115a080e;2-105367-57;e85c6526-2cc7-473f-5fa2-a541b92977c2
x-middleton-display: staticcontent_sol, orig_site_sol
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Wed, 03 Aug 2022 21:41:46 GMT
server: cloudflare
etag: W/"d1e-5d79998b721c7-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-ez-minify-css: 1.92% 2039 / 2079
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vp9eLyPqjaLqmrtvQ1blPhFlVUEnYJhtlgeZDfVPrBZ%2FzLFjoe4KoDaCetoMZUOR1TIycolklvSBVa7j2hy2pIgRuIc66L7E8M2IcqsNR0a%2FqJ%2FaE6%2FfI2FWB5aCu5Ze2xCvUtU2y5vSDoGrhTmjpOBfKg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-ez-proxy-out: true 2.3
cf-ray: 73bb8b635f66bb97-FRA
display: staticcontent_sol, orig_site_sol

GET
H2 200 main.min.css
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/ 16 KB
4 KB 63ms
62ms Stylesheet
text/css 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.1.3&ez_used_css_s=13
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3fa55e436166fa2aba2843ce9665e557b3554303dab9145def1cf890d27f8b0d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:40 GMT
content-encoding: br
vary: Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
x-sol: orig
age: 552036
x-ezoic-cdn: Hit ds;mm;8560d06f5e3bab4e79638dd9da852d92;2-105367-57;e501fc85-f24b-4979-440d-97391bd91d49
x-middleton-display: staticcontent_sol, orig_site_sol
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Wed, 03 Aug 2022 21:41:46 GMT
server: cloudflare
etag: W/"4c36-5d79998b721c7-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-ez-minify-css: 1.56% 16429 / 16690
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FKsZJWC1TrBAmTRy8a0y1MMDpoOuNB2UNjcG74di3TVfg3DmuOmlPjSJ6XnvoDPibMkbwmx1j1hUsy9slXqPLeeraWaIzi48rRgB%2FMMKg5V47NPrYEg1%2FwT%2BbIkqo%2Fz5rao5MZ2mWrTg6meSTJoxizCfvg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-ez-proxy-out: true 2.3
cf-ray: 73bb8b635f68bb97-FRA
display: staticcontent_sol, orig_site_sol

GET
H2 200 featured-images.min.css
www.winhelponline.com/blog/wp-content/plugins/gp-premium/blog/functions/css/ 3 KB
1 KB 54ms
52ms Stylesheet
text/css 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/gp-premium/blog/functions/css/featured-images.min.css?ver=2.1.2&ez_used_css_s=13
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c80c27456e44686b378b1024534b69cdff323748c808afb6ea4db2fe974890b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:40 GMT
content-encoding: br
vary: Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
x-sol: orig
age: 23905
x-ezoic-cdn: Hit ds;mm;162d35893d1a63de8435491212b904a9;2-105367-57;870cf866-58ec-4ea2-6aa0-c1884818ae01
x-middleton-display: staticcontent_sol, orig_site_sol
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Thu, 11 Aug 2022 19:43:05 GMT
server: cloudflare
etag: W/"d37-5d7a24f2cccc4-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-ez-minify-css: 0.50% 3382 / 3399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SeUccOskKPb%2BPjSQP3Mh%2BnWqUNQ5RRlsGPUgR6ppZZ%2F76Wi5FoiuHww4naE2b7A8J%2FS0CUnG9SP94J%2BD%2FGcPhzHD89%2BgUyF5OB8eC%2FN9TVbNXo2j1fO8SSQ6H4V5IdO7JopQ2sqSPvRp9XgEU8umiBss%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-ez-proxy-out: true 2.3
cf-ray: 73bb8b635f6bbb97-FRA
display: staticcontent_sol, orig_site_sol

GET
H2 200 menu.min.js Show response
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/js/ 7 KB
2 KB 55ms
54ms Script
application/javascript 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.1.3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 775a02c37772954d38fe41b802b94a0ee37dccb98a03827cdef3eddd2abc13d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:40 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 562025
x-ezoic-cdn: Hit ds;mm;be3fbe22adf04bf125214f75e4eb54df;2-105367-57;fb58740c-6daf-40fc-541f-d6a8c792bb41
x-middleton-display: staticcontent_sol
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Wed, 03 Aug 2022 21:41:46 GMT
server: cloudflare
etag: W/"1b1c-5d79998b73167-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M%2FFgHSUCboyIeYjcOhjDXqVLOc188hf2G%2BYluj60TcO41TA9ENwuE7lkTBLr%2BvK9wp4HPygEITStLqioudKJgtykJ9YEuwX15rfa7WJWppgj45LOx06TIXoENhXpUF%2FapJgw1bOh3QmXXr6yU9aRuPE9LA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-ez-minify-js: 0.00% 6940 / 6940
x-ez-proxy-out: true 2.3
cf-ray: 73bb8b635f6cbb97-FRA
display: staticcontent_sol

GET
H2 200 navigation-search.min.js Show response
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/js/ 2 KB
1 KB 56ms
55ms Script
application/javascript 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/js/navigation-search.min.js?ver=3.1.3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f4d0c6a094ec876c2dbea780dac5655e44bc1ec2b0c9c492f8513581879c89c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:40 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 562025
x-ezoic-cdn: Hit ds;mm;a5384132dbf4ed3a88764f15b8769954;2-105367-57;e89acc63-d1d1-40cc-552b-9889f27348e0
x-middleton-display: staticcontent_sol
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Wed, 03 Aug 2022 21:41:46 GMT
server: cloudflare
etag: W/"858-5d79998b73167-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sk7cZ7pCptEvb1ZpzCcmfP2RmuWt064aJXcB%2Ff1035Y3jgrgrBsTvGm5eR88lrYYEERprLbbKiGrqfDy7kkrktqcdjmmJY5ga3TqsT%2FOfhJerB%2BvX7eLP3gK%2BFUUb6AbPVzKR7xlO0KkMNiZoel7E8e4cA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-ez-minify-js: 0.00% 2136 / 2136
x-ez-proxy-out: true 2.3
cf-ray: 73bb8b635f6ebb97-FRA
display: staticcontent_sol

GET
H2 200 augusta.js Show response
www.winhelponline.com/detroitchicago/ 2 KB
2 KB 50ms
48ms Script
application/javascript 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/augusta.js?cb=24
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcc0b6437eeec474b65774198371749c6e3f11c12b0bc14f3a971714d0d0e52b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 11 Aug 2022 05:36:46 GMT
server: cloudflare
age: 471115
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0DnuPw1GLt27P1uEzPanmERrC%2BZteRYkln6AK89igyYrO52ZaTy5Pt2jxJjDI4OmMDWII6sKn6rVE7gb6PiM%2BhGKQ91Ml46Z2bkxi5mhizH2i1zVR9wMCk2yg5ZQ3qxHVBMfWdFTr%2BE%2BoHR2TPaateCXKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 73bb8b64b997bb97-FRA
x-robots-tag: noindex

GET
H2 200 altconsent.js Show response
ezodn.com/cmp/ 396 KB
100 KB 146ms
58ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ezodn.com/cmp/altconsent.js?v=9
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e4adb3837e4411342aa9b52dafd1646c32196b17c56c5420b77b9abebebe0f4d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:40 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 04 Mar 2022 07:06:23 GMT
server: cloudflare
age: 346325
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ja0sI4rx91Z2MvYbV0ANj1qzqfiR%2BQmILq%2BrwmyDylJWpWClNBRDolAI3g3e2pNkN3suEr1eCSm6EW2KMVREhViE7tY1v5EjfRzF6I%2F%2F0wB6gvuQPNWOxRDJmA797ZcfPb%2Fds6WI9I0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 73bb8b63dd94695d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 ezcl.webp Show response
www.winhelponline.com/utilcave_com/inc/ 1 KB
1 KB 143ms
141ms Script
application/javascript 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/utilcave_com/inc/ezcl.webp?cb=4
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: middleton
server: cloudflare
display: staticcontent_sol
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DLfjCIGZeBSRRFbJEDY%2BWtrxdXw0%2FN%2FKuFxoOak%2Ff%2FpSwgIjBJ5sqqsGNaGKmlBgSU8DRLWZhZFZNXJWfEAt9U87JZOQT0b38sjoMT8cCfeOAixfU4nJ7memyLClJeUfx%2BkzJQ%2F6IVyYavViWTGcEgIh1g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: staticcontent_sol
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-ez-minify-js: 0.00% 1337 / 1337
cf-ray: 73bb8b64b998bb97-FRA

GET
H2 200 banger.js Show response
www.winhelponline.com/porpoiseant/ 60 KB
14 KB 51ms
49ms Script
application/javascript 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/banger.js?cb=195-8&bv=133&v=61&PageSpeed=off
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40c7fe9b2e20629f095cadcd840114da178f052565c03dbb6b6df0cfac34f173

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 15 Aug 2022 23:41:22 GMT
server: cloudflare
age: 60439
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iSHGhR53k6zfSX3fwwKMYnSNEPqo2nNjcdJWlhHQLUWVKpoW%2FWmB9th1g%2F3YyvHHLCh9A9NbH1ArWbRV3h2hll%2F91AHl50E2T44BlLNxk3xEvC1Dxz3Fqv3orh6JNs6x3YtbEResZbqTgrvS3KQRvB11mg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 73bb8b64b999bb97-FRA
x-robots-tag: noindex

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 122ms
38ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 5201
date: Tue, 16 Aug 2022 15:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 16 Aug 2022 17:02:00 GMT

GET
H2 200 cmbv2.js Show response
www.winhelponline.com/detroitchicago/ 86 KB
27 KB 173ms
172ms Script
application/javascript 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/cmbv2.js?gcb=195-8&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-4y1d-1y20-2y1f-5y21-3y22-4y23-1y2f-4y5b-22&cmbcb=96&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x1fx21x22x23x2fx5b
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e7fcd47afe1f2f87f55468110fa5c78d0657a0e1ec1217d955ea8814a5951c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 16 Aug 2022 16:28:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B5t6ZZiFRCeR1ohRN3Sz9KOgyB3TLWUmIUOWWb8lCZxPHd8k79Eev6cw70dG%2FFdeESjoy1sNBGCPSEpstMk6412GFSD97%2BBPe3UZb%2BVo8060Z%2Blm3rJpL0jDpMBwtydeBANXTw1NP4zkYWKe2kCwXeFHMw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 73bb8b64b99abb97-FRA
x-robots-tag: noindex

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 159 KB
41 KB 136ms
45ms Script
application/javascript 108.138.4.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/tardisrocinante/austin.js?cb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.4.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-4-10.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 925ed48219a2d3c339c5d288fdae3f965efbca0e5ee4e369b7dcbb04b6ade06f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:56:12 GMT
content-encoding: gzip
etag: W/"52a6bc60961c702869c58b9d159c8e37"
last-modified: Mon, 15 Aug 2022 16:12:00 GMT
server: AmazonS3
age: 1951
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 ec1ac21acdbd36c971eca9d6b61d0744.cloudfront.net (CloudFront), 1.1 e75bff6012758ccb55ff41b176b32342.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-pop: FRA60-P1, FRA56-P6
x-amz-cf-id: 0_OJJIazbVz_f7E8623kMlFLRIZpdez5_HcHbiNp308nMV-n1HzkIA==

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2a12aae8be6c01bde8575f28783f29b3f3c35f882c2b5946a0e0eead3fbbb729

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 07b85dd1e29c022d006afa80316629c0b683b8fee6036eaac7ea957daa4da097

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aa5e9b3cf7513169d96b15a67e249f98f8253036ea864a6f60c9e5c5bc120333

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 pubads_impl_2022081101.js Show response
securepubads.g.doubleclick.net/gpt/ 388 KB
133 KB 38ms
38ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

48bd457befd1682d1e21bd4327a12799559ecc1308da5413b21ee60d2e6c0dde

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 14:47:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6053
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 135472
x-xss-protection: 0
last-modified: Thu, 11 Aug 2022 08:35:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 16 Aug 2023 14:47:48 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 230 B
158 B 149ms
72ms XHR
application/json 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

5b2e9db365ed58c66f26e6328fe57ee8538fdb71b7848c1505165c8525f95d25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 16:28:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
expires: Tue, 16 Aug 2022 16:28:41 GMT

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a82bf7c866d50baa971fc38f08df5a18b6eeed7c6126e06a9c585d7a3cea05c5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3f32497c12682c0995b02eeb757e200cf23a06c5dc3b0e42e35c81d0d2abc471

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c3c5d1bcce6fb2c4ce08b812fd67eca6eb5c87aeccb436ee6ed5404460215f5e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e1b1958adaab619c87918f57b28bee119a8f1122b7c81cee66775066010b3abd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8829a8924dff757932f56397690292e154eb33f5471e683cebfcc9884c38c2cf

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 70 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e2bc2e62acd8c74b47dc6b86918cd2ede0a053b716144298bd97e66366524fdb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bcc82ae240bbd41d82d2907a9ed8fe40df403a852973710d1e21213a3fbdc301

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c7320657dc8acd4e7f134ddc9aa58495d9103dca84caf459d7620a41a81f9fcb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 83127efb53ec7370360122f4b3ff3dc50cb97188498bfbdafe32051561a2cf05

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0f8020b22927e52bc72e23d5f15daea09231cd26fa72390dfe415fdd249428a5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0d4bc2d5c34588df622aebd16adf97b5a4ebfd9ac5b49eec1c795a5055ac62c5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 054ef5838ddb6e1171550191a06fa204951eb204fd8bdf98df4f631000b4fa5b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8230efc6af9182cb5a3412670b861554742f8795886a114dfd20c78467ef4212

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4a8985214e4f2dc627da37360ff79b6c2441607a0216953ce8274a4211ca04b8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 304db259c4eada931205c4bc6f1c3a748305ce755d7d38f8a1c49ea9ef53cd91

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: efa411e839f75dd38471df17e379835a0b56e20b923fc1ea164b81b27295308f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ce6c4fbfd67b9b0c228fc38f08a945809dfde4057aab7e64cec8971a8bda509d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d49f4b7ee4cd605851031434caf72f166fe69be72ddf9fb29db14358bb7de794

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cbaae5c8907590cdebed4f439c28ae0313c21534acafc588653b25d4ec6603ce

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 907001673f4f39b585df945d5fa9b47000600b83a08c071ab615bc14bc596b4f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 51e9d770086dc204d7c83ac956e03d8f2f644a8bbe66b39fc289053babeef224

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7ddf49d4a12fbd6f975105d9b838496cbd939427115fafa16b5f49a1f4b90cf9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7b85bcb075a13466616c573a91f310265b48c0879b56e003d4d3b7c421eee188

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 houston.js Show response
www.winhelponline.com/detroitchicago/ 4 KB
2 KB 55ms
55ms Script
application/javascript 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/houston.js?gcb=8&cb=21
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 94f96b6815e7e577ca8389a4171107862c31da48dfe9b21560e245ddee089c94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 03 Aug 2022 18:37:15 GMT
server: cloudflare
age: 1115486
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K4nkpSieJ6fvOuArIZLzcPoyR5IMEfFYpeJFCUSEjR9qedW00Ko2izr%2FglA4D2NiJklJ1M6D2xwnQ60kmMm3Hd73w8X6nhJvFSnfWuNDxhTjTSMg2kfxl%2Bq3upyW6aTj5%2FuH1ciLOUmSE%2FMt8HYFJnXTrg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 73bb8b65ab95bb97-FRA
x-robots-tag: noindex

GET
H2 200 style.css
g.ezodn.com/cmp/ 15 KB
2 KB 57ms
48ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezodn.com/cmp/style.css?domainId=105367&version=9&cv=5fa625ffffff000000
Requested by: Host: ezodn.com
URL: https://ezodn.com/cmp/altconsent.js?v=9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f39eda7c628f3c7967290aec8514942939c31bc7999b1dcb6928a55e0fcbeae8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Apr 2022 18:29:15 GMT
server: cloudflare
age: 417728
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x6SMZxpa5iPxOvyuRcR%2B2fCkCYnqZ%2BwIXz%2FpiXU5Xwl2GZsiDpsiKTIALNlSmUWt5p6FCoJIWKV4dLCECeaaMXgnOTUQzegRIGkiZiBabr3gJRiPfj%2BU8%2FZzCRm9Lt1VdbFUIvlTSPaVXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 73bb8b65e961695d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 / Show response
basher.ezodn.com/ 2 KB
2 KB 97ms
55ms XHR
application/json 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://basher.ezodn.com/?did=105367&bf=550&dc=1254144
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/porpoiseant/banger.js?cb=195-8&bv=133&v=61&PageSpeed=off
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bcd19ecfc98339401f54e9d331dd1faf61562792d7019830e711507a5d88194b

Request headers

Referer: https://www.winhelponline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
X-PINGBACK: pingpong
Content-Type: application/json

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
content-type: application/json
access-control-allow-origin: https://www.winhelponline.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hshEniWVpjCmvOx3BDjc7Uxd3oTZQGlKnco%2FL%2BjUXZMg33DABjqUUP2pQ6Amyl9zBM023gguMDAqwOC2FrcqX0hwXsuuLHBs2fco2y%2FUNcq1Lu00Ayl1UzRH7b4y0%2BwOIS%2FHPkdUWHtYbzV1SVP%2F"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 86400
cache-control: public, max-age=84400
cf-ray: 73bb8b66fa4e90a2-FRA
access-control-allow-headers: Content-Type
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

OPTIONS
H2 200 /
basher.ezodn.com/ Frame 0
0 135ms
46ms Preflight
application/json 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://basher.ezodn.com/?did=105367&bf=550&dc=1254144
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-pingback
Access-Control-Request-Method: GET
Origin: https://www.winhelponline.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-pingback
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://www.winhelponline.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-ray: 73bb8b666f4d5b98-FRA
content-length: 0
content-type: application/json
date: Tue, 16 Aug 2022 16:28:41 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F7FvBkZn%2FeE63s1w%2FMgS%2Bylt87Zdf9unirZa5ZUYIsvtE8w0esd3CnhehnorkWW8xkWWm8TAY0gSOI6XDY1fMTshoVOGWrxseCM3xQHb4lZIcjpm3pRP1ile3tNtbfx9M9PV39mWLH2K4dPX6qOU"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin, Accept-Encoding

GET
H2 200 nmash.js
www.winhelponline.com/porpoiseant/ 25 KB
7 KB 59ms
59ms Other
application/javascript 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/nmash.js?v=133
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60b08f56af6d6efef53056d5a75f9e0c442736cb9dbf966fbd13882e44f18756

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 11 Aug 2022 19:43:05 GMT
server: cloudflare
age: 49844
etag: W/"640c-5e5fc5fc7c440;5e5fc5fc7c440-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G12aChh7XOfbmS2zlw2FJpacUt3X9B2yigQHDI6hi5Vz1gX7e38P3MlYeFfgxllxIqvHlpttOo2BmrHohAJfCEgf5KsjawYoFavuIlAw1wjMQrksPkXb8E%2F9ZtWf7Ru9bI1Ev1qGDrr2MEEEgMKOmj3eFw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 73bb8b660c75bb97-FRA
x-robots-tag: noindex

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 121ms
43ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=704273726&t=pageview&_s=1&dl=https%3A%2F%2Fwww.winhelponline.com%2F&ul=en-us&de=UTF-8&dt=Winhelponline%20%C2%BB%20Windows%20Help%2C%20How-Tos%2C%20and%20Tech%20Reviews&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1383189675&gjid=1078690423&cid=448473988.1660667321&tid=UA-4931296-3&_gid=739104244.1660667321&_r=1&_slc=1&z=1752824232

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.winhelponline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 134ms
47ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 16:28:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 133ms
46ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 16:28:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 imp.gif Show response
www.winhelponline.com/detroitchicago/ 43 B
431 B 118ms
117ms XHR
image/gif 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A2%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A1%2C%22ad_load_version%22%3A1%2C%22ad_location_ids%22%3A%226%2C5%2C0%2C0%2C0%2C0%2C21%2C1%2C22%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A7%2C%22bidder_method%22%3A1%2C%22bidder_version%22%3A1%2C%22city%22%3A%22%22%2C%22country%22%3A%22DE%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A105367%2C%22domain_test_group%22%3A20210308%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A0%2C%22ezcache_skip_code%22%3A0%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22iab_category_0%22%3A%22596%22%2C%22iab_category_1%22%3A%22602%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A1%2C%22page_ad_positions%22%3A%221006%2C1022%2C1100%2C1102%2C1102%2C1102%2C1102%2C1109%2C1128%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%22ef022fad-2e8a-4b91-4073-c5cdbfe808f7%22%2C%22position_selection_id%22%3A46%2C%22postal_code%22%3A%22%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A181414%2C%22response_time_orig%22%3A789%2C%22serverid%22%3A%2235.158.117.208%3A29245%22%2C%22state%22%3A%22%22%2C%22sub_page_ad_positions%22%3A%221006%2C1100%2C1102%2C1102%2C1102%2C1102%2C1109%2C1128%2C1340%22%2C%22t_epoch%22%3A1660667319%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fwww.winhelponline.com%2F%22%2C%22user_id%22%3A0%2C%22weather_precipitation%22%3A0%2C%22weather_summary%22%3A%22%22%2C%22weather_temperature%22%3A0%2C%22word_count%22%3A2694%2C%22worst_bad_word_level%22%3A0%7D
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/cmbv2.js?gcb=195-8&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-4y1d-1y20-2y1f-5y21-3y22-4y23-1y2f-4y5b-22&cmbcb=96&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x1fx21x22x23x2fx5b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YNQBFa9S6REUf%2Ff62dvNZXpzbyUyXfw1Zd7euXQOkHwOq7sISyqEZuQVlrQvEVpptAXfiOCVayP%2B8es5qvTiw%2BljKXnCkMXxorddo8ZZCh0hC67F6C2NlnOPI96gjqc86GC2M9cOEc%2BhdArPHAMskJfqlw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-middleton-display: imp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 73bb8b665d2cbb97-FRA
content-length: 43
expires: Mon, 15 Aug 2022 16:28:42 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2 200 blocks.style.build.css
www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/js/post-editor/dist/ 0
419 B 49ms
47ms Image
text/css 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=6.0.1&ez_used_css_s=13
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
vary: Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
x-sol: orig
age: 509695
x-ezoic-cdn: Hit ds;mm;edf650d51c765761d8da0035e0247ed2;2-105367-57;7509776b-7c93-4d98-443d-fc3328f10aeb
x-middleton-display: staticcontent_sol, orig_site_sol
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-middleton-response: 200
content-length: 0
x-origin-cache-control
response: 200
last-modified: Wed, 03 Aug 2022 21:41:46 GMT
server: cloudflare
etag: W/"8a1-5c79151797f5f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-ez-minify-css: NaN% 0 / 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4v2GQH8fNkrKGkUt2EXn8Err%2FSmXfpSQutqzi8ILWwASUmlbFmziacQ2ay4ztIIQkVSIZOu8qsFUgsQylqleWo8umY2wx%2B4%2F6hFOIVYqHwbbvNTWqlMkXbrWUYTY5DybOi6U2W7%2B03v8rAaPIk%2FBEQOb2g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-ez-proxy-out: true 2.3
accept-ranges: bytes
cf-ray: 73bb8b665d36bb97-FRA
display: staticcontent_sol, orig_site_sol

GET
H2 200 wp-show-posts-min.css
www.winhelponline.com/blog/wp-content/plugins/wp-show-posts/css/ 1 KB
1 KB 48ms
46ms Image
text/css 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/wp-show-posts/css/wp-show-posts-min.css?ver=1.1.3&ez_used_css_s=13
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
content-encoding: br
vary: Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
x-sol: orig
age: 95048
x-ezoic-cdn: Hit ds;mm;17a02595fb98e9a0ff74ef18f320f2d5;2-105367-57;c11bb48d-14ee-474c-51de-7ad202a4af97
x-middleton-display: staticcontent_sol, orig_site_sol
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Thu, 11 Aug 2022 19:43:05 GMT
server: cloudflare
etag: W/"d9e-5e5b93337d344-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-ez-minify-css: 1.18% 1503 / 1521
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1zGq3BVMQyPbuKWTk%2FyQyNOmh6yz%2F%2FOoRegHMfBaKkj4jcCR7C%2BvEQqdtoelB5Re8m6cSJPCTjuT7HszTCcI0yTgO6y6ceIlxVOg5qrfPr%2BxtQVsbj6ysXasMjGza%2FVHUpINAF5RXcEx8jCveZ7I9D9TzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-ez-proxy-out: true 2.3
cf-ray: 73bb8b666d39bb97-FRA
display: staticcontent_sol, orig_site_sol

GET
H2 200 style.min.css
www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/css/ 24 KB
24 KB 52ms
50ms Image
text/css 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/css/style.min.css?ver=4.3.0&ez_used_css_s=13
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
content-encoding: br
vary: Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
x-sol: orig
age: 552037
x-ezoic-cdn: Hit ds;mm;eb6f16fa5d02d88589d61d0e3dd91f9f;2-105367-57;042d1698-7be4-4e07-457e-43081809f03c
x-middleton-display: staticcontent_sol, orig_site_sol
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Wed, 03 Aug 2022 21:41:46 GMT
server: cloudflare
etag: W/"15c19-5c7915179601f-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-ez-minify-css: 1.06% 24710 / 24975
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nkL7THHLnqp1692ORP6lbEZ57VHg6WQfi2thVKnWEgbNJmYIYxVoqfz4q72MVMBfAyp0Lio0psOo3JR6EKje0qD2bnoNtw60Q%2Fd41gdbrSiqv7Jyoa11cDQQkEYKkBrk5Llsg96ABJXkyeJ2unpJfAN0gg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-ez-proxy-out: true 2.3
cf-ray: 73bb8b666d3cbb97-FRA
display: staticcontent_sol, orig_site_sol

GET
H2 200 widget-areas.min.css
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/components/ 2 KB
2 KB 50ms
48ms Image
text/css 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/components/widget-areas.min.css?ver=3.1.3&ez_used_css_s=13
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
content-encoding: br
vary: Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
x-sol: orig
age: 552037
x-ezoic-cdn: Hit ds;mm;ddcbcde0c343b333c37ac742115a080e;2-105367-57;e85c6526-2cc7-473f-5fa2-a541b92977c2
x-middleton-display: staticcontent_sol, orig_site_sol
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Wed, 03 Aug 2022 21:41:46 GMT
server: cloudflare
etag: W/"d1e-5d79998b721c7-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-ez-minify-css: 1.92% 2039 / 2079
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A6Q%2BOlGF9QBSUwr2ivV1wbZG9egEXiYZ0avQyDYCp7k3agwSuIJrUa4IQ%2Fllgl7ZAZ2jslRSeHKNMjU52V021Wu6zYHQqV2JuK6l9%2FgAKDNK5P3%2BjKn7vtXdO7Cq5VRHM6znkrka6FdYJqbc8pSqaEzUqg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-ez-proxy-out: true 2.3
cf-ray: 73bb8b666d3dbb97-FRA
display: staticcontent_sol, orig_site_sol

GET
H2 200 main.min.css
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/ 16 KB
16 KB 51ms
49ms Image
text/css 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.1.3&ez_used_css_s=13
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
content-encoding: br
vary: Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
x-sol: orig
age: 552037
x-ezoic-cdn: Hit ds;mm;8560d06f5e3bab4e79638dd9da852d92;2-105367-57;e501fc85-f24b-4979-440d-97391bd91d49
x-middleton-display: staticcontent_sol, orig_site_sol
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Wed, 03 Aug 2022 21:41:46 GMT
server: cloudflare
etag: W/"4c36-5d79998b721c7-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-ez-minify-css: 1.56% 16429 / 16690
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4yiOP1VNcKDdd1%2BcouyFPpgB6PJLcnx1R313VDznx7p8zhIaRVWVxIeWHtRyYo3gavPJbc3e2sh21AEI%2FJiKsYPKIkH%2BjRVeYen4Um%2Bu85LaJxqionFOQ5rGa32nA0GF%2FMt9PJLcYqFIO1TnxyjcNlcDYA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-ez-proxy-out: true 2.3
cf-ray: 73bb8b666d40bb97-FRA
display: staticcontent_sol, orig_site_sol

GET
H2 200 featured-images.min.css
www.winhelponline.com/blog/wp-content/plugins/gp-premium/blog/functions/css/ 3 KB
3 KB 53ms
51ms Image
text/css 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/gp-premium/blog/functions/css/featured-images.min.css?ver=2.1.2&ez_used_css_s=13
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
content-encoding: br
vary: Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
x-sol: orig
age: 23906
x-ezoic-cdn: Hit ds;mm;162d35893d1a63de8435491212b904a9;2-105367-57;870cf866-58ec-4ea2-6aa0-c1884818ae01
x-middleton-display: staticcontent_sol, orig_site_sol
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Thu, 11 Aug 2022 19:43:05 GMT
server: cloudflare
etag: W/"d37-5d7a24f2cccc4-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-ez-minify-css: 0.50% 3382 / 3399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZVzGQLddCQERSR4WO9Q6GWJTPKMQYRjPQiAn7WfCIp3fgtGqdTz9yaSI5c%2FO%2BIdcQC10YSfU8LmFp1YdVFNBNAonO76mWo7B%2FiKtsKe4y0wZKVmd%2FXw6qEtfosHjX0Eh%2FyLvxHHFMGQY9nOqGv10DlgSOA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-ez-proxy-out: true 2.3
cf-ray: 73bb8b666d41bb97-FRA
display: staticcontent_sol, orig_site_sol

GET
H3 200 style.css
g.ezodn.com/cmp/ 15 KB
15 KB 88ms
46ms Image
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.ezodn.com/cmp/style.css?domainId=105367&version=9&cv=5fa625ffffff000000
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 03 Aug 2022 21:41:46 GMT
server: cloudflare
age: 510885
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wjnPuAP38rqcvSSlzYSSEy90%2FH2h0fs4KEFk4TaE1IuqIknyoKDQW2g9Kx0fAX3rvftCbPWYnRUZZrQmztQ5UsTyDrcph40%2FLGEnFDhIthqt9uieREZIOJpbLqWL2SrufO57hqDjPUmWWg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 73bb8b66ac81bbc2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 cmbdv2.js Show response
www.winhelponline.com/detroitchicago/ 41 KB
11 KB 52ms
51ms Script
application/javascript 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/cmbdv2.js?gcb=195-8&cb=03-8y0c-6y18-5y5c-22&cmbcb=96&sj=x03x0cx18x5c
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 525350aa5ac58dfa3b54b7973ec65205a711e353e03daa0a7eb4a9598805e1dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 15 Aug 2022 22:19:34 GMT
server: cloudflare
age: 65347
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MTYgCVPo3dB9V1M7kMeV5RHbMDQsRNMDuQEWJclVo2QYmLAG9P%2B9Xt6NUmFBGKi1G6E2EuknZIwiJzr8tORDoZlv2r%2BT7E4zwGlyXGytdpGcZGbgUlilR8FvLVRo%2BbR668FtbQ64QQNSnhtQq0QasnmUtw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 73bb8b666d42bb97-FRA
x-robots-tag: noindex

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 1 KB
1 KB 134ms
134ms XHR
application/json 108.138.4.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.winhelponline.com&pubid=aa05931b-5308-4ea3-95a2-adf84f4ffde4
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.4.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-4-10.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 062ad981e9b2f70100d314e75af6f377e324914a5b4a1a6709c593490c100f9a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:40 GMT
via: 1.1 e75bff6012758ccb55ff41b176b32342.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 1132
x-amz-cf-id: SQWl7pDOKfRE5bqf9GJGhIkD-xMoFP6B3wcqAFwCYW6e40iGOmS5BQ==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
497 B 76ms
76ms XHR
text/javascript 108.138.4.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.winhelponline.com%2F&pid=SeEIQuiHmGeHx&cb=0&ws=1600x1200&v=22.8.42053&t=2000&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-winhelponline_com-medrectangle-2-0%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F1254144%2C1041599%2Fwinhelponline_com-medrectangle-2%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-winhelponline_com-box-1-0%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1254144%2C1041599%2Fwinhelponline_com-box-1%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-winhelponline_com-box-1-0_1%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1254144%2C1041599%2Fwinhelponline_com-box-1%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-winhelponline_com-box-1-0_2%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1254144%2C1041599%2Fwinhelponline_com-box-1%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-winhelponline_com-box-1-0_3%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1254144%2C1041599%2Fwinhelponline_com-box-1%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-winhelponline_com-medrectangle-3-0%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F1254144%2C1041599%2Fwinhelponline_com-medrectangle-3%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-winhelponline_com-box-2-0%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F1254144%2C1041599%2Fwinhelponline_com-box-2%22%7D%5D&schain=1.0%2C1!ezoic.ai%2C6a88ed6ade2b65744bd01fe8f1ae3c0c%2C1%2C%2C%2Cwww.winhelponline.com&pubid=aa05931b-5308-4ea3-95a2-adf84f4ffde4&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.4.10 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-4-10.fra56.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
via: 1.1 e75bff6012758ccb55ff41b176b32342.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: 94PF1D5MRVZSE25CD3NR
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: 3hDEO2e9-rg9pROAD1sNcHyTCAP9mbFNvxDtBzwrvPuC7yi2Qev-Yw==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 117ms
39ms XHR
application/javascript 108.138.4.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.4.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-4-10.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: JXufo2ctue2uysHllG2MRpKE8F0E4.a0
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 64130
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 03 Aug 2022 22:19:11 GMT
server: AmazonS3
date: Mon, 15 Aug 2022 22:39:52 GMT
vary: Accept-Encoding,Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 cfbb6e543d97587a32117dbabb25fc86.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-P6
x-amz-cf-id: h_4BfR50ug-PN4JCXt_cFgnpRJjGbGNOEuxY5jwMz7Dl96vVZycCLw==

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220811/r20190131/ Frame 4579 10 KB
5 KB 121ms
37ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220811/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 6757
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 14:36:04 GMT
etag: 8616628553774171045
expires: Tue, 30 Aug 2022 14:36:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 printer-error-0x11b.jpg
www.winhelponline.com/blog/wp-content/uploads/2021/09/ 28 KB
28 KB 49ms
48ms Image
image/jpeg 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/uploads/2021/09/printer-error-0x11b.jpg
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f30c6f5ac808df48c70c84bed5b0e39d2096d5eaac221853e804ff3a3b22e279

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 142494
cf-polished: degrade=85, origSize=28316, status=vary_header_present
x-ezoic-cdn: Hit ds;ds;8eac8abde274a68eb7fc87fea6095c6f;2-105367-57;db4dbf0d-737d-4949-616d-af5c3b6c4802
x-middleton-display: staticcontent_sol
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Thu, 11 Aug 2022 19:43:05 GMT
server: cloudflare
etag: "6e9c-5cc339741cca4-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SC8E7Z6x2Q5Ck5dclaEm70kKkc8ukdZwRLGmJyuQPQyA9oBJg3LYxaBQjP7EL5Pd4r6Heg7aBE96pFZqnKpf0XUBGVyDByD9s%2BctKzIU9pDlclMFQ71Cma1tMUtra7TFm02kYTtWeIiRaJaXJ0RSjVb2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=2592000
x-ez-proxy-out: true 2.3
cf-ray: 73bb8b671ea9bb97-FRA
display: staticcontent_sol
cf-bgj: imgq:85,h2pri

GET
H2 200 edge-extensions-group-policy.png
www.winhelponline.com/blog/wp-content/uploads/2017/11/ 11 KB
11 KB 54ms
53ms Image
image/png 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/uploads/2017/11/edge-extensions-group-policy.png
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e11bcb61a2d355e11f22387e8672f5a785a101881ea35bea6ffb18d03207523c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 115058
cf-polished: status=not_needed
x-ezoic-cdn: Hit ds;ds;9815fb9dcafc21513b272c1414f86ef5;2-105367-57;0df75d63-3019-4056-6d73-5346ed7ed35e
x-middleton-display: staticcontent_sol
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Thu, 11 Aug 2022 19:43:05 GMT
server: cloudflare
etag: "2b10-5c2ea5d6f155d-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r3ct2JexLyt2Ab9hZaHdjWkR1FYj7jg%2FynwkTehmxfUR0a39wXpY6WiK1CBWqRwk7uwb50DlGsRpcg22GNZFP9QfuDHNvFDB3rqcPRv8gCIV9SJ38CkBCjmyl%2BkUt9%2B06Qh5Oai6Vj%2F7FydVET4P9c5CLA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2592000
x-ez-proxy-out: true 2.3
cf-ray: 73bb8b672eb4bb97-FRA
display: staticcontent_sol
cf-bgj: imgq:85,h2pri

GET
H2 200 incorrect-function-error-startup.png
www.winhelponline.com/blog/wp-content/uploads/2021/05/ 17 KB
17 KB 47ms
46ms Image
image/png 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/uploads/2021/05/incorrect-function-error-startup.png
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca7de21c87d85856cb099c8ac793fc349a793b2147285413db16a961d57845cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 23906
cf-polished: status=not_needed
x-ezoic-cdn: Hit ds;mm;0307c24f062eeaa7edd89f7bb8f7d10e;2-105367-57;3669e66c-fb27-4bf9-4a13-1091d87e90f1
x-middleton-display: staticcontent_sol
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Thu, 11 Aug 2022 19:43:05 GMT
server: cloudflare
etag: "43cb-5c2c097b0deff-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ohpXse0G76b%2Fc1zpXIXLNvJICnMzytrTrYQlHEvPFyzJFaUhX25tpFoovKI9060Z3S5iM7lO26hNyuNyLJ%2Bi6aV1vuwbQFJjzTuMtgymlXFh8aMp88XCCryE0sv%2Bu9zyqqY7gYoHvcOJqqd9QwzEY5FKDg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2592000
x-ez-proxy-out: true 2.3
cf-ray: 73bb8b672eb5bb97-FRA
display: staticcontent_sol
cf-bgj: imgq:85,h2pri

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 27 KB
11 KB 766ms
766ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4203757996731320&correlator=3758307498883569&eid=31068926%2C31067825&output=ldjh&gdfp_req=1&vrg=2022081101&ptt=17&impl=fifs&us_privacy=1---&iu_parts=1254144%3A1041599%2Cwinhelponline_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=1&adks=1247036550&sfv=1-0-38&fsapi=false&prev_scp=a%3D%257C0%257C%26iid1%3D5243658710950762%26eid%3D5243658710950762%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-2-5243658710950762%26eb_br%3D90c3c48d0172916d27c102ea4aa9d49c%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C10063%2C11304%2C11307%26asau%3D4511284716%26bv%3D23%26bvm%3D0%26bvr%3D3%26shp%3D1%26ftsn%3D12%26ftsng%3D12%26br1%3D300%26br2%3D160%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D157%2C193%2C0%2C4%2C0%2C193%2C196%2C20%2C71%2C201%2C192%2C31%2C902%2C903%2C901%2C902%2C903%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C899%2C917%2C918%2C919%2C2310%2C2339%2C2764%2C2765%2C3054%2C3430%2C3455%2C3456%2C3457%2C3458%2C3460%2C3682%2C3683%2C3684%2C774%2C2030%2C3161%26ax_ssid%3D10082&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1660667321454&lmt=1660667321&dlt=1660667320812&idt=466&adxs=436&adys=1110&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.winhelponline.com%2F&frm=20&vis=1&psz=728x-1&msz=728x-1&fws=512&ohw=0&ga_vid=448473988.1660667321&ga_sid=1660667321&ga_hid=704273726&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

7e86c2efea8c05bf2c283689a21374e8f303e5b97a7860e7ff5830f613331303

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11383
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F33C 6 KB
4 KB 170ms
46ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 16:28:41 GMT
expires: Wed, 16 Aug 2023 16:28:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aax.js Show response
c.aaxads.com/ 628 KB
160 KB 321ms
228ms Script
text/javascript 23.205.241.117
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://c.aaxads.com/aax.js?pub=AAX65WOCF&hst=www.winhelponline.com&ver=1.2

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.241.117 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-241-117.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c8252c3795e7da98b3f88c752bc0f2a36ddde3151c6e84c2c1bbfef5200cd21e

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
date: Tue, 16 Aug 2022 16:28:41 GMT
vary: Accept-Encoding
x-mnet-h: E
content-type: text/javascript; charset=utf-8
cache-control: max-age=1800
expires: Tue, 16 Aug 2022 16:58:41 GMT

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 42 KB
12 KB 134ms
47ms Script
text/javascript 2606:4700:10::6816:3556
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af44d280920264564147250d0841eebf33288a04c932c182c06ec21600a228c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2279
x-amz-server-side-encryption: AES256
x-amz-request-id: TVF7RG792QAVQG2J
x-amz-id-2: Sa7zQc+7lNe7PDjLyrJqJF+9hSqYqI/QCk7CiAO/0GaOgRmSRmsJjzFhr/u0s4ljezxmHfR5Cos=
last-modified: Wed, 27 Jul 2022 15:06:46 GMT
server: cloudflare
etag: W/"a49d5e2684c7e5d488d526ca41c2f3e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 73bb8b67dcca9bee-FRA

GET
H/1.1 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 33 B
335 B 124ms
38ms XHR
application/json 162.19.138.82
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://lb.eu-1-id5-sync.com/lb/v1
Requested by: Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.19.138.82 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31532337.ip-162-19-138.eu
Software: /
Resource Hash: 673ed0c562fd8ed4718231ad7e191f9602273511cc8175277532187d52a4240d

Request headers

Referer: https://www.winhelponline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.winhelponline.com
date: Tue, 16 Aug 2022 16:28:41 GMT
transfer-encoding: chunked
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

GET
H2 200 wu-undo-ing-changes-1.jpg
www.winhelponline.com/blog/wp-content/uploads/2020/08/ 28 KB
29 KB 49ms
48ms Image
image/jpeg 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/uploads/2020/08/wu-undo-ing-changes-1.jpg
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e94e9be318298bd00cd380ddb22ff44d5d6d593c598a385d8719eea73484180

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 142494
cf-polished: degrade=85, origSize=65494, status=vary_header_present
x-ezoic-cdn: Hit ds;ds;b41d1da9ae234be0a7a5699d153cc2f7;2-105367-57;b4823c55-f1c7-4f33-49e6-eac695bee7c8
x-middleton-display: staticcontent_sol
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Thu, 11 Aug 2022 19:43:05 GMT
server: cloudflare
etag: "ffd6-5acc43b1cb15c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=voSax4gr6UVrI8m4qHYhWmLtvyVoem5%2BObep3bgPk6TeuzuCrwcUT8OS1r5Pf4tonC5PxqAcD6pevQQv8i6xofKg%2BSmmqjd6xRX%2FtRZ3iAbztRQPiX%2FbUbluKj5lOFEoOX39l%2FaT%2BmJeax6If9eMhIu7VA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=2592000
x-ez-proxy-out: true 2.3
cf-ray: 73bb8b688920bb97-FRA
display: staticcontent_sol
cf-bgj: imgq:85,h2pri

POST
H/1.1 200 457.json Show response
id5-sync.com/g/v2/ 213 B
628 B 129ms
38ms XHR
application/json 141.95.98.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/457.json

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.70 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216620.ip-141-95-98.eu

Software

Resource Hash

1735404d605927d9535c8557c76104c18c2e130b30b3546f4670bf08267cf65c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.winhelponline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.winhelponline.com
date: Tue, 16 Aug 2022 16:28:41 GMT
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json;charset=UTF-8

GET
H2 200 pxusr.gif
c.aaxads.com/ 43 B
220 B 37ms
37ms Image
image/gif 23.205.241.117
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.aaxads.com/pxusr.gif

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.241.117 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-241-117.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

unused62: 8096267
date: Tue, 16 Aug 2022 16:28:41 GMT
last-modified: Mon, 26 Feb 2018 13:29:58 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: image/gif
cache-control: max-age=790348
accept-ranges: bytes
content-length: 43
expires: Thu, 25 Aug 2022 20:01:09 GMT

GET
H/1.1 200
OK pxext.gif
www.aaxdetect.com/ 43 B
323 B 179ms
46ms Image
image/gif 104.96.145.101
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.aaxdetect.com/pxext.gif
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.96.145.101 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-96-145-101.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 16:28:42 GMT
Last-Modified: Mon, 26 Feb 2018 13:29:58 GMT
Server: Apache
Content-Type: image/gif
Cache-Control: max-age=295145
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Sat, 20 Aug 2022 02:27:47 GMT

GET
H2 200 log
l3.aaxads.com/ 35 B
194 B 66ms
37ms Image
image/gif 23.205.241.117
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l3.aaxads.com/log?___stu13p=aveoaamactga5dnnuee25ti2rm86bcrodqacb&lwbsh=AAX&wHos=230&dgw=desktop&flg=AAX65WOCF&fw=NURNBERG&ff=DE&xjg=4&dss=0&skw=1200&slg=8PR6YK195&gq=winhelponline.com&vhuyqdph=ssp-serving-b56c95f45-xnqp4&vyu=081112_422_081112_382_ssp&vf=BY&yhuvlrq=4&yk=1200&yz=1600&yvlg=&ylg=00001660667321962013588907527130&vvsDeExfnhw=CONTROL&oz=0&gdss=green&lwbshlg=6&vg=2&dgeg=0&qsd=0&jgsu_hqi=1&fvha=0&jgivwu=Y-N&jgsu=1&fvvwu=&wfi_fps=&wfi_vwdwxv=&wfi_sus=&vxf=0&wfi_dsl=0&xvs_hqi=1&xvs_vwdwxv=0&xvs_ogi=&xvs_vwulqj=1---&xifd=0&frssd_vwdwxv=&frssd_dssolhg=&lg_ghwdlov=&dewh=SSP_CLIENT_gcp_w&deg=2&fdeg=0&gdeg=2&ghqg=229&fhqg=46&hqg=137&gvwduw=47&fvwduw=46&vwduw=46&uhtxuo=https%3A%2F%2Fwww.winhelponline.com%2F&nzui=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.241.117 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-241-117.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.35.v20201120) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:42 GMT
server: Jetty(9.4.35.v20201120)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Tue, 16 Aug 2022 16:28:42 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 125ms
47ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 16:28:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 128ms
50ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 16:28:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 138 KB
40 KB 832ms
831ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4203757996731320&correlator=1328774813948320&eid=31068926%2C31067825&output=ldjh&gdfp_req=1&vrg=2022081101&ptt=17&impl=fifs&us_privacy=1---&iu_parts=1254144%3A1041599%2Cwinhelponline_com-pixel1&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=2&adks=305944621&sfv=1-0-38&ists=1&fas=8&fsapi=false&prev_scp=ga%3D2497208%26tap%3Dwinhelponline_com-pixel1-6808156732964479%26ic%3D1%26ezoic%3D1%26bvr%3D0%26eb_br%3D9e0a1ce5b2455cb9b48d5df4c6bf4053%26br1%3D350%26ap%3D9999%26iid1%3D6808156732964479%26bra%3Dmod1&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1660667322217&lmt=1660667322&dlt=1660667320812&idt=466&adxs=-9&adys=-9&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.winhelponline.com%2F&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=448473988.1660667321&ga_sid=1660667321&ga_hid=704273726&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

10dac6603aa09a65c450daa3eae3ccf89eac30365451e45e67d01445dea811f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:43 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40969
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pubads_impl_page_level_ads_2022081101.js Show response
securepubads.g.doubleclick.net/gpt/ 36 KB
13 KB 37ms
37ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022081101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

b5d59cabb74825156b2bb79c42dfa9f625e1ea9c99fc1d404acacb4f93314b23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 11 Aug 2022 10:40:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 452899
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13585
x-xss-protection: 0
last-modified: Thu, 11 Aug 2022 08:35:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 11 Aug 2023 10:40:23 GMT

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 153ms
52ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 18 Jul 2022 05:01:23 GMT
content-encoding: gzip
age: 2546839
x-guploader-uploadid: ADPycdvqYWr4XlcgogWQv1CUKqMPpl5vfnpXVcXgwGPC8Zdt9c3EaH1AN9TP9qap5Fs6TeD5UJ3zYNvH-rbYbZWiqGonRQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
x-goog-generation: 1622140251693895
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
content-type: application/javascript
expires: Tue, 18 Jul 2023 05:01:23 GMT

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 39 KB
13 KB 166ms
55ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

c9bfbc2b802937d34983a32a97f9703769f7dc7a9ffebbe99e186aeb5141add1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:42 GMT
content-encoding: gzip
last-modified: Tue, 02 Aug 2022 12:51:24 GMT
server: nginx
etag: W/"62e91dcc-9dbd"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 17 Aug 2022 16:28:42 GMT

GET
H2 200 pubcid.min.js Show response
id.sharedid.org/lib/ 732 B
904 B 633ms
200ms Script
application/javascript 52.41.7.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.sharedid.org/lib/pubcid.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.41.7.133 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-41-7-133.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:42 GMT
cache-control: public, max-age=86400
last-modified: Tue, 16 Aug 2022 16:08:38 GMT
accept-ranges: bytes
content-length: 732
vary: accept-encoding
content-type: application/javascript

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 43 KB
12 KB 48ms
47ms Script
text/javascript 2606:4700:10::6816:3556
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf019a1e03162a3ab267c3dc07d7eb9b1ddb76ce703755c49a7ca9edbd1d87db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:42 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2276
x-amz-server-side-encryption: AES256
x-amz-request-id: Z1BXS6GT9Z1KF5J2
x-amz-id-2: EeGV6iXvskQidOLCxyc6mFo6z2pBmZJhhqRRvRCTKQp8uoAwCPX5Sez7gqQauUnGWHUIRJjX5+w=
last-modified: Wed, 27 Jul 2022 15:06:46 GMT
server: cloudflare
etag: W/"ce8697e279fcae53e3ebebe92f9e8909"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 73bb8b6c1bd99bee-FRA

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
2 KB 145ms
37ms Script
text/javascript 34.96.70.87
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 23bc1d893ce2d2f30b68e549aa3cb991c2a7b7dd87e3df67d9fbb6a8dd113bf8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:44:07 GMT
via: 1.1 google
age: 2675
x-guploader-uploadid: ADPycduMcI7ZpdV_5XDkk4WXSlP24VjfVCdbwmhpsxwayKZrq9GPlSEEinWNz52YzThprAjheKviSqgN3EIjNWsjQOkrzQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1258
last-modified: Fri, 29 Jul 2022 16:55:09 GMT
server: UploadServer
etag: "f5bc066f146e3dbb049aa6c86c7012e6"
x-goog-hash: crc32c=6QojvA==, md5=9bwGbxRuPbsEmqbIbHAS5g==
x-goog-generation: 1659113709880056
cache-control: public, max-age=3600
x-goog-stored-content-length: 1258
accept-ranges: bytes
content-type: text/javascript
expires: Tue, 16 Aug 2022 16:44:07 GMT

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 29 KB
9 KB 149ms
41ms Script
text/javascript 18.66.97.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-109.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 094b946adc39ade08f6d927ea066c8fef3ba6ee5c12919873172315ef7428e92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 02:54:40 GMT
content-encoding: gzip
etag: W/"2fa1275c04d6208db458c1ec8559f92d"
last-modified: Tue, 19 Jul 2022 18:12:40 GMT
server: AmazonS3
age: 48843
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront)
cache-control: max-age: 86400
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: WuzyKgjwP9s6Nau2dgGthG7J0jQWpULPeMaOlwQOeC_YCM7Sixgg3A==

GET
H2 200 uid2-sdk-0.0.1b.js Show response
prod.uidapi.com/static/js/ 4 KB
5 KB 492ms
128ms Script
application/javascript 3.143.73.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prod.uidapi.com/static/js/uid2-sdk-0.0.1b.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.143.73.72 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-143-73-72.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: 2a79d9d59e4c07752c78abc5f0243cecb939729e0728f347671fcd3a219e9b3f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:42 GMT
cache-control: public, max-age=86400
last-modified: Tue, 17 May 2022 17:30:07 GMT
accept-ranges: bytes
content-length: 4559
vary: accept-encoding
content-type: application/javascript

GET
H3 200 container.html Show response
010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9E83 6 KB
3 KB 135ms
44ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 16:28:42 GMT
expires: Wed, 16 Aug 2023 16:28:42 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 greenoaks.gif
www.winhelponline.com/detroitchicago/ 0
429 B 71ms
71ms Ping
text/plain 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJlZjAyMmZhZC0yZThhLTRiOTEtNDA3My1jNWNkYmZlODA4ZjciLCJkb21haW5faWQiOiIxMDUzNjciLCJ0X2Vwb2NoIjoxNjYwNjY3MzE5LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiZWYwMjJmYWQtMmU4YS00YjkxLTQwNzMtYzVjZGJmZTgwOGY3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidF9lcG9jaCI6MTY2MDY2NzMxOSwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjItMDgtMTYifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNiJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiIyIn0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6IjAifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJlZjAyMmZhZC0yZThhLTRiOTEtNDA3My1jNWNkYmZlODA4ZjciLCJkb21haW5faWQiOiIxMDUzNjciLCJ0X2Vwb2NoIjoxNjYwNjY3MzE5LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfdGFnIiwidmFsIjoiZW4tVVMifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJlZjAyMmZhZC0yZThhLTRiOTEtNDA3My1jNWNkYmZlODA4ZjciLCJkb21haW5faWQiOiIxMDUzNjciLCJ0X2Vwb2NoIjoxNjYwNjY3MzE5LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfcHJpbWFyeV9zdWJ0YWciLCJ2YWwiOiJlbiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImVmMDIyZmFkLTJlOGEtNGI5MS00MDczLWM1Y2RiZmU4MDhmNyIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInRfZXBvY2giOjE2NjA2NjczMTksImRhdGEiOlt7Im5hbWUiOiJ0aW1lcl9maXJzdF9hZF9yZXF1ZXN0IiwidmFsIjoiMTQxNiJ9XX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/cmbv2.js?gcb=195-8&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-4y1d-1y20-2y1f-5y21-3y22-4y23-1y2f-4y5b-22&cmbcb=96&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x1fx21x22x23x2fx5b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:42 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ThkiiUK3LoYxeBfxrrBQgrVaS%2FQLsmp0Ue%2BLegx4kxOXFcBI5mHyKKl3cnwvCNfKM9aocSRsSfUeXJqXhaurBNoljnB4TJ5TtSxiHdqE8anEYgcJOn6s2JXHJlRvXCRii0IX%2FcTeVoWtwpFMwFhUeW88w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://www.winhelponline.com
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 73bb8b6c2f29bb97-FRA
content-length: 0
expires: Mon, 15 Aug 2022 16:28:43 GMT

GET
H2 200 greenoaks.gif Show response
www.winhelponline.com/detroitchicago/ 0
277 B 149ms
148ms XHR
text/plain 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJlZjAyMmZhZC0yZThhLTRiOTEtNDA3My1jNWNkYmZlODA4ZjciLCJkb21haW5faWQiOiIxMDUzNjciLCJ0X2Vwb2NoIjoxNjYwNjY3MzE5LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjE0MjEifV19XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/cmbv2.js?gcb=195-8&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-4y1d-1y20-2y1f-5y21-3y22-4y23-1y2f-4y5b-22&cmbcb=96&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x1fx21x22x23x2fx5b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:42 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xkRUykCH%2FG8rXnLpofHabcypCYCUB00juNCYRHl7tnozfEo2t%2BEVuhRlsmmhuMQBKJuQtt3Fdiuah1H%2FyeDLivrBXCyNz5j%2BVxNE3WKm0BKaNBSb5eQfBd9W08vqzcs4q%2F%2Bqxbf9t9nEL%2FNAQRpe13Ap7g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 73bb8b6c2f33bb97-FRA
content-length: 0
expires: Mon, 15 Aug 2022 16:28:43 GMT

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
272 B 136ms
136ms XHR
text/plain 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTI0MzY1ODcxMDk1MDc2MiIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjYwNjY3MzE5LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJlZjAyMmZhZC0yZThhLTRiOTEtNDA3My1jNWNkYmZlODA4ZjciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjUyNDM2NTg3MTA5NTA3NjIiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTY2MDY2NzMxOSwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWYwMjJmYWQtMmU4YS00YjkxLTQwNzMtYzVjZGJmZTgwOGY3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6IjkwYzNjNDhkMDE3MjkxNmQyN2MxMDJlYTRhYTlkNDljIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI1MjQzNjU4NzEwOTUwNzYyIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2NjA2NjczMTksInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMywiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmMDIyZmFkLTJlOGEtNGI5MS00MDczLWM1Y2RiZmU4MDhmNyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI1MjQzNjU4NzEwOTUwNzYyIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2NjA2NjczMTksImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmMDIyZmFkLTJlOGEtNGI5MS00MDczLWM1Y2RiZmU4MDhmNyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODMxMDAzNDU5MSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTI0MzY1ODcxMDk1MDc2MiIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjYwNjY3MzE5LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJlZjAyMmZhZC0yZThhLTRiOTEtNDA3My1jNWNkYmZlODA4ZjciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiIyODY4NzI3NCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/cmbv2.js?gcb=195-8&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-4y1d-1y20-2y1f-5y21-3y22-4y23-1y2f-4y5b-22&cmbcb=96&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x1fx21x22x23x2fx5b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:42 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YSGn3ZuOduO4y%2Bkus2KbPfkHQ6RtRU6rENLjSmM4wqmmUKqn2R893brxen1CHHmHN9LToVN25X4XIsX3hv8D1pZEEQi0eoh2LekYGVtAJ02Tyy7dTfeR6RROMD%2FmsSoli7mGdLrBokKRNNXlgRzYxnbO%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 73bb8b6c2f36bb97-FRA
content-length: 0
expires: Mon, 15 Aug 2022 16:28:41 GMT

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
447 B 115ms
115ms XHR
text/plain 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTI0MzY1ODcxMDk1MDc2MiIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjYwNjY3MzE5LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJlZjAyMmZhZC0yZThhLTRiOTEtNDA3My1jNWNkYmZlODA4ZjciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMi0wOC0xNiJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE2In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjIifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/cmbv2.js?gcb=195-8&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-4y1d-1y20-2y1f-5y21-3y22-4y23-1y2f-4y5b-22&cmbcb=96&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x1fx21x22x23x2fx5b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:42 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sa%2BpRQB0J48OwVtcJTAwOkuQs%2FVL%2BsphWKWxiYZirOge7d3oom2O0mSt9RAza6P76lFx5dmD1kbzu74h%2BvTLw3ASQZdFr9dQvZdScnePRBu3cJHrKvyDmy2jNgKj4y7D0SMC%2BmY8TEC6Bzy%2FrSa1TGjQDg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 73bb8b6c3f38bb97-FRA
content-length: 0
expires: Mon, 15 Aug 2022 16:28:41 GMT

POST
H2 200 army.gif
www.winhelponline.com/porpoiseant/ 0
295 B 75ms
75ms Ping
text/plain 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNTI0MzY1ODcxMDk1MDc2MiIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjYwNjY3MzE5LCJhdWN0aW9uX2Vwb2NoIjoxNjYwNjY3MzIyLCJhZF9wb3NpdGlvbiI6MTEwMCwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmMDIyZmFkLTJlOGEtNGI5MS00MDczLWM1Y2RiZmU4MDhmNyIsImJpZF9mbG9vcl9pbml0aWFsIjozMDAsImJpZF9mbG9vcl9wcmV2IjpudWxsLCJiaWRfZmxvb3JfZmlsbGVkIjozMDAsImF1Y3Rpb25fY291bnQiOjEsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjc4NywibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjoyODY4NzI3NH1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/cmbv2.js?gcb=195-8&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-4y1d-1y20-2y1f-5y21-3y22-4y23-1y2f-4y5b-22&cmbcb=96&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x1fx21x22x23x2fx5b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:42 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7o9bYhRYQCJg47mlLOEEJXMjy3GarJuA09EpZiP3L6Dr7GVVnGUvjivY0ZqQf2YOqNEdyAdOjw6JhOnT%2BR513Jmrp4HCgYmGWhxbxVqOv6uljYtAc0G9dQPIExqzaMuuR6OYoZnGwOOPeOlo4wty7xoTTw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://www.winhelponline.com
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 73bb8b6c3f3bbb97-FRA
content-length: 0
expires: Mon, 15 Aug 2022 16:28:39 GMT

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
281 B 118ms
118ms XHR
text/plain 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTI0MzY1ODcxMDk1MDc2MiIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjYwNjY3MzE5LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJlZjAyMmZhZC0yZThhLTRiOTEtNDA3My1jNWNkYmZlODA4ZjciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIwIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIxMTA0In0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJ0cnVlIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/cmbv2.js?gcb=195-8&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-4y1d-1y20-2y1f-5y21-3y22-4y23-1y2f-4y5b-22&cmbcb=96&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x1fx21x22x23x2fx5b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:42 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nWRJqyKJYmeOqgQaZMkPCXUCKjVkMRYtzPvCFlCczHxmdBuCBaTLASY9Kp75Fek9Ord%2FbVixKj%2FRBGyGx6%2BzqUntMFkuJHn50XPJyQIoMAmyhzC%2B6B9zDyAvsDr7N%2BMd7ZVD%2F03WHnrh7MKV7ZjeVFnZEg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 73bb8b6c3f44bb97-FRA
content-length: 0
expires: Mon, 15 Aug 2022 16:28:41 GMT

GET
H/1.1 204 increment Show response
id5-sync.com/api/esp/ 0
330 B 119ms
38ms XHR
text/plain 141.95.98.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.70 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216620.ip-141-95-98.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.winhelponline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.winhelponline.com
date: Tue, 16 Aug 2022 16:28:41 GMT
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
strict-transport-security: max-age=63072000; includeSubDomains; preload

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame AF60 624 B
300 B 125ms
49ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIXULRDioeABGIjjwNABMAE&v=APEucNW9StuqMTzIILNWozRDRp8ZDH68Ht5vG25TenbudnzO6vsHow-wZjl4ZVlf4qV2EVC333W30mfmgHdJXyJ00JZfs84sVfYLf8mqTYjv6RzSGG3DSUiJqg2iiFlR8glIGwzaLEJqLVRvF-dDIig-DI49rINwdS8XcSCSJGyw-q5CLZjxlUmGQqLjZW5L23xsRX_SDrziw8v1QMtziQrGTdIkLyCRrQ

Requested by

Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 16:28:42 GMT
expires: Tue, 16 Aug 2022 16:28:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9E83 15 KB
11 KB 141ms
66ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DjPbdHoVO_h7Y1wVUrh1wnaZ-kvGdGviBRFFAq4Lm5-kBhMgeBMmFYgaz0X2uYhvbg4Q_dAJSy-g-FDaYU7jt-EpwLa6DxTuiGhaNYVtMenWV1WsWzzTcH_aID86BTFJ3BgHJw3wWR4VnPXzNF3ro601hPtQ&cry=1&dbm_d=AKAmf-ChwVBWdIvnBKc6NYAZdvpX-LJ-pCoumCWnytZ6ih9vZkadIPeQxfwRuZbmhATrlqdUFOv-fPCAkhxm3I8eWxwFyep5UZVooveXgi4rinvUkKwS7TwlyKcgC9_bsYA1FOirgTGW2gDqomYKKTUmiIu5ex0iKSUUiWTPIqj-s5CGPXPrg7fozRyuTZZMUhEe1R6EzgVUsaUyNUC9DzWHqtfee_z6LUoZhMB55uSRt11kog1cchvisxl1KQx2Qi3cgIUMvkf-MK_SX3IUbFhOJXVNnXQLVNIqLI9Qc-z9vsL1IqjXp95NPGw84JALIr2OsszDMPdyxnVCK3qb6rombanhgnAFaVt7oON-vDHJVRulV1mIDGhSj86hfCHrDAf0hTkdur5EHksfceelSAPOk1pNAkacLgkXJqLrkQQZUsOrLS7fvGVcBk7E57aRpkTWDNHuoWKtsKSNhmcxn_f6uc9sXMDsrytzXgcEiq09O9ywoIKE6YdXjVBUkkACCkWEwQ-CiOXrIKK5b9k2wLHIWOpzLpau0urm0wnsFOuHgBg-abiBrD1ZZHvoU6m_vCSlYAQ1oG-RcZDT-jiQeGtqHWHd5FaKSxzaBFEQBnxXIvbDVENEErGI50HngEU-qBNhp8ZZZuqCye3O3t1SSpH3h7_PFP8-LXepkYGEbyfvCbXeK-RCQl5nO1x7v2kBMOmLteV3pDDG32yb17t5ITF0DnK6TZwohRtKkp1LYlhXj_9KdzvfnMQyu6P3PjAkMYe-GrdMLbLC-CK1XnCDzMSsPHO0gFKxIgu4UlGQ0_sEj3vh-8D4pdYLHQALKXXa38fy2VI64XyTikrkVsEva5rZm17_GaoCxW0psi0ypObLtarKb1RZgqsiPe2D0-5dO6FF4aBuhm3hLTozO2Y14G1OmnpsqvKi8cNM8n5idwkMLwKSglmBbxdnHKKHn0rqUsDzlcc_gVgqErdIesGgsBxHRLWll4MdGvMZg5kRCqSUcy_SpyYVYWoxEvRFFRYs3FDRuw12Md5BfYOQ2j1wA6G5Avpkp-_NAXNsxUh-S-kx0WAVlggTx-5a35XFLVNVf0UUfZWMk387IVmteXLrqAX5f0Uw3Fq3avinC2R5HAAyt6XtlskHFJxu0AvIYvkVc_cfVFaJ62irybz9O_z0Bw-SrMs6y4OjSIIOyoX-bIEZ_L90XVxu3tbhQWlgpiV_ZaCJqmkdVihRVFNSoKK_wmZh6KyUn6VqLTLvFKcb6soQw4ZQezisGIveqQqS_q38PmC14zjT9dlANggdb6ubB3gks7RB3CZTxtkxQZ0Wy6luprgRsLynwjmCd7F2H1-T1BXeJtEDGRAvB6AmTs7TWS6cCeqeESaoMgluIPJubGuK0TZ3iO-oQvffhMouUlUYflAuvQXGVlXl_vfRtPIurYGsxdPUbMFrGzoiJdbF-H2kvjBt-FhXM6w0VeRI0K2b6aWq3Twrg_86N4-1wiokIYGQw-5LvI_cjGMTH7xTKnleVMEHPyl9B0ilHJIUYA-0Am2kzw-5Y4waEZK0iAFxtm8jax_XeoD8me7cxIsIrQojCUT47EDtBPaF9WCunS5tqbjp3q44nGxNh758ADrFrBfggbIKsHN_W6WUGAzxD704w6RfuzT7K7UGOfHGciHYwM2dzlJmPoQcJJOAN47UR2JqKi1j6jIkxKm2Jx4esY2EAusCNJXuPsSBWnJCSzWGx7psiAOJn9WGeCepZfbplT1EUAKEIaQVixlUhShMC8JkU5NxOzlODk-C-7bFSudE2nkIzFA17vrVmM8WfTd6x9sTW9Lg8F_d2piMskxDW2HXsMjUghZ9NYPNxRoPTUAzHscgWZdtB54lGcQ_uFRBJYffrkQvN0Uz0df0M2Cbw5kpMD49TY4vf1o6y2h7u1NhKD7wfq0TNcIczjqW3XMXv5bAs8TCEnY3lL_Y_JwQCQ_6nd0Y9uTzMMQV-543bgDkuQ4wT-ZHJvkMm3hXkngHblZBTzNPpJcEyvE2zVLopWMSLDYSRn6rOaK0eYei3HAZYVRJDo4RptMPsvtBy3UOk0qG-DL3ds1kOAT54pMtDjXl2xBUYv4-pbxcSEfU-UprYO1HYmLWhjCAJpHEyDQeCiNQxX0OMw1RDzak_dEz7LqrrtpVLhk04ItMsaLqCCh0V0x-LxfTNU97GDwRdDmFQWNqiGPgdraRJsshY-Xjs2JQj-I17WN_lVNsB3a-JfXGqC8Y9dDC8c9BYhrG4foI9Ha8I5D9TFDJ3XBGley9-6nV6YE5GHufPeDblJ8xRmDFGGZc0ZhK8dEW44lR4rGmFP6I8Zk_Q_gjDQbfmFaKyHHOvP9fcIpICk_0koYyk_-cKzvb6xQzdWF16CWaCFRTxSJGp-DoB2-_etD0CSYa7Imlsguh3Z8gkeCl_R7_AhOdXuhMfsy-0sbEyPaUtjV6Xc1-i4UYQhQSt22A-ETQmqPVm5oblSBsKyZEhx5tvjXwmgJpzmnrmG8a4tJ0i7hGA-CepPRtaL7FwIHqIR8nsJf_HvKmBZLZ0VwV_yTYLjvVBZh57JO8CPBKVDNy6CEvulbtllkzEfDwbnr5SXFh6dyUYFwM8PptiuN1_zBxxqX1xTDPl26JEI2Ki8BhHP9yNg_WWfC3YlD6u0HHQ6KNxmSTUNgIBOFjI5QjmIQc7ArAyhlpdhIiOBbha_3mfIEIBPu5HNmMXl3X15MmHmmNPGfVDDGEUWtQ3uDFzAbplDzLVRGWpt0FavmWiViKwl06Y_YRp0ifiVjlZkerbxSJS2HQIoXZZ0ekkOSPAv8Geh-lbgTTg2HbbEigueheFRggtb23zenzlkpOO9MlaHXtNUy6wU5D0wxrwn7SaBwer1tkTL2Oeyui8C-fTlI9alkC8jHf9paJhgoF0nzvD_maN2XypJhtXfl6CDIVBFQnFyYy6U5e7bl3RZrVKAscKFfnweQnp8-vCS2jqg&cid=CAASJ-Ro0OSSrqVtU760gUlMPFURjuaBWPZbRIpEF0gHnMneV9ZDM6pHNg&rfl=1%2Chttps%253A%252F%252Fwww.winhelponline.com%252F%240

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2c867478e983d3bd6a81b80c6fbe469a3382227495fa5b5e577175eeb3029f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11185
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9E83 42 B
63 B 71ms
71ms Image
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AQ8vzmTdERVW5S9SEm8CHAzsCW1HiPBMREaZx92sAVeYdVBx6w7VgZCW1vEFWQicO7zzOH6g_fE9tUWczfVk0tMdgTuny_Eihmq3_G6uOE3l_PEWE

Requested by

Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
fw.adsafeprotected.com/rjss/bgd/1124391/64930536/xbbe/creative/ Frame 9E83 242 KB
73 KB 242ms
58ms Script
application/javascript 52.31.65.246
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bgd/1124391/64930536/xbbe/creative/adj?p=APEucNUgesl61hj9FjY31ZylvQN4kWuSOMeOXk0fpIAynFDceWrj3P8&d=CokBAKAmf-DlOtniprm_T2kiPUX0HAAHDWrM2zm_w3t1ke_G27Q3hx6CgNSkTIpE_dDi7JKlfrgWPLDynyPoT_2aXLmU3XWxzz0ptpfT40BpR2jMO_o9f9G5xLVXXuTylhvUkqZOIz7vGXinYLTAfxNFlBtvkH-vhGaPSRyL1g2rPWplBKOVY-u5JLISiRQAoCZ_4N8ngcYCpyPqv03zOrtIVm8m9k02HjDib_05TZMh3Eoe55OHn8_Uay52EPy6i35dfqdIWjhhibdmZ0vpuW82OkOilnseATzGQ4AonlOZO8T6oalyvabDNrIkwU74w--Tr-wP43epDLxImGnEolxAJ567xdtYKK6y3hTQYn7xL7wnrVwlX-lwoVJAzVRLcnxwtkNwK5vZkJR4ZnKdo9xth2Nk7VEiMkbbpEX4ddRf4q65VZZp73FPskU8eqhvfFits1aJXVFoavJWL_c7zVKKGF9HTqXTRlbkxUWtxIpM_WtlTToxKm1IsyS-FqtJiKw0A65FOJ3-WoLLTl4TA86uUoHV9n2ZyhAI28freSXIFUUSxg2BSNKvdyJSlFh3oPI9Jol4_zMtFACotZXaoadqFnrsI7HYyDBoNFOPaozwvwEXtr3IPiAfvbuyfCWP-mGo-E4hKG_1yfbGZmxrI2jRCaPVy865dI-PLA7X6RvB7hDN5zJjiTp2qlLXLY3_2r7owXL4jNcIg41u8TLje2aYNhGpkmMGE2VADVBxwwuO2k0V1Mdlsp06gKwVDLDzieU9g-4Dgr6najSLSO2RLgU8hVjzUBYBiuExqXLkUYV3VRNHs-9r96RTL848-oDJG3TrY__ik_fMKJW12H9X1fDp90TC8-3pDbK9ERVTUb-TV7WXk7GjkbYqyxpt9_qPedWS51-eeD6m2tHaTmEXwWxUIeuARNcc70C4VYQAhexRz8dkfCg0X8Byjl-1ls3gA-rXC6Ks1ieV2Bft1mpgS7HaGEZEymHyvGK079bz4J8YekeYchYgXtVfBLiJbkxNOjxY7KyD7r5zDDpdjAk3YMV6NvTAvoLdXo-oUx_QtoYu8svktSe-JPha0goTiwW8oPbz4IlopOrrdVybotOj7fzLZc3V6rwlbt1S5j1ewJzimrlv9wBVwcD2CjuBYN9Tp7WtTUA2PXajQasMXgwpm1R3tiwt6Gej7j1i1yfIRNwdOpApvymLT_OYzkFGKwC8G3RyubZBu4Qf-bzmw3JOfI2gR4AURuWrttYqSYq0h5l42Y-R1F_xUy3M2fFkdt79M7ATQw9M5YJQk4_7-nXet6YzEUhISwYIrQcS3_QjIN_Dn3L1gKle64IOD1OEjuow2oQW61j3CP6F9tAP4Z9Kpew91bjVMjXfTMrA4uR1QExFwLiWI-WUpFJbMT2j1xqyoOM9Wwn5i6la7-Etw_V0nhK_cXXgS5vxyXKC-10XcwLZfqLj7mDFA7Aia_e0czuneX-dESTK8isbYf3V9jJC0RehSAoWfCCUYPTfhYmBf6Bv1fp0MTCPx10GpEG4pZOKzPA-hLZnrjT1iAW7-UtiHu-1ypWWHkvoeTYjGORGEM1UaFx1mFECK2zgSOtxCr8DoG0HbcKmTf4aTjrOX69CfcHTwD2ykxeA8t6tntffXBWZnBEW7EHUIghSKEJalsTvZeH5Ay7cLr9lc5DlWdshVlDd_tuEbvhpEb_Mp9z61CwPZAtPKjw8sFYRfGReXKyAAV-dkYO3GUSyz8YJion1uzPnYGUfc8_uQ7VU6gFLRoQYo7FaIidZjtKCIturhQsq_DEj6D099RaYn-IZ815heaMkefyvIt9sjxXQczKqam_thMXBcWE0eTOUQMejg7QhetkFD_KS0kpE2KHHqmCRXnSMwle5AUQ9Xq5ZCQ03x3tYyBx4Yau9XlEw14SaiTeFHpAyudsVcbJbcn3sDe00hP1x0kLds3fb6fCQpOAyCPbUaAjsTesYCFs5uxshRcc_WIs-0md34cBi0aaVDIvbbnKCB8gIq1_oU6NQNCI3xahQ4_McbphZrBI6w85e2EOK1pQcDOtTvMpIme8GFMQvgvo38zrQ84m_m1Mvi-6B3RnebMmOL10s4NHxLhVgxNjSyVuk1TurkDADqz3Z8wIwXvQAK2jUTgpB0hRQeRlRddqZZjWDt6_Iawsozj9vO0douitP_VeLfzSgxXDaLrSC87yqaMb4e_5JBh5dpycv1SZ-5NNESWHkHlbIM-_r6wrZOJGpy3KqPuZOAhlDwVszoYnWGaNp2jPGpmwPK5bROYOK4OR19pvrrQbWNX3ubYdnJ13AqxTynTvpkfmV9O4dZXdk4UVr1cuK99h3iKzELh-dShyha3UrTXXHD3Ng37KAGlE6x9z7FIeSQheFGfdyi534ccVpmbMH4gQ8UccEwEYOUFkTGCW-l0lTIYv0v2HZt7tpaQxztwRACpQdt0BH33LEmQfpgHn7jIIE23jx4WG6RvCuy4LNM92ay6qQoRcbAYpmzoLTbbelIiTdnmrE6sllnQD_Jv-B6T3j6WPLZsk0tC91sZv1rFU2HiSxXLy7lndhxe5s1aG3DStF1D6yydXBBaGGfcjLUFnqSh5gYq4VpV4JdRIe8TZmnbjIM7UeK3BTfpezonwNQWxikoyYmGLC2JWCPnzVdTaCOIjqFzuwMbrU6g_zBW7ig1n5p2IzTCGDsZT7GYuBnFYt-abbGlji7yN6hQPoKpjPGQEgdevKW4p7mS5RWjo1__dSfAWdDek-S__a6kT8-8SF9zevn04ACkcK3wLr4zwybXQMurbLpSpOEiQBDvLG-KvuzEO0Kdj-FKc7fRVcoDJoDQRi1UzIdPDx-Vge6ljK4XP381AV7hSO6hJVnj31oMw_6Txmdqlby_w9h4GFDxEq7wWTmAXiGs6xWMFYUSwRp3sxvr12PaSRT7XuG_l53BS3Wy4ldjr44zzvv2_jW_7nOH2WKDTofaDSg9ohw4SW9nC7Fl9RZ6yC1bngGvEFc6Uj6FhCjRAYVp8UP6mitg_aAYXphAurbjGVNullJhP8Zz-_KdIYB3bbBS68KDtvneszSw0ZB_c1AUXKK35oaqeoBiGz0B3bSS2eLBWaa6ffRFBRbExaRnqTOB1Cxpq-nj4ivRva_LVGIQBMuAQ1xT_OL08wlEdNmPHR41gRVa_z75zzIlDE7ZzyAEnEt_ji1qr4qQjSv7Ex0eRpDZlfM_Nsu0xkNisLkBVY80T8ME4esEeivxag3CH2prj725EiDso2Ngmz4bOGq14Lia5WcknjsheNmBkhaAvffRz8rdK_b6i0ZvgV1WW4nk5khaoOD_DEh29HOeeMhI7pNxrEghPonBxem_revjUhyTmntd_9ewqikTNgcS3UwBNcW1yZXknVaqio9JGNwZVgL2TsfNgDgokfEZKyw-P-AmZ1TGtnX_-sdNe9okAFt1ZFkElv6gmDS5leJvO2duco3EzztZJTVUmEMAUDT-jvjCPoBJ1L2MdYQ0QTBeI_fvdOi5zlwafomNU3knZWNbzfKFQrocIXoinzyWtPIemWtcudMUk40qYdHxeB4_Q3IoeUvSNYPk8OqGIAlwf_YDZEakeX1Cyyu3RgSKX7ygSGzJ3MGisIABIn5GjQ5JKupW1TvrSBSUw8VRGO5oFY9ltEikQXSAecyd5X1kMzqkc2YAE&cry=1&ias_dspID=3&ias_campId=1008627756&ias_pubId=pub-6396844742497208&ias_chanId=1&ias_placementId=17996878247&bidurl=https://www.winhelponline.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hqFNVuN0oTEHPwPYM9T3CG
Requested by: Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.31.65.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-65-246.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 3e4a378e0199290fccb34ff62aebe72e2d1249051c4befb2afe6d4c8e1d5440c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:42 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame 9E83 3 KB
1 KB 305ms
73ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/window_focus_fy2021.js

Requested by

Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:11:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1006
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 16:11:56 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9E83 140 KB
44 KB 502ms
51ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b1b0541f82f31cab4d9c95f9e0ed760d579580a0dde81bfa342effb6c8b677d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44049
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1660562816195624"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 16 Aug 2022 16:28:42 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame 9E83 17 KB
8 KB 269ms
38ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:50:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2278
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 15:50:44 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 9E83 0
0 527ms
44ms Image
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQwaYtKjZtvEal6Rh77yNfKwpsyDQleCCywGtilguGGt8RsO_tDp4lnG7Dbrx8tLr5UZW5NiS96zoJzi5yVhSUpYS60hA
Requested by: Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

POST
H3 200 encrypt Show response
esp.rtbhouse.com/ 218 B
235 B 133ms
57ms Fetch
application/json 35.190.39.111
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://esp.rtbhouse.com/encrypt
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/cmbv2.js?gcb=195-8&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-4y1d-1y20-2y1f-5y21-3y22-4y23-1y2f-4y5b-22&cmbcb=96&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x1fx21x22x23x2fx5b
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 111.39.190.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 55142559faf25830b3aacbc7d5256f7ace6f94d39854e9ee1ddc456be8948e1f

Request headers

Referer: https://www.winhelponline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 16 Aug 2022 16:28:42 GMT
via: 1.1 google
server: Google Frontend
content-type: application/json
access-control-allow-origin: *
x-cloud-trace-context: 0decd0669cb76f29591d8b8a80ab530f
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 218

OPTIONS
H2 200 encrypt
esp.rtbhouse.com/ Frame 0
0 173ms
53ms Preflight
text/plain 35.190.39.111
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://esp.rtbhouse.com/encrypt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 111.39.190.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.winhelponline.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST, GET
access-control-allow-origin: https://www.winhelponline.com
access-control-max-age: 600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
content-type: text/plain; charset=utf-8
date: Tue, 16 Aug 2022 16:28:42 GMT
server: Google Frontend
vary: Origin
via: 1.1 google
x-cloud-trace-context: 115e715a86b21d8b8f381a627ad18f8e

GET
H3

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.winhelponline.com%2F&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.winhelponline.com%2F&rid=esp&cc=1

85 B
103 B

249ms
210ms

Fetch
application/json

34.120.107.143
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.winhelponline.com%2F&rid=esp&cc=1
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3
Server: 34.120.107.143 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 143.107.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: e20379c72a6d43a7bd1688e08ed49653e52409e818206491bb9ad0923dd5cfdc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:42 GMT
via: 1.1 google
etag: W/"55-9dmWo18W6tSnjg0SxoRwUeLtZzY"
x-powered-by: Express
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.winhelponline.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Tue, 16 Aug 2022 16:28:42 GMT
via: 1.1 google
access-control-allow-origin: https://www.winhelponline.com
x-powered-by: Express
vary: Origin
location: /esp?url=https%3A%2F%2Fwww.winhelponline.com%2F&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 3474 15 KB
6 KB 134ms
44ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.winhelponline.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

2b00ce902e9ef9e7031d76c62a72c1cb0054185e6691e9a72757a31cead715a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.winhelponline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-length: 6145
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 16:28:41 GMT
server-processing-duration-in-ticks: 1587
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame AF60
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE_b4gYa8lnu8RZkJh6Ww8g&google_cver=1

43 B
905 B

86ms
71ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE_b4gYa8lnu8RZkJh6Ww8g&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIXULRDioeABGIjjwNABMAE&v=APEucNW9StuqMTzIILNWozRDRp8ZDH68Ht5vG25TenbudnzO6vsHow-wZjl4ZVlf4qV2EVC333W30mfmgHdJXyJ00JZfs84sVfYLf8mqTYjv6RzSGG3DSUiJqg2iiFlR8glIGwzaLEJqLVRvF-dDIig-DI49rINwdS8XcSCSJGyw-q5CLZjxlUmGQqLjZW5L23xsRX_SDrziw8v1QMtziQrGTdIkLyCRrQ
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73bb8b6f0d2b925c-FRA
pragma: no-cache
date: Tue, 16 Aug 2022 16:28:42 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hlQsRYSilFC2qWcsJAYYlqSuAStxlEx7p24JpuJaWWujVvpOgZNQc8wx2KJokQ7AgDFmLwaF0BKb2xrX7DxPpWin0Ql9nLsoBHIBQ6Gvoww1LOM5HRKvrmCPj0A%2FERTXG7Q8kHXe8nuWnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:42 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE_b4gYa8lnu8RZkJh6Ww8g&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame AF60
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YvvFumtqNix8WP46dvetiwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHPz0_Joxox1HMFzoxuCnFs&google_cver=1

43 B
910 B

51ms
50ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHPz0_Joxox1HMFzoxuCnFs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIXULRDioeABGIjjwNABMAE&v=APEucNW9StuqMTzIILNWozRDRp8ZDH68Ht5vG25TenbudnzO6vsHow-wZjl4ZVlf4qV2EVC333W30mfmgHdJXyJ00JZfs84sVfYLf8mqTYjv6RzSGG3DSUiJqg2iiFlR8glIGwzaLEJqLVRvF-dDIig-DI49rINwdS8XcSCSJGyw-q5CLZjxlUmGQqLjZW5L23xsRX_SDrziw8v1QMtziQrGTdIkLyCRrQ
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73bb8b706f65925c-FRA
pragma: no-cache
date: Tue, 16 Aug 2022 16:28:42 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yxb%2Fc2%2F91Uj7EvoanUsclrDmXFyqZpKIJi%2BcGTOaWylc1d1jL0n7nzl7N11L8SqjpHeSquAKSe6ht8di2dwM10NJRCwOwXKZi%2BchBfDmPku6%2Bfuft6I9KdlZBAOpz5nlzpTPXdemnaB%2Fww%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:42 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHPz0_Joxox1HMFzoxuCnFs&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame AF60
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEEZEWxZJ5i7bqvXS2NTSsqk&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEEZEWxZJ5i7bqvXS2NTSsqk%26google_cver%3D1

43 B
1 KB

44ms
44ms

Image
image/gif

185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEEZEWxZJ5i7bqvXS2NTSsqk%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIXULRDioeABGIjjwNABMAE&v=APEucNW9StuqMTzIILNWozRDRp8ZDH68Ht5vG25TenbudnzO6vsHow-wZjl4ZVlf4qV2EVC333W30mfmgHdJXyJ00JZfs84sVfYLf8mqTYjv6RzSGG3DSUiJqg2iiFlR8glIGwzaLEJqLVRvF-dDIig-DI49rINwdS8XcSCSJGyw-q5CLZjxlUmGQqLjZW5L23xsRX_SDrziw8v1QMtziQrGTdIkLyCRrQ

Protocol

HTTP/1.1

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 16:28:42 GMT
X-Proxy-Origin: 80.255.7.100; 80.255.7.100; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 0014aef4-9c23-4b8f-917b-7359e1fe0a41
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 16:28:42 GMT
X-Proxy-Origin: 80.255.7.100; 80.255.7.100; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 0162c88e-64b7-484f-a641-b3cddbbbaabf
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEEZEWxZJ5i7bqvXS2NTSsqk%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AF60
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDUyNDQ0OTQwMjgxMTQ4MzY5OA%3D%3D

170 B
188 B

107ms
48ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDUyNDQ0OTQwMjgxMTQ4MzY5OA%3D%3D

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 16:28:42 GMT
X-Proxy-Origin: 80.255.7.100; 80.255.7.100; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: b0ba4b95-d7f0-4f39-831b-8ec8194089e4
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDUyNDQ0OTQwMjgxMTQ4MzY5OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9E83 41 KB
15 KB 124ms
42ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DjPbdHoVO_h7Y1wVUrh1wnaZ-kvGdGviBRFFAq4Lm5-kBhMgeBMmFYgaz0X2uYhvbg4Q_dAJSy-g-FDaYU7jt-EpwLa6DxTuiGhaNYVtMenWV1WsWzzTcH_aID86BTFJ3BgHJw3wWR4VnPXzNF3ro601hPtQ&cry=1&dbm_d=AKAmf-ChwVBWdIvnBKc6NYAZdvpX-LJ-pCoumCWnytZ6ih9vZkadIPeQxfwRuZbmhATrlqdUFOv-fPCAkhxm3I8eWxwFyep5UZVooveXgi4rinvUkKwS7TwlyKcgC9_bsYA1FOirgTGW2gDqomYKKTUmiIu5ex0iKSUUiWTPIqj-s5CGPXPrg7fozRyuTZZMUhEe1R6EzgVUsaUyNUC9DzWHqtfee_z6LUoZhMB55uSRt11kog1cchvisxl1KQx2Qi3cgIUMvkf-MK_SX3IUbFhOJXVNnXQLVNIqLI9Qc-z9vsL1IqjXp95NPGw84JALIr2OsszDMPdyxnVCK3qb6rombanhgnAFaVt7oON-vDHJVRulV1mIDGhSj86hfCHrDAf0hTkdur5EHksfceelSAPOk1pNAkacLgkXJqLrkQQZUsOrLS7fvGVcBk7E57aRpkTWDNHuoWKtsKSNhmcxn_f6uc9sXMDsrytzXgcEiq09O9ywoIKE6YdXjVBUkkACCkWEwQ-CiOXrIKK5b9k2wLHIWOpzLpau0urm0wnsFOuHgBg-abiBrD1ZZHvoU6m_vCSlYAQ1oG-RcZDT-jiQeGtqHWHd5FaKSxzaBFEQBnxXIvbDVENEErGI50HngEU-qBNhp8ZZZuqCye3O3t1SSpH3h7_PFP8-LXepkYGEbyfvCbXeK-RCQl5nO1x7v2kBMOmLteV3pDDG32yb17t5ITF0DnK6TZwohRtKkp1LYlhXj_9KdzvfnMQyu6P3PjAkMYe-GrdMLbLC-CK1XnCDzMSsPHO0gFKxIgu4UlGQ0_sEj3vh-8D4pdYLHQALKXXa38fy2VI64XyTikrkVsEva5rZm17_GaoCxW0psi0ypObLtarKb1RZgqsiPe2D0-5dO6FF4aBuhm3hLTozO2Y14G1OmnpsqvKi8cNM8n5idwkMLwKSglmBbxdnHKKHn0rqUsDzlcc_gVgqErdIesGgsBxHRLWll4MdGvMZg5kRCqSUcy_SpyYVYWoxEvRFFRYs3FDRuw12Md5BfYOQ2j1wA6G5Avpkp-_NAXNsxUh-S-kx0WAVlggTx-5a35XFLVNVf0UUfZWMk387IVmteXLrqAX5f0Uw3Fq3avinC2R5HAAyt6XtlskHFJxu0AvIYvkVc_cfVFaJ62irybz9O_z0Bw-SrMs6y4OjSIIOyoX-bIEZ_L90XVxu3tbhQWlgpiV_ZaCJqmkdVihRVFNSoKK_wmZh6KyUn6VqLTLvFKcb6soQw4ZQezisGIveqQqS_q38PmC14zjT9dlANggdb6ubB3gks7RB3CZTxtkxQZ0Wy6luprgRsLynwjmCd7F2H1-T1BXeJtEDGRAvB6AmTs7TWS6cCeqeESaoMgluIPJubGuK0TZ3iO-oQvffhMouUlUYflAuvQXGVlXl_vfRtPIurYGsxdPUbMFrGzoiJdbF-H2kvjBt-FhXM6w0VeRI0K2b6aWq3Twrg_86N4-1wiokIYGQw-5LvI_cjGMTH7xTKnleVMEHPyl9B0ilHJIUYA-0Am2kzw-5Y4waEZK0iAFxtm8jax_XeoD8me7cxIsIrQojCUT47EDtBPaF9WCunS5tqbjp3q44nGxNh758ADrFrBfggbIKsHN_W6WUGAzxD704w6RfuzT7K7UGOfHGciHYwM2dzlJmPoQcJJOAN47UR2JqKi1j6jIkxKm2Jx4esY2EAusCNJXuPsSBWnJCSzWGx7psiAOJn9WGeCepZfbplT1EUAKEIaQVixlUhShMC8JkU5NxOzlODk-C-7bFSudE2nkIzFA17vrVmM8WfTd6x9sTW9Lg8F_d2piMskxDW2HXsMjUghZ9NYPNxRoPTUAzHscgWZdtB54lGcQ_uFRBJYffrkQvN0Uz0df0M2Cbw5kpMD49TY4vf1o6y2h7u1NhKD7wfq0TNcIczjqW3XMXv5bAs8TCEnY3lL_Y_JwQCQ_6nd0Y9uTzMMQV-543bgDkuQ4wT-ZHJvkMm3hXkngHblZBTzNPpJcEyvE2zVLopWMSLDYSRn6rOaK0eYei3HAZYVRJDo4RptMPsvtBy3UOk0qG-DL3ds1kOAT54pMtDjXl2xBUYv4-pbxcSEfU-UprYO1HYmLWhjCAJpHEyDQeCiNQxX0OMw1RDzak_dEz7LqrrtpVLhk04ItMsaLqCCh0V0x-LxfTNU97GDwRdDmFQWNqiGPgdraRJsshY-Xjs2JQj-I17WN_lVNsB3a-JfXGqC8Y9dDC8c9BYhrG4foI9Ha8I5D9TFDJ3XBGley9-6nV6YE5GHufPeDblJ8xRmDFGGZc0ZhK8dEW44lR4rGmFP6I8Zk_Q_gjDQbfmFaKyHHOvP9fcIpICk_0koYyk_-cKzvb6xQzdWF16CWaCFRTxSJGp-DoB2-_etD0CSYa7Imlsguh3Z8gkeCl_R7_AhOdXuhMfsy-0sbEyPaUtjV6Xc1-i4UYQhQSt22A-ETQmqPVm5oblSBsKyZEhx5tvjXwmgJpzmnrmG8a4tJ0i7hGA-CepPRtaL7FwIHqIR8nsJf_HvKmBZLZ0VwV_yTYLjvVBZh57JO8CPBKVDNy6CEvulbtllkzEfDwbnr5SXFh6dyUYFwM8PptiuN1_zBxxqX1xTDPl26JEI2Ki8BhHP9yNg_WWfC3YlD6u0HHQ6KNxmSTUNgIBOFjI5QjmIQc7ArAyhlpdhIiOBbha_3mfIEIBPu5HNmMXl3X15MmHmmNPGfVDDGEUWtQ3uDFzAbplDzLVRGWpt0FavmWiViKwl06Y_YRp0ifiVjlZkerbxSJS2HQIoXZZ0ekkOSPAv8Geh-lbgTTg2HbbEigueheFRggtb23zenzlkpOO9MlaHXtNUy6wU5D0wxrwn7SaBwer1tkTL2Oeyui8C-fTlI9alkC8jHf9paJhgoF0nzvD_maN2XypJhtXfl6CDIVBFQnFyYy6U5e7bl3RZrVKAscKFfnweQnp8-vCS2jqg&cid=CAASJ-Ro0OSSrqVtU760gUlMPFURjuaBWPZbRIpEF0gHnMneV9ZDM6pHNg&rfl=1%2Chttps%253A%252F%252Fwww.winhelponline.com%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 12 Aug 2022 07:50:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 376665
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 12 Aug 2023 07:50:57 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 3474
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=winhelponline.com&sn=ChromeSyncframe&so=0&topUrl=www.winhelponline.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=NTade3xVTHVjU2hMVjVaV083THU5dkY4b25RT09tUnJvNzVlLzhTZU41VTlXSGREZGFCcEM0UjRmeW9NdHFQN1dTZGVOVU41aVVld1dVNTI4c01wampSaFIrK0hTNC9wZmhwZ3ZFU1Z4L3J0V1V6cXZSODRBd0ZSdXdXd3...

451 B
649 B

153ms
50ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=NTade3xVTHVjU2hMVjVaV083THU5dkY4b25RT09tUnJvNzVlLzhTZU41VTlXSGREZGFCcEM0UjRmeW9NdHFQN1dTZGVOVU41aVVld1dVNTI4c01wampSaFIrK0hTNC9wZmhwZ3ZFU1Z4L3J0V1V6cXZSODRBd0ZSdXdXd3JsRUlLZU5qUG91U2lha0ZLTEhjMXY5eEJnUHFoRFNxMlZ2Wi9ZaWFXU3FRcGdkaTNzWjlpRnJTVk9LUkVGaUdXNDB2bHlITEhiQTRkRTE3M0IvUG5DVENZM0xWdHYzZ1ZWV3Y5SU9kWDJ3aG9vbzRUU0dQSmdaTncwSHJ0eUlsQ2RoenRwTTVLUkpBU2ZZVXZLSHZramExdHlwREl0dz09fA&cppv=2

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

8f69dbe2b0891ed74ed2c426487a9751ae8b929dc6d932fe589abf2eca1738bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:42 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 4683
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:42 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=NTade3xVTHVjU2hMVjVaV083THU5dkY4b25RT09tUnJvNzVlLzhTZU41VTlXSGREZGFCcEM0UjRmeW9NdHFQN1dTZGVOVU41aVVld1dVNTI4c01wampSaFIrK0hTNC9wZmhwZ3ZFU1Z4L3J0V1V6cXZSODRBd0ZSdXdXd3JsRUlLZU5qUG91U2lha0ZLTEhjMXY5eEJnUHFoRFNxMlZ2Wi9ZaWFXU3FRcGdkaTNzWjlpRnJTVk9LUkVGaUdXNDB2bHlITEhiQTRkRTE3M0IvUG5DVENZM0xWdHYzZ1ZWV3Y5SU9kWDJ3aG9vbzRUU0dQSmdaTncwSHJ0eUlsQ2RoenRwTTVLUkpBU2ZZVXZLSHZramExdHlwREl0dz09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1502
content-length: 541
expires: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 7063 22 KB
8 KB 114ms
37ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 376665
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 12 Aug 2022 07:50:57 GMT
expires: Sat, 12 Aug 2023 07:50:57 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

passback_728x90.js Show response
static.adsafeprotected.com/ Frame 9E83
Redirect Chain

https://fw.adsafeprotected.com/rfw/bgd/1124391/64930536/xbbe/creative/adj?p=APEucNUgesl61hj9FjY31ZylvQN4kWuSOMeOXk0fpIAynFDceWrj3P8&d=CokBAKAmf-DlOtniprm_T2kiPUX0HAAHDWrM2zm_w3t1ke_G27Q3hx6CgNSkTIp...
https://static.adsafeprotected.com/passback_728x90.js

3 KB
2 KB

156ms
56ms

Script
application/javascript

2600:9000:206e:1000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/passback_728x90.js
Requested by: Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 2600:9000:206e:1000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a579343e48deefeeb438bcb7f6aeb6d37e68102a8299ca47b683991f0af26b28

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: BMDmVeG18LcgsgmLJH9yXJDgb3k6n4r4
content-encoding: gzip
etag: W/"696b4c19d35efd706805137a8a4b3831"
age: 382662
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 18 Feb 2022 23:29:52 GMT
server: AmazonS3
date: Fri, 12 Aug 2022 06:11:23 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 93f2a781416975f99355acc4c81d60d2.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: VIE50-C1
x-amz-cf-id: sVulAeMVACKiZgrMZVEW6cjU-TjKmq_nEiTAi0m0tmVKoQXwQ90_Hw==

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:42 GMT
x-server-name: app05.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/passback_728x90.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame A68C 80 KB
21 KB 202ms
52ms Script
application/javascript 2600:9000:206e:1000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:1000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 16 Jul 2022 09:09:25 GMT
content-encoding: gzip
age: 2704758
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 93f2a781416975f99355acc4c81d60d2.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: VIE50-C1
content-type: application/javascript
x-amz-cf-id: irHZxsnue9uMKUYF8rqZqr_2itnqHQwGB2mOaOUjCy8AX9irJIsgnQ==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9E83 43 B
215 B 412ms
127ms Image
image/gif 2600:1f18:1aca:4282:66a7:18bc:d1f9:4f18
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1124391&asId=abb90f39-95ce-a9c4-c0bf-0bd5a6545371&tv=%7Bc:ltkdNg,pingTime:-3,time:47,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:20%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:48,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B42~0%5D,as:%5B42~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:teGWQyD+11%7C12%7C13*.1124391-64930536%7C131%7C132%7C14,idMap:13*,rmeas:1,rend:0,renddet:IMG.us%7D&br=c
Requested by: Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:66a7:18bc:d1f9:4f18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:43 GMT
x-server-name: dt08.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9E83 43 B
216 B 406ms
127ms Image
image/gif 2600:1f18:1aca:4282:66a7:18bc:d1f9:4f18
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1124391&asId=abb90f39-95ce-a9c4-c0bf-0bd5a6545371&tv=%7Bc:ltkdNk,pingTime:-6,time:51,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:51,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B45~0%5D,as:%5B45~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:teGWQyD+11%7C12%7C13*.1124391-64930536%7C131%7C132%7C14,idMap:13*,rmeas:1,rend:0,renddet:IMG.us%7D&tpiLookup=ao:www.winhelponline.com*&br=c
Requested by: Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:66a7:18bc:d1f9:4f18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:43 GMT
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9E83 43 B
215 B 405ms
128ms Image
image/gif 2600:1f18:1aca:4282:66a7:18bc:d1f9:4f18
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1124391&asId=abb90f39-95ce-a9c4-c0bf-0bd5a6545371&tv=%7Bc:ltkdNo,pingTime:-2,time:55,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:511,beZ:512,mfA:514,cmA:516,inA:516,inZ:520,prA:520,prZ:526,si:532,poA:534,poZ:554,cmZ:554,mfZ:554,loA:562,loZ:565,ltA:566,ltZ:566%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:20%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:55,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B49~0%5D,as:%5B49~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:teGWQyD+11%7C12%7C13*.1124391-64930536%7C131%7C132%7C14,idMap:13*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:IMG.us,sinceFw:32,readyFired:false%7D&br=c
Requested by: Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:66a7:18bc:d1f9:4f18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:43 GMT
x-server-name: dt09.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 dJtiYfEJEI0hyw5wQ_g_8NlKRsHdja2JZeZ5T9NF0jg.js Show response
pagead2.googlesyndication.com/bg/ Frame 7063 36 KB
14 KB 37ms
37ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/dJtiYfEJEI0hyw5wQ_g_8NlKRsHdja2JZeZ5T9NF0jg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

749b6261f109108d21cb0e7043f83ff0d94a46c1dd8dad8965e6794fd345d238

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:31:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3427
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14301
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 16 Aug 2023 15:31:35 GMT

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame 529F 0
176 B 135ms
47ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Tue, 16 Aug 2022 16:28:43 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7063 0
20 B 83ms
82ms Image
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BOujTusX7YrCrHt-MjuwPwPGRqAEAAAAAOAHgBAI&bg=!wMOlw4fNAAa4hXTbmIU7ACkAdvg8WtJWlzCA3iCeqnmWvQxNnZB6_lXBstURnOEbXsy1NGp2GI0f8QIAAABfUgAAAAFoAQcKAEZVA6JhwjDl5CQ6uSTo_Sx5a5pzubFd6Ie0M1KLvWr5Bx9A0HLC8xicoAYAS5gnjAmsStkNba9TrziecQvXu6LDiXAps_bPmQNBC3GotyHSbvtVtINuOb1rMc9srcM9oR9QvAcDiGCbosc7mhjIG8JSo3cd4RpzNTP9sKVePNASEGDQ5jiXhbHQ_mJRJ-itiKn7UoUNFEkEws5Z5Jst5M9kABDEfiZSEaGwnbX9Xad-hJA270LHy_emlgdnolgDLKw7Ojr3ddZ9Tk-NcFCXJP4I0su1l8Jt2psy_v9x5OOrIvksBHSLAo-Nkf9jidWvQROB_noBOKFPzAQ0i8oay1QT-7jbHawMGT1mCKj6Wc_V1lEReyv2nwh0NWuBL7Ya65cou2BkYBXewhudalp3XteLojObgB4dOarbgQvHCevtd_hJe1Sk3OJlKuHkBKaziJZue1OPuuNm4LaXxt2oQW52at9ZlfXICA9uzhmXFUzMtTRe524PkA4Ch5Zp9Reb8JJc1i7e0T98J2ZL-gxHl2D4ERzpz-t2IqeF0Jp4UaXSH_fh6mlZNZXr-lwJtvllQNWPokkIGFKuNfFR8HMJPzggK7VhhvLBioIp5XJs3eVqpK_KY9eEQWPNAlJmoR8fBS-_N_I7UsyrCyfuOj5Her2b7kTwBA1GUTQXDMGNuIVIWLciwsymPVpaKo1MVI9UvBiizD55blmfmbX3VXx-0SAgePqwFpzXgSTCgFUZ7MAD52KkQUNoyX63mbPa5nBJvjyogmsc4YVTiLv8MJn90d32bBKAY8kjEbS4jC0ZWOfHlS7fXOUDqFR3efcANl0oECwOF666JdHCsZxjC4l0CcI6NbTNJJOm5FHRNuBfye2YPwgWy_tIJTuOu_WC0oUZM1zogdMB-Y9JyfHDlZWYfiaKyYwwPv7AX4CyBzF6j04_u6f4wNG9hGaYDsjLoUeQFMIdQ4ojx07lCNn8VloG4A2r5vHqmui3XulT6dqPteFkyWPlgZpbyjVxRJEsjCF2O0jGqfU2ebogOuBSeY3RjQ411pTP8u-PXS4FJQjSty_BiO8x2-cuspgMtcAi2QnwxwyRrtaGojIUlPVJjnOHKOlOmz_7CZiHwr-EMRkmWzZHYhUtHav3UBBkP1Zlc6B2FlsPQuf0HCmnhy9bqTskHVvJYboTZ8VTSQNrtatqlMblITGbui2KlI6i0OU

Requested by

Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 IAS_PassbackAds_728x90.png
static.adsafeprotected.com/ Frame 9E83 10 KB
10 KB 46ms
46ms Image
image/png 2600:9000:206e:1000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/IAS_PassbackAds_728x90.png
Requested by: Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:1000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 319ebf743ce2c07c6bfafd9600a93824aa52b0844fe94e81c014e169564dc7e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 12 Aug 2022 02:24:34 GMT
via: 1.1 93f2a781416975f99355acc4c81d60d2.cloudfront.net (CloudFront)
age: 396250
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 10216
last-modified: Fri, 18 Feb 2022 23:29:13 GMT
server: AmazonS3
etag: "b1464a7201f691a1e4cf6fc057919d7f"
x-amz-version-id: 4DcA1UddzZ2E21bAiUECQTp8M854Vxlu
cache-control: max-age=604800
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
content-type: image/png
x-amz-cf-id: yBgduhglPGnrxPvIPfwArp3epHu1UPDQzJptK_ph9yT5tUDSs1VOjA==

GET
DATA 200
OK truncated
/ Frame 9E83 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68546426b6909ffd8f287de6158a65963db55e9efbf2f433dc715dd0620d59af

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6F48 6 KB
3 KB 38ms
37ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 16:28:42 GMT
expires: Wed, 16 Aug 2023 16:28:42 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 army.gif
www.winhelponline.com/porpoiseant/ 0
320 B 85ms
83ms Ping
text/plain 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwODE1NjczMjk2NDQ3OSIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJ3aW5oZWxwb25saW5lX2NvbS1waXhlbDEiLCJ0X2Vwb2NoIjoxNjYwNjY3MzE5LCJhZF9wb3NpdGlvbiI6OTk5OSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJlZjAyMmZhZC0yZThhLTRiOTEtNDA3My1jNWNkYmZlODA4ZjciLCJjb21wX2lkIjpudWxsLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4MDgxNTY3MzI5NjQ0NzkiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0Ijoid2luaGVscG9ubGluZV9jb20tcGl4ZWwxIiwidF9lcG9jaCI6MTY2MDY2NzMxOSwiYWRfcG9zaXRpb24iOjk5OTksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWYwMjJmYWQtMmU4YS00YjkxLTQwNzMtYzVjZGJmZTgwOGY3IiwiY29tcF9pZCI6bnVsbCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6IjllMGExY2U1YjI0NTVjYjliNDhkNWRmNGM2YmY0MDUzIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODA4MTU2NzMyOTY0NDc5IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6IndpbmhlbHBvbmxpbmVfY29tLXBpeGVsMSIsInRfZXBvY2giOjE2NjA2NjczMTksInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMzUsImFkX3Bvc2l0aW9uIjo5OTk5LCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDM1LCJiaWRfZmxvb3JfcHJldiI6MCwic3RhdF9zb3VyY2VfaWQiOjM1LCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWYwMjJmYWQtMmU4YS00YjkxLTQwNzMtYzVjZGJmZTgwOGY3IiwiY29tcF9pZCI6bnVsbCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImxvYWRlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4MDgxNTY3MzI5NjQ0NzkiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0Ijoid2luaGVscG9ubGluZV9jb20tcGl4ZWwxIiwidF9lcG9jaCI6MTY2MDY2NzMxOSwiYWRfcG9zaXRpb24iOjk5OTksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWYwMjJmYWQtMmU4YS00YjkxLTQwNzMtYzVjZGJmZTgwOGY3IiwiY29tcF9pZCI6bnVsbCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDQzNTIzIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODA4MTU2NzMyOTY0NDc5IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6IndpbmhlbHBvbmxpbmVfY29tLXBpeGVsMSIsInRfZXBvY2giOjE2NjA2NjczMTksImFkX3Bvc2l0aW9uIjo5OTk5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmMDIyZmFkLTJlOGEtNGI5MS00MDczLWM1Y2RiZmU4MDhmNyIsImNvbXBfaWQiOm51bGwsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjI4Njg3Mjc0In1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/cmbv2.js?gcb=195-8&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-4y1d-1y20-2y1f-5y21-3y22-4y23-1y2f-4y5b-22&cmbcb=96&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x1fx21x22x23x2fx5b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:43 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kZODcbJmH3hKS5MTZ0KOno0EBZzv5Sh7g5DlIORFKxwj0XtoZuQz6zhXTwaCcUI%2Bd7s2LXJz6TsRPoVDJEAYDdMh2G9rMVaOpAsXd1uHtUwymnlO0XvAzQAgZR8s5PPlbe1LX%2F%2BfRL53qywPZJUpA6Xb4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://www.winhelponline.com
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 73bb8b71785abb97-FRA
content-length: 0
expires: Mon, 15 Aug 2022 16:28:42 GMT

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
299 B 130ms
129ms XHR
text/plain 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwODE1NjczMjk2NDQ3OSIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJ3aW5oZWxwb25saW5lX2NvbS1waXhlbDEiLCJ0X2Vwb2NoIjoxNjYwNjY3MzE5LCJhdWN0aW9uX2Vwb2NoIjoxNjYwNjY3MzIzLCJhZF9wb3NpdGlvbiI6OTk5OSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmMDIyZmFkLTJlOGEtNGI5MS00MDczLWM1Y2RiZmU4MDhmNyIsImJpZF9mbG9vcl9pbml0aWFsIjozNTAsImJpZF9mbG9vcl9wcmV2IjpudWxsLCJiaWRfZmxvb3JfZmlsbGVkIjozNTAsImF1Y3Rpb25fY291bnQiOjEsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjg2MCwibXVsdGlfYWRfdW5pdCI6bnVsbCwibXVsdGlfYWRfY291bnQiOm51bGwsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjoyODY4NzI3NH1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/cmbv2.js?gcb=195-8&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-4y1d-1y20-2y1f-5y21-3y22-4y23-1y2f-4y5b-22&cmbcb=96&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x1fx21x22x23x2fx5b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:43 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l6AWlBkkxbQzu%2BfJ8WI0LpmMNQPXyXwZugz5Z2F9nXyCIzaCDP2Q5lX4fobp3HGM0UK6Ef%2BV%2FR6ZdXf3QU9oz4ugpLYVED1XynYAokmHZhj8V2eIv13aIVTEy%2FVALPHki1zODXgMHlPzcVhFlIsVGGEuIw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 73bb8b71785ebb97-FRA
content-length: 0
expires: Mon, 15 Aug 2022 16:28:44 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame 6F48 4 KB
1 KB 129ms
45ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 16 Aug 2022 15:57:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 16 Aug 2022 16:28:43 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 16 Aug 2022 16:28:43 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 8FD2 5 KB
740 B 118ms
46ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open%20Sans%3A400%2C500

Requested by

Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f1535199f71b96d423d3f991a5a0a92ca5779e74d2e23a509b5022ef347129a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 16 Aug 2022 15:01:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 16 Aug 2022 16:28:43 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 16 Aug 2022 16:28:43 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame 8FD2 2 KB
902 B 37ms
37ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:08:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1214
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 16:08:29 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/ Frame 8FD2 23 KB
9 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/abg_lite_fy2021.js

Requested by

Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:20:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 522
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9668
x-xss-protection: 0
server: cafe
etag: 3250940068065303693
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 16:20:01 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame 8FD2 3 KB
1 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/window_focus_fy2021.js

Requested by

Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:34:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3230
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 15:34:53 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame 8FD2 17 KB
7 KB 39ms
37ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:19:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 546
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 16:19:37 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 8FD2 0
0 125ms
46ms Image
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQR4Flrbh05Jj0J_94RNmP6fRFA-hotQQ1OBj0xq5Wm42dPyervt3ssk0NG38kWIwU3wIwRIvUl8inLKrV43F2x3vjb5g
Requested by: Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8FD2 140 KB
43 KB 2835ms
2758ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b1b0541f82f31cab4d9c95f9e0ed760d579580a0dde81bfa342effb6c8b677d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44049
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1660562816195624"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 16 Aug 2022 16:28:45 GMT

GET
H2 200 16838d5bcb4c763c91f5404f5ca97705.js Show response
www.gstatic.com/mysidia/ Frame 8FD2 33 KB
14 KB 122ms
38ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/16838d5bcb4c763c91f5404f5ca97705.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93b23044262887fc2d7651deb7749b1d5b9dd942922da55a84fec5dfb38e024f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 11 Aug 2022 03:40:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 478064
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13605
x-xss-protection: 0
last-modified: Thu, 11 Aug 2022 03:14:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 09 Nov 2022 03:40:59 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/elements/html/ Frame 6F48 19 KB
8 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f964612ea368ffe1d612a004f0a0e05453155fa7cb27dff624e5ada25c6847fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8368
x-xss-protection: 0
server: cafe
etag: 5162546928090487746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 16:28:09 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 6F48 205 B
518 B 125ms
46ms Image
image/png 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:43:29 GMT
x-content-type-options: nosniff
age: 2714
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 16 Aug 2023 15:43:29 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 6F48 604 B
694 B 125ms
46ms Image
image/png 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:44:00 GMT
x-content-type-options: nosniff
age: 2683
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 16 Aug 2023 15:44:00 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 87D6 143 B
163 B 37ms
36ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1061
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Tue, 16 Aug 2022 16:11:02 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 si
capi.connatix.com/tr/ 0
116 B 264ms
150ms Image
application/json 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capi.connatix.com/tr/si?token=dceed97a-951e-4c47-b565-c2794ffae817&cid=5f049401-746e-4449-8c27-b6b9d8e25882
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:43 GMT
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 0
access-control-max-age: 86400
content-type: application/json

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 87D6
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

69ms
69ms

Document
text/html

2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
URL: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 16 Aug 2022 16:28:43 GMT
expires: Tue, 16 Aug 2022 16:28:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 16:28:43 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9E83 43 B
215 B 121ms
120ms Image
image/gif 2600:1f18:1aca:4282:66a7:18bc:d1f9:4f18
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1124391&asId=abb90f39-95ce-a9c4-c0bf-0bd5a6545371&tv=%7Bc:ltkdVp,pingTime:-10,time:552,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8V2luMzJ8fEdlY2tvfHwyMDAzMDEwN3x8MHx8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwNC4wLjUxMTIuNzkgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1660667323307%7C%7C09416959043b833b647685f49b053fed%7C%7Cb4bf91f622d70e9512a166bc36c81122%7C%7Cbe89a9df63442b9c64139e1a20ffbfeb%7C%7C472fd40eb9b3cd7c35e85b42ec2dce68%7C%7C1938ae3a84e6798f402eb2566c085ff0%7C%7C085c870b9a3bcd9ebcd6799c903ca233%7C%7C9b3259575f79d785133b79d3e0eb9fec%7C%7C1629390669,im:%7Bpci:%7Btdr:505%7D%7D%7D
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:66a7:18bc:d1f9:4f18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:43 GMT
x-server-name: dt14.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
394 B 115ms
115ms XHR
text/plain 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwODE1NjczMjk2NDQ3OSIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJ3aW5oZWxwb25saW5lX2NvbS1waXhlbDEiLCJ0X2Vwb2NoIjoxNjYwNjY3MzE5LCJhZF9wb3NpdGlvbiI6OTk5OSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJlZjAyMmZhZC0yZThhLTRiOTEtNDA3My1jNWNkYmZlODA4ZjciLCJjb21wX2lkIjpudWxsLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMi0wOC0xNiJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE2In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjIifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTI0MzY1ODcxMDk1MDc2MiIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjYwNjY3MzE5LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJlZjAyMmZhZC0yZThhLTRiOTEtNDA3My1jNWNkYmZlODA4ZjciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbNzI4LDkwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTI0MzY1ODcxMDk1MDc2MiIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjYwNjY3MzE5LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJlZjAyMmZhZC0yZThhLTRiOTEtNDA3My1jNWNkYmZlODA4ZjciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjUyNDM2NTg3MTA5NTA3NjIiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTY2MDY2NzMxOSwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWYwMjJmYWQtMmU4YS00YjkxLTQwNzMtYzVjZGJmZTgwOGY3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIxOTMifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/cmbv2.js?gcb=195-8&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-4y1d-1y20-2y1f-5y21-3y22-4y23-1y2f-4y5b-22&cmbcb=96&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x1fx21x22x23x2fx5b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:43 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DY3YfLOFpS9yyg394IzhmqDUHmU3EGn%2BaxigF2Ji3%2FFxVOojnGNrIsB%2FHq8cai79iNS5i7CSTSEcjje2ltwXplC9uQO3gHuf0rxZ24MISAN%2B6STKFXjGqCM0mY%2FgxvXip4LOm20djzo6bGqi8nAfP5UG4w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 73bb8b758ff2bb97-FRA
content-length: 0
expires: Mon, 15 Aug 2022 16:28:45 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9E83 42 B
64 B 75ms
74ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstINAp4dhxSQscF-6Nmuykcfn4lqnr0zScIYv0aNXs8c57lMDYLRNtJxtVK11SPgSss9NS21WUFT3Jos1q4oFfpfkVFd9KTIrhDBlVmUt_YaPobgrXlcujlUAVSsVdhoVKBI1OE_TBXlB9GaQ&sai=AMfl-YTn6R7XmCyKAp-uRdgKCSJXAyNiX9hWouEhovkbSOgYin5gw4ow4rbqTl4xyHsKGHsof4dDI12bvlWK-GBBBmxqdvYlfDgmeU0Q-oPPMJ2OJrS1Y11Ld8fTWaj2uGg&sig=Cg0ArKJSzOjsg_i_wwUUEAE&cid=CAASJ-Ro0OSSrqVtU760gUlMPFURjuaBWPZbRIpEF0gHnMneV9ZDM6pHNg&id=lidar2&mcvt=1000&p=1110,436,1204,1164&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20220815&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=20&adk=1247036550&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1660667322244&rpt=812&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 army.gif
www.winhelponline.com/porpoiseant/ 0
356 B 74ms
73ms Ping
text/plain 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTI0MzY1ODcxMDk1MDc2MiIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjYwNjY3MzE5LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJiaWRfZmxvb3JfcHJldiI6MCwic3RhdF9zb3VyY2VfaWQiOjAsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJlZjAyMmZhZC0yZThhLTRiOTEtNDA3My1jNWNkYmZlODA4ZjciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoidmlld2VkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/cmbv2.js?gcb=195-8&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-4y1d-1y20-2y1f-5y21-3y22-4y23-1y2f-4y5b-22&cmbcb=96&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x1fx21x22x23x2fx5b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:44 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Evpk0O4s8rxMe44R8Q1LyRnKVxFaC37gXXibfIRc7Erh2nXvUCadUnyxojIMgqLskt28AZtcl7TBPLurkNTHehvsJfkf%2F2NZZ4%2B5zNf6C3iXsUKm%2BYPnKOOcxjDE%2B4soUC%2FMdHvEzTuhz2ITbC3gH%2Fp%2BOw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://www.winhelponline.com
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 73bb8b789dc8bb97-FRA
content-length: 0
expires: Mon, 15 Aug 2022 16:28:46 GMT

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
427 B 119ms
117ms XHR
text/plain 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwODE1NjczMjk2NDQ3OSIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJ3aW5oZWxwb25saW5lX2NvbS1waXhlbDEiLCJ0X2Vwb2NoIjoxNjYwNjY3MzE5LCJhZF9wb3NpdGlvbiI6OTk5OSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJlZjAyMmZhZC0yZThhLTRiOTEtNDA3My1jNWNkYmZlODA4ZjciLCJjb21wX2lkIjpudWxsLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbMTYwMCwxMjAwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgwODE1NjczMjk2NDQ3OSIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJ3aW5oZWxwb25saW5lX2NvbS1waXhlbDEiLCJ0X2Vwb2NoIjoxNjYwNjY3MzE5LCJhZF9wb3NpdGlvbiI6OTk5OSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJlZjAyMmZhZC0yZThhLTRiOTEtNDA3My1jNWNkYmZlODA4ZjciLCJjb21wX2lkIjpudWxsLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4MDgxNTY3MzI5NjQ0NzkiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0Ijoid2luaGVscG9ubGluZV9jb20tcGl4ZWwxIiwidF9lcG9jaCI6MTY2MDY2NzMxOSwiYWRfcG9zaXRpb24iOjk5OTksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWYwMjJmYWQtMmU4YS00YjkxLTQwNzMtYzVjZGJmZTgwOGY3IiwiY29tcF9pZCI6bnVsbCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiJ1bmRlZmluZWQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/cmbv2.js?gcb=195-8&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-4y1d-1y20-2y1f-5y21-3y22-4y23-1y2f-4y5b-22&cmbcb=96&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x1fx21x22x23x2fx5b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:44 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=odsFHNV0X%2FWcej0kmv%2FX9ddh2gf4SSua3mfREk1F%2BKP12t%2F%2F2wHosI7KbIrJWs32G1%2FKd6to41kgIDz%2BDXbKOe7Fre%2B%2B5M7q46iRjenhLbzB3xzOf53SJFs3GonSBX%2F6tppLqAKr51FES6VAxSZ1QsjDCw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 73bb8b7ab9a8bb97-FRA
content-length: 0
expires: Mon, 15 Aug 2022 16:28:44 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9E83 43 B
215 B 120ms
120ms Image
image/gif 2600:1f18:1aca:4282:66a7:18bc:d1f9:4f18
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1124391&asId=abb90f39-95ce-a9c4-c0bf-0bd5a6545371&tv=%7Bc:ltkepa,pingTime:1,time:2397,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:20%7D,%7Bpiv:100,vs:i,r:,t:1396%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1001,o:1396,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1390~0,1~100%5D,as:%5B1391~728.90%5D%7D%7D,%7Bsl:i,t:1396,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1000~100%5D,as:%5B1000~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:124,fm:teGWQyD+11%7C12%7C13*.1124391-64930536%7C131%7C132%7C14,idMap:13*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:66a7:18bc:d1f9:4f18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:45 GMT
x-server-name: dt16.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9E83 43 B
215 B 121ms
121ms Image
image/gif 2600:1f18:1aca:4282:66a7:18bc:d1f9:4f18
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1124391&asId=abb90f39-95ce-a9c4-c0bf-0bd5a6545371&tv=%7Bc:ltkepb,pingTime:1,time:2398,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:20%7D,%7Bpiv:100,vs:i,r:,t:1396%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1002,o:1396,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1390~0,1~100%5D,as:%5B1391~728.90%5D%7D%7D,%7Bsl:i,t:1396,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:124,fm:teGWQyD+11%7C12%7C13*.1124391-64930536%7C131%7C132%7C14,idMap:13*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:66a7:18bc:d1f9:4f18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:45 GMT
x-server-name: dt17.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 86ms
85ms XHR
application/json 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022081101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

cf48735e2ac5f31209e3b60297e1a96484e29aabdc1679463f2aa92e84e1524c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 16:28:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10949
x-xss-protection: 0

GET
H3 200 lIG_-rjQweUtsPTJkqViasoL1XPo6OtXzg5InKx-NMQ.js Show response
pagead2.googlesyndication.com/bg/ Frame FD19 36 KB
14 KB 37ms
37ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lIG_-rjQweUtsPTJkqViasoL1XPo6OtXzg5InKx-NMQ.js

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

9481bffab8d0c1e52db0f4c992a5626aca0bd573e8e8eb57ce0e489cac7e34c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 19:19:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76181
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14125
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 15 Aug 2023 19:19:05 GMT

POST
H2 200 cookie_sync Show response
pb-server.ezoic.com/ 587 B
813 B 151ms
38ms XHR
application/json 54.93.94.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pb-server.ezoic.com/cookie_sync
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,ix,nobid,oftmedia,onetag,pubmatic,rise,smilewanted,sovrn&cb=195-8-45
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.94.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-94-47.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: abc6d9f93b71361c39da71cc9d84549de81cecdfa671b96af5b6f9a8cc484cf9

Request headers

Referer: https://www.winhelponline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:46 GMT
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 587
expires: 0

POST
H2 200 auction Show response
pb-server.ezoic.com/openrtb2/ 229 B
463 B 247ms
136ms XHR
application/json 54.93.94.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pb-server.ezoic.com/openrtb2/auction
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,ix,nobid,oftmedia,onetag,pubmatic,rise,smilewanted,sovrn&cb=195-8-45
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.94.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-94-47.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 76e6eae38a91dd157d0d312c67ca4476aa56c845973c6b1a0dc8238b7c10d835

Request headers

Referer: https://www.winhelponline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:46 GMT
x-prebid: pbs-go/v0.217.0
vary: Origin
content-type: application/json
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 229
expires: 0

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
283 B 322ms
225ms XHR
text/plain 147.75.85.234
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,ix,nobid,oftmedia,onetag,pubmatic,rise,smilewanted,sovrn&cb=195-8-45
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.85.234 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.winhelponline.com
date: Tue, 16 Aug 2022 16:28:45 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 183
vary: origin, Accept-Encoding

POST
H2 200 hb-multi Show response
hb.yellowblue.io/ 105 B
411 B 418ms
131ms XHR
application/json 3.90.126.211
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.yellowblue.io/hb-multi
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,ix,nobid,oftmedia,onetag,pubmatic,rise,smilewanted,sovrn&cb=195-8-45
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.90.126.211 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-90-126-211.compute-1.amazonaws.com
Software: /
Resource Hash: 2ab1c0a0b6d93671c464adf41bf01b8ea91b1350edde3e0b3548a8a3f4f54448

Request headers

Referer: https://www.winhelponline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 16:28:46 GMT
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.winhelponline.com
x-reason: maxmind anonymous
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length: 105

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
121 B 503ms
192ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,ix,nobid,oftmedia,onetag,pubmatic,rise,smilewanted,sovrn&cb=195-8-45
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.winhelponline.com
date: Tue, 16 Aug 2022 16:28:46 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 38 KB
8 KB 252ms
251ms XHR
application/json 185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,ix,nobid,oftmedia,onetag,pubmatic,rise,smilewanted,sovrn&cb=195-8-45

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

2e83577a2aae7d8bc6bf04f50a48c3f33b78db64e6c6e85256285620a2f4a7da

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 16:28:46 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.7.100; 80.255.7.100; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 582cf8c7-2cf3-4860-9a5f-24892dc19bad
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.winhelponline.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
368 B 131ms
37ms XHR
application/json 51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,ix,nobid,oftmedia,onetag,pubmatic,rise,smilewanted,sovrn&cb=195-8-45

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.38.120.206 , France, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.winhelponline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H2 204 / Show response
prebid.smilewanted.com/ 0
37 B 1133ms
1040ms XHR
text/plain 172.67.10.198

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,ix,nobid,oftmedia,onetag,pubmatic,rise,smilewanted,sovrn&cb=195-8-45
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.10.198 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 16:28:47 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, private
access-control-allow-credentials: true
cf-ray: 73bb8b84dcd55c68-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 204 / Show response
prebid.smilewanted.com/ 0
348 B 1074ms
981ms XHR
text/plain 172.67.10.198

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,ix,nobid,oftmedia,onetag,pubmatic,rise,smilewanted,sovrn&cb=195-8-45
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.10.198 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 16:28:47 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, private
access-control-allow-credentials: true
cf-ray: 73bb8b84dcd85c68-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST /
prebid.smilewanted.com/ 0
0

POST
H2 204 / Show response
prebid.smilewanted.com/ 0
37 B 1225ms
1133ms XHR
text/plain 172.67.10.198

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,ix,nobid,oftmedia,onetag,pubmatic,rise,smilewanted,sovrn&cb=195-8-45
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.10.198 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 16:28:47 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, private
access-control-allow-credentials: true
cf-ray: 73bb8b84dcdd5c68-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 204 / Show response
prebid.smilewanted.com/ 0
37 B 1224ms
1132ms XHR
text/plain 172.67.10.198

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,ix,nobid,oftmedia,onetag,pubmatic,rise,smilewanted,sovrn&cb=195-8-45
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.10.198 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 16:28:47 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, private
access-control-allow-credentials: true
cf-ray: 73bb8b84dcdf5c68-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 204 / Show response
prebid.smilewanted.com/ 0
37 B 1138ms
1046ms XHR
text/plain 172.67.10.198

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,ix,nobid,oftmedia,onetag,pubmatic,rise,smilewanted,sovrn&cb=195-8-45
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.10.198 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 16:28:47 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, private
access-control-allow-credentials: true
cf-ray: 73bb8b84dce45c68-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 204 / Show response
prebid.smilewanted.com/ 0
37 B 1085ms
993ms XHR
text/plain 172.67.10.198

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,ix,nobid,oftmedia,onetag,pubmatic,rise,smilewanted,sovrn&cb=195-8-45
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.10.198 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 16:28:47 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, private
access-control-allow-credentials: true
cf-ray: 73bb8b84dce25c68-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 93 B
750 B 324ms
196ms XHR
application/json 216.52.2.19
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.10.0
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,ix,nobid,oftmedia,onetag,pubmatic,rise,smilewanted,sovrn&cb=195-8-45
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: a32659019e2103eb914b318a17a7d7229f9798418fd70a43dd339537a46ca45e

Request headers

Referer: https://www.winhelponline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 16:28:46 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://www.winhelponline.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 97

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 16 Aug 2022 16:28:46 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 91C8 13 KB
5 KB 37ms
37ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1662
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 16:01:04 GMT
expires: Wed, 16 Aug 2023 16:01:04 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 8F22 783 B
534 B 61ms
60ms Document
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

94fb694051c734b9444f39ac3338b5d70cbf2546dfb4d7008ff1389f2cb04262

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-PwtOVvJNIvoaXbles6bUVw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.winhelponline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-PwtOVvJNIvoaXbles6bUVw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 16:28:46 GMT
expires: Tue, 16 Aug 2022 16:28:46 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2

200

setuid
pb-server.ezoic.com/
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?s=194962&gdpr=&gdpr_consent=&us_privacy=1---&cb=https%3A%2F%2Fpb-server.ezoic.com%2Fsetuid%3Fbidder%3Dix%26gdpr%3D%26gdpr_consent%3D%26f%3Di%26uid%3D
https://pb-server.ezoic.com/setuid?bidder=ix&gdpr=&gdpr_consent=&f=i&uid=YvvFumtqNix8WP46dvetiwAA%261134

86 B
450 B

41ms
41ms

Image
image/png

54.93.94.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pb-server.ezoic.com/setuid?bidder=ix&gdpr=&gdpr_consent=&f=i&uid=YvvFumtqNix8WP46dvetiwAA%261134
Protocol: H2
Server: 54.93.94.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-94-47.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:46 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/png
content-length: 86
vary: Origin
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:46 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GW0WL7dRhu36PeRMStetXokN5X7Y8PzuD%2FVdyU77ebs4BBn2trYI6n1UqkziwnCSRnkaREe%2FfsKXRS2q%2F8mONurgt6uvm%2FzgcaIDtDgPXISOP6VvLggisVkpm0e2UkHEgTORRPHM"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://pb-server.ezoic.com/setuid?bidder=ix&gdpr=&gdpr_consent=&f=i&uid=YvvFumtqNix8WP46dvetiwAA%261134
cache-control: no-cache
cf-ray: 73bb8b85da8490c0-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H3 200 lIG_-rjQweUtsPTJkqViasoL1XPo6OtXzg5InKx-NMQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 91C8 36 KB
14 KB 37ms
37ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lIG_-rjQweUtsPTJkqViasoL1XPo6OtXzg5InKx-NMQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

9481bffab8d0c1e52db0f4c992a5626aca0bd573e8e8eb57ce0e489cac7e34c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 19:19:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76181
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14125
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 15 Aug 2023 19:19:05 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 8F22 0
0 71ms
71ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022081101&jk=4203757996731320&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H2 200 e-202233.js Show response
www.winhelponline.com/ezossp/https/stats.wp.com/ 9 KB
4 KB 47ms
47ms Script
application/javascript 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/ezossp/https/stats.wp.com/e-202233.js?screx=1&sxcb=1a
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/cmbv2.js?gcb=195-8&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-4y1d-1y20-2y1f-5y21-3y22-4y23-1y2f-4y5b-22&cmbcb=96&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x1fx21x22x23x2fx5b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:46 GMT
content-encoding: br
etag: W/"6197c5cf-3508-gzip"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 80225
x-ezoic-cdn: Hit ds;mm;19e6aa8961306ddcf25d3e2343d8b671;2-105367-57;9bbc1890-a4c6-4954-562b-01314390142a
x-middleton-display: staticcontent_sol
x-middleton-response: 200
x-nc: HIT hhn
x-ez-proxy-out: true 2.3
server: cloudflare
x-origin-cache-control: max-age=31536000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent,Origin
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=259200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uh6K34MKMs0N97D5afPJJSqS3thJFizh4N4yijl%2FWFqCnqb5el3Bugv31DGsFPmleaO1h7iTgveNNuxUnbvDK7W5GdOUvgk4WTJtuR43gPAybkBakq%2Fk2kg4NxxAKyfTXZNM6LPWsUkWQSJe8DiWxs83Lw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 73bb8b85addebb97-FRA

GET
H2 200 jquery.min.js Show response
www.winhelponline.com/blog/wp-includes/js/jquery/ 92 KB
32 KB 50ms
50ms Script
application/javascript 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-includes/js/jquery/jquery.min.js?screx=1&sxcb=1a&ver=3.6.0
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/cmbv2.js?gcb=195-8&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-4y1d-1y20-2y1f-5y21-3y22-4y23-1y2f-4y5b-22&cmbcb=96&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x1fx21x22x23x2fx5b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4694b38beb61e9b20e4e0c9a1172b8e4ae7037f7097ac272270294f211dc8ba0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:46 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 562025
x-ezoic-cdn: Hit ds;mm;1b2a52fd56e0139750886853b6f16d47;2-105367-57;4f28ac10-7ab9-44c6-6769-14ec2f58ad53
x-middleton-display: staticcontent_sol
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Wed, 03 Aug 2022 21:41:46 GMT
server: cloudflare
etag: W/"15db1-5c791524d892a-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V9E3stk6Y2Qu79V9hejjv5oQ41pLv0502FFmtpuaZXxBILIH7AU9dpqmYB5dvOyMv2Ezv0FG0gcwJ0Vthe7vZmlI9AY4t2e6VsnyV9qvDCnQy6J1A%2BC%2BQLv40xZ7K9Rcr4SyON7LjC%2FUTlBNICj%2BEvg68g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-ez-minify-js: 0.14% 93750 / 93877
x-ez-proxy-out: true 2.3
cf-ray: 73bb8b85ade1bb97-FRA
display: staticcontent_sol

GET
H2

200

connatix.player.dc.js Show response
cds.connatix.com/p/176221/ Frame BDDB
Redirect Chain

https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
https://cds.connatix.com/p/176221/connatix.player.dc.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882

989 KB
225 KB

37ms
37ms

Script
application/javascript

151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/176221/connatix.player.dc.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Protocol: H2
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: dfb2aecf471d0833cffbf45de6829b0c1a06b683be22d587c2d981d9985020da

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:46 GMT
content-encoding: br
last-modified: Tue, 16 Aug 2022 11:28:22 GMT
age: 11503
etag: "1c84503bb1bbe629fb7fe0a57aa42527"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 230204

Redirect headers

location: https://cds.connatix.com/p/176221/connatix.player.dc.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
date: Tue, 16 Aug 2022 16:28:46 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
accept-ranges: bytes
content-length: 0
access-control-max-age: 86400

GET
H2 200 jquery-migrate.min.js Show response
www.winhelponline.com/blog/wp-includes/js/jquery/ 11 KB
5 KB 49ms
49ms Script
application/javascript 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-includes/js/jquery/jquery-migrate.min.js?screx=1&sxcb=1a&ver=3.3.2
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/cmbv2.js?gcb=195-8&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-4y1d-1y20-2y1f-5y21-3y22-4y23-1y2f-4y5b-22&cmbcb=96&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x1fx21x22x23x2fx5b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc129262a38049aa808d5bf97d37ca214e33a558d2d8869d7638d53e78108166

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:46 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 562024
x-ezoic-cdn: Hit ds;mm;b7857da18040b355607d22cd8b491b9e;2-105367-57;b23bef3e-a16f-4874-44d5-4aa24894971a
x-middleton-display: staticcontent_sol
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Wed, 03 Aug 2022 21:41:46 GMT
server: cloudflare
etag: W/"2bd8-5b5ff5afc61ad-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pUKUZY4N3P828Xns3pSoJC3oGpekicM7nCvuNKQCfHKX1zAd%2BavBoZpo75DteB5T8S9kAntf7oJR7ZNI5mIQKJmaYMj%2F2%2Bzqab19NszzvMc5rBFcQhTrk%2B%2Bs62KRvf8Ds%2FfsnzOX2fkPSXOAKssqPhnfeg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-ez-minify-js: 0.16% 11738 / 11757
x-ez-proxy-out: true 2.3
cf-ray: 73bb8b861eb9bb97-FRA
display: staticcontent_sol

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 91C8 0
10 B 39ms
39ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?m45Aqw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:46 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 script.min.js Show response
www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/js/ 23 KB
6 KB 48ms
48ms Script
application/javascript 2606:4700:20::681a:c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/js/script.min.js?screx=1&sxcb=1a&ver=4.3.0
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/cmbv2.js?gcb=195-8&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-4y1d-1y20-2y1f-5y21-3y22-4y23-1y2f-4y5b-22&cmbcb=96&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x1fx21x22x23x2fx5b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ed683257f28ac769fe650a7504450eb77852a4cba1f79bace5dd43cbd557e61

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:46 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 561528
x-ezoic-cdn: Hit ds;mm;f22c4aaa56eff5c4708b5a86e460262c;2-105367-57;48564821-0ab4-4101-4403-bf225cedd925
x-middleton-display: staticcontent_sol
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Wed, 03 Aug 2022 21:41:46 GMT
server: cloudflare
etag: W/"550b-5c79151797f5f-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vfMScIzXXoSHNzTX9aWuAp9HLBCUaDCmvsINpncYzEDjqWNXMc5h%2BDoBnEaYoC2p7bG30zv7s51EPRC1cSTlkslPGZPbJJ0WrZ8SiHrZf8%2BOaXf%2BAkhoftGwOwgBW7YHlPG4fFfi1aAob5DfwHMKGfpNhw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-ez-minify-js: 0.37% 23416 / 23503
x-ez-proxy-out: true 2.3
cf-ray: 73bb8b867f4cbb97-FRA
display: staticcontent_sol

GET
H2

200

setuid
pb-server.ezoic.com/
Redirect Chain

https://ads.servenobid.com/getsync?tek=pbs&ver=1&gdpr=&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fpb-server.ezoic.com%2Fsetuid%3Fbidder%3Dnobid%26gdpr%3D%26gdpr_consent%3D%26f%3Di%26uid%3...
https://pb-server.ezoic.com/setuid?bidder=nobid&gdpr=&gdpr_consent=&f=i&uid=

86 B
450 B

39ms
39ms

Image
image/png

54.93.94.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pb-server.ezoic.com/setuid?bidder=nobid&gdpr=&gdpr_consent=&f=i&uid=
Protocol: H2
Server: 54.93.94.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-94-47.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 16:28:46 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/png
content-length: 86
vary: Origin
expires: 0

Redirect headers

date: Tue, 16 Aug 2022 16:28:46 GMT
amp-access-control-allow-source-origin: *
location: https://pb-server.ezoic.com/setuid?bidder=nobid&gdpr=&gdpr_consent=&f=i&uid=
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H2 200 g.gif
pixel.wp.com/ 50 B
126 B 125ms
36ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A11.2&blog=2943880&post=0&tz=5.5&srv=www.winhelponline.com&host=www.winhelponline.com&ref=&fcp=1722&rand=0.3527787897458874
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 16 Aug 2022 16:28:46 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 hls.5b3b785f487abbe00eee.js
cds.connatix.com/p/176221/ Frame BDDB 0
47 KB 40ms
40ms Other
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/176221/hls.5b3b785f487abbe00eee.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:46 GMT
content-encoding: br
last-modified: Tue, 16 Aug 2022 11:28:23 GMT
age: 11503
etag: "182f65d040bfb9544bd8f71472475672"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 48258

GET
H2 200 player.css
cds.connatix.com/p/176221/ 58 KB
9 KB 40ms
40ms Stylesheet
text/css 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/176221/player.css
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cc0005c5883dbcdc7475381bb02e9c093db0976016214a100c51580b2a5b2f5e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:46 GMT
content-encoding: br
last-modified: Tue, 16 Aug 2022 11:28:23 GMT
age: 11503
etag: "aa9caf299ffcc907e55aa066f9bbdd88"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 9011

POST
H2 200 pls Show response
capi.connatix.com/core/ Frame BDDB 7 KB
4 KB 177ms
177ms XHR
application/x-protobuf 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/core/pls?v=176221&cid=5f049401-746e-4449-8c27-b6b9d8e25882
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 725ae99860cf20556aa8b9e02ca7d169ff2a6cdaaa57c19e72d3ce68b3e2fb0c

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Tue, 16 Aug 2022 16:28:46 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://www.winhelponline.com
access-control-max-age: 86400
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 4297

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 74ms
74ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022081101&jk=4203757996731320&bg=!eXqlej7NAAa4hXTbmIU7ACkAdvg8WrJlD8OP818ajCe8ptSzf9Opnty9MJOPHuM6xuWaqNIfICUZjgIAAAB5UgAAAANoAQcKAJreHmxsE_MwzaqW-p9ws65274IUbVy5Ol6p8Rbnh-Clb_3srmY1StlU9aL60tIRedFGZ8pxjH6qIQvXEyHFgIHOoVNYWEZuhw_hS9Z7AAmuCS8YQ1K_UJUCnkx3lmG3cC-3V1VN28wU66GUrtolyT80_HizK3pTwQ2YasYj04oeqnlolze79QVftNAhbiyejbjkFDPTtVjOpcgbmQLdxPNaxXArzZKd2vzjXaeTpwc4IYlePIVSJZEicSLMfdbD-fiZSP932TogMhcNMIY0cIC_q35FbTHkzpHTjC15ecFHAthZmKrqVU37RPctD9MiYDoJwHxWccwILWtKyAAdfGL-Pe8OpvirvNlqLjym3gPTb1FQUsSNmCqOgnhGIT0SL6g85YdBFmsKPYM7FPW9fxs9Xb9rtK-mN0Lcah11RtD5kG7Tp69wLku8eyfian_VKTrb0KSgIPaPDlbvodvy1QP6tVZ6po688NGxLM8x2OyrkIzA3TXkZZNnn80bkhW3MoAmrnFTNaK_ZkeP1XIrJw4bMCKkCoyxB44q7x90llpq7ICnOJLKg4YIJdrYYfsRs17oqiWsDALTA8fwh6FUsytxR4qjpSBs0WkJhRjBzMQATtULuLpoFCnBwEHxw5WHXBsxiFFwqvOzToFDYV3tTGPNgFmV_4NK1DJXj9qVMJT205yypLoU027hwVW-OQPDS_EvramiRxuKifycCFx0U3xPxichgYRmEQhRhtv8B2e3b8UQbaGflqdbOXma3Gp3uEpkS10aFRLCDR2RWmMmhZ4hYLIM7VG9HYdSLE04_o5j-VCkfhph-rizeNcWvrRcNI5frWTRH92-fhung-Sr6TfRk6tfvYf32UaGQRyaJeI58uf_Zb66oJIiqoWf9S5KMHGDIe6CP4ywR-6brxpz4YJcPLK_RRj8_tPmJIthuH_Haj1_HNMpfLju4unH7jB7Kd4qEIiIC53t5oAnLr89YHnCaTDLjDy2h3w7mpTk2j8F05scEKjTWqKL0WLFpQAKUnfdKcm4j04eXRCspYdTPNcVRijuLvePSPrsKE0FuU8KWlWmC5pJ8vm1004tfVQB9SyKOg0FHJ7y9dlxLqAOH3_OYHF_P4kqktjrOUeTE8LCGdHIBugX78eDVoXu1mc3M_bbh2HbyceLV-1-XMcaKounYYaW0jmORYRUZw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

POST sr
capi-tier-2-us-east-2.connatix.com/tr/ Frame BDDB 0
0

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 83 KB
28 KB 68ms
67ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

2cd70243017eddd6d2f7394662040bc749411928b1e8277dce04b5cc8364eb64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28649
x-xss-protection: 0
server: sffe
etag: "1305 / 144 of 1000 / last-modified: 1660648126"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 16 Aug 2022 16:28:47 GMT

GET ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame BDDB 0
0

GET
H2 200 5.png
img.connatix.com/pid-dceed97a-951e-4c47-b565-c2794ffae817/dceed97a-951e-4c47-b565-c2794ffae817/ 5 KB
5 KB 38ms
37ms Image
image/png 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/pid-dceed97a-951e-4c47-b565-c2794ffae817/dceed97a-951e-4c47-b565-c2794ffae817/5.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a525824d7672e22ce39795da065ac4ef98058bebc829124c84b7bb67e4243029

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:47 GMT
content-encoding: br
age: 4354961
etag: "WyY66hWo5OdoXuQtIRPU7kBpkP2OfioY7IdwgbKwCN4"
access-control-max-age: 86400
fastly-io-info: ifsz=5795 idim=59x61 ifmt=png ofsz=5076 odim=59x61 ofmt=png
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/png
content-length: 5081

POST g
capi-tier-2-us-east-2.connatix.com/rtb/ Frame BDDB 0
0

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
498 B 131ms
131ms XHR
text/javascript 108.138.4.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.winhelponline.com%2F&pid=SeEIQuiHmGeHx&cb=1&ws=1600x1200&v=22.8.42053&t=2000&slots=%5B%7B%22id%22%3A%22Outstream1%22%2C%22mt%22%3A%22v%22%7D%5D&schain=1.0%2C1!ezoic.ai%2C6a88ed6ade2b65744bd01fe8f1ae3c0c%2C1%2C%2C%2Cwww.winhelponline.com&pubid=aa05931b-5308-4ea3-95a2-adf84f4ffde4&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.4.10 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-4-10.fra56.r.cloudfront.net

Software

Server /

Resource Hash

89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 16:28:47 GMT
via: 1.1 e75bff6012758ccb55ff41b176b32342.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: C4NEJA0B6VYHM3C5NHE4
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: RYlD5Kzt9Ey2IakmZIj4MBCgtaXUPP5LDzltwJvEjaMtX3eInPgLeQ==

GET activeview
pagead2.googlesyndication.com/pcs/ Frame 9E83 0
0

POST iev
csm.nl.eu.criteo.net/ Frame 3474 0
0

GET
H2 200 prebid6.20.0-4.js Show response
cds.connatix.com/p/plugins/ 461 KB
121 KB 37ms
37ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/plugins/prebid6.20.0-4.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d6cb3641a88d23be3e45023d313bfd54dd3640a4bfe07b3b88d63e3fba328d19

Request headers

Referer: https://www.winhelponline.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 16 Aug 2022 16:28:47 GMT
content-encoding: br
last-modified: Fri, 08 Jul 2022 12:47:31 GMT
age: 3382785
etag: "aacab17b3b3de88c898ee654d218646f"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 123905

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: prebid.smilewanted.com
URL: https://prebid.smilewanted.com/

Domain: capi-tier-2-us-east-2.connatix.com
URL: https://capi-tier-2-us-east-2.connatix.com/tr/sr?v=176221&cid=5f049401-746e-4449-8c27-b6b9d8e25882

Domain: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Domain: capi-tier-2-us-east-2.connatix.com
URL: https://capi-tier-2-us-east-2.connatix.com/rtb/g?v=176221&cid=5f049401-746e-4449-8c27-b6b9d8e25882

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstINAp4dhxSQscF-6Nmuykcfn4lqnr0zScIYv0aNXs8c57lMDYLRNtJxtVK11SPgSss9NS21WUFT3Jos1q4oFfpfkVFd9KTIrhDBlVmUt_YaPobgrXlcujlUAVSsVdhoVKBI1OE_TBXlB9GaQ&sai=AMfl-YTn6R7XmCyKAp-uRdgKCSJXAyNiX9hWouEhovkbSOgYin5gw4ow4rbqTl4xyHsKGHsof4dDI12bvlWK-GBBBmxqdvYlfDgmeU0Q-oPPMJ2OJrS1Y11Ld8fTWaj2uGg&sig=Cg0ArKJSzOjsg_i_wwUUEAE&cid=CAASJ-Ro0OSSrqVtU760gUlMPFURjuaBWPZbRIpEF0gHnMneV9ZDM6pHNg&id=lidartos&mcvt=4053&p=1110,436,1204,1164&mtos=0,4053,4053,4053,4053&tos=0,4053,0,0,0&v=20220815&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=20&adk=1247036550&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=b&rst=1660667322244&rpt=812&isd=0&lsd=0&ec=0&met=mue&wmsd=0

Domain: csm.nl.eu.criteo.net
URL: https://csm.nl.eu.criteo.net/iev?entry=c~Gum.ChromeSyncframe.CookieRead.uid~1&entry=c~Gum.ChromeSyncframe.SidReadSuccess~1&entry=h~Gum.ChromeSyncframe.SidReadSuccessDuration~238

Verdicts & Comments Add Verdict or Comment

385 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

40 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.winhelponline.com/	1970-01-20 05:17:49	Name: ezoadgid_105367 Value: -1
.winhelponline.com/	1970-01-20 05:17:54	Name: ezoref_105367 Value:
.winhelponline.com/	1970-01-20 14:03:23	Name: ezosuibasgeneris-1 Value: 37fc9839-0327-4019-4c50-15301fdc8e47
.winhelponline.com/	1970-01-20 05:17:54	Name: ezoab_105367 Value: mod1
.winhelponline.com/	1970-01-20 05:17:49	Name: ezoma_105367 Value: 999,999
.winhelponline.com/	1970-01-20 05:17:49	Name: ezopvc_105367 Value: 1
.winhelponline.com/	1970-01-20 05:19:13	Name: ezepvv Value: 553
.winhelponline.com/	1970-01-20 05:17:49	Name: ezovid_105367 Value: 347138252
.winhelponline.com/	1970-01-20 05:17:49	Name: lp_105367 Value: https://www.winhelponline.com/
.winhelponline.com/	1970-01-20 05:20:40	Name: ezovuuidtime_105367 Value: 1660667320
.winhelponline.com/	1970-01-20 05:17:49	Name: ezovuuid_105367 Value: 5d3d7271-3884-4202-532f-082507180895
.winhelponline.com/	1970-01-20 14:03:23	Name: ezCMPCCS Value: false
.winhelponline.com/	1970-01-20 05:20:40	Name: active_template::105367 Value: pub_site.1660667321
www.winhelponline.com/	1970-01-20 14:53:47	Name: ezds Value: ffid%3D1%2Cw%3D1600%2Ch%3D1200
www.winhelponline.com/	1970-01-20 14:53:47	Name: ezohw Value: w%3D1600%2Ch%3D1200
.winhelponline.com/	1970-01-20 14:53:47	Name: _ga Value: GA1.2.448473988.1660667321
.winhelponline.com/	1970-01-20 05:19:13	Name: _gid Value: GA1.2.739104244.1660667321
.winhelponline.com/	1970-01-20 05:17:47	Name: _gat Value: 1
www.winhelponline.com/	1969-12-31 23:59:59	Name: aasd Value: 2%7C1660667321962
www.winhelponline.com/	1969-12-31 23:59:59	Name: __aaxsc Value: 2
.winhelponline.com/	1970-01-20 05:17:47	Name: lotame_domain_check Value: winhelponline.com
.doubleclick.net/	1970-01-20 14:39:23	Name: IDE Value: AHWqTUksjP_tkNe84YYWevaAQn4SE962-A2xYpTOcsYkyGMYsonTyII25FnK947MqBQ
.criteo.com/	1970-01-20 14:39:23	Name: uid Value: 2c38af4d-4a91-4545-afb7-ba55dbb60ddb
.openx.net/	1970-01-20 14:03:23	Name: i Value: b6f2ad45-9fd0-438d-be49-7d2ffaf80114\|1660667322
.casalemedia.com/	1970-01-20 14:03:23	Name: CMID Value: YvvFumtqNix8WP46dvetiwAA
.casalemedia.com/	1970-01-20 07:27:23	Name: CMPS Value: 1134
.casalemedia.com/	1970-01-20 07:27:23	Name: CMPRO Value: 1134
.winhelponline.com/	1970-01-20 14:39:23	Name: cto_bundle Value: xFZKwF9oRDFJU0lGdGhKYVVUdUtDZjNBTERYY0F3cnV4eWZaZnV4QUVwc3hoWWVRSU9VbmYlMkJ0WW02R2F0TEdMYzZZT2g3MVREeEk1MGdzTHBiOUk5SXZmSCUyQkZSR0NjVGlNR0t2c1pnTHNmSk94JTJGaU42aDNnZGlHcFoybWtMZFBOMXdCTWhSVDY3NHQ1VzA1WWV4ejdhOGZJTjFnJTJCY1ZkNjdsUHBmVDZEOThvVzMlMkJFJTNE
.adnxs.com/	1970-01-20 07:27:23	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Ilbl>i2E!]tbPl1M>e)ZlrFUfJ+tGXxoXTa^Q7TfC-bKzE)V:)Qja<<wU[`dX)9u]DjDbpRzqF1`b`P$=MU>
.adnxs.com/	1970-01-20 07:27:23	Name: uuid2 Value: 8483777704183791498
.winhelponline.com/	1970-01-20 14:39:23	Name: __gads Value: ID=f1eb654414e3a7fb-2251a917f6cd00a1:T=1660667322:S=ALNI_MbSRFkof1gToOnIEWjH3P6dvIIpJw
www.winhelponline.com/	1969-12-31 23:59:59	Name: ezouspvv Value: 650
www.winhelponline.com/	1969-12-31 23:59:59	Name: ezouspva Value: 2
www.winhelponline.com/	1969-12-31 23:59:59	Name: ezouspvh Value: 350
.doubleclick.net/	1970-01-20 05:17:50	Name: DSID Value: NO_DATA
www.winhelponline.com/	1970-01-20 06:00:59	Name: _pbjs_userid_consent_data Value: 3524755945110770
.adnxs.com/	1970-01-20 07:27:23	Name: icu Value: ChgIkfo_EAoYASABKAEwvovvlwY4AUABSAEQvovvlwYYAA..
.casalemedia.com/	1970-01-20 07:27:23	Name: CMTS Value: 1152
.prebid.a-mo.net/	1970-01-20 14:03:23	Name: __amc Value: 1_1660667326_1660667326
pb-server.ezoic.com/	1970-01-20 07:27:23	Name: uids Value: eyJ0ZW1wVUlEcyI6eyJpeCI6eyJ1aWQiOiJZdnZGdW10cU5peDhXUDQ2ZHZldGl3QUFcdTAwMjYxMTM0IiwiZXhwaXJlcyI6IjIwMjItMDgtMzBUMTY6Mjg6NDYuNDM5MTY0NTA0WiJ9fSwiYmRheSI6IjIwMjItMDgtMTZUMTY6Mjg6NDYuNDM5MTU4NDIzWiJ9

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cds.connatix.com/p/plugins/prebid6.20.0-4.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cds.connatix.com/p/plugins/prebid6.20.0-4.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	error	URL: https://www.winhelponline.com/ Message: Access to XMLHttpRequest at 'https://prebid.smilewanted.com/' from origin 'https://www.winhelponline.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://prebid.smilewanted.com/ Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

010515e3253ff23e59ebf5dfe1315971.safeframe.googlesyndication.com
ads.servenobid.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
ap.lijit.com
basher.ezodn.com
c.aaxads.com
c.amazon-adsystem.com
capi-tier-2-us-east-2.connatix.com
capi.connatix.com
cd.connatix.com
cdn.id5-sync.com
cds.connatix.com
cm.g.doubleclick.net
csm.nl.eu.criteo.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
esp.rtbhouse.com
ezodn.com
fonts.googleapis.com
fw.adsafeprotected.com
g.ezodn.com
go.ezodn.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
gum.criteo.com
hb.yellowblue.io
hbopenbid.pubmatic.com
ib.adnxs.com
id.sharedid.org
id5-sync.com
imasdk.googleapis.com
img.connatix.com
invstatic101.creativecdn.com
l3.aaxads.com
lb.eu-1-id5-sync.com
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
onetag-sys.com
pagead2.googlesyndication.com
pb-server.ezoic.com
pixel.wp.com
prebid.a-mo.net
prebid.smilewanted.com
prod.uidapi.com
securepubads.g.doubleclick.net
ssum.casalemedia.com
static.adsafeprotected.com
static.criteo.net
tags.crwdcntrl.net
tpc.googlesyndication.com
www.aaxdetect.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.winhelponline.com
capi-tier-2-us-east-2.connatix.com
csm.nl.eu.criteo.net
imasdk.googleapis.com
pagead2.googlesyndication.com
prebid.smilewanted.com
104.18.19.126
104.96.145.101
108.138.4.10
141.95.98.70
142.250.185.130
142.250.186.162
147.75.85.234
151.101.2.137
162.19.138.82
172.67.10.198
178.250.0.157
18.66.97.109
185.64.189.112
185.89.210.46
192.0.76.3
216.52.2.19
23.205.241.117
2600:1f18:1aca:4282:66a7:18bc:d1f9:4f18
2600:9000:206e:1000:8:48e:53c0:93a1
2606:4700:10::6816:3556
2606:4700:20::681a:c
2a00:1450:4001:801::2002
2a00:1450:4001:808::2004
2a00:1450:4001:80b::2002
2a00:1450:4001:80f::200e
2a00:1450:4001:812::2002
2a00:1450:4001:813::2002
2a00:1450:4001:829::2003
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:831::2001
2a00:1450:400e:80f::200a
2a02:2638:1::13
2a02:2638:1::3
2a06:98c1:3120::3
2a06:98c1:3121::3
3.143.73.72
3.90.126.211
34.102.146.192
34.120.107.143
34.96.70.87
34.98.64.218
35.190.39.111
51.38.120.206
52.31.65.246
52.41.7.133
52.48.53.23
54.93.94.47
054ef5838ddb6e1171550191a06fa204951eb204fd8bdf98df4f631000b4fa5b
062ad981e9b2f70100d314e75af6f377e324914a5b4a1a6709c593490c100f9a
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
07b85dd1e29c022d006afa80316629c0b683b8fee6036eaac7ea957daa4da097
07dc2e48ef051b38cc4841495a54a57efd4b1b8c12f4dd47af04ebf5dc60b5ad
094b946adc39ade08f6d927ea066c8fef3ba6ee5c12919873172315ef7428e92
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d4bc2d5c34588df622aebd16adf97b5a4ebfd9ac5b49eec1c795a5055ac62c5
0f8020b22927e52bc72e23d5f15daea09231cd26fa72390dfe415fdd249428a5
1023776d2aaa6a61c6b887e6ffaf9cb2c8a7f5c41e7609a67e23d617c6249420
10dac6603aa09a65c450daa3eae3ccf89eac30365451e45e67d01445dea811f6
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1735404d605927d9535c8557c76104c18c2e130b30b3546f4670bf08267cf65c
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
23bc1d893ce2d2f30b68e549aa3cb991c2a7b7dd87e3df67d9fbb6a8dd113bf8
2a12aae8be6c01bde8575f28783f29b3f3c35f882c2b5946a0e0eead3fbbb729
2a79d9d59e4c07752c78abc5f0243cecb939729e0728f347671fcd3a219e9b3f
2ab1c0a0b6d93671c464adf41bf01b8ea91b1350edde3e0b3548a8a3f4f54448
2b00ce902e9ef9e7031d76c62a72c1cb0054185e6691e9a72757a31cead715a1
2cd70243017eddd6d2f7394662040bc749411928b1e8277dce04b5cc8364eb64
2e7e1c78297ceadd08f53253541d2711b0e808911cfd60ed3f70e7681a9e3cea
2e83577a2aae7d8bc6bf04f50a48c3f33b78db64e6c6e85256285620a2f4a7da
304db259c4eada931205c4bc6f1c3a748305ce755d7d38f8a1c49ea9ef53cd91
319ebf743ce2c07c6bfafd9600a93824aa52b0844fe94e81c014e169564dc7e3
3e4a378e0199290fccb34ff62aebe72e2d1249051c4befb2afe6d4c8e1d5440c
3ed683257f28ac769fe650a7504450eb77852a4cba1f79bace5dd43cbd557e61
3f32497c12682c0995b02eeb757e200cf23a06c5dc3b0e42e35c81d0d2abc471
3fa55e436166fa2aba2843ce9665e557b3554303dab9145def1cf890d27f8b0d
40c7fe9b2e20629f095cadcd840114da178f052565c03dbb6b6df0cfac34f173
4694b38beb61e9b20e4e0c9a1172b8e4ae7037f7097ac272270294f211dc8ba0
48bd457befd1682d1e21bd4327a12799559ecc1308da5413b21ee60d2e6c0dde
4a8985214e4f2dc627da37360ff79b6c2441607a0216953ce8274a4211ca04b8
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ba6041869db135482cd3b94ec40f4391bbf0a5ca77bc6c1a9702d877fd9d88c
4c80c27456e44686b378b1024534b69cdff323748c808afb6ea4db2fe974890b
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51e9d770086dc204d7c83ac956e03d8f2f644a8bbe66b39fc289053babeef224
525350aa5ac58dfa3b54b7973ec65205a711e353e03daa0a7eb4a9598805e1dc
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
55142559faf25830b3aacbc7d5256f7ace6f94d39854e9ee1ddc456be8948e1f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
597830acea0420d0c95ceae70e1db6fcfb1d35d259922ff472b1b6fb083e193f
5b2e9db365ed58c66f26e6328fe57ee8538fdb71b7848c1505165c8525f95d25
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
60b08f56af6d6efef53056d5a75f9e0c442736cb9dbf966fbd13882e44f18756
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
673ed0c562fd8ed4718231ad7e191f9602273511cc8175277532187d52a4240d
68546426b6909ffd8f287de6158a65963db55e9efbf2f433dc715dd0620d59af
6e7fcd47afe1f2f87f55468110fa5c78d0657a0e1ec1217d955ea8814a5951c9
6ee5fa1c3b3dc042135847f4435851a8131259b8e4693f9cfef968d871596e89
725ae99860cf20556aa8b9e02ca7d169ff2a6cdaaa57c19e72d3ce68b3e2fb0c
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
749b6261f109108d21cb0e7043f83ff0d94a46c1dd8dad8965e6794fd345d238
76e6eae38a91dd157d0d312c67ca4476aa56c845973c6b1a0dc8238b7c10d835
775a02c37772954d38fe41b802b94a0ee37dccb98a03827cdef3eddd2abc13d1
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7b85bcb075a13466616c573a91f310265b48c0879b56e003d4d3b7c421eee188
7ddf49d4a12fbd6f975105d9b838496cbd939427115fafa16b5f49a1f4b90cf9
7e86c2efea8c05bf2c283689a21374e8f303e5b97a7860e7ff5830f613331303
8230efc6af9182cb5a3412670b861554742f8795886a114dfd20c78467ef4212
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
83127efb53ec7370360122f4b3ff3dc50cb97188498bfbdafe32051561a2cf05
8829a8924dff757932f56397690292e154eb33f5471e683cebfcc9884c38c2cf
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde
8e94e9be318298bd00cd380ddb22ff44d5d6d593c598a385d8719eea73484180
8f69dbe2b0891ed74ed2c426487a9751ae8b929dc6d932fe589abf2eca1738bc
907001673f4f39b585df945d5fa9b47000600b83a08c071ab615bc14bc596b4f
925ed48219a2d3c339c5d288fdae3f965efbca0e5ee4e369b7dcbb04b6ade06f
93b23044262887fc2d7651deb7749b1d5b9dd942922da55a84fec5dfb38e024f
9481bffab8d0c1e52db0f4c992a5626aca0bd573e8e8eb57ce0e489cac7e34c4
94f96b6815e7e577ca8389a4171107862c31da48dfe9b21560e245ddee089c94
94fb694051c734b9444f39ac3338b5d70cbf2546dfb4d7008ff1389f2cb04262
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2c867478e983d3bd6a81b80c6fbe469a3382227495fa5b5e577175eeb3029f4
a32659019e2103eb914b318a17a7d7229f9798418fd70a43dd339537a46ca45e
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a525824d7672e22ce39795da065ac4ef98058bebc829124c84b7bb67e4243029
a579343e48deefeeb438bcb7f6aeb6d37e68102a8299ca47b683991f0af26b28
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a82bf7c866d50baa971fc38f08df5a18b6eeed7c6126e06a9c585d7a3cea05c5
aa5e9b3cf7513169d96b15a67e249f98f8253036ea864a6f60c9e5c5bc120333
abc6d9f93b71361c39da71cc9d84549de81cecdfa671b96af5b6f9a8cc484cf9
af44d280920264564147250d0841eebf33288a04c932c182c06ec21600a228c2
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1b0541f82f31cab4d9c95f9e0ed760d579580a0dde81bfa342effb6c8b677d6
b5d59cabb74825156b2bb79c42dfa9f625e1ea9c99fc1d404acacb4f93314b23
ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10
bcc82ae240bbd41d82d2907a9ed8fe40df403a852973710d1e21213a3fbdc301
bcd19ecfc98339401f54e9d331dd1faf61562792d7019830e711507a5d88194b
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf
c3c5d1bcce6fb2c4ce08b812fd67eca6eb5c87aeccb436ee6ed5404460215f5e
c7320657dc8acd4e7f134ddc9aa58495d9103dca84caf459d7620a41a81f9fcb
c8252c3795e7da98b3f88c752bc0f2a36ddde3151c6e84c2c1bbfef5200cd21e
c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15
c9bfbc2b802937d34983a32a97f9703769f7dc7a9ffebbe99e186aeb5141add1
ca7de21c87d85856cb099c8ac793fc349a793b2147285413db16a961d57845cd
cbaae5c8907590cdebed4f439c28ae0313c21534acafc588653b25d4ec6603ce
cc0005c5883dbcdc7475381bb02e9c093db0976016214a100c51580b2a5b2f5e
cc129262a38049aa808d5bf97d37ca214e33a558d2d8869d7638d53e78108166
ce6c4fbfd67b9b0c228fc38f08a945809dfde4057aab7e64cec8971a8bda509d
cf019a1e03162a3ab267c3dc07d7eb9b1ddb76ce703755c49a7ca9edbd1d87db
cf48735e2ac5f31209e3b60297e1a96484e29aabdc1679463f2aa92e84e1524c
d49f4b7ee4cd605851031434caf72f166fe69be72ddf9fb29db14358bb7de794
d6cb3641a88d23be3e45023d313bfd54dd3640a4bfe07b3b88d63e3fba328d19
dcc0b6437eeec474b65774198371749c6e3f11c12b0bc14f3a971714d0d0e52b
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f
dfb2aecf471d0833cffbf45de6829b0c1a06b683be22d587c2d981d9985020da
e11bcb61a2d355e11f22387e8672f5a785a101881ea35bea6ffb18d03207523c
e1b1958adaab619c87918f57b28bee119a8f1122b7c81cee66775066010b3abd
e20379c72a6d43a7bd1688e08ed49653e52409e818206491bb9ad0923dd5cfdc
e2bc2e62acd8c74b47dc6b86918cd2ede0a053b716144298bd97e66366524fdb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4adb3837e4411342aa9b52dafd1646c32196b17c56c5420b77b9abebebe0f4d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efa411e839f75dd38471df17e379835a0b56e20b923fc1ea164b81b27295308f
f1535199f71b96d423d3f991a5a0a92ca5779e74d2e23a509b5022ef347129a2
f30c6f5ac808df48c70c84bed5b0e39d2096d5eaac221853e804ff3a3b22e279
f39eda7c628f3c7967290aec8514942939c31bc7999b1dcb6928a55e0fcbeae8
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f4d0c6a094ec876c2dbea780dac5655e44bc1ec2b0c9c492f8513581879c89c5
f9025ea9fed8a9cc7e801a1f0ce56eb4f564aab555a3debb3eb34ee37afc0eb7
f964612ea368ffe1d612a004f0a0e05453155fa7cb27dff624e5ada25c6847fb
faec8eb1d835361aefcf57fb0c55d7ad0d90a3ca389a17f85ad8bb71436059d8
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

www.winhelponline.com Open in urlscan Pro 2606:4700:20::681a:c Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

173 Requests

91 %HTTPS

41 %IPv6

37 Domains

59 Subdomains

49 IPs

8 Countries

1972 kBTransfer

6215 kBSize

40 Cookies

4 Outgoing links

Page URL History

Redirected requests

173 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 28 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.winhelponline.com Open in urlscan Pro
2606:4700:20::681a:c Public Scan

Screenshot
Live screenshot

Full Image

173
Requests

91 %
HTTPS

41 %
IPv6

37
Domains

59
Subdomains

49
IPs

8
Countries

1972 kB
Transfer

6215 kB
Size

40
Cookies

173 HTTP transactions
28 data transactions